The rapid expansion in the development and deployment of AI tools over the past year, particularly within Software as a Service (SaaS) platforms, has been extraordinary. Businesses are eager to leverage the potential competitive advantages offered by these cutting-edge AI technologies. However, AI based technologies and their integration into SaaS platforms pose certain risks and carry significant legal implications. While integration of AI technologies into SaaS platforms does not necessitate a complete revision of standard SaaS contractual frameworks, it does require careful attention to existing contractual provisions to effectively address and mitigate emerging risks and legal complexities. Below is a non-exhaustive list of critical issues that warrant careful consideration when drafting SaaS agreements which involve integration of AI technologies into SaaS platforms.
Intellectual property ownership rights and license rights
In standard SaaS agreements, customers retain ownership rights in the data they upload to the SaaS platform (input) and in any reports or other outputs derived from the input data and from their use of the SaaS platform (output); while the SaaS platform supplier retains ownership of the SaaS platform itself. Additionally, standard SaaS agreements often grant the supplier the right to collect and utilize certain information (mainly non-identifiable information, aggregated and analytics information) derived from the services and the input data, for the purpose of providing and improving the supplier's programs and services.
In the context of SaaS agreements involving AI, there are notable distinctions in this respect. For example, as AI relies heavily on data for training and improving algorithms, then one difference pertains to the SaaS supplier's desire to utilize customer input data and resulting outputs for training AI models and for machine learning. The agreement should explicitly address whether the supplier is permitted to use customer input data and resulting outputs for such purposes. This is essential for improving algorithms and output accuracy not only for the customer but also for other users of the SaaS platform. Customers may express concerns, as their input and resulting outputs — potentially containing confidential or proprietary information as well as personal data — could become outputs and be exposed to other platform customers. Consequently, some customers may expressly prohibit the use of their input and resulting outputs for AI training and machine learning, and it is highly important to preemptively draft the relevant clauses in the SaaS agreement to reflect the supplier’s needs, while addressing and mitigating clients’ potential concerns. Other mitigating factors may also be introduced, such as explicit limitations on the use of relevant input and implementation of relevant anonymization techniques.
Another significant consideration in SaaS agreements involving AI is the ownership of output. The legal landscape surrounding the eligibility of AI-generated content for copyright protection is still evolving (among others, due to the absence of human authorship) and may vary across jurisdictions. Therefore, parties should carefully consider the evolving legal framework related to the ownership and protection of output data when drafting SaaS agreements involving AI. Even if the parties contractually agree that as between the parties and to the extent permitted by applicable law, the customer retains ownership rights in the output, it is important to emphasize that due to the nature of AI technologies, certain output which result from AI processing of inputs may not be unique and other customers may receive similar output from the services. In addition, certain outputs may not necessarily be assignable to the customers, as these may be based on third party materials. Therefore, any intellectual property arrangements should be clearly defined in the agreement to address these matters as well (including by providing applicable disclaimers regarding the output).
Privacy and Cybersecurity
As noted above, customers are likely to be concerned about use of their inputs for machine learning and training AI models, and such concerns are even more likely to arise where personal data is concerned, due to the inherent sensitive nature and the restrictive regulatory framework that applies to personal data.
Furthermore, we note that AI technologies are likely to be used in many cases to support automated decision-making processes, where the logic and algorithms behind such decisions are not always entirely clear or transparent. In light of the above, it is recommended that SaaS agreements and their related data processing addendums address the parties’ rights and obligations with respect to the processing of personal data via AI, and include appropriate disclaimers and disclosures to reflect adequate transparency, particularly where automated decision making is involved, while considering legal, technical, and commercial feasibility. Such disclosures may also be essential for obtaining necessary consents from affected data subjects or facilitating opt-out rights. It is crucial that such disclosures strike a balance between transparency requirements and safeguarding proprietary information, ensuring compliance without compromising the supplier’s competitive advantage or violating contractual commitments.
In addition, it is prudent to stay abreast of emerging regulations concerning AI, like the forthcoming EU AI Act. By remaining proactive in addressing compliance, SaaS providers can minimize risks and enhance client confidence in their services.
Disclaimers and Liability
In addition to standard disclaimers and warranties, SaaS agreements involving AI are likely to include additional provisions which relate to AI specific risks resulting from AI technologies’ dynamic and evolving nature, including disclaimers concerning outputs’ potential inaccuracies and the need for customers to encourage employing human review as necessary before utilizing or sharing the output from the services, especially when using AI based outputs for making decisions concerning credit, education, employment, housing, insurance, legal matters, medical treatment, or other critical aspects which may affect individuals. As such, the parties must carefully consider and negotiate these provisions to address the unique risks associated with AI usage, ensuring clarity and accountability in their contractual arrangements.
In addition, in agreements involving AI technologies, the standard indemnification and liability provisions typically discussed during negotiations for entering into SaaS agreements, such as those concerning non-infringement of third-party intellectual property rights and privacy and security matters, may require careful attention due to the unique risks associated with AI usage within the SaaS framework, such as those which are discussed above. Particularly, when a SaaS supplier incorporates third-party AI tools, it is advisable to ensure 'back-to-back' liability regarding the representations and indemnification obligations from the provider of the AI tools. It is important to note that while some large LLMs offer indemnification in specific cases, the enforceability of such indemnification has not been tested in court, making it challenging to assess its reliability. Therefore, it becomes paramount for both parties to thoroughly review and negotiate these clauses to ensure they effectively address the unique risks associated with AI usage within the SaaS framework.
Summary
In conclusion, navigating SaaS agreements involving AI requires careful consideration of various issues, such as ownership rights, warranties, privacy, security, indemnification and regulatory compliance. By addressing these concerns proactively and collaboratively, businesses can maximize the benefits of AI technology while mitigating associated risks. Should you have any questions or require assistance with reviewing or negotiating SaaS agreements, please do not hesitate to contact us.