Preface
By Alexandria (Lexi) Lutz, Spencer Rubin, Lisa R. Lifshitz, and Ted Claypoole, in coordination with the ABA President’s Task Force on the Law and AI
In today’s ever-evolving technology marketplace, the integration of artificial intelligence (“AI”) systems into business operations has become increasingly prevalent. As businesses license or subscribe to AI systems from vendors at the enterprise level or at other material levels of spend, it is important for those businesses to enter into, as much as practicable and commercially reasonable, pro-buyer contractual terms that adequately protect their access to and use of vendors’ AI systems.
Key Provisions to Include
In the realm of AI, where complexity and uncertainty often accompany technological advancements, clear and protective contractual terms are imperative for businesses procuring AI systems. These contractual terms should deal with the crucial aspects of any AI procurement, such as data ownership, data security, the vendor’s representations and warranties, the vendor’s indemnity obligations, bias mitigation, and the vendor’s liability. For the following reasons, these key concepts should be included in pro-buyer contractual terms for businesses procuring AI systems:
Data Ownership Provisions: Clearly defining a business’s ownership of data inputted to and outputted from an AI system through these provisions is crucial so that the business has the necessary rights to use, access, and control such inputs and outputs.
Data Security Provisions: Including these provisions is essential to protect a business’s sensitive information (including personally identifiable and personal information) that is processed by an AI system from unauthorized access, use, disclosure, breach, or misuse.
Vendor’s Representations and Warranties: Including representations and warranties from the vendor regarding the AI system’s functionality, performance, accuracy, noninfringement of third-party rights, compliance with laws and regulations, and adherence to high ethical standards provides a business with remedies for misrepresentation and breach of warranty if the AI system does not perform in the ways in which the vendor has promised (formally or informally) that it will (or, in some cases, in which a business believes that it will).
Vendor’s Indemnity Obligations: Requiring a vendor to indemnify a business for certain elements of liability related to its AI system protects that business from bearing the costs and the expenses of such liability, especially given that the business usually has no control over the AI system, other than its own use thereof and the selection of data to input thereto.
Bias Mitigation: Ensuring that a vendor has taken the necessary precautions so that the AI system does not produce biased output, which would result in an individual being treated differently on the basis of a protected ground under applicable laws or other disproportionate harm to such individual, is crucial.
Vendor’s Liability: Stipulating that a vendor should bear appropriate liability with respect to its AI system is beneficial for a business customer so that it ultimately does not become liable for its use of the AI system if the underlying cause of liability originates with the vendor, its affiliates, or its subcontractors. As a result, a vendor’s liability should be as extensive as the circumstances permit.
Key Questions to Ask
In addition to including the key provisions discussed above, a business should approach its agreement with a vendor of an AI system with the same scrutiny and diligence applied to any other arm’s-length technology transaction. The burgeoning complexity of AI systems necessitates that businesses take a tailored approach when drafting, editing, or negotiating such agreements. Key questions to guide businesses in taking this approach include the following:
Data Input and Protection: What types of data (confidential information, personally identifiable information, sensitive personal data, commercially critical information, etc.) will be inputted into the AI system, and what additional protections are required?
Transparency and Ethics: How does the business ensure that the vendor is as transparent as possible regarding the sources of training data and the use of data inputs and outputs? Are the AI system’s algorithms safe, effective, and ethically sound? How does the vendor mitigate the risk of producing biased output?
Security Standards: What are the vendor’s cybersecurity protocols and measures, and how do they align with the business’s cybersecurity requirements, especially given that not all businesses have the same security and regulatory requirements?
Vendor’s Reputation: What feedback regarding the AI system have other clients of the vendor made publicly available, and what is the vendor’s code of ethics regarding development and usage of AI systems? Is the vendor currently under regulatory investigation or the subject of multiple lawsuits, i.e., for intellectual property infringement, etc.?
Below is a sample template to be used in connection with an existing buyer’s master services agreement. It is not intended as legal advice. It will require additional customization depending on the fact situation.
Pro-Buyer AI Addendum
By Spencer Rubin, Alexandria (Lexi) Lutz, Lisa R. Lifshitz, Ted Claypoole, Charlyn Stanberry, Nikki Edmunds, Conner LeBlanc, and Jim Wiley, in coordination with the ABA President’s Task Force on the Law and AI
Under Master Service