Your AI vendor's one-page summary says "we indemnify for IP claims." Your GC signs it and assumes the company is covered. Most of the exposure sits outside that sentence. A draft federal procurement clause from GSA, paired with EU AI Act deployer obligations landing on August 2, 2026, is setting a new floor for what a serious AI contract looks like. The gap between that floor and the commercial terms your vendors are offering is where your real risk lives.
---
Here's the pattern I keep seeing in founder-led and mid-market companies. The CTO picks an AI platform. Procurement pushes paper. The vendor one-pager says the company will defend the customer against copyright infringement claims. The GC reads that sentence, sees a number next to the liability cap, and signs. Everyone feels covered.
Most of them are not.
The "Copyright Shield" language offered by the major commercial AI vendors is narrower than it reads. It covers the vendor's default output, used as intended, with safety features enabled, without modification, without combination with other tools, and without trademark claims. That is not how most companies actually use AI. And IP is only one category of exposure. Data misuse, regulatory noncompliance, incident response timing, sub-processor failures, model deprecation: none of that is inside the Copyright Shield.
Two regulatory floors are moving at once. On March 6, 2026, the General Services Administration released the first federal attempt to standardize AI procurement through binding contract terms, a draft clause designated GSAR 552.239-7001, "Basic Safeguarding of Artificial Intelligence Systems". The public comment period closed on April 3, with possible inclusion in GSA Refresh 32. Four months later, on August 2, 2026, the high-risk obligations under the EU AI Act (Regulation (EU) 2024/1689) take effect, and Article 26 imposes deployer obligations on any U.S. company whose AI use reaches EU individuals. Between the two, the regulatory expectations for what an AI contract has to deliver have moved sharply. Commercial vendor paper has not caught up.
Whether or not your company sells to the federal government or touches EU users, both matter. In my experience, federal procurement standards reshape commercial contracts over the following 12 to 24 months, because the vendors on both sides of the table are often the same, and their form paper converges. And the EU AI Act's deployer obligations cannot be contracted out of. You need them reflected in your vendor agreements, or you carry the regulatory exposure alone.
Here's what I'd tell any CEO weighing AI vendor commitments: the federal clause and the EU deployer regime together preview what "good" looks like, and your commercial MSA probably doesn't get close. The 12 clauses below are what your outside counsel should be redlining into every AI vendor agreement you sign this year.
What Does the GSA Clause Actually Require?
The draft clause goes well beyond what's standard in commercial AI contracts today. The core provisions, reported in detail by Federal News Network and confirmed against the GSA text:
The government retains ownership of all Government Data, including user prompts, system responses, metadata, and synthetic data generated by the AI system. It also retains ownership of "Custom Developments," meaning any model adjustments produced through training or fine-tuning during contract performance. The contractor gets a limited, revocable license to use that data only for the purpose of performing the contract.
Contractors may not use Government Data to train, fine-tune, or otherwise improve any AI model for any other customer or for any commercial purpose.
Security incidents must be reported to the Cybersecurity and Infrastructure Security Agency, the contracting officer, and other designated points of contact within 72 hours of discovery. Contractors must provide daily updates until the incident is resolved and preserve forensic artifacts for at least 90 days.
Prime contractors are directly liable for the compliance of their "Service Providers," a category that includes subcontractors, cloud providers, and commercial AI model vendors. A 30-day advance notice is required for adding or materially changing any Service Provider.
Contractors must disclose all AI systems used, provide documentation aligned with the NIST AI Risk Management Framework, and enable transparency features including summarized reasoning and disclosed data sources. The clause also includes American AI system and neutrality requirements that are less relevant outside federal procurement, so I'll leave those aside.
The government retains evaluation and remediation rights, including the ability to suspend use and recover decommissioning costs for compliance failures.
Read those provisions back to back with a commercial vendor's standard terms of service. The gap is obvious.
What Does EU AI Act Article 26 Add?
GSAR 552.239-7001 is about procurement. EU AI Act Article 26 is about deployment. A U.S. company using commercial AI to make or inform decisions about EU individuals is a "deployer" under the regulation. Starting August 2, 2026, deployers of high-risk AI systems carry obligations that run parallel to the GSA clause and in some places go further.
Deployers must assign competent human oversight to the system. They must keep automatically generated logs for at least six months. They must notify the provider and national authorities of serious incidents or risks. In some cases, they must complete a fundamental rights impact assessment. None of that is possible without access rights, information rights, and cooperation from the vendor. None of it can be contracted out of.
Here's the problem: those obligations fall on the deployer, not the provider. But the deployer cannot meet them without the provider's cooperation. That cooperation has to be in the vendor contract, or the deployer carries an obligation it cannot actually perform.
Why This Is a Commercial-Contracting Problem
Three forces are converging on the same contract. The federal government is establishing a procurement floor through GSAR 552.239-7001. The EU is establishing a deployer floor through Article 26. And commercial AI vendor contracts, including the enterprise terms offered by OpenAI, Anthropic, Microsoft, and Google, are calibrated to the vendor's risk tolerance, not to the buyer's obligations under either regime.
