Three contractual considerations when integrating a third-party AI system into a SaaS offering

The integration of generative pre-trained transformers or "GPT" models into suppliers' existing Software-as-a-Service ("SaaS") offerings is on the rise. Since training and developing models that power GPT require resources only a limited number of companies have access to, the service providers of these generative models are today limited to a few larger companies.

For example, many suppliers of SaaS offerings have started using OpenAI's application programming interfaces ("APIs") to integrate the services into applications, products or services which are offered to customers. 

Before integrating a third-party service provider's AI system into an already existing SaaS service that is being offered to a customer, suppliers should review their customer license agreements to ensure necessary required restrictions and contractual obligations are included, as well as ensuring that the existing terms do not grant the customer and end customer rights, or provide representations, warranties or indemnities to its customer, that are broader in scope than those provided by the third party service provider.

Such contract governance to ensure back-to-back coverage is important in light of the slightly unknown legal and financial repercussions regarding the use of AI.  

We have focused on three contractual regulations which should be revisited before offering an AI-integrated SaaS service to a customer. Please read our previous articles regarding issues with copyright and privacy when using generative AI.

SaaS suppliers regularly warrant that they will ensure that the service delivered fulfils the requirements and descriptions specified in the agreement. Defining the scope of a SaaS service integrated with an AI system presents challenges due to the inherent complexity of its algorithms and machine learning models which are subject to continuous evolvement over time.

Suppliers offering AI-integrated SaaS services will need to ensure that the warranty provided to the customer is not broader in scope than those provided by the third-party service provider.

Since the use of AI presents ethical issues, third-party service providers of AI, such as Open AI, have included license restrictions regarding the use of the AI. For example, OpenAI has a usage policy which applies to companies building solutions with the OpenAI API Platform.

In accordance with this usage policy, AI shall e.g. not be used to perform or facilitate activities such as providing tailored legal, medical/health, or financial advice without review by a qualified professional and disclosure of the use of AI assistance and its potential limitations, or make high-stakes automated decisions in domains that affect an individual's safety, rights or well-being (e.g. safety components of products, credit, employment or housing).

Suppliers offering AI-integrated SaaS products will need to ensure flow-down of the restrictions to its customers regarding the use of the license.

In addition to a broader set of restrictions which will need to be included in the license agreement, customers generating content co-authored with e.g. OpenAI API to end-customers are obligated to clearly disclose the role of AI in formulating the content in a way no reader could possibly miss, and that a typical reader would find sufficiently easy to understand.

Since AI systems may provide unexpected output which may have significant legal and financial repercussions, third-party service providers of AI systems will try to limit their liability as far as possible. Suppliers of AI-integrated SaaS services will need sufficient contract governance in order to ensure that their outbound license agreements have back-to-back liability coverage.

Furthermore, as is standard market practice in Norway in agreements regulating the provision of SaaS offerings, compensation for indemnification liability incurred as a consequence of defect in title for which the supplier or customer is liable, may be claimed. With AI-integrated SaaS services, the scope of indemnification should, in light of the unknown legal and financial repercussions regarding the use of AI, also include the supplier's incurred indemnification liability for the customer's or end-customer's use of the service in breach of the license which leads to regulatory violations.