
Model training provisions target one of the biggest worries experienced by AI product customers. This language sets limits around what the vendor and the underlying model can and can’t do with the input and system data associated with the customer’s use.
This week’s lesson includes two ways to improve your approach to these provisions: a downloadable PDF and video recording from one of our AI drafting webinars.
PART 1: PDF Download on Drafting AI Model Training Restrictions
Here’s our two-page handout on AI model training restrictions.
PART 2: Video Lesson Explaining Critical Concepts
Matt Kohel and Kate Aishton joined host Laura Frederick in a recent webinar to discuss how to approach model training and improvement restrictions in AI contracts.
Background on What Training Means
Let’s start with some background about what training restrictions.
AI products are built using vast amounts of data. Vendors create and update AI products by improving and expanding the data to which it has access. When a vendor uses a dataset to train an AI model, the vendor is using that data to improve the underlying system’s knowledge base and systems.
There are different kinds of data that go into an AI model. One set is the data associated with their customers’ use of the AI product. This category includes customer’s prompts and other submitted information. But AI models can learn from other aspects of the customer’s product use. They learn from data generated by system based on observing the customer’s use or generating outputs linked to the customer’s inputs and product use. These products learn from the context and how words connect, and they get better and better over time.
That’s why customers are at risk when they allow an AI model to train with the customer’s data. The customer’s proprietary and sensitive inputs and outputs could train the model. Once added to the model, that output could reach other users, competitors, or the public.

Analyzing a Sample Model Training Provision
Each webinar drafting segment centers around a sample provision drafted by AI. Here is the language reviewed in this segment, reconstructed from the discussion:
"Vendor shall not use Customer Data to train its artificial intelligence or machine learning models, except that Vendor may use aggregated, anonymized data derived from Customer's use of the Services to improve Vendor's models and algorithms."
Kate and Matt broke down why this version creates problems on both sides of the table.
1. Training and Restricted Uses - Matt and Kate explored the wording in the clause covering training and restricted uses.
"Training" - Matt highlighted how training is not a defined term. It could include training, retraining, and fine-tuning. Just saying “training” also doesn’t address how the vendor can or can't use the data. Matt mentioned that you may sometimes see the word “improve” instead of or in addition to training. While those two terms have an overlap, they aren’t synonyms. "Improve" is the broader term. Kate confirmed, referring to “training” is a "big tent.” She urged the audience not to rely on the buzzword. Instead, make sure the contract provision describes specifically what the vendor is doing.
"Use of the services to improve Vendor's models and algorithms" - Kate explained how this language should also get the same layer-by-layer treatment as the training restriction. Whether that happens in the definitions section or a separate provision varies by company. The other problem with this language is the implied inverse restriction, namely that the vendor will not use the data in other ways. Kate highlighted that this claim, like similar broad promises, are nearly impossible to prove in an audit. If someone digs hard enough, they'll find a way to retrieve data claimed to be anonymized.
"Except that" - Matt reminded everyone how important the exception is. He would add exceptions to the exceptions. The vendor may use aggregated or anonymized data for a stated purpose, but never to identify the customer or its users. That kind of language provides a path forward if the vendor won't make changes to the base language.
2. Underlying Systems - Next the speakers focused on the way the provision discussed to what underlying system and technology the training restrictions applied.
"Its artificial intelligence or machine learning model" - Matt highlighted that this language is much too narrow. Really it should be "any" AI or ML model, including third-party ones. Kate then talked about the real world reality of underlying systems. She said that most vendors license a foundation model rather than own one (Anthropic and Amazon Bedrock for example). And then that underlying model can get swapped out over time. The question is whether the language permits "enhancing ChatGPT with its own data,” Kate's phrase for the when you allow your data to improve a third-party model with which you have no relationship.
The vendor’s technology layers - Kate highlighted a huge issue that’s often overlooked. That is that AI and ML models are just one part of a system. We need to be looking at how those models are layered with the vendor’s own technology or other third-party systems. Kate would split provision’s language around third-party AI models from the vendor's own technology. Treat vendor's own tech and third-party tech the way you'd separate a vendor's own IP from third-party IP. You likely want the vendor's own product to keep improving. Customers need to be asking if it is a RAG layered on a third-party model, whether the data feeds back to that model, and whether multiple models are chained together. We also need to figure out if its training the layer on top, or the underlying model? Do you have clear rights over that layer? Know your own product before you negotiate.
3. Relevant Data - Kate and Matt also raised concerns about what data could the vendor use for training purposes under the exception. The language in the provision says "aggregated, anonymized data derived from the customer's use of the services." Without a standard or definition, the vendor could use this to build profiles of the customer or its users.
"Anonymized" - Kate pointed out using this term creates a huge risk on both sides. There is no clear legal definition across jurisdictions. GDPR ties this concept to re-identification risk. As Kate explained, AI can now re-identify in minutes what used to take years. Instead of an undefined “anonymized,” pick a specific standard, possibly NIST generally or HIPAA for health data, and reference it directly. You also can address specific techniques like differential privacy or hashing are options.
"Derived from" - Matt pointed out the issues with “derived from” in model training provisions. He highlighted how this phrase is not the IP-doctrine idea of "derivative works." It is closer to non-public proprietary information and trade secrets. An AI note-taker in an R&D meeting surfaces analysis and insights derived from the conversation, not just a transcript. Information derived that way can meet the legal standard for a trade secret.
“Customer’s use of the system” - Matt also focused on the output data that is derived from use of the system. He explained that AI models learn from patterns in the data, not only the data you submit. Data given away through this language way could end up training something whose output surfaces the information elsewhere. If the vendor can derive data from the output, that means it can use insights, innovations, or analyses being paid for. If the contract defines "output," that definition should include derived information. Customers need to ask the vendor directly what aggregated or anonymized data it wants, why, and how it improves the services.
Want to learn more? Read this article with 10 takeaways from the full webinar on data use provisions with Kate and Matt
Want to watch this entire webinar with Kate and Matt, or any of the other 100+ contract training webinars we’ve hosted since March 2025?
How to Contract members have access to all 100+ webinars. That includes 60+ webinars recorded in 2026 (25 on AI contracts and 25 on core subjects) plus 40 webinars on AI contract drafting in 2025. That is just part of our library with over 240+ hours of training videos from the last five years of How to Contract contract training programs.







