Are your commercial contracts ready for AI?

As AI is rapidly transforming, and being integrated into, businesses across most sectors, companies would be well-advised to update their contracts to ensure they include dedicated AI clauses to mitigate the risks that AI brings with it.

Before considering what specific clauses are required, it is important to learn how your counterparty uses AI. You could become liable for any infringement of others’ rights. It is also important to ensure that any assurances given by your counterparty on its AI system become ongoing contractual commitments.

What are the Key Risk Areas in AI-related clauses in Supply Contracts?

1. Intellectual Property: There are two IP-related areas to check:

IP Infringement: How confident are you that the training data does not infringe others’ IP rights? Some AI models rely on scraping data from the internet that may be protected by a third party’s IP rights. The contract can protect you in this regard.

IP Ownership and Usage: UK copyright laws do not necessarily protect AI-generated works, and in any event, every platform has different stipulations regarding ownership and usage. If you are using AI to create output of value, these points must be addressed.

2. Data rights/Information security: Training data may include personal or confidential corporate data for which you are legally responsible and liable. The AI model may become a data processor for which you underwrite its omissions. All of this needs to be understood and dealt with in your contract.

3. Profiling: AI is able to quickly forensically analyse data. If this functionality is used to make decisions that affect or impact on people without the safeguards, then that would be a further breach of GDPR.

In summary, the contract is your opportunity to allocate the risk and liability. Key points to consider are:

1. Audit rights and transparency. Your contract should include a right for you to audit, inspect or request documentation demonstrating accuracy levels, ongoing testing and compliance with any regulatory duties. Warranties on ongoing testing for accuracy and suitability of output should also be included, as well as a warranty on the lawfulness of the origin of training data.

2. Liability Underwriting. Require the supplier to maintain professional indemnity or cyber insurance covering AI-related risks and third-party claims.

3. Compliance with evolving legal landscape. Whilst the EU AI Act does not apply to B2B contracts that are solely UK based, consider whether the EU Act would apply due to AI output reaching the EU. Even if it doesn’t, compliance with the EU Act is increasingly being seen as good practice so it would be reasonable to include a requirement for your supplier to comply with the relevant provisions of that Act.

The above is intended to give an overview of the clauses to be considered but clearly each contract will have its context and nuances to be taken into consideration.

If you would like further guidance, please contact Sarah Merriott or Alexander Egerton or your usual Wallace contact.