AI & Emerging Tech

The Anatomy of an AI Use Rider for Your Vendor Agreements


The Anatomy of an AI Use Rider for Your Vendor Agreements


Artificial intelligence (AI) is becoming a core component of enterprise software and services, especially for SaaS vendors and cloud-based tools. As your vendors adopt AI capabilities - whether through their own models or by integrating third-party tools like OpenAI, Google Vertex AI, or Amazon Bedrock - it’s important to ensure their use of AI aligns with your legal, security, and ethical standards.

One way to do that is by attaching an AI Use Rider to your vendor agreements. This post will give you a high level overview of what can go into an AI Use Rider for your Vendor Agreements.

1. Clear Definition of “AI Use”

Start by defining what constitutes “AI Use” under the agreement. Include:

  • Use of generative AI (text, code, image generation);
  • Predictive analytics and recommendation engines;
  • Automated decision-making tools.

The definition should be broad enough to cover current and future AI integrations but tailored to your vendor’s service.

2. Approved Use Cases

Vendors should only use AI tools:

  • As necessary to provide the contracted services;
  • In ways that do not introduce bias, hallucination risks, or misuse of customer data;
  • With your prior written approval if use cases change.

This section helps ensure transparency and limits scope creep.

3. Disclosure of AI Subprocessors

Require vendors to disclose:

  • The specific AI platforms or models they use (e.g., OpenAI GPT-4, Vertex AI);
  • Whether any third parties (including AI service providers) will access your data;
  • Updates if the list of subprocessors changes.

This enables better data mapping and security reviews.

4. Data Protection, Handling and Training Restrictions

Make it clear that:

  • Your data may not be used to train or fine-tune any AI model unless explicitly authorized;
  • Prompt and output logs involving your data must be deleted upon request;
  • Personal data or regulated data types (e.g., Protected Health Information) must not be input into generative AI without express consent and compliance measures - including entering into a Business Associate Agreement or Data Processing Addendum.

This aligns with data privacy laws and reduces exposure to downstream liabilities.

5. Warranties and Representations

Vendors should represent and warrant that:

  • AI use is in compliance with applicable laws and regulations;
  • AI outputs will be reviewed for accuracy and appropriateness before being presented to end users;
  • They have safeguards in place to mitigate AI risks (e.g., bias, toxicity, copyright infringement).

This gives you recourse if AI introduces unacceptable risks.

6. Indemnity for AI Misuse

Include a tailored indemnity clause that covers damages, claims, or regulatory penalties arising from the vendor’s improper or unauthorized use of AI. This is especially important if AI tools generate outputs that could result in IP violations, misinformation, or legal exposure. Also consider an unlimited limitation of liability for breaches of the AI Use Rider.

7. Audit and Oversight Rights

Reserve the right to:

  • Request documentation of how AI tools are used;
  • Audit or review AI governance processes, including testing, monitoring, and bias detection practices.

This encourages accountability and supports your internal compliance obligations.

Let us Help

This is a high level overview of what an AI Use Rider should contain. There may be more specific nuances for regulated industries. An AI Use Rider is important for risk mitigation, operational clarity, and accountability. As AI continues to reshape how services are delivered, forward-thinking businesses should take proactive steps to define the rules of engagement with vendors using these technologies. If you need help drafting an AI Use Rider that fits your business - reach out to Kader Law. We can help businesses navigate AI adoption safely and strategically.

This post is not legal advice, and does not establish any attorney client privilege between Law Office of K.S. Kader, PLLC and you, the reader. The content of this post was assisted by generative artificial intelligence solutions.

Maybe you will like this

June 2, 2024

Legal Considerations for Healthcare Technology Companies Utilizing Generative AI

Generative artificial intelligence (AI) is being implemented in healthcare technology to assist in innovation and improvement in patient care. This technology also brings forth a myriad of legal considerations that healthcare technology companies must meticulously navigate to ensure compliance and mitigate risks. This post provides a high level overview of legal issues healthcare technology companies must address when utilizing generative AI.
Read more
September 25, 2024

7 Key Considerations for Companies Evaluating an AI-Powered Vendor

Companies are constantly on the lookout for ways to innovate and improve efficiency, and vendors are releasing AI-powered solutions to assist with everything from automating tasks to providing deeper customer insights. But with the rapid evolution of AI technology comes the challenge of assessing these vendors effectively. Here are 7 key considerations for companies when evaluating an AI-powered vendor.
Read more
April 15, 2024

Legal Implications of Using AI in the Workplace

Artificial Intelligence (AI) solutions are becoming common in the workplace across industries. However, the integration of AI into workplace systems brings with it a host of legal considerations that employers must carefully navigate to avoid potential liabilities. This post will give you a high level overview of legal implications of using AI in the workplace.
Read more
Read More Insights

Let's Connect

We’re here to help.

Location

Contact

Law Office of K.S. Kader, PLLC
1629 K St. NW, Suite 300
Washington, DC 20006

(202) 466-0965

“Kader Law brought exactly the right support at exactly the right time. Practical, responsive, and a true partner to our team.”
Deputy General Counsel
Software Company

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

DO NOT ENTER any confidential information into the below form. Submission of this form does not create any attorney-client privilege relationship. There is no attorney-client privilege between you and K.S. Kader, Esq. until there is a written and signed engagement agreement in place. By submitting this form, you agree to our Terms of Use and Privacy Policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.