Procuring AI Technology: Vendor Contracts

Artificial intelligence (AI) is becoming an essential tool for businesses, offering automation, improved decision-making, and efficiency gains. However, acquiring AI solutions is different from purchasing traditional software. AI systems evolve, require vast amounts of data, and introduce unique risks, including regulatory compliance, liability concerns, and data protection challenges.

Businesses in Europe and Switzerland must carefully assess vendor contracts to ensure they are not exposed to unnecessary legal and operational risks. This article outlines the essential matters that businesses should consider when procuring AI solutions.

Due Diligence Considerations

Before entering into any contractual agreement, businesses should thoroughly assess potential AI vendors. A well-structured due diligence process helps identify risks before they become contractual disputes.

Assessing a vendor starts with understanding their track record. Businesses should investigate the vendor’s reputation, past deployments, and any history of regulatory infractions. References from other clients, independent reviews, and case studies can offer insight into the vendor’s reliability.

Beyond the vendor itself, it is critical to examine the AI model being offered. Businesses should determine whether the AI system is proprietary, built using third-party models, or open source. If third-party components are involved, businesses need to understand how external licensing terms may impact on their rights and obligations. Additionally, vendors should provide transparency regarding the sources of training data and whether the data collection methods comply with copyright and data protection laws.

AI Solutions and Performance Expectations

Contracts with AI technology vendors should clearly outline what the system is intended to do, how it will perform, and the business objectives it must support. Since AI performance is not static, businesses need assurances that the system will continue to meet expectations over time.

The agreement should define the scope of AI functionality, ensuring that both parties agree on what the system will and will not do. Performance expectations should include accuracy benchmarks, error tolerance, and obligations for regular updates and improvements. If the vendor retains the right to modify the AI model, businesses should require assurances that updates will not negatively impact performance.

Data and Security

Vendor contracts should clearly define data ownership. Businesses need to establish whether they retain control over their data or if vendors claim the right to use it for training purposes. If vendors are permitted to use business data, contracts should include strict limitations on how data can be used and stored.

Security obligations should also be addressed. This may include such matters as where data is stored, who has access to it, and what measures are in place to prevent breaches. Vendors should provide details on encryption, access controls, and compliance certifications. Additionally, contracts should outline a clear procedure for data deletion at the end of the business relationship, ensuring that the vendor does not retain confidential information.

Managing Liability and Risk Allocation

AI contracts must address who is responsible if the system malfunctions, produces incorrect results, or causes harm. Vendors often seek to limit their liability, but businesses must ensure they are adequately protected from AI-related failures.

Liability provisions should specify whether the vendor is responsible for errors caused by the AI system. If an AI tool generates misleading outputs, businesses should not be left bearing the financial and reputational consequences. Contracts should also include indemnification clauses that require the vendor to cover legal costs if third parties bring claims related to AI failures.

Many AI vendors impose liability caps, restricting the amount they will pay in the event of a failure. Businesses should carefully assess whether these caps are reasonable, particularly if the AI system is being used for high-risk operations. If an AI tool is involved in critical decision-making, such as healthcare diagnostics or financial assessments, liability provisions must be more robust.

Ensuring Transparency and Ongoing Compliance

AI regulations are evolving, and businesses must ensure that their vendor agreements allow them to adapt to new legal requirements. Contracts should grant businesses the right to conduct audits, review AI decision-making processes, and verify compliance with artificial intelligence regulations.

Compliance obligations should extend beyond contract signing. Vendors should commit to updating their AI solutions to meet new regulatory requirements and provide businesses with the necessary tools to remain compliant.

Take Action

Procuring AI technology requires businesses to be proactive in managing risk. Unlike traditional software agreements, AI contracts must address evolving performance, data security, regulatory compliance, and liability concerns. Businesses should not assume that vendor-provided contracts are fair or sufficient – they must actively negotiate terms that protect their interests.

A strong AI procurement agreement ensures businesses retain control over their data, limit liability exposure, and comply with AI regulations. In the next article, we will explore how to negotiate AI vendor contracts effectively, ensuring businesses get terms that are commercially viable and legally sound. And if you’d like discuss your AI procurement contracts, book a complimentary 20-minute call with our expert legal team today.

Image by vectorjuice on Freepik