IP monitor: Considering user agreements when evaluating which AI tool is right for your business

Introduction

With the rapid development and adoption of artificial intelligence (AI) tools like language learning models (LLMs) selecting the right tool is an important consideration for any business. In selecting the right tool, the user agreements can be easily overlooked. While each business will have different needs, and practical considerations will always have to be balanced, it is important for any business to consider how the user agreements address the legal issues of data security, potential copyright infringement, ownership of data, and guardrail customization.

Data security should be assessed to ensure that you maintain an amount of control appropriate for your venture. This includes how LLMs can use data and to whom data can be sent without consent. This could have significant downstream effects on maintaining control over intellectual property, personal information, business strategy, and other sensitive information fed to the LLM. Certain LLMs provide a virtual private cloud where data is housed. This enables the LLM to be customized without sending data to the developer of the LLM (or any other party). This means users retain control over all data uploaded to the virtual private cloud. Other models take a different approach, allowing user content to be transferred to third-party service providers or used to train their LLMs, which may improve the general model for all users.  

Retaining ownership of data input into an LLM and ownership of an LLM’s output are critical considerations. Certain user agreements explicitly state that data put into, and output from, an LLM is owned by the user. Others will not claim ownership over output from the LLM; however, the LLM may generate the same or similar content for others. 

LLM’s use of input data for training can lead to one user’s data being incorporated into another user’s output. Certain LLMs allow a user to opt out from training the LLM; as such, care should be taken to remember to initiate the opt-out to avoid input data appearing in the output for other users. Other LLMs do not provide an opt-out allowing the LLM to train on input data to provide better outputs; however, the trade-off is that the data input becomes public information. 

Inadvertent copyright infringement may be a concern for users who reproduce the output from an LLM which contains copyrighted material owned by another party. Some LLM providers give an indemnity to users if their output contains copyrighted material. Others provide no guarantees. 

Guardrail customization is another important tool to restrict unwanted input and/or output to and from the LLM. Guardrails may help filter out potentially harmful interactions, that the user would not want to use to train the LLM or should not form part of the LLM’s output (e.g., offensive images or content, sensitive personal information). Certain LLMs allow guardrails to be created to evaluate user inputs and LLM responses based on use case-specific policies, while others do not allow users to add or edit guardrails. 

Conclusion

AI tools have the potential to greatly increase productivity; however, each enterprise must take care in choosing an LLM to ensure that its user agreements align with the specific business objectives and risks unique to that business.

For more information, please contact your IP professional at Norton Rose Fulbright Canada LLP.

For a complete list of our IP team, click here.