Here's the operating reality: even if your company never sells to the federal government and never touches EU individuals, you are buying from the same vendors that do. The two regimes either pull the vendor market toward stronger commercial terms, or the vendors segregate their regulated offers from their commercial offers and leave commercial buyers with the weaker set. Either way, the contract you sign this quarter sets the floor on what you can ask for in the next renewal.
Start now.
The 12 Clauses Your GC Should Be Redlining
1. Customer Data Ownership, Broadly Defined
The commercial default says the customer owns its inputs and outputs. That's fine as far as it goes. It doesn't go far enough. Ownership of metadata, logs, session state, fine-tuning datasets, and any model adjustments resulting from the engagement is often silent or reserved to the vendor. Expand the definition of "Customer Data" to include all of it. The federal clause does exactly that, and for the same reason.
2. Absolute Training Restriction
Enterprise-tier products from the major vendors prohibit training on customer data. Consumer and lower tiers typically do not. The contract must say, in plain terms, that the vendor may not use customer inputs, outputs, metadata, or fine-tuning data to train, improve, benchmark, or evaluate any model for the benefit of any other customer or for the vendor's general product. Tie retention limits to purpose.
3. Output Ownership With No License-Back
Customers generally own their outputs. Some vendors reserve a right to use de-identified or aggregated outputs for product improvement. If a license-back survives negotiation, narrow it: no verbatim reuse, no use that could reveal customer information, and termination of the license when the contract ends.
4. Indemnification With Two Tracks
Combine IP indemnification and data misuse indemnification into a single clause with two distinct tracks. They cover different exposures. The IP track should defend claims that outputs infringe third-party rights, with narrowed exclusions. The commercial default excludes modification, combination, fine-tuning with customer data, and trademark claims, which happens to describe most real-world enterprise use. Push back. The data misuse track should cover unauthorized access, disclosure, or use of customer data, including statutory fines, breach notification costs, and reasonable forensic and credit monitoring expenses.
5. Liability Cap With Real Carve-Outs
The commercial norm is a cap equal to 12 months of fees paid. That's tolerable for garden-variety disputes and inadequate for material risk events. The contract should carve out from the cap: IP indemnification, data breach and data misuse indemnification, willful misconduct, gross negligence, confidentiality breaches, and regulatory fines. For data-related liabilities specifically, consider a super-cap of two to five times annual fees.
6. Incident Reporting Timeline and Escalation Path
"Notify promptly" is not operational. The SEC's Form 8-K Item 1.05 cybersecurity rule runs on a four-business-day clock for material incidents. CISA's Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) regulations will require 72-hour reporting for covered entities. If the vendor discovers a breach first, the buyer cannot meet its own obligations without a hard timeline. The federal clause uses 72 hours. I'd push for 24 to 48 hours for confirmed or reasonably suspected security incidents affecting customer data, with a named escalation path and forensic preservation.
7. Sub-Processor Flow-Down With Prime Liability
Modern AI stacks run on cloud providers, wrap foundation models from other vendors, and route through third-party tooling. The vendor you're contracting with is one layer of a chain. The commercial default gives the vendor broad rights to change sub-processors without notice and disclaims responsibility beyond a screening obligation. Require a current sub-processor list, 30 days advance notice of material changes with a right of reasonable objection, and a representation that the vendor is liable for sub-processor acts to the same extent as its own.
8. Human Oversight and Framework Alignment
EU AI Act Article 26 requires deployers to assign competent human oversight to high-risk AI systems. That's impossible without interpretability features and documentation. The contract should include a warranty that the system provides the interpretability features reasonably needed to supervise the use case, plus documentation aligned with the NIST AI RMF or ISO/IEC 42001, and a standing obligation to furnish updated documentation on request.
9. Audit Rights and Compliance Documentation
Your company can't answer a European regulator, a state attorney general, or an acquirer's due diligence questions by saying "our vendor did not provide us that information." Require, on reasonable notice, the documentation needed to meet the buyer's own regulatory obligations. Third-party audit rights should be available in the event of a material security or compliance concern. The vendor should also commit to completing reasonable customer questionnaires.
10. Regulatory Change Clause
The regulatory floor is moving. The EU AI Act's high-risk obligations hit this summer. Colorado's AI Act enforcement was delayed to June 30, 2026, with a proposed ADMT (Algorithmic Decision-Making Technology) Framework to replace it by 2027. Texas TRAIGA (Responsible AI Governance Act) is under injunction as of December 2025. Build in a mutual obligation to meet applicable AI regulation, notice and renegotiation rights if a new rule materially increases cost or risk, and a termination-for-convenience right if a regulation undermines the use case.
