AI Contract Clauses Every Agency Needs to Review Before Signing

A client sends over a contract for an AI integration project. It’s 40 pages. Your lawyer charges $400 an hour. Most of it is boilerplate you’ve seen before: payment terms, IP assignment, confidentiality, limitation of liability. Then you hit Section 12: “Artificial Intelligence and Machine Learning Provisions.”

This is where agencies are getting caught. The clauses in this section are newer, less standardized, and often written by clients’ legal teams who are also figuring this out as they go. Some are reasonable. Some are unworkable. Knowing the difference before signing saves expensive conversations later.

This isn’t legal advice. It’s a field guide to the language showing up in contracts right now, what each clause means in practice, and what changes are worth negotiating.

IP Ownership: The Training Data Question

The clause you’ll see:

“All outputs generated by any artificial intelligence or machine learning system in the course of performing services under this agreement shall be considered work product and shall be owned exclusively by Client.”

This is standard and fine. Output ownership going to the client is normal.

The clause that’s actually tricky:

“Agency warrants that no client data, client-provided materials, or confidential information has been or will be used to train, fine-tune, retrain, or improve any AI or machine learning model, whether operated by Agency, Agency’s subcontractors, or any third-party tool or API provider.”

This is where you need to read carefully. If your workflow uses any API-based tool (a hosted LLM, a vector database service, a document analysis API), you may not control whether that provider uses submitted data for model improvement. Most enterprise tiers of AI providers (OpenAI, Google, Mistral) allow you to opt out of training data use, but you need to have actually opted out and documented it.

Before signing this clause, verify:

• Which AI APIs you plan to use on this project
• Whether those providers’ terms include data-for-training provisions by default
• Whether your tier or contract with those providers includes a data opt-out
• Whether you can produce written confirmation from the providers

If you can’t verify all of this, negotiate the clause to reference what you can actually control:

“Agency will not use Client’s confidential information to train or fine-tune any proprietary AI model operated directly by Agency. Agency will configure all third-party AI service providers used in connection with this project to process Client data under terms that prohibit use of such data for model training, and will provide Client with written confirmation of such configurations upon request.”

That’s a promise you can keep. The original is probably not.

Hallucination and Output Accuracy Liability

The clause:

“Agency shall be liable for any damages, losses, or costs arising from inaccurate, misleading, or false information generated by AI systems deployed as part of Agency’s deliverables.”

This is asking you to guarantee AI output accuracy, which no one can do. Large language models hallucinate. This is a known, documented property of the technology. Signing this as written creates open-ended liability for events you can’t control.

A reasonable version:

“Agency will implement industry-standard techniques to reduce AI output inaccuracy, including [retrieval-augmented generation / output validation / human review processes / factual grounding mechanisms], as agreed in the project specification. Agency is not liable for outputs generated after Client modifies the deployed system or uses it in ways inconsistent with the specified use case.”

The key shift: you’re committing to specific mitigation techniques (which you can define in the SOW) rather than guaranteed accuracy of all outputs.

Also worth adding to the SOW itself:

“The AI system deployed under this agreement generates probabilistic outputs and is not designed for use cases where output errors would cause physical harm, financial loss, or legal consequences without human review. Client is responsible for maintaining human oversight processes appropriate to the use case.”

Get this in writing before you start building.

Data Retention and Model Artifacts

The clause:

“Upon termination of this agreement, Agency shall delete all client data, including any embeddings, vector representations, fine-tuned weights, or model artifacts derived from client data, within 30 days, and provide written certification of deletion.”

“Embeddings” and “vector representations” are fine. Those are derived data from the client’s content stored in a vector database, and you can delete the relevant collections. “Fine-tuned weights” is also manageable if you did any fine-tuning.

The part to watch: “model artifacts derived from client data” is ambiguous. Does this include the system prompt you wrote? The few-shot examples you created from client content? The evaluation dataset you built from client interactions?

