By Evonne Xu · AI法律合规 · 深度分析 · 约1500字
核心摘要
企业采购AI工具时签的合同,往往是法务团队最容易忽视、却风险最高的一类合同。数据所有权模糊、模型训练条款隐蔽、责任限制极端不对等——本文逐一拆解5个最常见的法律陷阱,并提供可直接使用的谈判策略。
一、为什么AI采购合同比普通SaaS合同危险得多
过去十年,企业法务团队已经建立了一套成熟的SaaS合同审查框架:数据处理协议、SLA条款、退出机制、保密义务。但AI工具的采购合同,在表面上看起来和普通SaaS合同差不多,实质上却存在三个根本性差异。
第一,数据的用途远超"处理"本身。传统SaaS供应商处理你的数据是为了提供服务,处理完即停止。AI供应商处理你的数据,可能同时用于训练、优化、微调其底层模型——而这个过程是不可逆的。一旦你的数据被用于模型训练,即便合同终止,该数据对模型的"影响"也无法撤回。
第二,输出物的权属高度模糊。AI工具生成的内容、代码、分析报告,到底归谁所有?现行版权法在这个问题上尚无定论,而AI供应商的合同条款往往在这个空白地带大做文章。
第三,责任限制条款极端不对称。大多数AI供应商将自身责任上限设定为"过去12个月的订阅费用",而企业因AI输出错误承担的潜在损失,可能是合同金额的数十倍甚至数百倍。
二、5个最常见的法律陷阱
陷阱01:数据训练条款隐藏在隐私政策里,而不在主合同中
这是目前最普遍、也最危险的陷阱。许多AI供应商在主服务合同中对数据用途措辞模糊,将真正关键的条款——"我们可能使用你的输入数据改善我们的模型"——藏在隐私政策或补充条款的第17条。
企业法务在审查主合同时往往不会逐字审阅隐私政策,而隐私政策通常可以由供应商单方面修改,无需通知客户。
真实案例:2023年,三星半导体工程师在使用ChatGPT时,将内部芯片设计源代码作为提示词输入。这些代码随即可能被用于模型训练,三星随后宣布内部禁止使用该工具。事后三星无法追回任何数据,因为合同中没有明确禁止此类使用的条款。
谈判策略:在主合同中明确要求加入"数据训练禁止条款"(No Training Clause),要求供应商承诺:客户数据、输入内容、输出内容,均不得用于训练、微调或改善任何模型,无论是供应商自有模型还是第三方模型。
陷阱02:输出物知识产权归属不明
你用AI工具生成了一份并购尽调报告、一段代码、一个营销方案。这份内容归你所有吗?
答案远比你想象的复杂。目前美国版权局的立场是:纯粹由AI生成、没有人类实质性创作投入的内容,不受版权保护。这意味着你的竞争对手可以合法复制这份AI生成的报告,而你无法主张任何版权。
更糟糕的是,部分AI供应商在合同中声称对输出内容拥有"非独家许可",意味着供应商可以将相似的输出内容提供给你的竞争对手,而这在法律上是完全合规的。
谈判策略:要求合同明确约定"输出物归客户所有"(Output Ownership Clause),同时要求供应商承诺不将类似输出内容提供给竞争对手(Non-Compete Output Provision)。对于高度敏感的商业场景,考虑使用私有化部署方案而非共享云端模型。
陷阱03:责任限制条款让供应商几乎免责
打开任何一家主流AI供应商的服务合同,你几乎都能找到类似这样的条款:
"在任何情况下,供应商对任何间接损失、利润损失、数据丢失或业务中断不承担责任。供应商的总赔偿责任不超过客户在事故发生前12个月内支付的费用。"
这意味着:如果你每月支付$10,000的订阅费,而AI工具的错误导致你损失了一笔$5,000,000的并购交易,你最多只能向供应商追偿$120,000。
对于法律、医疗、金融等高风险决策场景,这种责任上限几乎等于供应商的完全免责声明。
谈判策略:对于高风险使用场景,尝试谈判将责任上限提高至合同总价值的2-5倍,并将"重大过失"和"故意不当行为"明确排除在责任限制之外。同时要求供应商提供专业责任险证明(E&O Insurance),保额不低于$5,000,000。
陷阱04:第三方模型条款——你不知道你的数据去了哪里
你采购的AI工具,很可能不是运行在供应商自己的模型上,而是调用OpenAI、Anthropic、Google等第三方基础模型的API。这意味着你的数据实际上流经了至少两层供应商。
问题在于:你的主合同是与直接供应商签订的,但数据处理实际上由第三方模型供应商完成。你与第三方模型供应商之间没有任何合同关系,也无法直接追究其责任。
真实案例:2024年,某美国律所的内部案件备忘录通过其采购的AI法律研究工具,被发现实际上是通过OpenAI API处理的。该律所的客户数据因此处于律师-客户特权保护的灰色地带,引发了严重的职业责任风险。
谈判策略:要求供应商披露所有第三方模型供应商名单,并要求合同中明确规定:供应商对其使用的所有第三方服务提供商的数据处理行为承担连带责任(Pass-Through Liability Clause)。同时要求供应商提供与第三方模型供应商签订的数据处理协议(DPA)副本。
陷阱05:退出条款——合同结束后你的数据去哪了
合同终止或到期后,供应商会如何处理你的数据?
