You negotiated a right to delete. The vendor agreed. Your compliance team filed it and moved on. The problem: the clause describes an operation your vendor can't actually perform.
Every commercial AI contract I've read in the last six months has some version of this. On written request, the vendor deletes your data within 30 or 60 days, certifies deletion in writing, and extends the obligation to backups and derivatives. That language was written for a database world. Your data never lived only in a database. For some period, it lived inside model weights. And the weights are what the vendor sells.
At NeurIPS 2025, researchers published "Unlearned but Not Forgotten." They showed that exact unlearning, the gold-standard method vendors lean on to scrub training data out of a model, leaks the deleted information through a guidance attack when the pre- and post-unlearning checkpoints are accessible. Deletion, at the weights level, is a legal fiction dressed up as an engineering operation. The vendor isn't lying to you. The vendor just can't actually give you what the clause promises.
What You Actually Signed For
Open your AI vendor's commercial terms and read the indemnity. OpenAI's Copyright Shield. Anthropic's IP indemnity. Google's. Microsoft's. All of them are scoped to third-party intellectual property claims. The vendor defends you if a copyright holder sues you over a verbatim output. That's not where the risk is.
The risk is what happens when your proprietary data stays recoverable from the model long after your account is closed. A class action built around a memorized record. A regulator asking, in 2028, whether the training set your vendor used in 2026 contained data you were legally required to delete under CCPA §1798.105, a Colo. Rev. Stat. §6-1-1306 deletion request, or a GDPR Article 17 order. None of that sits inside the indemnity you signed.
The Enforcement Pattern That Tells You Where This Is Going
The FTC has been signaling for four years that the remedy for illegally collected or processed data isn't deletion of the record. It's destruction of the model. The agency calls this algorithmic disgorgement, and the order history is short but consistent. Everalbum in 2021. WW (the former Weight Watchers) in 2022. Rite Aid in December 2023, the first application of Section 5 unfairness to discriminatory AI. Avast in 2024. In each order, the remedy ran at the model layer: destruction of the algorithm (Everalbum, WW, Avast) or a ban on the system itself (Rite Aid).
Now read those orders against your vendor contract. When a regulator tells your AI vendor to disgorge a model your data trained, your contract doesn't contemplate that event. There's no provision allocating the cost of rebuilding your pipeline on a replacement model. No warranty that the deletion you requested actually stayed deleted. No audit right that lets you test either claim.
Why This Sits On Your Side of the Line
The clean version of the story: you asked for a right you can't verify, against a harm the indemnity doesn't cover, from a vendor whose deletion mechanism a peer-reviewed paper just undermined. Today, the loss allocation runs through you.
I'm not arguing vendors are acting in bad faith. I'm arguing that the deletion clause in most commercial AI contracts was imported from a SaaS template and never updated for how modern models actually work. The gap between "we will delete your data" and "your data is gone from the weights" is the distance between a contract promise and a physics problem. Your clause sits on the wrong side of that distance.
What To Do
Three moves before your next AI vendor renewal.
- CFO and GC: pull every active AI vendor MSA and locate the indemnity. In one sitting, confirm whether it's scoped to third-party IP or whether it also covers the business harm from a post-deletion propagation event. Most will be IP only.
- Procurement: add one question to every renewal. What mechanism does the vendor use to remove training data, and will the vendor warrant that the mechanism withstands a published extraction attack? You won't get a useful answer. The useful part is the silence.
- Outside counsel: should be drafting a training-data propagation audit clause. That clause doesn't exist in any commercial template today. Thursday's flagship will walk through what the clause actually says, what statutes it hooks into, and how to anchor it to the FTC's disgorgement precedent. For now, the thing to know: the clause your vendor wrote is solving the wrong problem.
The contract language you need isn't in anyone's form paper yet. The buyers who ask for it first get to set the precedent.
This article is for informational purposes only and does not constitute legal advice. Consult qualified legal counsel before making compliance decisions based on the developments discussed here.
Most AI vendor contracts were written before model weights became a compliance surface. If you're renewing this quarter, the redline conversation with outside counsel should start before the vendor's form paper crosses your desk.