As generative artificial intelligence transforms how businesses operate, legal questions surrounding AI deployment have become increasingly important. Whether you’re building AI-powered products or integrating third-party AI tools into your workflows, understanding the legal landscape is essential to mitigate risk and maximize value. This guide addresses the most common legal questions our clients face when navigating generative AI solutions.’

Recent developments underscore how quickly the rules of the road are forming

• The EU AI Act is now rolling out on a phased schedule (with prohibitions in effect since February 2025 and general‑purpose AI obligations applying from August 2025, alongside the European Commission’s General‑Purpose AI Code of Practice published July 10, 2025 (https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai).
• U.S. courts have begun issuing early, fact‑specific rulings on whether training large language models on copyrighted works is “fair use” (see, e.g., Kadrey v. Meta Platforms, Inc., 788 F.Supp.3d 1026 (N.D. Cal. 2025) and whether the Copyright Act protects works created by artificial intelligence (https://zuberlawler.com/no-soul-no-copyright-court-says-ai-cant-be-an-author/).

 

Together, these events signal that AI deployment decisions increasingly require diligent legal, privacy, and procurement analysis—not just technical evaluation.

Understanding Key AI Terminology

Before diving into the legal questions, it’s important to understand the core terminology:

Model – The generative artificial intelligence system that processes inputs and generates outputs. Common examples include large language models (LLMs) like GPT-4 and Claude for text-based output, and diffusion models like DALL-E, Midjourney, and Stable Diffusion for image and video generation.

Input – The data provided to a Model for processing. This includes text prompts, documents, datasets, images, audio files, and video content that users submit to generate Ouput.

Output – The content generated by a Model in response to Input. Examples include written text, summaries, software code, images, videos, and audio content created by the Model.

The Five Most Common Legal Questions About Generative AI

Question 1: Do You Have Commercial Use Rights for AI-Generated Output?

One of the first questions businesses must address is whether they can use AI-generated content for commercial purposes. The answer depends entirely on the terms of service of the AI platform you’re using. Some providers grant full commercial rights to all outputs, while others impose significant restrictions based on your subscription tier, the nature of use, or annual revenue thresholds. Before deploying AI-generated content in products, marketing materials, or client deliverables, carefully review the licensing terms to ensure you have the necessary commercial rights and don’t assume that just because you paid for the solution that you are automatically entitled to use Output for commercial purposes.

Question 2: Is Your Data Being Used to Train Models?

This is arguably the most frequently asked question we encounter-and the answer is often more complex than expected. Many businesses assume that simply reading a provider’s privacy policy or terms of service will provide clarity. However, the reality of modern AI infrastructure means that answering this question requires a multi-layered analysis.

Key factors to examine include: (a) how the Model is accessed, e.g., locally or online via an application programming interface (“API”); (b) where the Model is hosted and by whom; and (c) the terms of service for both the API provider and the underlying Model host. Each layer in the technology stack may have different data usage policies.

A common scenario we see involves API providers who explicitly state they don’t use customer data for training-but the underlying Model host (a separate entity) may retain rights to use that data. If you’re accessing a Model through an intermediary service, you need to review the terms at each level of the stack. This due diligence is essential for protecting confidential business information and client data.

Example Terms Relating to Use of Input and Output to Train Models

• OpenAI’s documentation for business and enterprise users states that Input and Output “remains confidential, secure, and entirely owned by you” (https://openai.com/business-data/) while individual users of its products must opt out of having their Input and Output used for training (https://openai.com/policies/terms-of-use/).
• Google’s Gemini Apps Privacy Notice warns consumers not to enter “confidential information that you wouldn’t want a reviewer to see or Google to use to improve our services, including machine-learning technologies” (https://support.google.com/gemini/answer/13594961#pn_data_usage), while Google’s Generative AI in Google Workspace Privacy Hub for business users states that “content is not human reviewed or used for Generative AI model training outside your domain without permission” (https://knowledge.workspace.google.com/admin/gemini/generative-ai-in-google-workspace-privacy-hub).

 

Together, these examples reinforce that “training use” analysis should be done product-by-product and tier-by-tier, not by brand name alone.

Question 3: What Acceptable Use Restrictions Apply?

Nearly every Model comes with some form of acceptable use policy that restricts how the technology may be deployed. These restrictions range from standard provisions—such as prohibitions on reverse engineering or developing competing products—to highly specific limitations on particular use cases. For example, many Models prohibit generating certain categories of content, using outputs in specific industries, or deploying the technology in ways that could cause harm.

Open-source Models often incorporate standardized restriction frameworks like Open & Responsible AI Licenses (“OpenRAIL”), while proprietary Models may have custom restrictions. Understanding these limitations is critical before building products or services that rely on AI capabilities.

Example Use Restrictions (source: Responsible AI Licensing)

You agree not to use the Model or Derivatives of the Model:

• In any way that violates any applicable national, federal, state, local or international law or regulation;
• For the purpose of exploiting, harming or attempting to exploit or harm minors in any way;
• To generate or disseminate verifiably false information and/or content with the purpose of harming others;
• To generate or disseminate personal identifiable information that can be used to harm an individual;
• To defame, disparage or otherwise harass others;
• For fully automated decision making that adversely impacts an individual’s legal rights or otherwise creates or modifies a binding, enforceable obligation;
• For any use intended to or which has the effect of discriminating against or harming individuals or groups based on online or offline social behavior or known or predicted personal or personality characteristics;
• To exploit any of the vulnerabilities of a specific group of persons based on their age, social, physical or mental characteristics, in order to materially distort the behavior of a person pertaining to that group in a manner that causes or is likely to cause that person or another person physical or psychological harm;
• For any use intended to or which has the effect of discriminating against individuals or groups based on legally protected characteristics or categories;
• To provide medical advice and medical results interpretation;
• To generate or disseminate information for the purpose to be used for administration of justice, law enforcement, immigration or asylum processes, such as predicting an individual will commit fraud/crime commitment (e.g. by text profiling, drawing causal relationships between assertions made in documents, indiscriminate and arbitrarily-targeted use).

