Executive Summary
- 88% of AI vendors cap liability at one month’s subscription fee (Jones Walker, market analysis, 2025). The vendor’s standard contract is designed to protect the vendor — not your organization. The GC who signs the default terms is accepting risk the vendor priced out of its own exposure.
- Only 33% of AI vendors provide IP indemnification for third-party claims, and only 17% warrant regulatory compliance (TermScout, contract certification analysis, 2025). Standard AI agreements offer significantly less protection than the SaaS contracts your organization already negotiates.
- The Mobley v. Workday ruling (May 2025) achieved nationwide class action certification, holding that when AI systems perform employee functions like applicant screening, the vendor acts as the employer’s agent — creating direct liability for the customer. Your organization is liable for the vendor’s algorithmic decisions whether or not you can audit them.
- These five clauses are not aspirational. They are the minimum contractual protections a mid-market company needs before the first AI vendor conversation turns into a purchase order. Each clause includes the one-sentence plain-English explanation a GC needs and the red flag that signals the vendor’s standard terms are missing it.
The Five Red Lines
1. Data Ownership and Training Opt-Out
The clause: The vendor may not use your data — inputs, outputs, prompts, logs, or embeddings — to train, tune, or improve any model, product, or service. You retain ownership of all data you provide and all outputs the system generates from it.
Plain English: Your data stays yours. The vendor processes it, returns the result, and forgets it.
Red flag: The contract says the vendor may use “anonymized” or “aggregated” data for “product improvement.” That language is a training opt-in disguised as a quality assurance clause. Once your data trains a model, deletion is technically impossible — the model has absorbed patterns from your information, and there is no undo.
What the evidence shows: 92% of AI vendors claim broad data usage rights in their standard terms (TermScout, 2025). The Khan v. Figma class action (November 2025, N.D. Cal.) alleges Figma used customer design files to train AI tools after years of assuring users their content would not be repurposed — through default settings and buried policy changes, not affirmative consent. The contract language that prevents this is explicit: “Processor shall not use Customer Data for model training or tuning outside this engagement” with a certified deletion obligation at termination (CCSD Council, 2025).
Negotiation point: Vendors that resist a clean training opt-out often accept a tiered compromise: no training on identified data, anonymized data only with written consent, and annual attestation of compliance. If the vendor will not agree to any training restriction, that tells you something about their business model — and your data is the product.
2. IP Indemnification for AI-Generated Output
The clause: The vendor indemnifies your organization against third-party intellectual property claims arising from AI-generated output used in the ordinary course of business, including copyright, trademark, and trade secret claims.
Plain English: If the AI’s output infringes someone else’s intellectual property, the vendor — not your organization — pays to defend and settle the claim.
Red flag: The contract disclaims responsibility for IP infringement in generated output, or conditions indemnification on requirements the customer cannot realistically meet. Google Cloud’s terms, for example, exclude coverage if the customer “knew or should have known” the output was infringing — a standard no non-lawyer can satisfy (Runtime News analysis, 2025). GitHub Copilot’s terms cover unmodified products “not combined with anything else,” which contradicts the tool’s entire purpose of combining AI suggestions with custom code.
What the evidence shows: Microsoft, Google, Amazon, and OpenAI all offer some form of AI IP indemnification — but the fine print varies dramatically. Only 33% of AI vendors provide any IP indemnification at all (TermScout, 2025). Among those that do, coverage typically requires using the vendor’s filters “exactly as specified,” voids protection if output is modified or combined, and allows the vendor to settle by terminating your service rather than fixing the infringing output. Attorney Kate Downing characterized these provisions as “deliberately ambiguous language that shifts compliance burdens to non-legal enterprise customers” (Runtime News, 2025).
Negotiation point: Demand indemnification that covers output used in the ordinary course of business, not just output generated under laboratory conditions with every filter enabled. Cap the customer’s obligation to cooperate in defense, not to fund it. Confirm that the remedy includes continued service, not just termination.
3. Breach Notification With a Clock
The clause: The vendor notifies your organization of any security incident, data breach, or unauthorized access within 72 hours of discovery, provides a written incident report within 7 days, and cooperates with your investigation and regulatory reporting at the vendor’s expense.
Plain English: If something goes wrong with your data, you find out fast enough to act — not after the vendor’s PR team has polished the statement.
Red flag: The contract says “without undue delay” or “promptly” without defining a specific timeframe. Undefined timelines allow the vendor to sequence disclosure for its own convenience. The clause also lacks cooperation obligations — meaning the vendor controls the investigation narrative while your organization faces the regulatory reporting deadline.
What the evidence shows: The global average cost of a data breach is $4.44 million (IBM Cost of Data Breach Report, 2025). Shadow AI incidents — unauthorized tools processing data outside governed channels — add $670,000 to that average. 97% of organizations that experienced an AI-related security incident lacked proper AI access controls (IBM, 2025). The 72-hour notification standard is not arbitrary: it aligns with GDPR’s mandatory timeline and is becoming the baseline expectation across U.S. state privacy laws. A vendor that will not commit to 72 hours is telling you its incident response process cannot meet the regulatory standard your organization must comply with.
