7.1 Types of AI Contracts
AI transactions involve various contract types, each with distinct legal considerations. Understanding the appropriate structure is essential for effective drafting.
| Contract Type | Description | Key Issues |
|---|---|---|
| AI SaaS Agreement | Subscription access to hosted AI service | SLAs, data handling, API limits, uptime |
| AI License Agreement | License to use AI model/software on-premise | Scope of license, restrictions, updates |
| AI Development Agreement | Custom AI development services | IP ownership, deliverables, acceptance |
| Data Licensing Agreement | Rights to use data for AI training | Data quality, permitted uses, attribution |
| AI Consulting Agreement | AI strategy, implementation advisory | Scope of work, deliverables, liability |
| AI Partnership/JV Agreement | Collaborative AI development | IP sharing, revenue split, governance |
Contract Structure Considerations
- Hosted vs. On-Premise: Different liability, security, compliance profiles
- Generic vs. Custom: Off-the-shelf AI vs. bespoke development
- Enterprise vs. Consumer: Negotiated terms vs. click-wrap
- Subscription vs. Perpetual: Ongoing relationship vs. one-time transaction
7.2 IP Ownership Clauses
IP ownership is often the most contentious aspect of AI contracts. Clear allocation of rights is essential to avoid disputes.
Key IP Components in AI
- Pre-existing IP: Each party's background technology
- Training Data: Data used to train the AI model
- Model Architecture: Neural network design, algorithms
- Trained Model (Weights): The parameters resulting from training
- Output/Deliverables: AI-generated content, predictions
- Improvements: Enhancements to pre-existing IP
Sample IP Ownership Clause
Standard IP Allocation (Vendor-Favorable)
INTELLECTUAL PROPERTY
a) Pre-existing IP. Each party retains all right, title, and
interest in its Pre-existing IP.
b) Vendor IP. As between the parties, Vendor owns all right,
title, and interest in: (i) the AI Model, including all
algorithms, architectures, and trained parameters; (ii)
any improvements or modifications to the AI Model; and
(iii) any derivative works based on the AI Model.
c) Customer Data. Customer retains all right, title, and
interest in Customer Data provided to Vendor for
processing by the AI Model.
d) Outputs. Customer owns outputs generated by the AI Model
using Customer Data, subject to Vendor's ownership of
the underlying AI Model.
e) Training Rights. Customer grants Vendor a non-exclusive,
royalty-free license to use Customer Data to improve the
AI Model, subject to appropriate anonymization.
Negotiation Point
Training rights clause (e) is controversial. Customers may object to their data improving vendor's general model. Consider: (1) Opt-out provisions, (2) Anonymization requirements, (3) Exclusion of confidential data, (4) Separate pricing for training opt-out.
Customer-Favorable Alternative
IP Allocation (Customer-Favorable)
INTELLECTUAL PROPERTY
d) Outputs. Customer owns all outputs generated by the AI
Model, including all intellectual property rights therein,
free and clear of any claims by Vendor.
e) Training Rights. Vendor shall not use Customer Data for
any purpose other than providing Services to Customer.
Vendor shall not use Customer Data to train, improve, or
develop any AI model or product for the benefit of any
third party.
7.3 Warranties & Performance Standards
AI warranties require careful drafting given the probabilistic nature of AI outputs. Absolute performance guarantees are typically inappropriate.
AI-Specific Warranty Considerations
- Accuracy Limitations: AI cannot guarantee 100% accuracy
- Data Dependency: Performance depends on input data quality
- Evolving Performance: AI may drift or degrade over time
- Use Case Specificity: AI trained for one context may fail in another
Sample AI Performance Warranty
Performance Warranty (Balanced)
PERFORMANCE WARRANTY
a) Vendor warrants that, when used in accordance with the
Documentation, the AI Model shall achieve the Performance
Metrics specified in Schedule A.
b) Performance Metrics shall be measured on a [monthly] basis
using data representative of Customer's production use case.
c) If the AI Model fails to meet Performance Metrics for
[two consecutive months], Customer may: (i) require Vendor
to implement remediation measures at no additional cost; or
(ii) terminate this Agreement and receive a pro-rata refund
of prepaid fees.
d) LIMITATION: This warranty does not apply to: (i) performance
degradation caused by Customer Data quality issues; (ii) use
of the AI Model outside the Permitted Use Case; (iii)
modifications made by Customer; or (iv) force majeure events.
Performance Metrics (Schedule A Example)
| Metric | Target | Measurement Method |
|---|---|---|
| Accuracy | >= 95% on test dataset | Monthly evaluation on holdout set |
| Latency | <= 200ms (p99) | API response time monitoring |
| Uptime | >= 99.5% | Service availability monitoring |
| False Positive Rate | <= 5% | Monthly sampling review |
Practice Advisory
Never warrant that AI will be "error-free" or achieve "perfect" accuracy. Instead, specify measurable performance benchmarks with clear testing methodology. Include exclusions for data quality issues and misuse.
