Generative AI and SaaS

29th January 2024

There is no international definition of Artificial Intelligence (“AI”). AI is an umbrella term for a new generation of algorithm, based on machine learning technologies that are intensely changing and fundamentally transforming the way we work and live. The main difference between these machine learning technologies lies in their capabilities and outputs.

While most types of AI can only analyse existing data based on pre-defined rules and patterns, generative AI models can create new and original content.

Generative AI models require vast volumes of datasets – a variety of data such as text, images, code or videos depending on the AI model used – to train, test, analyse information, identify patterns and trends, and improve its algorithm.

Generative AI can use data from various sources for training or testing, including datasets available publicly on the internet. AI outputs are the result the enormous scale of dataset inputs which AI models are trained to generate. As a result, these models can imitate, create or modify any data that forms input data.

The quality and reliability of AI outputs will depend on the quality and accuracy of data inputs. As a consequence, AI output can be biased or output data may contain inaccurate, false or misleading information, also known as “artificial hallucination”.

There are many benefits of using generative AI platforms –  ‘AI as a Service’, known as AIaaS – or integrating generative AI into an existing ‘Software as a Service’ – SaaS for businesses such as increasing the speed at which certain tasks can be performed or completed, advanced analytics, improved decision-making and optimisation of various aspects of SaaS applications.

AI and SaaS: what do you need to consider?

Combining AI and SaaS models introduces various complex legal challenges and potential risks that any business needs to consider. Here are some key legal issues in the realm of generative AI and SaaS:

IP ownership

Input data: use of datasets and materials in which copyright or database rights subsist without a licence when training generative AI can constitute an infringement of copyright or database rights.

If the scope of input data includes confidential information, this could raise issues such as the protection of such information, or whether the use of the information concerned as input data would amount to a breach of contract with a third party.

Output data: likewise, it is important to negotiate and understand ownership of IPRs in the outputs generated by AI within a SaaS application; whether IPRs will vest with the end user as a result of its prompts, the SaaS provider, or both – or the AI developer. Contractual terms should also clarify any licence grant provisions and enforcement of IPRs.

It is crucial that parties involved consider the importance of IP ownership in the generated output for their business and any downstream contracts. They should also ensure that agreed contractual terms contain appropriate and express provisions in respect of IP ownership and licensing aligned with their business needs.

As the output may also infringe copyright, trade marks or database rights in the work that formed part of the input datasets, the parties should also consider provisions that will mitigate risk of any third-party intellectual property rights infringement.

As AI technologies may also involve patent algorithms or software code, it is of great importance to ensure that the integration of AI into the SaaS application does not infringe on existing IPRs.

AI and data protection

Where generative AI processes a substantial amount of personal data – whether at input or output stage –  AI will fall under the scope of data protection legislation, including UK data protection legislation and ensuring compliance is imperative.

Liability in AI and SaaS

Contractual provisions should provide a detailed explanation as to how generative AI is used by the SaaS model, and who controls and owns the data stored, processed and generated by AI and SaaS models.

Liability for any errors, biases and inaccuracy in AI generated outcomes should be clearly addressed in any agreement considering their potential impact on data privacy, confidentiality, infringement of IPRs and AI-driven decisions.

Service level agreements

Any agreement should clearly define and set out performance of the SaaS application and integrated AI functionality, their service levels, availability and reliability.

While we are fostering trust in AI-driven solutions, the legal implications surrounding these technologies require careful consideration through reviewing and negotiating contractual provisions. Businesses should work closely with lawyers experienced in technology, intellectual property and data protection law to effectively navigate these legal issues.