AI Vendor Agreement Clauses: What In-House Counsel Must Negotiate Before Signing
AI vendor contracts shift risk in ways standard SaaS templates don't cover. Five clauses in-house counsel must negotiate: training data, output IP, hallucination liability, model deprecation, and indemnification gaps.
Why Standard SaaS Templates Fail for AI Procurement
Every company is procuring AI tools, but most are signing vendor templates drafted by the AI company's counsel. That is a problem, because standard SaaS vendor agreements were built for deterministic software—products where the output is predictable, the data handling is straightforward, and the IP ownership chain is clear. AI tools break every one of those assumptions.
AI vendors issue terms that shift risk to buyers in ways traditional software contracts do not. They train on customer data by default, assign output IP with qualifiers that may convey nothing, disclaim liability for hallucinated outputs, reserve the right to deprecate models on short notice, and offer indemnification programs that cover incoming IP claims but not the buyer's inability to enforce outputs as assets. When in-house counsel treat an AI procurement like a standard SaaS renewal, they miss the clauses that matter most.
We have written about IP ownership of AI-generated work product and about the eight clauses your old vendor template is missing. This article goes deeper into the specific provisions that in-house counsel must negotiate when procuring AI tools and services, with attention to the legal and regulatory landscape that now makes these clauses compliance prerequisites—not just commercial preferences.
Training Data Restrictions: The Default You Must Flip
Most AI vendor agreements default to using customer prompts, uploads, and outputs to improve the vendor's models. For consumer-facing products, this may be acceptable. For enterprise procurement, it is a non-starter. If your vendor can train on your proprietary data, your confidential business information, trade secrets, and customer data may become embedded in a model that the vendor serves to your competitors.
The fix is to negotiate an explicit prohibition on training. The contract should state that the vendor will not use customer data—including prompts, uploads, generated outputs, and metadata—to train, fine-tune, improve, or evaluate any model, whether the vendor's own models or third-party models. This prohibition should survive termination. Some vendors, including OpenAI, offer enterprise tiers that do not use API data for training by default, but the contract must reflect this commitment in writing—not in a marketing page that can change. OpenAI's enterprise privacy commitments are published on their website, but the binding obligation belongs in your services agreement or DPA.
For regulated industries, training restrictions are not just commercial—they are compliance obligations. Under HIPAA, for example, using protected health information to train a vendor's model without proper authorization can constitute an impermissible use and disclosure. We have analyzed this intersection in our HIPAA and AI training analysis. The vendor's data-handling terms are the mechanism through which your regulatory obligations flow to the vendor, so they must be airtight.
Output IP Ownership: The "If Any" Problem
AI vendor agreements typically include language assigning the customer "all right, title, and interest, if any, in and to the outputs." The phrase "if any" is doing heavy lifting. Under current U.S. copyright law, works generated entirely by AI without sufficient human authorship may not be copyrightable at all.
In Thaler v. Perlmutter, the D.C. Circuit affirmed in March 2025 that the Copyright Act requires human authorship. The court held that "the Copyright Act itself requires human authorship" and declined to reach the constitutional question. The U.S. Supreme Court subsequently denied certiorari in March 2026, leaving the D.C. Circuit's ruling intact. This means that when an AI tool generates output with minimal human creative direction, there may be no copyright to assign—regardless of what the vendor's contract says.
In-house counsel should negotiate for more than a rote IP assignment. The contract should address what happens when outputs are not protectable: Does the vendor grant a perpetual, irrevocable license to use, modify, and distribute the outputs regardless of IP status? Does the vendor warrant that it has the rights necessary to grant this license? Who bears the risk if a third party claims that AI outputs infringe their copyrighted training material? We cover the IP ownership framework in more detail in our AI work product IP ownership guide, but the procurement contract is where these protections must be locked in.
Hallucination Liability: Who Bears the Risk of Wrong Answers
AI tools hallucinate—generating plausible but false information. Microsoft's own Copilot Terms of Use acknowledge this directly: "Copilot tries to give you good answers, but it can make mistakes. Sometimes, the sources Copilot uses may not be reliable, relevant, or accurate, and sometimes, Copilot may give you wrong information." Courts are encountering hallucinated content with increasing frequency, as documented in cases where attorneys have submitted AI-generated briefs containing fabricated citations.
Vendor agreements uniformly disclaim liability for hallucinated outputs. The typical provision states that the vendor does not warrant accuracy, completeness, or fitness for a particular purpose. For most SaaS contracts, a warranty disclaimer for output accuracy is standard. For AI tools deployed in contexts where errors carry legal or financial consequences—contract analysis, regulatory compliance, medical coding, financial reporting—this disclaimer shifts a risk that the vendor is better positioned to manage onto the buyer.
In-house counsel should push for representations tied to the vendor's own accuracy benchmarks, coupled with remedies that go beyond mere contract termination. At minimum, the contract should require the vendor to disclose known failure modes, provide mechanisms for prompt-level feedback, and maintain a documented process for addressing systemic hallucination issues. For high-risk use cases, consider negotiating service-level commitments tied to accuracy metrics, or at least requiring the vendor to indemnify against damages caused by demonstrably false outputs that no reasonable user would rely on absent the vendor's representations.
