Customer data often moves across borders when AI vendors are part of the picture. A model might be hosted in one region, with training infrastructure in another and inference happening somewhere else, so the data path can cross several jurisdictions before a single output reaches the customer. Each crossing point can trigger different legal obligations, and the contract is typically where those obligations get pinned down. For in-house attorneys, the question is rarely whether transfer mechanisms apply. It's which mechanism applies to which processing activity, what the vendor is committing to do, and what happens when the vendor wants to change its infrastructure later.
In this webinar, Laurie Ehrlich and Rachel Reid will walk through how to draft cross-border data transfer provisions in AI vendor contracts. They'll cover the mechanisms in common use, including Standard Contractual Clauses, adequacy decisions, and Binding Corporate Rules, and discuss how each fits into an AI contract or DPA. The discussion will focus on the drafting choices that tend to come up in practice, including how to handle processing location restrictions, how to address vendor flexibility around infrastructure changes, and how to adapt SCC modules to AI-specific processing activities.
Key topics include:
Selecting a transfer mechanism for customer data flowing to vendor AI infrastructure, including SCCs, adequacy decisions, and BCRs, and matching the mechanism to the processing activity
Drafting data processing location restrictions, including permitted regions and the vendor's obligations when it changes infrastructure location
Adding SCC addenda to AI contracts and DPAs, including module selection and application to AI-specific processing activities
Allocating controller and processor responsibilities under the SCCs
Handling sub-processor chains that show up in most AI vendor relationships
Practical drafting approaches when the vendor's template is the starting point and redlining is limited
*Live CLE Credit Information:
How to Contract will apply for 1.25 hours of General CLE credit in CA, PA, and TX.
We will provide details to attendees on how to request a certificate of attendance. These certificates are provided after an attendee submits a completed credit request form (including the CLE code words shared live) within 14 days of the live webinar. Late submissions are not accepted.
Lawyers in these other jurisdictions who attend live may be eligible for credit through reciprocity, self-application, or reporting: AK, AL, AR, AZ, CT, CO, FL, GA, HI, IA, ID, IN, IL, KY, LA, NC, NH, NJ, NV, NY, MD, ME, MN, MO, MT, NC, ND, NE, NH, NM, NV, OK, OR, RI, SC, TN, UT, VA, VT, WA, WI, WV, and WY. These programs may also be eligible for Canadian CPD credit in British Columbia, Ontario, and Quebec.
We do not determine individual eligibility. Please check your state bar for specific compliance rules.
