Key clauses to craft a strong AI Addendum

As artificial intelligence becomes a core component of vendor offerings, organizations must ensure their contracts keep pace with the unique risks and opportunities AI introduces. An AI addendum is a must-have for safeguarding data, especially for vendor contracts coming up on renewal. Here are six essential clauses every AI addendum should include:

1. Require Prior Consent for AI Features

Vendors should not introduce or make AI features available without explicit customer approval. Customers must retain decision-making authority over the use of AI, even when vendors introduce new features after the contract is signed. Requiring explicit approval also creates an opportunity for organizations to evaluate the compliance and security measures of proposed AI features before they are deployed.

• Pro-Customer Clause: Vendor shall not incorporate, use, or make AI features available in the performance of the Services or in any deliverables provided to Customer without obtaining Customer's prior written consent.

2. Define Data Ownership and Usage Rights

Customer should retain ownershyip of all data provided to or generated by AI systems. This language provides customers with leverage in maintaining control over how their data and AI-generated outputs are used.

• Pro-Customer Clause: All data provided by Customer to Vendor (“Customer Data”) and all outputs generated by the AI system based on Customer Data (“Output Data”) are Customer’s Confidential Information. Vendor shall have no rights to use, disclose, or distribute Customer Data or Output Data except as necessary to provide the services under this Agreement.

• Pro-Vendor Clause: When customer uses Vendor AI, Output shall be customer Data. Customer is solely responsible for the development, content, operation, maintenance, use, and dissemination of its Inputs and Data.

3. Prohibit Model Training with Customer Data

Customers should prevent vendors from using customer data to train or improve their AI models unless explicitly agreed. This clause protects proprietary and sensitive data from being inadvertently leveraged for vendor benefit or shared with other clients. It also ensures compliance with ethical data usage standards, particularly for industries that handle regulated or confidential information.

• Pro-Customer Clause: Vendor shall not use any Customer Data to train, improve, or modify its AI models or to benefit third parties.

• Pro-Vendor Clause: Customer may not use an AI/ML Feature (a) to develop its own artificial intelligence products, services, features, or technology, or any machine learning models or technology.

4. Mandate Compliance with Applicable Laws

The contract should require vendors to adhere to all relevant data protection laws, as well as industry standards. Because innovation in AI is outpacing legal guardrails, compliance with industry best practices is crucial in addition to compliance with laws.

• Pro-Customer Clause: Vendor must regularly monitor and assess the AI features for accuracy and reliability, ensuring compliance with all applicable laws and adherence to industry practices.

• Pro-Vendor Clause: Each party shall comply with its obligations under Applicable Data Protection Law, and this Addendum, when processing personal data.

5. Ensure Responsible and Ethical AI Use

Vendors should demonstrate transparency, mitigate bias, and maintain fairness in their AI implementations. The customer shouldn’t be the one party on the hook for developing internal AI policies, especially when the vendor has control over the algorithms used. This clause ensures vendors uphold standards that align with customer values, while mitigating risks such as bias and unfair decision-making.

• Pro-Customer Clause: Vendor shall implement and maintain policies for the ethical and responsible use of AI features. These policies must promote transparency, mitigate bias, and ensure fairness and accountability in all applications of AI features under this Agreement.

• Pro-Vendor Clause: You acknowledge that you are solely responsible for (i) developing your own internal policies regarding the appropriate use of these technologies and training other users on your account on such policies.

6. Set Limitations of Liability for AI Outputs

Vendor should be responsible for errors or issues arising from AI-generated outputs. This clause provides protection for customers by holding vendors accountable for errors or damages caused by AI-generated outputs. It also reinforces the importance of accuracy and reliability in AI systems, reducing potential reputational and legal risks.

• Pro-Customer Clause: Vendor shall indemnify, defend, and hold harmless Customer from any claims, damages, or losses arising out of or related to Vendor's breach of this Agreement, including any data breaches or violations of intellectual property rights.

• Pro-Vendor Clause: Vendor AI Output that appear(s) accurate because of its detail or specificity may still contain material inaccuracies.

Why These Clauses Matter

An AI addendum isn't just about mitigating risks—it's about enabling trust and collaboration. By proactively addressing AI-specific concerns, you can ensure a strong foundation for using AI responsibly.