Traditional confidentiality clauses and non-disclosure agreements ("NDAs") were designed for human-to-human exchanges of sensitive information. But as artificial intelligence (AI) begins to play a central role in business operations, these types of agreements need a fresh approach.
A key consideration is whether using AI to store, process, or analyse confidential data counts as a "disclosure"? NDAs generally state that the disclosing party may not disclose the confidential information to any other person, where "person" is often defined as a natural or juristic person. Such NDA does not cover the disclosure of confidential information to AI systems. There's a real risk that data used for training or refining an AI model could be accessed or reused beyond the original intent.
Another concern is the definition of "confidential information." Traditional definitions may not cover AI-generated outputs, such as summaries or patterns based on the original data. Many questions arise. Are these outputs still protected if they appear anonymised or abstract? What if they can be reverse-engineered to reveal sensitive details?
What about the destruction or return of data on termination? Will this be possible if the data has been integrated into an AI system? Unlike humans, AI does not forget data, and it may be impossible to segregate the data from the AI system on termination.
To manage these risks, NDAs should:
- Define more clearly to whom confidential information can be disclosed. Make it clear that "any other person" includes AI systems.
- Define "disclosure" to include AI processing, storage, and analysis.
- Clarify whether and how AI systems (internal or external) may handle confidential data.
- Require AI providers to guarantee that data won't be used for training or retained beyond agreed-upon purposes.
- Specify standards for data security, use, and access.
As AI continues to reshape how businesses operate, standard confidentiality language is no longer enough. Tailoring NDAs to address AI-specific risks can help protect sensitive information and prevent disputes, while still allowing businesses to innovate responsibly.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