11. AI-Specific Termination Triggers
"Termination for material breach" was written before AI. It doesn't cleanly cover a hallucination that causes measurable harm, a regulatory ban on the underlying model, or a vendor deprecating the model version you're depending on. Add termination rights for: model deprecation without equivalent replacement, material change in model behavior, regulatory prohibition on the model, and repeated accuracy or safety failures beyond defined tolerances.
12. Data Return and Deletion
When the contract ends, customer data should come back in a usable format and then be deleted. That includes backups within a reasonable window, and any model adjustments that incorporated customer data. The vendor should certify deletion in writing. It sounds like cleanup. It's actually where buyers discover whether their data has been propagated into places the vendor did not disclose.
What To Do This Week
1. GC / Outside Counsel: Pull the current template for AI vendor MSAs and compare it against these 12 clauses. Identify the five weakest. Start redlining. 2. CEO: Ask the GC and CIO jointly for an inventory of AI vendors currently under contract, flagged by use case and the highest-risk category of customer data each touches. If that list doesn't exist, the company is not ready to answer an investor, acquirer, or regulator question about AI risk. 3. CFO: For every AI vendor contract with a liability cap below four times annual fees on data-related liabilities, price what a worst-case data incident would actually cost. Then decide whether the vendor relationship is commercially sensible at that level of self-insurance. 4. CIO / CTO: Map every AI system to its provider and deployer role under EU AI Act terms for any use that reaches EU individuals. Match that map against the documentation you actually have from each vendor. Request whatever is missing, in writing. 5. Board / Audit Committee: Ask management whether the company has renegotiated any AI vendor contract in the last 12 months on the basis of the clauses above. If the answer is no, ask why. Request an AI vendor risk report at the next meeting.
Frequently Asked Questions
Does this matter if my company doesn't sell to the federal government or have EU users?
Yes. Commercial AI vendors tend to converge their form paper over 12 to 24 months once a federal procurement standard like GSAR 552.239-7001 is published. Even if your company never touches the EU, your vendors do, which means the terms they offer you will track the terms they have to offer their regulated buyers. Either way, the floor is moving.
If my AI vendor offers a "Copyright Shield," do I still need these clauses?
Yes. The Copyright Shield programs from the major commercial AI vendors cover only the vendor's default output, used as intended, without modification, combination, or fine-tuning, and exclude trademark claims. That profile does not match how most enterprise buyers actually use AI, and it addresses only IP exposure. Data misuse, sub-processor failures, incident response timing, regulatory noncompliance, and model deprecation all sit outside the Copyright Shield.
Who is the "deployer" under the EU AI Act if we're using a commercial AI product?
Your company is. Under Article 26 of Regulation (EU) 2024/1689, the deployer is the party using an AI system under its authority. If your company uses a commercial product from OpenAI, Anthropic, Microsoft, or Google to make or inform decisions about EU individuals, you are the deployer, and the provider (the AI vendor) sits above you in the regulatory stack. Deployer obligations, including competent human oversight, six-month log retention, incident notification, and a fundamental rights impact assessment where applicable, fall on your company, not the vendor.
Do we need to renegotiate existing AI vendor contracts before August 2, 2026?
For any AI system whose use reaches EU individuals, EU AI Act Article 26 deployer obligations take effect on August 2, 2026, and they cannot be contracted out of. If your current vendor agreement does not give you the access, documentation, and cooperation rights needed to meet those obligations, your company carries the regulatory exposure alone. Upcoming renewal cycles and side letters are practical vehicles for closing the gap before the deadline.
What We're Watching
- GSA Refresh 32 publication: Whether GSAR 552.239-7001 makes it into the refresh, and in what modified form, will set the anchor for commercial contract conversations through 2026. - Vendor response to EU AI Act August 2: Watch for revised commercial terms from major AI vendors ahead of the deadline, particularly on deployer cooperation and documentation provisions. Most vendor form paper in market today isn't yet calibrated to Article 26. - Colorado ADMT Framework: If the Work Group's proposal advances in the 2026 legislative session, covered ADMT developers and deployers will have until January 1, 2027 to revise compliance programs. - TRAIGA injunction status: The Texas AI governance statute remains enjoined as of April 2026. If the injunction is lifted, Texas becomes a live compliance front alongside Colorado and California.
Close
The contract is the only place a buyer can shift AI risk before it turns into a regulatory problem. Vendors won't offer stronger terms on their own. The federal government just showed the private market what the floor should look like. The GCs who move first get the precedent. The ones who wait get whatever the vendor's next revision cycle decides to offer.
---
This article is for informational purposes only and does not constitute legal advice. Every company's situation is different, and you should consult with qualified legal counsel before making compliance decisions based on the developments discussed here.
Consilium Law advises growth-stage companies on commercial AI adoption, vendor contracting, and AI governance programs calibrated to both U.S. and EU regulatory obligations. If your AI vendor paperwork hasn't been refreshed in the last 12 months, it probably doesn't reflect where the market is heading.