Guidelines For Navigating AI Clauses In Contracts: Key Considerations For Modern M&A Deals

Everyone wants simple, clearly written and short contracts. The problem is every clause was forged on the anvil of litigation. Now your contracts must include how to deal with AI, or AI will deal with you as it sees fit, which you may not like.

While changes to contract clauses have been informed on artificial intelligence (AI) for years, many agreements we review at Buckley Law P.C. still lack the basic understanding of the risks. Why? Most clauses specify human actors are involved, non-human contract performers are an afterthought. For example, one transaction needing a fresh look involves merger, asset and debt acquisition (M&A). In the M&A space, companies combining or transferring assets and debts are thinking about business as usual where derivative works are enabled by AI, undermining the asset or making debt collection probabilities lower. This changes the equation as court decisions increasingly show limited liability entities and individuals can own intellectual property, but AI or agent thereof, cannot. Who holds title? Who is liable? Most companies have upped their intellectual property game but not their artificial intelligence game. The intent in these guidelines are to fill some gaps and flag some issues that merit principal-level discussion.

In artificial intelligence, contracts—particularly in mergers, acquisitions, and technology licensing—must evolve to address the unique risks and opportunities AI presents. As AI integrates deeper into business operations, drafting clauses that clearly define and govern AI-related elements becomes essential. This isn't just about compliance; it's about protecting intellectual property, ensuring ethical use, and mitigating potential liabilities. And collecting accounts receivable. For example, reverse engineering prohibitions will no longer be the reliable clause of the past as they assume contracting party lead agency. Below, I explore the critical “what” aspects to consider when incorporating AI provisions into contracts, drawing from common frameworks seen in sophisticated agreements.

1.0 Defining the Scope: Core AI Terminology

At the heart of any effective AI clause are precise definitions that set the boundaries for discussion and obligation. Without them, ambiguity can lead to disputes over what constitutes AI in the context of the deal.

• AI Technology. This encompasses a broad spectrum, including machine learning, deep learning, statistical algorithms, models like large language models, neural networks, and associated software or hardware. Defining this ensures all parties understand the technologies in play, from foundational tools to specialized implementations. IP, data privacy and cybersecurity risk reduction rests specifically on the type of “AI” used for a given technology set.
• Business AI Products. These refer to the company's offerings—whether currently available, licensed, sold, or under development—that incorporate AI. Identifying these products upfront highlights their value and potential risks in the business transfer or partnership. Your insurance underwriter wants to know product information in particular to get competitive rates.
• Generative AI Tools. Specifically, these are AI systems that create content such as text, images, video, audio, or code based on user prompts. Singling them out is crucial because they introduce unique challenges around originality, ownership, and ethical generation. The public relations implications can be great. This is the source of much contemporary litigation.

These basic definitions form the foundation, ensuring that subsequent clauses apply consistently and comprehensively to the AI elements involved. The list is not exhaustive.

2.0 Disclosure and Inventory of AI Assets

A key provision often requires a complete inventory of AI-related assets. This might include a schedule listing all Business AI Products and any Generative AI Tools used in operations. Such transparency is vital for buyers or partners to assess the AI portfolio's maturity, dependencies, and potential integration issues. It provides a snapshot of what's being transferred or licensed, helping to value the deal accurately and identify any gaps in the AI ecosystem – that system involving training data sets, model architecture, developers and end user, among others.

3.0 Data Handling and Compliance in AI Development

Contracts should address the legitimacy of data used in AI systems. This includes confirming that all necessary licenses, consents, permissions, notices, and disclosures have been obtained under applicable laws for collecting and using Training Data (data for developing or refining AI), third party data, and AI Inputs (prompts or materials fed into AI systems). Answering this question in the due diligence cycle is imperative to avoid much litigation.

Additionally, restrictions on using trade secrets, privileged communications, or confidential information as inputs into third-party AI tools are important, unless the third party agrees in writing to limit its use solely to benefiting the business – in writing. This safeguards proprietary or privileged information from unintended exposure or exploitation, preserving competitive advantages. Remember, dropping work product related to attorney-client privilege, healthcare information and trade secrets into an AI LLM will waive any privilege. Do the organizations have an AI policy?

• Protecting Proprietary Intellectual Property (IP) from AI Influence: AI Contamination.  To maintain control over intellectual property, clauses often prohibit the use of Generative AI Tools in developing material IP intended to remain proprietary, such as Business AI Products or other assets. This is particularly relevant where such use could impact ownership, rights, or the validity, enforceability or any combination of IP (e.g., copyrightability or patentability). Ensuring no external AI contamination in proprietary development helps avoid challenges to IP integrity and supports stronger legal protections.
• Policies and Procedures for Responsible AI Use. We spend a lot of time drafting policies for business firms, nonprofits, law firms and healthcare practices. Robust governance is another pillar. Contracts may affirm the implementation of policies and procedures aligned with industry standards for AI in business operations. These could cover:
  • Ethical and responsible AI deployment.
  • Promoting transparency and human interpretability in AI products.
  • Identifying and mitigating biases in AI products and training data.
  • Oversight and approval mechanisms for AI development and use, including Generative AI Tools – the “Human In The Loop” requirement.

Such assurances demonstrate a commitment to sustainable AI practices, reducing risks from regulatory scrutiny or ethical backlash.

4.0 Ongoing Compliance with Laws and Contracts.  Compliance representations are non-negotiable. This includes adherence to all use restrictions in licenses, contracts, terms of service, or other agreements related to AI Technology, Training Data, or AI Inputs. Equally important is compliance with laws governing the design, development, training, implementation, deployment, provision, or use of Business AI Products—by the seller and any third parties acting on its behalf. These elements ensure the AI operations are more legally sound, minimizing exposure to breaches that could derail a deal or invite penalties.

5.0 Litigation and Risk Disclosure. Disclosing any past or potential actions related to AI is critical. This might involve confirming no notices, claims, demands, inquiries, audits, investigations, or litigation have been pending or threatened regarding Business AI Products or AI use in the business over a specified period (unless disclosed in schedules). Full transparency here allows parties to evaluate litigation risks and allocate responsibilities accordingly.

6.0 Good AI Hygiene is Required to Get a Defensible Valuation. In an era where AI is transforming industries, overlooking these aspects in contracts can lead to unforeseen liabilities, IP disputes, asset loss, default, or regulatory hurdles. By focusing on clear definitions, disclosures, data protections, IP safeguards, governance, compliance, and risk transparency, contracts become more resilient. For professionals in strategic development, tech, law, or business development, understanding these “what” components isn't optional—it's a strategic imperative to preserve value, foster innovation while managing risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.