7.4 Liability & Indemnification
AI-specific liability clauses must address unique risks including algorithmic decisions, bias, and regulatory non-compliance.
AI Liability Allocation Matrix
| Risk | Vendor Liable | Customer Liable | Shared |
|---|---|---|---|
| AI defects in design | Yes | - | - |
| Customer data quality issues | - | Yes | - |
| Algorithmic bias | Pre-existing bias | Deployment context | Often shared |
| Regulatory compliance | General capability | Use case compliance | Often shared |
| IP infringement in outputs | Training data issues | Prompt-induced issues | Complex allocation |
Sample Liability Limitation
Limitation of Liability
LIMITATION OF LIABILITY
a) EXCLUSION OF CONSEQUENTIAL DAMAGES. NEITHER PARTY SHALL
BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL,
CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF
PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITY.
b) LIABILITY CAP. EXCEPT FOR EXCLUDED CLAIMS, EACH PARTY'S
TOTAL LIABILITY SHALL NOT EXCEED THE GREATER OF: (i) THE
FEES PAID BY CUSTOMER IN THE 12 MONTHS PRECEDING THE
CLAIM; OR (ii) [INR X LAKHS].
c) EXCLUDED CLAIMS. The limitations in (a) and (b) shall not
apply to: (i) breaches of confidentiality obligations;
(ii) IP infringement indemnification; (iii) gross
negligence or willful misconduct; (iv) personal injury
or death; (v) violation of applicable data protection laws.
d) AI-SPECIFIC CARVE-OUT. Customer acknowledges that AI
outputs are probabilistic and may contain errors. Vendor's
liability for AI output inaccuracies shall be limited to
the remedies specified in the Performance Warranty section.
Sample AI Indemnification
AI Indemnification
INDEMNIFICATION
a) Vendor Indemnification. Vendor shall indemnify Customer
against claims that the AI Model infringes any third-party
intellectual property rights, provided that Vendor shall
have no obligation for claims arising from: (i) Customer's
modifications to the AI Model; (ii) use of the AI Model
in combination with non-Vendor technology; (iii) Customer
Data or Customer prompts.
b) Customer Indemnification. Customer shall indemnify Vendor
against claims arising from: (i) Customer Data; (ii)
Customer's use of AI outputs; (iii) Customer's failure to
comply with applicable laws regarding AI deployment.
7.5 Data Processing & Security
AI contracts must address data handling comprehensively, particularly given DPDPA requirements and the data-intensive nature of AI.
Data Processing Addendum Requirements
- Processing Instructions: Clear scope of permitted data processing
- Sub-processors: Requirements for engaging sub-processors
- Security Measures: Technical and organizational measures
- Breach Notification: Timelines and procedures for incidents
- Data Localization: Storage location requirements
- Return/Deletion: Data handling upon termination
- Audit Rights: Customer's right to verify compliance
AI-Specific Data Provisions
AI Data Processing
AI DATA PROCESSING
a) Processing Purpose. Vendor shall process Customer Data
solely for the purpose of providing AI Services and
shall not use Customer Data for: (i) training general
models; (ii) benchmarking; (iii) any purpose benefiting
third parties; unless expressly authorized in writing.
b) Model Isolation. Customer's AI model instance shall be
logically isolated from other customers. Customer Data
shall not be commingled with data from other customers.
c) Output Data. AI outputs generated from Customer Data
shall be treated as Customer Confidential Information
and subject to the same protections as Customer Data.
d) De-identification. If Vendor requests use of Customer
Data for model improvement, such data must be
de-identified in accordance with DPDPA standards prior
to any such use.
DPDPA Compliance
AI vendors processing personal data are Data Processors under DPDPA. Contracts must include: processing only on instructions, security obligations, sub-processor restrictions, audit rights, and data return/deletion provisions.
Security Standards
- Encryption: At-rest and in-transit encryption standards
- Access Controls: Role-based access, MFA requirements
- Audit Logging: Comprehensive logging of AI operations
- Vulnerability Management: Regular testing, patching timelines
- Certifications: ISO 27001, SOC 2, DPDPA compliance audits
Key Takeaways
- AI contracts include SaaS, licensing, development, data licensing, consulting types
- IP Ownership: Clearly allocate rights to pre-existing IP, model, outputs, and training rights
- Warranties: Specify measurable performance metrics, not absolute guarantees
- Liability: AI-specific carve-outs for probabilistic outputs, shared bias responsibility
- Indemnification: Vendor covers model IP infringement; customer covers data and use
- Data Processing: DPDPA-compliant DPA, model isolation, training rights restrictions
- Include clear remedies: performance credits, termination rights, refund provisions
- Document acceptable use policies for AI to limit misuse liability