Technology Clause

AI Tools Usage

Establishes rules and guardrails for using AI assistants, chatbots, and automated analysis tools when handling confidential information.

Medium Complexity

What This Clause Does

An AI tools usage clause establishes the rules and conditions under which the Receiving Party may use artificial intelligence tools, chatbots, virtual assistants, and other AI-powered software when working with Confidential Information. Unlike an outright prohibition on AI (see AI Usage Restrictions), this clause permits controlled AI usage with appropriate safeguards, approval requirements, and limitations.

Why This Clause Matters

Practical Necessity: AI tools are increasingly integrated into everyday business software. A complete ban may be impractical or may inadvertently prohibit standard productivity tools.
Productivity Benefits: Allowing controlled AI usage enables the Receiving Party to work efficiently while maintaining confidentiality protections.
Risk Management: By specifying approved tools and conditions, the Disclosing Party maintains visibility and control over how AI interacts with their data.
Compliance Framework: Clear guidelines help employees understand what is and is not permitted, reducing inadvertent violations.
Technology Evolution: A well-drafted clause can accommodate new AI tools through an approval process rather than requiring contract amendments.

Legal Context

AI tools usage clauses balance confidentiality obligations with practical business needs. Courts will generally enforce reasonable restrictions on how confidential information may be processed, but overly vague or technically impossible requirements may be problematic. Key considerations include whether the AI tool's terms of service allow confidential business use, whether the tool retains or learns from inputs, and whether data is transmitted to third parties. Enterprise versions of AI tools often offer enhanced privacy protections compared to consumer versions, making tool specification important.

AI Tools The Receiving Party may use AI-powered tools to assist with analyzing or processing Confidential Information, provided that: (a) Such tools do not retain, store, or use the Confidential Information for training purposes; and (b) The Receiving Party remains fully responsible for maintaining the confidentiality of any information processed through such tools.

Basic Version: Permissive approach allowing AI tool usage with minimal restrictions. Suitable for lower-sensitivity information where the Disclosing Party trusts the Receiving Party's judgment.

Permitted Use of AI Tools 1. General Permission. Subject to the conditions below, the Receiving Party may use artificial intelligence tools and services ("AI Tools") to assist with the Purpose, including document analysis, summarization, translation, and similar tasks. 2. Approved Tools. The Receiving Party shall only use AI Tools that meet the following criteria: (a) The AI Tool provider offers an enterprise or business tier with enhanced privacy protections; (b) The AI Tool's terms of service confirm that user inputs are not used to train models; (c) The AI Tool provides data encryption in transit and at rest; and (d) The AI Tool allows data deletion upon request. 3. Prohibited Uses. Notwithstanding the above, the Receiving Party shall not: (a) Use any AI Tool to generate derivative works from the Confidential Information; (b) Share Confidential Information through AI Tools that allow multi-user access or collaboration; (c) Use consumer-grade or free-tier AI services with Confidential Information; or (d) Enable any AI Tool feature that shares usage data with third parties. 4. Employee Training. The Receiving Party shall ensure that any personnel using AI Tools with Confidential Information are trained on these requirements and the importance of verifying AI Tool settings before use. 5. Notification of New Tools. If the Receiving Party wishes to use an AI Tool not previously approved, it shall notify the Disclosing Party and provide documentation of the tool's privacy features. The Disclosing Party shall respond within ten (10) business days.

Standard Version: Balanced approach with clear criteria for approved tools and prohibited activities. Includes practical provisions for employee training and new tool approval.