Clarify before signing what specifically falls under this clause. A more precise version:

“Upon termination, Agency shall delete: (a) raw client data stored in Agency’s systems; (b) vector embeddings derived from client content stored in Agency-operated vector databases; and (c) any model weights fine-tuned specifically on client data. Standard model weights provided by third-party model providers are excluded.”

This makes deletion actually auditable. You know exactly what to delete and can certify it.

Third-Party AI Provider Subcontracting

The clause:

“Agency shall not use any third-party AI provider, API, or service to process Client data without prior written approval of Client.”

Reasonable in principle. Unworkable as written for most projects, since you almost certainly plan to use at least one hosted LLM API. The solution is to list the providers you intend to use in the contract or SOW and get blanket approval:

“Agency may use the following approved AI service providers in connection with this project: [OpenAI (Enterprise tier), Anthropic, Mistral AI, Pinecone]. Agency shall provide Client with written notice at least 10 business days before adding any new AI service provider to the project. Client’s approval shall not be unreasonably withheld or delayed.”

Keep the list updated. If you add a provider mid-project without updating this list, you’re technically in breach.

Performance Benchmarks for AI Features

The clause:

“AI features delivered by Agency shall achieve a minimum accuracy rate of 95% as measured by [specified metric] on a representative sample of production data.”

This is only acceptable if you and the client define the benchmark together before work begins, on a fixed test set, with agreed measurement methodology. Never accept a benchmark clause that references “production data” without specifying how that data will be collected and measured.

Better approach:

“Agency will work with Client to define performance benchmarks and evaluation methodology during the discovery phase. Agreed benchmarks will be documented in a separate Technical Specification, which shall be incorporated into this agreement by reference. Acceptance of AI features will be based on performance against the agreed benchmarks on the agreed evaluation dataset.”

This turns an unverifiable promise into a defined acceptance test.

Clauses to Watch in the Client’s Standard Contract

Beyond AI-specific clauses, a few standard clauses interact badly with AI projects:

Unlimited indemnification for IP infringement. Most boilerplate indemnification clauses have you indemnifying the client against any third-party IP claims. In AI projects, there are open questions about whether training data, model outputs, or generated content infringe on third-party IP. Check whether your E&O insurance covers AI-related IP claims before agreeing to unlimited indemnification.

Work-for-hire for “all materials created.” If you build internal tooling, prompt templates, evaluation frameworks, or reusable infrastructure during a project, and your contract assigns all of it to the client, you can’t reuse any of it on the next project. Carve out pre-existing materials and internal tools explicitly.

Most-favored-client pricing for AI APIs. Some enterprise clients ask for pricing equal to your “best” rate for the APIs you pass through. This is fine unless your API usage costs change significantly mid-project. Cap your API cost exposure in the project budget with a clause that allows for renegotiation if AI provider pricing changes by more than 25%.

The Practical Checklist

Before signing an AI project contract, confirm:

• IP ownership clause covers outputs but not your methods and tooling
• Training data warranty matches what you can actually control and verify with providers
• Hallucination liability is tied to specific mitigation techniques you can implement, not outcome guarantees
• Deletion clause defines exactly what gets deleted with enough precision to certify
• Third-party AI providers are listed and approved
• Performance benchmarks (if any) reference a fixed test set and agreed methodology
• Indemnification scope is capped or explicitly carves out AI-specific IP uncertainty
• Pre-existing IP and reusable tooling is carved out of work-for-hire assignment

Most of these negotiating positions are not aggressive. They’re requests for precision in place of vague obligations. Clients with reasonable legal teams will accept them without much pushback. Clients who resist every clarification are often the same clients who invoke the vague clauses later.

The contract conversation is also a signal. A client who has thought carefully about AI project risks and come to the table with nuanced clauses is usually a better partner than one who sends a standard software services agreement with “AI” find-and-replaced into the relevant sections.