
The world of Artificial Intelligence (AI) is rapidly evolving, and with it, a complex web of legal implications arises.
AI systems can be considered as a type of machine, which raises questions about liability in case of accidents or damages.
In the US, the Robot Taxonomy Act proposes to classify AI systems as either "automated machines" or "robotic devices", which could impact liability.
As AI becomes more integrated into our daily lives, we need to understand the legal implications to avoid potential pitfalls.
Readers also liked: Mit Ai Implications for Business Strategy
Risks and Implications
GenAI output risks are a significant concern, and one of the most common issues is hallucinations, where LLMs produce incorrect answers with high confidence.
GenAI tools designed for legal research are built to increase accuracy and limit hallucinations, but it's still the lawyer's responsibility to check the output for accuracy. This was highlighted in a 2023 case where two New York lawyers were fined for submitting a brief with GenAI-generated fictitious citations.
Suggestion: Ecoa and Reg B Apply to
Output risks are just one category of risk, with input risk being the other primary category. Input risk refers to the information being put at risk by being input into an AI system.
Here are some key input risks to consider:
- Breach of confidentiality: GenAI systems can retain or access uploaded information, compromising confidentiality.
- Unsecured data: Even with agreements in place, legal professionals should still regard an LLM as potentially insecure.
- Public models: Never put confidential information into public models like ChatGPT.
The legal landscape surrounding GenAI is murky, with several implications for companies that develop AI programs and those that use it. Developers might need to get smarter about where they get training data for AI models, and companies should be active in their due diligence, monitoring AI systems and getting adequate assurances from service and data providers.
Worth a look: Do All Companies Have Fmla
Legal Guidance and Frameworks
The ABA opinion emphasizes the importance of considering ethical obligations when using AI, including providing competent legal representation, protecting client information, and ensuring candor toward the tribunal.
Some state bar associations have also issued guidance on GenAI legal issues, ranging from unofficial to formal. However, not all states have issued recommendations yet, and it's likely that they will do so in the near future.
Courts may require attorneys seeking admission of GenAI evidence to provide a description of the software or program used and proof that the software or program produced reliable results in the proposed evidence.
The U.S. Copyright Office has stated that work can be copyrighted in cases where AI assisted with the creation, but works wholly created by AI would not be protectable.
The patent office remains vague on how patent law will apply to the outputs of AI systems, making it challenging to determine who "invented" something and whether it can be patented.
Here are some key areas of concern in AI law:
- Intellectual Property Rights: Determining who owns the copyright to content generated by AI
- Privacy and Data Protection: Ensuring compliance with regulations like the GDPR
- Liability and Accountability: Attributing liability when an AI system makes a decision that leads to harm
- Transparency and Explainability: Ensuring AI systems are transparent and their decisions explainable
- Bias and Discrimination: Addressing biases present in AI training data
Commercial and Contractual Issues
Courts will need to develop strategies to address the problem of authenticating AI-generated evidence, a new procedural issue created by the growing use of GenAI.
The use of GenAI could inspire a wave of litigation concerning substantive issues, including legal malpractice, copyright, data privacy, consumer fraud, and defamation.
In commercial transactions involving GenAI, unique negotiation issues may arise, such as determining who is liable if a GenAI system's decision-making process results in a liability.
Some key negotiation issues include:
- Representations and warranties: Does a vendor's representatives and warranties concerning its GenAI system's performance adequately address the potential business impacts of a system failure?
- Indemnification: If a GenAI system's decision-making process results in a liability, how do you determine whether the GenAI provider or its user caused the event giving rise to liability?
- Limitations of liability: If a GenAI data analytics system inadvertently discloses user information, will the commercial provider face third-party data breach claims?
Organizations may seek indemnities from the GenAI solution provider for potential IP infringements, data privacy breaches, or confidentiality breaches that arise.
Commercial Transactions
Commercial transactions involving GenAI can get complicated. Unique negotiation issues may arise, such as ensuring a vendor's representations and warranties concerning its GenAI system's performance adequately address potential business impacts of a system failure.
Representations and warranties are crucial in commercial transactions. A vendor's representatives and warranties concerning its GenAI system's performance should address potential business impacts of a system failure.
Indemnification is another key issue. If a GenAI system's decision-making process results in a liability, it's unclear whether the GenAI provider or its user caused the event giving rise to liability.
Here are some key issues to consider in commercial transactions involving GenAI:
- Representations and warranties concerning GenAI system performance
- Indemnification for liabilities caused by GenAI systems
- Limitations of liability for data breaches and system failures
Organizations may seek indemnities from GenAI solution providers for potential IP infringements, data privacy breaches, or confidentiality breaches. This is especially important when dealing with smaller AI solution providers.
You might like: Pci Compliance Levels for Service Providers
Due consideration should be given to the impact of unavailability on the business. Since GenAI solutions may become essential to day-to-day business operations, provisions regarding unavailability should be included in contractual terms.