Model Deprecation Risk: The Vendor Can Walk Away
Standard SaaS contracts include service-level commitments and termination notice periods measured in months. AI vendor agreements routinely reserve the right to modify, suspend, or deprecate models on much shorter notice—and sometimes with no notice at all. This is not a theoretical risk. It has happened repeatedly:
- OpenAI's June 2024 country blocks: OpenAI announced it would block API traffic from countries and territories it does not support, effective July 9, 2024. Companies with operations in affected regions lost API access with approximately two weeks' notice. (The Register)
- Anthropic's Windsurf cutoff (June 2025): Anthropic significantly reduced Windsurf's direct access to Claude models with minimal notice. Windsurf's CEO publicly stated the company received "little notice" and was "disappointed by this decision and short notice." (TechCrunch)
- Anthropic's April 2026 multi-account revocation: Anthropic blocked third-party tools from using Claude subscription-based access, forcing tools that relied on subscription authentication to either obtain direct API agreements or lose service. (Fusion94)
For in-house counsel, the lesson is that AI vendors treat model access as a discretionary service, not a contracted commitment. Your agreement should require minimum notice periods for model deprecation (we recommend 180 days for enterprise agreements), transition assistance including API compatibility support, data portability commitments so you can migrate to alternative providers, and prorated refunds for prepaid terms if the vendor discontinues the model you procured. We discuss the M&A implications of these access risks in our AI M&A due diligence checklist, where unilateral API revocation is a recurring diligence finding.
Indemnification Gaps: Incoming vs. Outgoing Claims
Most AI vendor indemnification programs cover one direction: incoming IP claims. If a third party sues your company because the AI tool's output allegedly infringes their copyright, the vendor will defend you. Microsoft's Customer Copyright Commitment is the most prominent example. Under the CCC, Microsoft will defend customers and pay adverse judgments or settlements arising from copyright claims related to the use of covered Copilot services and Azure OpenAI outputs—but only if the customer implemented all required mitigations, including content filters, metaprompts, and testing protocols. Microsoft described this commitment as extending their existing IP indemnification to copyright claims, stating: "if a third party sues a commercial customer for copyright infringement for using Microsoft's Copilots or the output they generate, we will defend the customer and pay the amount of any adverse judgments or settlements."
The gap is the other direction. No major AI vendor indemnifies against the buyer's inability to enforce outputs as assets. If you build a product incorporating AI-generated code, marketing copy, or design assets, and you cannot register copyright because the output lacks sufficient human authorship under Thaler v. Perlmutter, the vendor bears no liability. Your investment in AI-assisted work product may produce assets you cannot protect against copying by competitors.
In-house counsel should negotiate to close this gap or at least narrow it. Options include requiring the vendor to warrant that outputs will contain sufficient human-authored elements to be copyrightable when the customer provides substantive creative direction, or securing a broad license from the vendor to the vendor's own IP rights in model outputs that would survive even if copyright does not attach to the outputs themselves.
Regulatory Flow-Through: Why Vendor Terms Are Now Compliance Obligations
AI regulations increasingly impose obligations on the deploying company—the buyer—not just the vendor. This means vendor data-handling terms are no longer purely commercial; they are compliance prerequisites.
TRAIGA (Texas Responsible AI Governance Act): Effective January 1, 2026, TRAIGA imposes obligations on developers and deployers of AI systems in Texas. If your vendor's data handling does not support your compliance posture, your company—not the vendor—bears the regulatory risk. We analyze TRAIGA's requirements in our TRAIGA compliance guide.
EU AI Act Article 26: The EU AI Act imposes direct obligations on deployers of high-risk AI systems, including conducting fundamental rights impact assessments, human oversight requirements, and logging obligations. These duties cannot be fully delegated to the vendor; the deploying company remains accountable. The vendor's data handling, transparency disclosures, and documentation must support the deployer's compliance, or the deployer faces enforcement risk. (EU AI Act Article 26)
The practical implication is that in-house counsel must review AI vendor agreements through a compliance lens. The vendor's terms are the pipeline through which your regulatory obligations either get met or get broken. If the vendor's DPA does not include the right subprocessor disclosures, data residency commitments, or transparency documentation, your company may be non-compliant regardless of what you do internally.
Key Implications for Practice
AI vendor procurement requires in-house counsel to move beyond standard SaaS contract review and into a new negotiation framework. The five clauses we have examined—training data restrictions, output IP ownership, hallucination liability, model deprecation risk, and indemnification gaps—represent the minimum scope of issues that a competent AI vendor review must address.
For each clause, the practical steps are as follows:
- Training data: Negotiate an explicit, survivable prohibition on using customer data for any training, fine-tuning, or model improvement purpose. Verify the prohibition in the contract—not in a privacy FAQ.
- Output IP: Do not accept "if any" language without understanding what you get when copyright does not attach. Negotiate for a broad license that operates regardless of IP status, and address the vendor's warranty regarding its own rights in model outputs.
- Hallucination liability: For high-risk use cases, negotiate accuracy representations, disclosure of known failure modes, and remedies beyond termination. Document your own review and verification processes to manage residual risk.
- Model deprecation: Require minimum notice periods, transition assistance, data portability, and prorated refunds. Map your vendor dependencies and identify fallback providers before you need them.
- Indemnification: Push for coverage of outgoing IP claims—your inability to enforce outputs as assets. Where vendors will not concede, ensure the contract does not affirmatively disclaim this risk without disclosure to business stakeholders.
- Regulatory compliance: Audit vendor terms against TRAIGA, EU AI Act, and other applicable regulatory frameworks. The vendor's data handling is your compliance pipeline. If it fails, you fail.
The companies that negotiate these clauses effectively will build AI procurement processes that protect their data, their IP, and their regulatory posture. The companies that sign vendor templates will discover the gaps only when something goes wrong—at which point the contract they signed will have already allocated the risk to them.