Negotiation point: Specify 72-hour notification in the contract, not in a side letter or SLA. Require the written incident report to include: what data was affected, how the breach occurred, what remediation steps are underway, and what customer data was accessed. Include a cooperation clause requiring the vendor to assist your regulatory reporting — at the vendor’s cost — for 90 days following discovery.
4. Liability Allocation That Matches the Risk
The clause: The vendor’s liability for data breaches, security failures, regulatory violations, and IP infringement claims is either uncapped or subject to a meaningful cap that reflects actual exposure — not limited to one month’s subscription fee.
Plain English: If the vendor’s AI system causes a million-dollar problem, the vendor’s exposure should be proportional to the damage — not capped at the $3,000 you paid last month.
Red flag: The contract caps all liability at “fees paid in the prior 12 months” or — worse — “fees paid in the prior month.” Standard AI vendor agreements routinely exclude consequential, indirect, and special damages. This means the vendor’s maximum exposure for a breach that costs your organization $500,000 in regulatory fines, notification costs, and reputational damage is the $36,000 annual license fee. The risk transfer is almost entirely one-directional.
What the evidence shows: 88% of AI technology providers cap their liability, often at no more than a single month’s subscription fee (Jones Walker, market analysis, 2025). Courts are moving in the opposite direction. The Mobley v. Workday ruling applied agency theory to hold that when AI performs traditional employee functions, the vendor shares the employer’s liability. Emerging strict product liability frameworks for agentic AI systems could expose vendors to unlimited liability regardless of contract terms (Jones Walker, 2025). The gap between what the contract says and what a court may impose is widening.
Negotiation point: Push for “super caps” — elevated liability limits that apply specifically to data breaches, security incidents, and IP infringement, separate from the general liability cap. A reasonable structure: general liability capped at 12 months’ fees, data breach and security incidents capped at 2-3x annual fees or a specified dollar amount, IP indemnification uncapped. If the vendor will not accept differentiated caps, it means the vendor has priced its risk at your expense — and the $36,000 annual fee does not include the $4.4 million breach cost you absorb.
5. Audit Rights and Termination With Data Return
The clause: Your organization has the right to audit the vendor’s AI practices, data handling, and security controls on reasonable notice, and upon termination the vendor returns all data in usable formats and certifies deletion within 30 days.
Plain English: You can verify what the vendor says it is doing. When the contract ends, your data comes home and the vendor proves it kept nothing.
Red flag: The contract limits audit to accepting the vendor’s SOC 2 report — produced by the vendor’s chosen auditor, scoped by the vendor, covering controls the vendor selected. No right to request additional audits, no access to AI-specific controls (bias testing, training data provenance, model version logs), and no termination assistance or data portability provisions. The exit clause allows the vendor to “delete data in accordance with its standard practices” without specifying the format, timeline, or certification.
What the evidence shows: 45% of enterprises report that vendor lock-in has already hindered their ability to adopt better tools, and migration costs average $315,000 per project (industry survey, 2026). 67% of organizations aim to avoid high dependency on a single AI vendor (Swfte AI, 2026). Morgan Lewis recommends contracts require export of prompts, logs, embeddings, and fine-tuning datasets in open formats (JSON, CSV, Parquet), binding transition assistance with pre-negotiated rates, and deletion obligations extending to subcontractors with written certification (Morgan Lewis, February 2026). The CCSD Council recommends requiring deletion certificates within 15 days of termination and annual attestation of non-reuse policies.
Negotiation point: Require the right to conduct or commission an independent audit annually — not just accept the vendor’s self-selected SOC 2 report. Specify that audit scope includes AI-specific controls: training data sources, model version history, bias testing results, and data isolation verification. For termination, require data export in open formats within 30 days, a 90-day transition assistance period at pre-negotiated rates, and a signed deletion certificate covering all copies including subcontractor-held data.
The Vendor Negotiation Reality
Not every clause will survive every negotiation. But the GC who enters the conversation knowing which terms are non-negotiable — and why — negotiates from a different position than the GC who reviews the vendor’s standard agreement and redlines from defense.
| Clause | Vendor’s Default Position | Your Red Line |
|---|---|---|
| Data ownership | Broad usage rights, “anonymized” training | No training without written consent, certified deletion |
| IP indemnification | Disclaimed or conditioned on filter compliance | Covers ordinary-course business use, not laboratory conditions |
| Breach notification | “Without undue delay” | 72 hours, written report in 7 days, cooperation at vendor cost |
| Liability cap | One month’s fees, consequentials excluded | Super caps for data/security/IP, proportional to actual risk |
| Audit and exit | SOC 2 acceptance, “standard deletion practices” | Independent audit rights, open-format export, deletion certificate |
The pattern across all five: the vendor’s standard contract allocates risk to the buyer. The buyer’s job is to reallocate risk proportional to control. The vendor controls the model, the infrastructure, and the data processing. The contract should reflect that.
