AI Contract Clause Library

Vendor shall not use Customer Data, including any output, feedback, or derivatives thereof, to train, fine-tune, improve, or benchmark any AI model, without express prior written consent from Customer. This prohibition applies to all subprocessors engaged by Vendor.

Vendor shall not make solely automated decisions that produce legal effects or similarly significantly affect individuals without: (a) notifying Customer in advance; (b) providing Customer with the technical means to implement Article 22 GDPR safeguards; and (c) enabling human review of all such decisions on request.

Where the AI System supplied hereunder falls within the scope of Annex III of EU Regulation 2024/1689 (EU AI Act), Vendor warrants that it has completed and maintains the applicable conformity assessment, holds a valid CE marking, is registered in the EU database of high-risk AI systems, and will provide Customer with all documentation required by Articles 11–13 upon request.

Vendor shall notify Customer within 24 hours of becoming aware of any serious incident involving the AI System as defined in EU AI Act Article 3(49), including any breach, unexpected behavior, or near-miss event. Vendor shall provide a written incident report within 72 hours and cooperate fully with Customer's regulatory notification obligations.

Vendor shall store and process all Customer Data exclusively within the European Economic Area (EEA) unless Customer provides express prior written consent to a specific third-country transfer accompanied by appropriate safeguards under GDPR Chapter V. Vendor shall immediately notify Customer of any proposed change to processing locations.

Vendor shall: (a) maintain an up-to-date list of all subprocessors at [URL]; (b) notify Customer no less than 30 days before engaging any new subprocessor; (c) impose data protection obligations on each subprocessor no less protective than those in this Agreement; and (d) remain liable to Customer for the acts and omissions of each subprocessor.

Vendor acknowledges that outputs generated by the AI System may be inaccurate, incomplete, or inconsistent ("AI Errors"). Vendor shall: (a) document known error rates in the Technical Documentation; (b) implement human review requirements for specified high-stakes outputs; (c) not warrant that any AI output is accurate, and Customer assumes all risk of use without appropriate human review.

Customer, or its designated third-party auditor, shall have the right to audit Vendor's data processing facilities and practices no more than once per calendar year upon 30 days' written notice, or at any time following a confirmed or suspected security incident. Vendor shall cooperate fully and bear reasonable costs of making relevant records and personnel available.

Employee acknowledges receipt of the Company's AI Usage Policy [Policy Reference] and agrees to comply with its terms, including restrictions on: (a) inputting confidential, personal, or client data into unauthorized AI tools; (b) presenting AI-generated content as original work without disclosure; and (c) using AI systems not approved by the IT Security team. Violations may result in disciplinary action up to termination.

Where the Company uses any automated employment decision tool (AEDT) in the hiring or promotion process, candidates will be notified at least ten business days before the assessment. Candidates may request an alternative selection process or information about the tool's qualifications screened. Annual bias audits will be conducted by an independent auditor and results published on the Company's website.

Work product created by Employee using AI tools in the course of employment shall be owned by the Company, subject to the same work-for-hire provisions as non-AI work. Employee warrants that: (a) all AI-generated work complies with the applicable AI tool's terms of service; (b) no copyrighted third-party training data is reproduced in a manner that would infringe copyright; and (c) Employee has reviewed all AI-generated work for accuracy before submission.

Employee acknowledges that the Company may monitor usage of Company-approved AI tools and systems for security, compliance, and quality purposes, subject to applicable privacy laws. Where legally required, the works council/employee representatives have been consulted regarding this monitoring. Monitoring results may be used in performance management or disciplinary proceedings.

Our AI features generate content based on machine learning models and may produce inaccurate, incomplete, or inappropriate outputs. You are responsible for reviewing all AI-generated content before use. We do not guarantee the accuracy of AI outputs and accept no liability for decisions made based on AI-generated content without appropriate human review.

You shall not submit to our AI system: (a) personal data of individuals without their consent; (b) data that would constitute a hate crime, child exploitation material, or content prohibited by applicable law; (c) confidential information of third parties; (d) biometric data, health data, or special category data without express written authorization from us. We may terminate your access for violations without refund.

Business customers deploying this AI System in an EU AI Act Annex III context must: (a) designate a human reviewer for all high-risk outputs; (b) conduct and maintain a Fundamental Rights Impact Assessment; (c) log AI System usage and maintain logs for a minimum of 6 months; (d) notify Aegis Digital Systems of any serious incident within 24 hours. Failure to comply may result in suspension of access.

Partner shall flow down to all end customers all obligations required by the EU AI Act, GDPR, and other applicable AI regulations applicable to deployers. Partner shall not represent that the AI System has any compliance certification not expressly confirmed in writing by Provider. Partner shall indemnify Provider for any liability arising from Partner's failure to comply with applicable AI regulations or to pass through required deployer obligations.

Pre-existing IP contributed by each party remains owned by that party. Jointly developed AI models, training data sets, and derived works shall be jointly owned in equal undivided shares unless otherwise agreed in a signed Statement of Work. Each party may exploit jointly owned IP without accounting to the other, except: (a) neither party may grant exclusive licenses without the other's consent; (b) each party shall mark jointly owned outputs as such.

Contractor shall disclose to Client, prior to delivery, any use of generative AI tools (including but not limited to ChatGPT, Claude, Gemini, or Midjourney) in the creation of deliverables. Client reserves the right to request non-AI alternatives or to accept AI-assisted work with appropriate acknowledgment. Undisclosed AI use that violates Client's brand guidelines or publication standards constitutes a material breach.

Contractor shall not input Client's confidential information, trade secrets, personal data, or non-public business information into any third-party AI tool, LLM, or cloud AI service. Contractor may use AI tools approved in writing by Client on a project-by-project basis. This obligation survives termination of this Agreement for a period of 5 years.

Contractor warrants that all deliverables: (a) do not infringe the intellectual property rights of any third party; (b) comply with the terms of service of any AI tool used in their creation; (c) have been reviewed by Contractor for copyright infringement risks arising from AI training data; and (d) are disclosed as AI-assisted per Clause [X] above. Contractor shall indemnify Client for claims arising from breach of this warranty.