Negotiating GenAI Vendor Terms for a Financial Services Enterprise

Rikka Law Capability Spotlight

A regulated financial services enterprise came to us after a critical SaaS vendor required it to accept separate Generative AI Terms as a click-through addendum, outside the negotiated master agreement. The vendor’s standard terms were heavily one-sided: a near-zero cap on the vendor’s liability for AI-related claims, a broad license to use the client’s data to train the vendor’s models for other customers, no intellectual property (“IP”) indemnification, and a reserved right to change the AI terms unilaterally at any time. For an organization handling sensitive, regulated data, those terms were not acceptable.

We addressed the structural problem before the substantive ones. The click-through format meant the AI terms operated outside the negotiated master agreement entirely, giving the vendor a parallel and weaker governance framework for exactly the features the client needed most. We reframed the AI terms as a negotiated exhibit to the master agreement, which eliminated the vendor’s unilateral modification right and brought every AI provision under the same legal standards as the rest of the deal.

From there, we worked through each substantive issue in order of risk severity, explaining the client’s regulatory environment and the commercial rationale for each position to keep the negotiation moving efficiently. Where the vendor had legitimate concerns, particularly around outputs the client modified or combined with other products, we agreed to narrow, well-defined carve-outs. On the issues that mattered most, no model training on client data, full output ownership, a meaningful liability cap, and vendor-side IP indemnification, we held firm. The agreement closed in a handful of drafts, without the client having to walk away from a platform central to its operations.

Outcomes

• A substantial, mutual liability cap in place of the vendor’s near-zero starting position, with carve-outs preventing either party from invoking the cap in cases of gross negligence, security failures, or IP violations.
• An express no-training commitment, prohibiting use of the client’s proprietary inputs and confidential data to improve the vendor’s models for other customers.
• Full output ownership confirmed, with a complete vendor IP assignment and vendor-side indemnification covering third-party IP claims, a protection absent from the vendor’s starting position.
• Contract stability locked in: the vendor’s unilateral right to amend the AI terms removed, and all AI inputs and outputs treated as the client’s confidential information under the master agreement’s full security framework.

If your organization is procuring software that includes generative AI functionality, the vendor’s standard AI terms likely expose you to data, IP, and liability risks that your master agreement does not cover or that the AI terms may override. We review and negotiate GenAI vendor terms for financial institutions and other regulated enterprises before they sign to permit them to leverage cutting edge technologies while mitigating risk.