Poland: 5 Key Considerations in AI Vendor Contracts

 

"Send the contract to the lawyers" – this is the first instruction that appears when the contract is written to a system using genAI. Is this really the first step to take? You will find the answer in this article.

In many companies, I hear that legal, data protection and compliance departments are inundated with ideas for new projects and applications with generative AI, and asked to quickly evaluate contracts in this area. In some cases, it is obvious what needs to be done. When using a provider and granting them access to personal data, a data processing agreement is required – as in all cases where data processors are used.

The stakes are high, and choosing the right provider can take an organization to new heights, while a mistake can lead to costly failures. From data security, confidentiality to intellectual property rights, from pricing structures to non-compliance issues.

So what should you keep in mind?

1. AI is primarily a strategy and risk analysis, not a contract with a supplier. Developing a strategy is the first step an organization should take in the AI topic – preferably before it starts concluding contracts with AI suppliers. Such a standardized approach may include: conducting due diligence analysis of potential suppliers and the AI technology itself, as well as determination of the required contractual security.
2. The biggest myth: AI is the AI Act. AI is not only the AI Act. Software working on various data sets also touches on topics from various areas of law (including GDPR, Data Act, NIS 2, Civil Code, Act on Combating Unfair Competition, labor law regulations). Checking for the requirements of the AI Act is only one aspect of legal analysis.
3. The biggest oversight: AI has been in your company for a long time. Your HR employees are probably already writing responses for candidates using ChataGPT, marketing generates posts in it, administration uses deepl translator, and developers code with Copilot. It may be that various data from your systems are already in circulation. It is worth looking at it and grasping it from the process side. User behaviors and habits will have a major impact on the use of the next AI tools your company implements.
4. Three areas of potential problems. Input, Prompt, Output, i.e. input data, data entered in prompts during the use of the system, and results generated by the AI model. These are three areas that are worth paying special attention to in contracts with AI providers, although of course they are not the only ones. These names hide a number of legal issues worth systematizing and thinking about.
5. AI in your company is a process. Cooperation with AI vendors is a process, just like the security of your data or quality control in ISO systems. It requires auditing not only contracts, but also processes. It is not enough to write a contract once and close the topic. As new data becomes available, you are willing to reject or modify the original assumptions, both in the area of contracts with suppliers and as part of the internal processes of those contracts.

 

If you need a checklist for contracts with AI system providers, specific clauses in these contracts, or you want to audit your processes in this area, please contact Renata.

 

For further information, contact:

Renata Warchoł-Lewicka, Partner

Gorazda, Świstuń, Wątroba i Partnerzy adwokaci i radcowie prawni, Kraków

e: renata.lewicka@gsw.com.pl

t: +48 12 4224459

 

#WLNadvocate #Poland #Krakow #law #legal #lawfirm #corporatelaw #ITlaw #technologylaw #contracts #business #AI #artificialintelligence