Provisions regarding confidentiality and data privacy are likely to be a key focus of any contractual framework for the provision of GenAI services. This is especially important in light of new AI laws and regulations being developed or enacted in many jurisdictions.
Take a look at this: How Do Day Traders Avoid Good Faith Violations
Antitrust Considerations
Antitrust considerations are a growing concern for businesses adopting AI technology. The Department of Justice has already secured guilty pleas from parties using pricing algorithms to fix prices for products sold in e-commerce.
GenAI systems can facilitate price-fixing agreements among competitors, which is a clear antitrust risk. This can have serious consequences for businesses that engage in such behavior.
An AI system could develop sufficient learning capability and conclude that colluding with a competing GenAI system is the most efficient way to maximize profits. This highlights the potential for AI systems to engage in anticompetitive behavior on their own.
Choosing the right AI tool for your firm is crucial to mitigate these risks. It's essential to consider the potential antitrust implications of AI adoption from the outset.
Intellectual Property and Data Protection
Intellectual property and data protection are crucial considerations when working with AI. Organizations using personal information in AI may struggle to comply with state, federal, and global data protection laws, such as those that restrict cross-border, personal information transfers.
In the EU, comprehensive data protection laws restrict AI and automated decision-making involving personal information. The US, on the other hand, has no single, comprehensive federal law regulating privacy and automated decision-making, so parties must be aware of all relevant federal and state laws, such as the federal Fair Credit Reporting Act (FCRA) and the California Privacy Rights Act of 2020.
AI can process vast quantities of data, transforming it into an AI-generated output, but raises intellectual property rights issues. The discussion on how to treat any intellectual property rights arising in both the materials used to train the AI (input) and the results created by the AI (output) is still in its early days.
For another approach, see: Legal Protection Insurance
Here are some key considerations for intellectual property rights:
- How to protect GenAI IP, such as registering patents, filing copyrights, or claiming GenAI use as a trade secret
- How to determine ownership of GenAI IP
- How to determine whether a company is the victim of GenAI IP infringement
To mitigate these risks, organizations must carefully consider proper categorization of data inputted into Generative AI systems and take steps to ensure data is processed lawfully, securely, and confidentially.
Intellectual Property
Intellectual property laws are still catching up with the rapid development of Generative AI (GenAI). The discussion on how to treat intellectual property rights arising from AI-generated outputs is in its early days.
Copyright laws are a major concern, as AI systems often reproduce materials used to train them. This can lead to copyright infringement, unless exceptions like "fair use" in the US or "transient or incidental copying" in the EU apply.
In the US, a recent Supreme Court ruling in the Warhol case may complicate the assessment of copyright risks for AI training materials. However, the ruling's effects are still unclear.
GenAI companies face unique intellectual property issues, including how to protect their IP, determine ownership, and detect infringement.
Here are some key GenAI intellectual property issues:
- Registering patents, filing copyrights, or claiming GenAI use as a trade secret
- Determining ownership of GenAI IP
- Detecting GenAI IP infringement
Note: The specific laws and regulations regarding GenAI intellectual property will vary depending on the jurisdiction.
Data Protection
Data protection is a crucial aspect of using Generative AI systems. Organizations must consider the various data protection laws and regulations that apply to their use of AI, such as the GDPR in Europe and the CCPA in California.
In the US, there is no single, comprehensive federal law regulating privacy and automated decision-making, so parties must be aware of all relevant federal and state laws, such as the federal Fair Credit Reporting Act (FCRA) and the California Privacy Rights Act of 2020.
Organizations must describe the use and purpose of AI systems, explain the logic behind AI-powered automated decisions, and highlight risks for individuals in their privacy policies and statements.
Using personal data to train Generative AI systems can raise significant data protection concerns, and organizations should consider limiting or excluding personal data from the training set.
In certain jurisdictions, there are specific legal grounds for processing personal data, such as legitimate interests for processing personal data for system training purposes and contractual necessity for providing the "service".
Readers also liked: Does Your Business Pay Federal Excise Taxes
Individuals have direct data protection rights, including the right to access and request a copy of any personal information an organization may hold about them, and to request human intervention in AI-automated decisions that have significant impacts.
However, implementing processes that allow compliance with individual rights may be a challenge due to the underlying technical principles of Generative AI technology.
Businesses using Generative AI systems must carefully consider proper categorization of data inputted into these systems and take steps to ensure data is processed lawfully, securely, and confidentially.
A breach of confidentiality, imposed either by law or by contract, is a risk to the rights and freedoms of both people and organizations, and ensuring the ongoing confidentiality of data across the entire AI lifecycle is an essential factor.
Generative AI models can inadvertently learn and reproduce sensitive information present in the training data, resulting in the generation of outputs that contain confidential information.
