AI data use provisions sit at the center of almost every commercial AI contract right now, and most of us are still figuring out how to negotiate them. The product changes faster than the paper. Hyperlinked terms shift without notice, audit rights collide with confidential prompts, and "aggregated and de-identified" language quietly authorizes things that nobody can actually deliver. The standard template assumes a SaaS world we no longer live in.
This How to Contract webinar was hosted by Laura Frederick and featured Laurie Ehrlich, a commercial contracts attorney whose career has run from big law and litigation to running commercial contracts at Datadog, to AI legal tech startup Dioptra, which Icertis acquired in late 2025. Laurie spends her days thinking about the future of CLM and AI, and she brings the rare combination of deep SaaS contracting muscle memory and a clear-eyed view of how AI breaks the old frameworks. That mix made the conversation useful in a way most AI panels are not.
The conversation worked through three provisions that come up in nearly every AI deal, prohibited uses of AI products, suspension rights for data use violations, and customer data use restrictions. Along the way it covered why hyperlinked terms of use are a moving target, why "competitive use" prohibitions now misfire in a converging market, how the Department of Defense audit problem applies to every customer running AI on sensitive data, and why the negotiation over customer data versus usage data is really one fight, not two.
Here are our top ten takeaways from the speakers' comments during the webinar:
The fight is often about how the limitation gets policed, not the limitation itself. Anthropic and OpenAI both signed Department of Defense contracts with comparable ethical limitations. We do not know the full text of either, but the lesson is that the surface-level prohibition is rarely the hardest negotiation. The mechanics of monitoring, audit, evidence, and consequences are what eat the room. When you read a prohibition, immediately ask how the vendor would actually know if you violated it, and what they would do.
Speed and unknowns make AI contracts feel different because they are different. The product may genuinely look different in three months. We do not know today's risks, future risks, future product capabilities, or future business needs. That is hard to draft against. The right response is not to pretend we have certainty. It is to negotiate provisions that assume change, including notice obligations, narrow definitions, and clear off-ramps if the product becomes something we did not buy.
Hyperlinked terms of use and AUPs need notice obligations or they become traps. Vendors need flexibility to update because product cycles are too fast for amendments. Customers need to know what they are agreeing to. The resolution is notice every time the AUP changes. Without it, you can be in violation of obligations you never saw, and any suspension or termination right downstream of those obligations becomes proportionally more dangerous.
"Competitive use" prohibitions are a real risk when every vendor is moving into every market. Anthropic shipping a word plug-in is competitive with every CLM vendor. Vendors are intentionally entering each other's space. A customer that was clearly not competitive at signing may be arguably competitive a year in, through no action of its own. Tie the definition of "competitive" to the customer's products at the time of signing, not to wherever the vendor decides to go next.
Treat blanket benchmarking prohibitions as a gotcha. RFPs, POCs, casual demos, and peer-network comparisons are normal procurement behavior, not breaches. The customer-side move is to allow internal benchmarking and prohibit only public benchmarking and comparative analysis. The vendor's real concern is the third-party analyst firms, not your own RFP. Make sure the clause targets that and not normal customer behavior.
Suspension is as damaging as termination for any product your business depends on. If you cannot operate without the tool, an hour of suspension can cost millions. Push for notice, an opportunity to cure, and a narrow emergency carve-out that both sides genuinely want, like stopping an unauthorized user mid-session. Even where emergency suspension is justified, the customer should retain the right to investigate and unwind it.
The audit problem in AI contracts is not the same as in SaaS. Letting a vendor audit usage in a SaaS world meant verifying user counts. Letting a vendor audit usage in an AI world may mean exposing prompts that contain trade secrets, confidential information, or PII. The audit right needs to be scoped so the vendor can verify what it needs to verify without seeing what it must not see. That is hard to draft and even harder to enforce, but the default broad audit right is unworkable for any sensitive deployment.
Operational mitigations matter more than ever when you cannot win the language fight. Smaller companies negotiating with major AI vendors will lose most of these arguments. The job shifts to counseling the business on residual risk, making sure there is a backup platform, and setting up regular processes to download prompts and other data the customer might lose access to. Contract counsel adds value by surfacing the risk, not just by trying to redline it away.
Define customer data broadly before negotiating usage data, not after. The same prompt is both an input and a record of use. Whichever bucket it lands in determines who gets to do what with it. If customer data is defined narrowly, you have already lost the negotiation on usage data. If customer data captures everything the customer puts in, generates, or stores, the usage data fight gets much smaller and much safer.
"Aggregated and de-identified" is doing real work in vendor-side data clauses, and most of it should not survive negotiation. LLMs have produced outputs that closely resemble their training inputs. If the technology cannot reliably de-identify, the contract clause promising it cannot be relied on. Push training rights into a separate provision with their own limits and opt-outs. Reserve "aggregated query" language only for situations where the vendor is genuinely just deriving aggregate signals from the data, not training a model on it.
Subscribe to Stay in the Loop
Whether you joined this webinar live or are catching up after the fact, our weekly newsletter is the easiest way to stay current on upcoming How to Contract events and recaps like this one. Subscribe now so the practical takeaways land in your inbox even when you cannot attend live.