Key Data Points
| Metric | Finding | Source |
|---|---|---|
| AI vendors capping liability at monthly fee | 88% | Jones Walker (market analysis, 2025) |
| AI vendors providing IP indemnification | 33% | TermScout (contract certification, 2025) |
| AI vendors warranting regulatory compliance | 17% | TermScout (contract certification, 2025) |
| AI vendors claiming broad data usage rights | 92% | TermScout (contract certification, 2025) |
| Average data breach cost (global) | $4.44M | IBM Cost of Data Breach (2025) |
| Average data breach cost (United States) | $10.22M | IBM Cost of Data Breach (2025) |
| Shadow AI breach cost premium | +$670K | IBM Cost of Data Breach (2025) |
| Organizations lacking AI access controls at breach | 97% | IBM/Ponemon Institute (n=600, 2025) |
| Organizations lacking AI governance policies | 63% | IBM/Ponemon Institute (n=600, 2025) |
| Enterprises reporting vendor lock-in blocked adoption | 45% | Industry survey (2026) |
| Average AI migration cost per project | $315,000 | Swfte AI (2026) |
| Enterprises aiming to avoid single-vendor dependency | 67% | Swfte AI (2026) |
What This Means for Your Organization
The AI vendor conversation at a mid-market company follows a predictable sequence: the CIO identifies the tool, the business unit sponsors the budget, and the vendor sends a standard agreement. By the time the GC sees the contract, the momentum favors signing. Every delay feels like the GC is the bottleneck.
This card reverses that dynamic. The five red lines are not obstacles to procurement — they are the conditions under which procurement protects the organization. A vendor that cannot agree to basic data ownership, meaningful indemnification, timely breach notification, proportional liability, and audit rights is a vendor whose business model depends on the buyer accepting risk the vendor will not carry.
The organizations that capture value from AI — the 5% that report both cost and revenue gains — share a common trait in their vendor relationships: they negotiated the terms before signing, not after the first incident. The cost of negotiation is measured in days. The cost of a breach with a one-month liability cap is measured in millions.
If any of these clauses raised questions about how they apply to a vendor conversation your organization is already having, I am glad to think through the specifics — brandon@brandonsneider.com
Sources
- Jones Walker LLP — “AI Vendor Liability Squeeze: Courts Expand Accountability While Contracts Shift Risk” (2025). Market analysis of vendor liability caps, Mobley v. Workday ruling analysis, emerging strict liability frameworks. Credibility: HIGH — Am Law 200 firm, AI-specific litigation practice.
- TermScout — AI vendor contract certification analysis (2025). Data on IP indemnification rates (33%), regulatory compliance warranties (17%), broad data usage claims (92%). Credibility: HIGH — independent contract analysis platform, primary data from actual vendor agreements.
- IBM/Ponemon Institute — Cost of a Data Breach Report (2025, n=600 organizations). Global average breach cost ($4.44M), U.S. average ($10.22M), shadow AI premium (+$670K), AI access control gaps (97%). Credibility: HIGH — annual longitudinal study, industry benchmark, independent research methodology.
- Mobley v. Workday — U.S. District Court, N.D. California (class certified May 2025). Nationwide class action applying agency theory to AI vendor liability for discriminatory algorithmic screening. Credibility: HIGH — federal court ruling with precedential implications.
- Khan v. Figma — U.S. District Court, N.D. California (filed November 2025). Class action alleging unauthorized use of customer data for AI model training through default settings and policy changes. Credibility: MEDIUM-HIGH — pending litigation, allegations not yet adjudicated.
- CCSD Council — “Third-Party AI Risk: The Five Clauses Your Contracts Can’t Skip” (2025). Contract clause templates for data use, isolation, transparency, portability, and sub-processors. Credibility: HIGH — standards body, practitioner-oriented guidance.
- Morgan Lewis — “Building Exit Rights and Portability into AI Deals” (February 2026). Exit clause frameworks, data portability requirements, transition assistance terms, deletion certification standards. Credibility: HIGH — Am Law 10 firm, technology transactions practice.
- Runtime News — Analysis of AI vendor indemnification limitations (2025). Fine print analysis of Microsoft, Google, Amazon, and OpenAI IP protection terms, including attorney commentary on deliberate ambiguity. Credibility: MEDIUM-HIGH — investigative tech journalism, primary source interviews.
- Venable LLP — “Practical Tips for Reviewing AI Service and SaaS Agreements in 2026” (2026). Data classification framework, output protection recommendations, provider representation requirements. Credibility: HIGH — Am Law 100 firm, IP and technology practice.
- Swfte AI / Industry surveys — Enterprise vendor lock-in data: 45% reporting blocked adoption, 67% seeking vendor diversification, $315,000 average migration cost (2026). Credibility: MEDIUM — vendor-conducted surveys, directionally useful but treat specific figures as approximate.
Brandon Sneider | brandon@brandonsneider.com March 2026