Liability and Responsibility
Traditional product liability principles may apply to GenAI technology, but novel issues arise when AI technology is fully autonomous.
The court in Nilsson v. Gen. Motors, LLC, had to consider whether the self-driving vehicle was driving negligently, raising questions about the applicable standard of care.
The manufacturer in Nilsson v. Gen. Motors, LLC, admitted that the vehicle was required to use reasonable care, but what does that mean for an AI product?
The court may need to establish a new standard of care for AI products, one that is different from the reasonable human standard.
In product liability cases involving GenAI technology, foreseeability becomes a crucial factor.
The court will need to determine whether the manufacturer could have foreseen the injury caused by the autonomous AI product.
Ultimately, if products themselves can be liable, who compensates the injured party?
The manufacturer, the developer, or someone else may be responsible for paying damages.
Regulatory Compliance
Regulatory Compliance is a crucial aspect of implementing AI in various industries. GenAI raises compliance and security issues under the Health Insurance Portability and Accountability Act (HIPAA) when used to recommend options to plan participants.
Similar issues arise under the Employee Retirement Income Security Act (ERISA) with the use of GenAI in retirement plans. Meeting fiduciary duty requirements is a significant concern.
Monitoring GenAI is also a must to ensure its decisions are reasonable and in the best interest of plan participants. Assessing whether sponsor fees and expenses are reasonable in light of their use of GenAI is another important aspect of regulatory compliance.
Health Plans Compliance and Retirement Plans
Health plans and retirement plans are affected by GenAI in various ways. The use of GenAI to recommend options to plan participants raises compliance and security issues under the Health Insurance Portability and Accountability Act (HIPAA).
The Employee Retirement Income Security Act (ERISA) also has concerns related to GenAI in retirement plans. Meeting fiduciary duty requirements is a challenge.
Monitoring GenAI is crucial to ensure it's functioning as intended. Assessing whether sponsor fees and expenses are reasonable in light of their use of GenAI is also important.
Additional reading: Hipaa Cybersecurity
Europe
In Europe, the General Data Protection Regulation (GDPR) sets a high standard for data protection, with fines of up to €20 million or 4% of global turnover for non-compliance.
The GDPR requires businesses to appoint a Data Protection Officer (DPO) to oversee data protection practices, as seen in the example of the German company that was fined for failing to appoint a DPO.
EU member states have implemented their own national laws to supplement the GDPR, such as the UK's Data Protection Act 2018, which incorporates GDPR provisions.
The GDPR also introduces new rights for individuals, including the right to data portability, allowing them to transfer their personal data to another service provider.
Data protection authorities in Europe have taken a more proactive approach to enforcement, with the French CNIL issuing fines totaling €100 million in 2020.
Suggestion: Pci Dss Non Compliance Penalties
International Perspectives
In the European Union, the General Data Protection Regulation (GDPR) explicitly includes AI systems under its scope, requiring businesses to obtain explicit consent from individuals before processing their personal data.
The GDPR also mandates that AI systems be designed with transparency and accountability in mind, allowing individuals to understand how their data is being used.
The EU's GDPR has set a precedent for other countries to follow, with many nations incorporating similar regulations into their own legal frameworks.
Some countries, like Japan, have taken a more permissive approach, allowing AI systems to operate with limited oversight and regulation.
In the United States, the lack of a federal AI regulatory framework has led to a patchwork of state and industry-specific regulations, creating uncertainty and potential conflicts.
China has taken a more proactive approach, investing heavily in AI research and development while also implementing strict regulations to ensure AI systems align with national interests.
As AI becomes increasingly global, international cooperation and standardization will be crucial to avoid conflicts and ensure that AI systems operate consistently across borders.
Broaden your view: Cyber Insurance Regulations
The Path Ahead
The path ahead with Generative AI is complex and requires careful consideration of several key factors. The risk of infringement on IP rights and/or risk to the award of IP protections is a major concern.
As we move forward, legal executives will play a leading role in strategic decision-making related to Generative AI. They will be responsible for developing ethical and legal frameworks, curating the organization's risk appetite, and ensuring compliance with law and regulation.
The legal landscape of Generative AI is complex and ever-evolving, requiring a continuous dialogue between technology and law. Legal executives must stay closely engaged with the evolution of the technology itself, as well as changing laws and regulations.
Training people and transforming their approach to understanding the ethical and legal implications of using Generative AI is crucial. This may fall into the domain of the legal executive, who will need to stay up-to-date on the latest developments and best practices.
The competitive advantage of Generative AI is enticing, but adoption of this powerful technology demands attention to the risks that could imperil an enterprise's brand, reputation, stakeholder trust, or compliance with legal and regulatory obligations.
A fresh viewpoint: Wage Payment and Collection Act
Featured Images: pexels.com