许多AI合同对这个问题的回答是:在合同终止后30-90天内"删除或返还"数据。但这个承诺存在三个重大漏洞:
第一,备份数据通常被排除在删除义务之外,可能被保留长达数年。 第二,已经用于模型训练的数据无法被"删除"——模型权重已经吸收了这些数据的影响。 第三,"返还"数据的格式通常是供应商自定义格式,导致数据迁移成本极高,形成实质性的锁定效应。
谈判策略:要求合同明确约定数据删除的范围(包括备份、日志、衍生数据),要求供应商在合同终止后30天内提供书面数据删除证明,并要求数据以通用格式(CSV、JSON等)返还,确保可迁移性。
三、中国企业特别需要注意的两个额外风险
风险一:跨境数据传输合规
对于在中国有数据来源的企业,使用美国AI工具意味着将中国境内产生的数据传输至境外。中国《数据安全法》和《个人信息保护法》对跨境数据传输设有严格限制,未经安全评估或标准合同备案,擅自将重要数据传输境外,可面临高达人民币5000万元或年营业额5%的罚款。
风险二:出口管制合规
部分AI工具(尤其是涉及密码学、生物识别、先进计算的工具)可能受到美国出口管制条例(EAR)的限制。中国企业在采购此类工具时,需要确认供应商已向相关机构申请出口许可,否则可能同时使买卖双方陷入出口管制违规的法律风险。
四、结语:AI合同不是标准合同,不能用标准流程审
当你的法务团队用审查传统SaaS合同的方式审查AI采购合同,你实际上是在用一把尺子量两种完全不同的东西。
AI工具的核心价值在于它处理数据、生成输出、辅助决策的能力——而这三个环节,恰好都是现行合同保护框架最薄弱的地方。
在AI采购决策中,法律准备越早,谈判筹码越大。等到合同签完才发现陷阱,往往已经无法回头。
关于作者
Evonne Xu 是一位专注于中美跨境并购与AI法律合规的律师,同时也是法律科技工具的构建者。
📩 订阅每周AI法律简报:evonnexulegal.beehiiv.com/subscribe 📅 预约一对一咨询:evonnexulegal.com/#contact
AI Contract Traps: The 5 Legal Pitfalls Companies Fall Into When Buying AI Tools
By Evonne Xu · AI Legal Compliance · Deep Analysis · ~1500 words
Executive Summary
The contracts companies sign when purchasing AI tools are among the most overlooked — and highest-risk — agreements that legal teams handle. Vague data ownership, hidden model training clauses, and extreme liability asymmetry create serious exposure. This article breaks down the five most common legal traps and provides negotiation strategies you can use immediately.
I. Why AI Procurement Contracts Are Far More Dangerous Than Standard SaaS Agreements
Over the past decade, corporate legal teams have developed mature frameworks for reviewing SaaS contracts: data processing agreements, SLA terms, exit mechanisms, confidentiality obligations. But AI tool procurement contracts, while superficially similar to SaaS agreements, carry three fundamental differences.
First, data is used for far more than "processing." Traditional SaaS vendors process your data to deliver a service, then stop. AI vendors may simultaneously use your data to train, optimize, and fine-tune their underlying models — and this process is irreversible. Once your data has been used in model training, even contract termination cannot undo its influence on the model.
Second, ownership of outputs is deeply ambiguous. Who owns the content, code, or analysis reports generated by an AI tool? Current copyright law offers no clear answer, and AI vendors routinely exploit this gap in their contract terms.
Third, liability limitations are extremely asymmetric. Most AI vendors cap their own liability at "the subscription fees paid in the preceding 12 months," while the potential losses a company may suffer from AI output errors can be tens or hundreds of times the contract value.
II. The Five Most Common Legal Traps
Trap 01: Data training clauses hidden in privacy policies, not in the main contract
This is the most pervasive and dangerous trap. Many AI vendors use vague language in the main service agreement, burying the truly critical clause — "we may use your input data to improve our models" — in section 17 of their privacy policy or supplemental terms.
Legal teams reviewing the main contract typically do not read privacy policies line by line, and privacy policies can usually be amended unilaterally by the vendor without notifying customers.
Real case: In 2023, Samsung semiconductor engineers used ChatGPT and pasted internal chip design source code as prompts. That code potentially became training data. Samsung subsequently banned the tool internally. The company had no legal recourse because the contract contained no explicit prohibition on such use.
Negotiation strategy: Require a No Training Clause in the main contract, with the vendor explicitly committing that customer data, inputs, and outputs will not be used to train, fine-tune, or improve any model — whether the vendor's own or any third party's.