Question 4: Are Models Trained on Properly Licensed Materials?

The question of whether AI developers have obtained proper licenses for training data remains one of the most significant unresolved legal issues in the AI industry. Multiple high-profile lawsuits are currently working through the courts, with copyright holders alleging that AI companies used their protected works without permission to train Models.

Courts are Applying Copyright and Trademark Law to Model Training Data

• In several recent U.S. cases, courts have denied motions to dismiss and allowed copyright infringement claims to proceed against companies developing LLMs. See, e.g., Huckabee v. Bloomberg L.P., 1:23-cv-09152 (MMG) (S.D. N.Y. Nov 24, 2025); Advance Local Media LLC v. Cohere Inc., 25-cv-1305 (CM) (S.D. N.Y. Nov 13, 2025); Dow Jones & Co. v. Perplexity AI, Inc., 797 F.Supp.3d 305 (S.D. N.Y. 2025).
• Outside the U.S., on November 4, 2025, the UK High Court in Getty Images (US) Inc (and others) v Stability AI Limited [2025] EWHC 2863 (Ch) (https://www.judiciary.uk/judgments/getty-images-v-stability-ai/) found finding limited trademark infringement related to Output that included “Getty/iStock”-like watermarks but rejected several additional copyright claims.

For businesses concerned about this risk, some AI providers offer Models trained exclusively on licensed or public domain materials. Companies like Adobe have positioned certain of their Models as “commercially safe” by training only on licensed content. Evaluating the provenance of training data is especially relevant for use cases where copyright infringement claims could create significant liability exposure.

Question 5: What Indemnification and Warranty Protections Are Available?

Given the legal uncertainties surrounding AI-generated content, understanding available indemnification protections is crucial, and Model providers take vastly different approaches to indemnification. Some enterprise-tier providers offer broad indemnification for third-party intellectual property claims, protecting customers from lawsuits alleging that AI outputs infringe copyrights, trademarks, or other IP rights. Others offer more limited indemnification, covering only specific scenarios or capping liability at nominal amounts. Finally, many open-source and free-tier offerings provide no indemnification whatsoever, leaving users fully exposed to potential claims.

Indemnification is an Important Procurement Issue

• Microsoft, via its “Copilot Copyright Commitment” has agreed to commit—subject to customers using Microsoft’s required guardrails—to defend certain commercial customers and pay adverse judgments/settlements for covered copyright claims tied to Output from specified services, including the Azure OpenAI Service (https://blogs.microsoft.com/on-the-issues/2023/09/07/copilot-copyright-commitment-ai-legal-concerns/).
• Adobe has likewise positioned Firefly as “commercially safe,” and offers indemnification for third-party infringement claims to organizations that have “purchased the appropriate entitlement, which will require a new contracting event, subject to the applicable terms, conditions, and exclusions” (https://business.adobe.com/products/firefly-business/firefly-ai-approach.html).
• Note that these programs vary by product, tier, and required safety settings, so organizations should treat “indemnity” as a term-by-term, SKU-by-SKU analysis rather than a vendor-wide promise.

Similarly, warranty protections vary dramatically. Most AI providers disclaim all warranties regarding Model performance, accuracy, and fitness for particular purposes. Some offer limited warranties, while comprehensive warranties remain rare. When evaluating AI solutions, businesses should therefore carefully assess whether available protections match their risk tolerance.

Key Takeaways for Businesses

As generative AI becomes increasingly embedded in business operations, proactive legal review is essential. Key steps include:

1. Conducting thorough due diligence on AI vendor terms before deployment
2. Mapping the full technology stack to understand where data flows and who has access
3. Evaluating indemnification and warranty provisions against your organization’s risk profile
4. Implementing governance frameworks for AI use across your organization
5. Staying current on evolving AI regulations and case law developments

AI Regulatory Activity Around the World

• In the EU, Regulation (EU) 2024/1689 (Artificial Intelligence Act) which entered into force on August 1, 2024, and “aims to encourage the development and uptake of safe and trustworthy artificial intelligence (AI) systems across the European Union (EU) single market in both the private and public sectors, while ensuring EU citizens’ health and safety and respect for fundamental rights,” uses a phased implementation schedule, with certain prohibited practices applying from February 2, 2025, general purpose AI obligations applying from August 2, 2025, with a final deadline of August 2, 2031 (https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32024R1689).
• The European Commission’s General Purpose AI Code of Practice (published July 10, 2025) provides a compliance pathway focused on transparency, copyright policy, and safety/security measures for General Purpose AI providers (https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai).
• In the UK, the government published its Report on Copyright and Artificial Intelligence (March 2026), stepping back from a broad text-and-data-mining exception approach and signaling continued reliance on licensing/transparency initiatives while monitoring global developments (https://www.gov.uk/government/publications/report-and-impact-assessment-on-copyright-and-artificial-intelligence/report-on-copyright-and-artificial-intelligence).
• In the U.S., on August 25, 2025, the Federal Trade Commission sued Air.ai alleging deceptive AI-related earnings/performance claims (https://www.ftc.gov/legal-library/browse/cases-proceedings/airai-timeline-item-2025-08-25).

The legal landscape for generative AI continues to evolve rapidly. Working with experienced counsel can help your organization navigate these complexities, minimize risk, and unlock the full potential of AI technologies.