Artificial intelligence (AI) raises many intellectual property (IP) issues. While there are many AI models and use cases, this guide addresses key IP issues raised by generative AI systems, meaning systems such as ChatGPT, Gemini and DALL-E with algorithms that generate new content (which, depending on the system may be text, audio, images, video code or other content).

Terminology

We refer in this guide to the stages of creation and use of a generative AI system as:

• Input: the data on which the generative AI system is trained (whether before or after it has been provided to the deployer). This may include specific data used by the deployer to train its personalised instance of a generative AI system developed by the provider.
• Prompt: the question or request entered by the user of a generative AI system (this might also be used as an Input to train the generative AI system).
• Output: the result produced by a generative AI system in response to the Prompt.

We generally follow the terminology of the EU AI Act (see our blog, The EU AI Act – the countdown begins) to refer to the following actors in the AI process:²

• Provider: legal person that develops (or has developed on its behalf) an AI system and puts the system on the market
• Deployer: legal person that uses an AI system (note that we treat natural persons as users in this guide)
• User: a natural person using the AI system to create Output (including, for example, an employee or customer of the Deployer)

So, for example, where a multi-national company uses Chat GPT within its business, Open AI (the developer of Chat GPT) would be the Provider, the company would be the Deployer, and the company’s employees or customers who enter Prompts into the system would be the Users of the system.

Types of deployment

In this guide we distinguish between different types of deployment of generative AI systems:

• Public deployment: The generative AI system is trained by the Provider, and is hosted and made available by the Provider on a one-to-many basis.  Access to the system is provided as a service.  No separate instance is maintained by or for the Deployer.  Most likely, the terms of the deployment are that any Inputs given to the system by the Deployer or by Users can be re-used and disclosed by the Provider without restriction (subject to compliance with applicable laws such as data privacy).
• Private or enterprise deployment: The Provider maintains a separate instance of the generative AI system for the Deployer.  Access to the system is provided as a service, with APIs linking the system to the Deployer’s user interface.  The system is trained primarily by the Provider but can be further trained (or ‘fine-tuned’) using the Deployer’s own data.  Typically, the Provider agrees to restrictions in relation to its use of the Deployer’s training data and the Inputs that Users enter into the system.  Clearly the scope of those restrictions is key, but for the purposes of this guide we assume that the restrictions include an agreement to treat that data as confidential.
• On-premises deployment: The system – possibly having been trained to some degree by the Provider – is downloaded by the Deployer and used (and further developed and trained) by the Deployer in its own IT environment.  This may be on a licensed proprietory software basis (e.g. OPT by Meta or Craiyon), or on an open-source basis (e.g. BLOOM or GPT-J).

Want more information on Generative AI?

For more information on Generative AI, see our blogs:

• Generative AI: Q&A with Professor Peter McBurney, Professor of Computer Science, Department of Informatics, King’s College London.
• Everyone is using ChatGPT: What does my organisation need to watch out for?
• Legal Geek 2023 preview: GenAI's impact on the legal industry