Controlled AI Tools Usage Protocol 1. Pre-Approved Tools Only. The Receiving Party may only use the following specifically approved AI Tools with Confidential Information: [List specific approved tools, e.g., "Microsoft Copilot Enterprise," "Google Duet AI with data residency controls"] No other AI Tools may be used without express prior written consent from the Disclosing Party. 2. Mandatory Configuration Requirements. Before using any approved AI Tool, the Receiving Party must: (a) Configure the tool to disable all training, learning, and model improvement features; (b) Enable the highest available privacy and confidentiality settings; (c) Disable any conversation history or logging features where possible; (d) Configure data residency to [specify jurisdiction] where available; (e) Document these configurations and retain evidence for audit purposes. 3. Usage Restrictions. When using approved AI Tools, the Receiving Party shall: (a) Limit inputs to the minimum Confidential Information necessary; (b) Avoid including personally identifiable information, trade secrets, or financial data unless essential; (c) Review all AI outputs before sharing and redact any inadvertent confidential disclosures; (d) Clear conversation history after each session if the tool permits; (e) Not use AI Tools on shared or public computers. 4. Logging and Reporting. The Receiving Party shall maintain logs of all AI Tool usage involving Confidential Information, including: (a) Date and time of use; (b) Name of AI Tool used; (c) General nature of information processed (without reproducing the information); (d) Name of individual who used the tool. Such logs shall be made available to the Disclosing Party upon request within five (5) business days. 5. Incident Response. If the Receiving Party discovers or suspects that Confidential Information may have been improperly processed, retained, or exposed through an AI Tool, it shall: (a) Immediately cease using that AI Tool with Confidential Information; (b) Notify the Disclosing Party within 24 hours; (c) Cooperate fully with any investigation or remediation efforts; (d) Take all reasonable steps to request deletion from the AI provider. 6. Indemnification. The Receiving Party shall indemnify and hold harmless the Disclosing Party from any claims, damages, or losses arising from the Receiving Party's use of AI Tools in violation of this section or in a manner that results in unauthorized disclosure of Confidential Information.

Warning - Highly Controlled: This version requires specific pre-approved tools, detailed configuration, logging, and includes indemnification. Appropriate for highly sensitive information but may be burdensome for routine business use. Receiving Parties should negotiate for reasonable flexibility.

1
Pre-Approve Your Tools: Before signing, get written approval for the specific AI tools your organization uses. This prevents disputes later about whether a particular tool meets the criteria.
2
Distinguish Enterprise from Consumer: Push for language that permits enterprise-tier AI tools with appropriate privacy settings, rather than blanket prohibitions that ignore the significant difference between consumer and enterprise offerings.
3
Negotiate Reasonable Logging: If logging is required, push back on overly detailed requirements. Logging every AI interaction can be burdensome and may create additional security risks if logs are breached.
4
Clarify Incidental AI: Many software products now incorporate AI features (email, document editing, search). Ensure the clause distinguishes between deliberately using AI with confidential data versus incidental AI processing in standard business software.
5
Request Approval Timeframes: If the clause requires approval for new AI tools, ensure there is a reasonable response deadline (e.g., 10 business days) and a deemed-approval mechanism if no response is received.
6
Limit Indemnification Scope: If you must accept indemnification for AI-related breaches, ensure it only applies to willful or negligent violations of the AI policy, not strict liability for any AI-related incident.

Blanket Prohibition on "AI Assistance"

Clauses that prohibit any "AI assistance" without definition could be interpreted to ban commonplace tools like grammar checkers, search engines, or email filtering. Ensure AI is clearly defined and reasonable exceptions exist.

Unlimited Audit Rights for AI Systems

Requirements to allow auditing of your AI systems or configurations could expose your own proprietary technology and create significant operational burden. Limit audits to documentation and compliance records.

Strict Liability for AI Provider Actions

Clauses making you liable if an AI tool provider has a breach or changes their terms create uncontrollable risk. You should only be liable for your own failures to follow agreed protocols, not third-party provider failures.

No Approval Process for New Tools

If the clause specifies only certain approved tools with no mechanism to approve new ones, you may be locked into outdated technology. Ensure there is a reasonable process to request approval for new AI tools.

Extensive Logging Requirements

Requirements to log detailed information about every AI interaction can create massive compliance burdens and additional data security risks. Negotiate for reasonable, high-level logging or spot-check audits instead.

AI Tools Usage

What This Clause Does

Why This Clause Matters

Legal Context

Blanket Prohibition on "AI Assistance"

Unlimited Audit Rights for AI Systems

Strict Liability for AI Provider Actions

No Approval Process for New Tools

Extensive Logging Requirements

Related Clauses

AI Usage Restrictions

Permitted Use

Data Security

Third-Party Disclosure

Need Help With This Clause?