Intellectual Property and AI Law: Best Practices for Internal and External AI Policies

Authors:

Beverly Rich
Rowan Smith

Artificial Intelligence (AI) is quickly reshaping how businesses function and innovate.

While this powerful technology promises to bring efficiency and growth to everything from product development to data analysis, AI-powered tools can expose an organization to new risks, including many risks related to intellectual property (IP). To effectively address these potential liabilities, it’s absolutely critical for businesses to adopt AI use policies that clearly communicate how AI can be used, both within the organization and in external operations.

Why Your AI Policies Need an Attorney’s Touch

While it may be tempting to develop AI policies in-house, an attorney who understands tech and IP law, data privacy regulations, emerging AI-related legal frameworks, and the underlying technology itself will be better equipped to draft legally sound AI use policies that are tailored to a company’s needs and that address key areas of concern, including:

• IP ownership clarity: Both internal and external policies should define patent ownership and copyright in cases of human-AI collaboration.
• Effective risk mitigation: A company’s AI policies should detail guidelines for handling sensitive data, as well as provisions to prevent accidental public disclosure of trade secrets and innovations.
• Legal compliance across jurisdictions: An attorney well-versed in AI law will ensure a company’s internal and external policies align with applicable laws and regulations across multiple jurisdictions, such as the EU AI Act or state laws like California’s privacy regulations. Further, attorneys who specialize in AI can better predict regulatory trends and address changes to laws that may affect liability and related company policies.

Internal Use of AI Policies

An internal AI policy provides employees and managers with clear guidelines on everything from AI development and application to governance and regulatory compliance. These policies typically include provisions covering:

• Acceptable and Responsible Use: Specify when and how AI can be used.
• Protection of Innovation: Prevent accidental disclosures that could place IP rights at risk and clarify ownership rights ex ante
• Security of Proprietary Data: Enforce guidelines to safeguard sensitive company data from exposure  to public AI models.

External Use of AI Policies

Businesses should also adopt external AI policies that clarify acceptable use of AI tools outside the organization’s direct control, including those used by third-party vendors or employees on personal devices for work-related tasks. Any AI-driven collaboration with third parties also needs to be governed by a legally sound policy that answers questions like:

• Who retains ownership of jointly developed AI tools or datasets?
• What are the terms for licensing AI tech to external parties?
• How is data collected, maintained, and shared securely?

Risks of Operating Without Comprehensive AI Policies

Businesses that fail to implement robust internal and external AI policies open themselves up to  a wide range of avoidable vulnerabilities, including specific risks related to intellectual property:

• Loss of Patent and Trade Secret Protections: An organization’s use of AI tools can potentially lead to unintentional disclosure of proprietary information, making it ineligible for patent protection.
• Ownership Disputes Over Content and Innovation: Without well-defined ownership provisions, determining who owns  AI-generated innovations will be difficult and could lead to costly litigation.
• Derivative Works and Originality: AI-generated content can raise questions about originality, especially when it’s derived from existing works or includes human contributions.
• Software Licensing Issues: Using AI-generated code or integrating AI into existing software can raise licensing issues.
• Data Privacy and Confidentiality: AI systems may rely on large datasets that include personal or sensitive information, raising concerns about breaches, unauthorized access, and regulatory compliance.

What Every AI Policy Should Cover

To ensure the integrity of their IP and minimize potential liabilities, businesses should work with a qualified attorney to draft internal and external policies that clearly address:

• Scope of Coverage: An AI policy should clearly outline who it applies to (employees, contractors, vendors) and the types of activities covered.
• Legal Ethics and Compliance: Policies should include provisions on the ethical use of AI, as well as clauses to ensure compliance with GDPR, CCPA, and similar regulations.
• Data Security and Privacy: AI policies should include directives for protecting sensitive information in AI training and use.
• Employee Training and Awareness: An internal AI policy should include requirements for regular employee training on ethical and safe AI use.
• Monitoring and Updating: Compliance monitoring and annual policy updates will keep businesses ahead of the curve as technology, regulations, and ethical considerations continue to evolve.

Closing Thoughts

Implementing legally sound internal and external AI policies will allow your business to avoid liabilities, protect its IP from infringement and misuse, and stay ahead in a competitive market.

Messner Reeves stands as a trusted leader at the intersection of AI policy and IP law. Whether you’re leveraging AI internally, developing AI-driven products or seeking to acquire AI-powered technology, our multidisciplinary team is your best choice for counsel related to AI policy making for internal and external teams.

Contact us today to learn how we can help.