Trap 02: Ambiguous intellectual property ownership of AI outputs
You used an AI tool to generate an M&A due diligence report, a block of code, or a marketing plan. Does that content belong to you?
The answer is more complicated than you might expect. The U.S. Copyright Office's current position is that content generated purely by AI, without substantial human creative input, is not eligible for copyright protection. This means a competitor could legally copy your AI-generated report, and you would have no copyright claim.
Worse, some AI vendors assert a "non-exclusive license" over outputs in their contracts — meaning the vendor can provide similar outputs to your competitors, entirely legally.
Negotiation strategy: Require an Output Ownership Clause explicitly assigning all outputs to the customer, and a Non-Compete Output Provision prohibiting the vendor from providing similar outputs to competitors. For highly sensitive commercial scenarios, consider private deployment rather than shared cloud models.
Trap 03: Liability caps that leave vendors nearly immune
Open any major AI vendor's service contract and you will almost certainly find language like this:
"In no event shall the vendor be liable for any indirect, incidental, or consequential damages, loss of profits, loss of data, or business interruption. The vendor's total liability shall not exceed the fees paid by the customer in the twelve months preceding the claim."
This means: if you pay $10,000 per month and an AI tool error costs you a $5,000,000 M&A transaction, your maximum recovery is $120,000.
For high-stakes decision-making in legal, medical, or financial contexts, this liability cap is functionally a complete disclaimer of responsibility.
Negotiation strategy: For high-risk use cases, negotiate to raise the liability cap to 2–5x the total contract value, and explicitly carve out "gross negligence" and "willful misconduct" from liability limitations. Also require the vendor to provide Errors & Omissions (E&O) insurance with coverage of no less than $5,000,000.
Trap 04: Third-party model clauses — you don't know where your data actually goes
The AI tool you purchased may not run on the vendor's own model at all — it may be calling the API of OpenAI, Anthropic, Google, or another foundation model provider. This means your data flows through at least two layers of vendors.
The problem: your main contract is with the direct vendor, but the actual data processing is performed by a third-party model provider. You have no contractual relationship with that third party and no direct legal recourse against them.
Real case: In 2024, a U.S. law firm discovered that internal case memoranda processed through its AI legal research tool were actually being handled via the OpenAI API. Client data was therefore in a legal gray zone regarding attorney-client privilege, creating serious professional liability exposure.
Negotiation strategy: Require the vendor to disclose all third-party model providers, and require the contract to specify that the vendor accepts joint liability for the data processing practices of all subprocessors (Pass-Through Liability Clause). Also request a copy of the Data Processing Agreement (DPA) the vendor has signed with any third-party model providers.
Trap 05: Exit clauses — where does your data go after the contract ends?
After a contract terminates or expires, what will the vendor do with your data?
Many AI contracts answer this with: data will be "deleted or returned" within 30–90 days of termination. But this commitment has three significant gaps.
First, backup data is typically excluded from deletion obligations and may be retained for years. Second, data used for model training cannot be "deleted" — the model weights have already absorbed the data's influence. Third, "returned" data is typically provided in vendor-proprietary formats, creating high migration costs and effective lock-in.
Negotiation strategy: Require the contract to specify the full scope of data deletion (including backups, logs, and derivative data). Require the vendor to provide written certification of data deletion within 30 days of contract termination. Require data to be returned in standard formats (CSV, JSON, etc.) to ensure portability.
III. Two Additional Risks Specific to Chinese Companies
Risk One: Cross-border data transfer compliance
For companies with data originating in China, using U.S. AI tools means transferring data generated within China to overseas servers. China's Data Security Law and Personal Information Protection Law impose strict restrictions on cross-border data transfers. Transferring important data overseas without completing a security assessment or filing standard contractual clauses can result in fines of up to RMB 50 million or 5% of annual revenue.
Risk Two: Export control compliance
Certain AI tools — particularly those involving cryptography, biometrics, or advanced computing — may be subject to U.S. Export Administration Regulations (EAR). Chinese companies procuring such tools must confirm the vendor has obtained any required export licenses. Failure to do so can expose both buyer and seller to export control violations.
IV. Conclusion: AI Contracts Are Not Standard Contracts. Don't Review Them With a Standard Process.
When your legal team reviews an AI procurement contract the same way they review a traditional SaaS agreement, you are measuring two fundamentally different things with the same ruler.
The core value of an AI tool lies in its ability to process data, generate outputs, and support decisions — and those three functions are precisely where current contractual protection frameworks are weakest.
In AI procurement, the earlier you prepare legally, the more negotiating leverage you have. By the time you discover the traps after signing, it is often too late to go back.
About the Author
Evonne Xu is an attorney specializing in U.S.-China cross-border M&A and AI legal compliance, and a builder of legal tech tools.
📩 Subscribe to the weekly AI law brief: evonnexulegal.beehiiv.com/subscribe 📅 Book a consultation: evonnexulegal.com/#contact