In-house counsel spend time on the data security section of AI vendor contracts, but the attention tends to focus on what the vendor has to do to protect data day-to-day. The provisions that govern what happens after a security incident, including notification timelines, remediation obligations, and regulatory cooperation, often get less negotiation. By the time an incident happens, whatever the contract says is what you have to work with.
In this webinar, Aparna Williams, Annmarie Giblin, and Laura Frederick will cover how to draft post-incident provisions in AI service agreements that hold up when you need them. The discussion includes incident response, remediation, and regulatory notification terms, with attention to where vendors push back and how to think about the trade-offs between detailed requirements and workable flexibility. The speakers will also address how AI-specific incidents, like training data exposure, model output issues, or prompt injection problems, fit into traditional data security drafting and where the standard approaches fall short.
Key topics include:
Drafting incident notification requirements, including triggers, timelines, and what the notice must contain
Allocating responsibility for investigation, containment, and remediation costs
Coordinating regulatory notification obligations between customer and vendor
Handling AI-specific incident types that don't fit standard data breach definitions
Building cooperation obligations for forensic investigation and evidence preservation
Negotiating post-incident audit rights and decisions about continued use of the service
Common vendor pushback on incident response terms and where to hold the line
*Live CLE Credit Information:
This program is approved for 1.25 hours of General CLE credit in CA and 1.00 hour of Substantive CLE credit in PA.
How to Contract will apply for 1.25 hours of General CLE credit in TX.
We will provide details to attendees on how to request a certificate of attendance. These certificates are provided after an attendee submits a completed credit request form (including the CLE code words shared live) within 14 days of the live webinar. Late submissions are not accepted.
Lawyers in these other jurisdictions who attend live may be eligible for credit through reciprocity, self-application, or reporting: AK, AL, AR, AZ, CT, CO, FL, GA, HI, IA, ID, IN, IL, KY, LA, NC, NH, NJ, NV, NY, MD, ME, MN, MO, MT, NC, ND, NE, NH, NM, NV, OK, OR, RI, SC, TN, UT, VA, VT, WA, WI, WV, and WY. These programs may also be eligible for Canadian CPD credit in British Columbia, Ontario, and Quebec.
We do not determine individual eligibility. Please check your state bar for specific compliance rules.
