AI Terms – How to Draft Them & What to Look Out For
March 18, 2024
Imagine this scenario – you’re a General Counsel at a fast-growing tech company. Sales in the last quarter have been slow. Your CEO is getting pressure from the board to get things back on track. She calls you into her office. “We’re launching our new AI tool,” she says. “Great,” you respond, “When?” “Later today” is the response. Your eyes widen in disbelief, you feel a knot in the pit of your stomach. You knew the new AI tool was being worked on, but you had no idea it was anywhere close to being released. “Anyway,” she continues, “I’m going to need you to write up the terms and conditions for this new tool. Just do your lawyer thing and make sure we’re protected.”
Sound familiar?
As lawyers, we’re not really used to writing anything from scratch. We almost always rely on templates and drafting that was created before. We always prefer rewriting and editing to creating. The problem is that in the AI space things are so new that there aren’t many decent precedents out there. Instead of providing you with a template (mainly because every AI product is different and every use-case is unique), what I’m aiming to do is give you some of the main points which, in my experience, are the ones companies should think about when drafting AI Terms. Let’s dive in.
Define AI Capabilities and Limitations
First and foremost, tell your users what your AI tool does. Explain it simply, use examples, and (perhaps most importantly) explain its limitations. For instance, if your AI tool is a chatbot designed for customer service, specify its ability to handle inquiries, its response time, and the circumstances under which human intervention may be required. In order to do this, you will need to have a deep understanding of the technology and ensure you can explain it in layman’s terms. Engaging with the engineering team will help clarify how to best describe the system. They built it – they know it best.
Transparency
Be transparent about how the tool makes decisions and recommendations, and particularly what parameters it considers when reaching conclusions. This is especially true if your tool is making recommendations that have a significant impact on individuals (e.g., in the HR/financial space), even in cases where human involvement exists.
Other Policies
Your AI tool is likely not the only product you sell. If that’s the case, you’ll have other, non-AI policies and terms (such as terms and conditions, a privacy policy, an acceptable use policy (AUP), and others). Be sure to check these other terms, reference them where appropriate, update them where necessary, and make sure that all of your external-facing policies align.
Liability
Your initial instinct might be to disclaim all liability. But remember – if you are operating in the B2B space, your customers likely won’t accept broad-sweeping liability disclaimers. If you’re in the B2C space, regulators or courts won’t allow you to disclaim all liability either. Think about what type of liability you can disclaim (e.g., use of the tool which isn’t in line with your AUP) and what type of liability you might have to retain. Also, review the terms of third parties you are integrating with (e.g., OpenAI, Midjourney, Google), and ensure you have mapped out responsibility if something goes wrong.
Intellectual Property (IP)
When it comes to AI, IP is key. You should be thinking of IP rights in two contexts – inputs (user-generated content) and outputs (your AI’s generated content). Consider ownership, copyrights, licenses, and moral rights. Note that OpenAI and Google both confirm that users retain ownership of their inputs and the AI’s outputs, so if you deviate from this standard, be prepared to explain why. Importantly, IP and copyright ownership do not override data privacy limitations. If your input or output contains personal data, GDPR requires a lawful basis for processing, even if IP rights are retained.
Data Privacy
If your AI tool processes personal data or allows general data input where users may submit personal information, privacy regulations must be considered. Ensure that your terms disclose the potential use of personal data and that your privacy policy reflects this. Consider whether your tool qualifies as “Automated Decision Making” under GDPR or similar laws, and if so, include relevant disclosures.
Training Data
AI models need large amounts of data to improve. Understand how your tool is trained. If customer data is used for training, disclose this clearly. Define whether all data is used or just a subset for specific improvements. Your ability to do this will depend on customer tolerance and expectations. If customer data is not required for training, avoid reserving unnecessary rights in your policy.
Third Parties
Your AI tool likely integrates with third-party services, each with its own terms. Verify with the engineering team which services are being used and review their legal terms, especially regarding privacy and training data clauses. Consider referencing these third-party terms in your own policies.
Human Review
If human review is part of your AI tool’s functionality, disclose it. This is crucial in sensitive sectors such as finance or healthcare, where users may not expect their data to be accessed by individuals outside their profession.
Monitoring and Updates
AI evolves quickly. Your terms should allow flexibility to update both the tool and its associated policies as technology and regulations change. Maintain previous versions of your terms for reference.
Indemnification
Consider requiring users to indemnify you for damages caused by misuse of the tool, such as violations of the AUP. In some cases, you may need to indemnify customers if your AI tool causes harm. This is more common for high-profile AI tools or B2B providers with strong customer bargaining power.
Governing Law, Jurisdiction & Dispute Resolution
Ensure that your governing law and jurisdiction clauses are applicable to AI-related legal challenges. Not all jurisdictions may be equipped to handle complex AI disputes.
Suspension & Termination
AI is powerful but sometimes unreliable. Your terms should allow flexibility to suspend or terminate service if necessary, without excessive legal exposure.
FAQs
FAQs are a great tool for simplifying complex concepts without legalese. Consider using an FAQ section alongside your formal terms to improve clarity.
This list isn’t exhaustive, but it’s a good start. If you think something critical is missing or have examples of AI terms you find effective, share them in the comments.
If you need help drafting AI terms for your company, feel free to reach out – TrustIZ or avishai@trustiz.ai.
#privacy #gdpr #ccpa #ai #aiact #aiterms #personaldata
