Checklist · AI & emerging risk
Buying an AI Tool: A Vendor Contract Risk Checklist
A standard SaaS template was not written for a tool that ingests your data, generates outputs you will rely on, and changes underneath you. This checklist covers the AI-specific terms that template misses — grouped by deal term, with what to look for and a typical ask for each. It is general information, not legal advice, and AI contracting norms are moving fast; treat the asks as starting positions and confirm specifics against current law and your own facts.
How to use this
Work through the eight terms below before signing an agreement for an AI tool or an AI-enabled service. Each adds something a conventional software contract does not contemplate, because conventional software does not train on what you feed it, does not generate text or decisions you act on, and does not silently change models between Tuesday and Thursday. The vendor’s base paper will usually be a SaaS template lightly dressed for AI; the gaps are predictable, and most of them favor the vendor by default.
Two framing points. First, none of this shifts your own legal duties. If the tool helps make an employment, credit, or other consequential decision, the obligations to verify, to avoid discrimination, and to be able to explain the decision remain yours — “the vendor’s algorithm did it” is not a defense. The contract allocates risk between you and the vendor; it does not absolve you to regulators, employees, or courts. Second, the two terms that move the most risk — whether the vendor trains on your data, and who indemnifies you when an output infringes IP — are precisely the two most often absent from the template. Pin both down in writing.
1. Outputs and intellectual property
Establish who owns what the tool produces, whether you can use it commercially, and whether your prompts and outputs are protected as your confidential information. Ownership of AI outputs is unsettled and varies by jurisdiction and by how the output was generated; do not assume the contract’s allocation matches what the law will recognize.
2. Your data and model training
This is the term most often defaulted against you. Many tools train or improve their models on customer inputs unless you opt out — sometimes that setting is on by default and buried in a referenced policy rather than the signed agreement. Get the answer in the contract, not a webpage the vendor can revise unilaterally.
3. IP-infringement indemnity
An AI output can reproduce protected material, and training data can carry infringement claims. If a third party sues because an output infringed a copyright, trademark, or patent, the question is who defends and pays. Several major vendors now offer some form of output-IP indemnity, but scope, conditions, and caps vary widely — read what is actually promised.
4. Accuracy, performance, and human oversight
AI vendors frequently disclaim all reliance — the tool is provided “as is,” outputs “may be inaccurate,” and you bear all consequences. Taken literally, a blanket no-reliance clause guts the value of a tool you are buying precisely to rely on. The goal is not a guarantee of perfection; it is representations and service levels honest enough to mean something, paired with a clear, written allocation of the human-review role.
5. Model changes and versioning
The model you evaluated may not be the model you use next quarter. Vendors update, swap, or deprecate underlying models routinely, and behavior can shift materially without any change to the interface. A tool you validated for a sensitive use can quietly become a different tool.
6. Transparency and auditability
For consequential outputs — especially employment, credit, insurance, and other regulated decisions — you may have to explain or defend an output. You cannot do that if the tool is a black box and the contract gives you no right to look inside.
7. Compliance support for decision tools
If the tool informs hiring, promotion, lending, or other regulated decisions, a growing body of law may require bias auditing, notice, validation, or accommodation — for example, frameworks discussed under NYC Local Law 144, Illinois’s automated-decision and video-interview statutes, the Colorado AI Act, the EU AI Act, and EEOC guidance. These vary by jurisdiction, and their scope, effective dates, and applicability are moving; confirm current status before relying on any of them. The vendor cannot discharge your obligations, but it should hand you the materials and cooperation you need to meet them. See AI in Hiring and Employment.
8. Exit
Plan the divorce while drafting the marriage. When the relationship ends, you want your data back in a usable form, confirmation it is gone from the vendor’s systems, and no operational hostage situation.
Quick reference
| Term | The AI-specific risk | Typical ask |
|---|---|---|
| Outputs and IP | Unclear ownership; outputs treated as vendor’s | You own or broadly license outputs; inputs and outputs are your confidential information |
| Data and training | Training on your data, often on by default | Training off in writing; defined retention, deletion, sub-processors, DPA |
| IP indemnity | Output or training data infringes a third party | Vendor defends and indemnifies; carved out of the liability cap |
| Accuracy and SLAs | Blanket as-is disclaimer guts the tool’s value | Honest reps and SLAs; human-oversight role defined in writing |
| Model changes | Tool silently becomes a different tool | Notice of material changes; version pinning or transition window |
| Transparency | Black box you must explain to a regulator | Explainability and audit rights for consequential outputs |
| Compliance support | Decision tool triggers your regulatory duties | Bias-audit and validation materials; cooperation with your obligations |
| Exit | Data stranded or never deleted | Return in usable format; certified deletion across sub-processors |
These are starting positions, not rules, and the regulatory items in particular are moving quickly. Confirm scope, effective dates, and applicability against the current law in your jurisdictions and against your own risk tolerance. For the general clauses an AI deal shares with any commercial contract — the cap, termination, dispute resolution — see Contract Risk Review: The Key Terms, Triaged.
Two AI-specific terms move the most risk and are missing from most templates: whether the vendor trains on your data (frequently on by default) and who indemnifies you when an output infringes someone’s IP. Pin both down in the signed agreement — and remember that even a perfect contract does not transfer your duty to verify, to avoid discrimination, and to be able to explain a decision to the people it affects.