AI Legal Checklist for Business

17.06.2024 AI Legal Checklist for Business

A summary of key legal and ethical aspects to consider when using AI tools in your business.

Privacy/GDPR

  • Inform your users and customers about how you use AI in your Terms of Service and Privacy Policy/Privacy Notice.
  • Obtain necessary consents for using images or other personal data for marketing or other purposes that involve AI.
  • Conduct a Data Protection Impact Assessment (DPIA) if your AI tool relies on personal data processing.
  • Sign Data Processing Agreements (DPAs) with your AI service providers and ensure they comply with the GDPR.
  • Install internal rules and procedures for handling data subject rights requests, such as the right to access, rectify, erase, or object to automated decisions.
  • Train your employees on the proper use of personal data in AI tools and the risks of data breaches or misuse.

Intellectual Property (IP)

  • Educate your employees on the IP implications of using AI-generated content, disclosing AI use, avoiding copyright infringement, and avoiding public AI tools.
  • Create an internal AI acceptable use policy that defines the scope and limitations of using AI in your business activities, such as employment, commissioned works, or service provision.
  • Disclose in your Terms of Service and in your generated content when you use AI input or output and respect the IP rights of others.
  • Review and correct any auto-captioning or transcription errors in your audiovisual content that may affect the accuracy or quality of your message.
  • Implement anti-scraping solutions in your web-based products to protect your original content from being copied or reused by others.
  • Negotiate contractual provisions on IP transfer, use of AI, and liability limitation with your AI vendors and partners.

Contractual

  • Test the AI tool before you acquire it and make sure it meets your specific needs and expectations.
  • Clarify the mutual responsibilities and obligations (you and the AI provider) regarding the training, maintenance, and quality of the AI algorithm and data.
  • Obtain warranties and indemnities from the AI provider that the data used for training is lawful and does not infringe any third-party rights, and that the AI tool is free of bias or discrimination.
  • Restrict the AI provider from using your content to train or develop other AI tools without your consent, and ensure that they respect your IP rights, confidentiality, and data protection.
  • Check your insurance policy and make sure that your use of AI does not expose you to any uninsurable risks or liabilities.
  • Review your existing contracts and make sure that your use of AI does not breach any terms or conditions, such as integration, disclosure, or white-labelling requirements.

 

Other relevant information

Click here to read about what to expect after publishing the AI Act.

Click here to learn about GDPR requirements when using AI.

Click here to read more about the status of text and data mining exceptions in the Baltic states.