Third-Party AI Contract Addendum

Overview

When you engage an AI vendor, standard MSA terms leave critical gaps. Most don't address whether the vendor can use your data to train their general models. They don't require explanations for AI decisions. They don't establish accuracy standards or bias testing requirements. They don't account for AI-specific security risks.

This contract addendum fills those gaps with provisions specifically designed for AI services. It's drafted to supplement your existing vendor agreements, adding the AI-specific protections your organization needs while providing clear obligations for vendors.

What's Inside

• Data Rights and Usage: Provisions establishing that customer data remains customer property, prohibiting vendor use of customer data for training general models, restricting data aggregation and third-party sharing, and requiring data deletion upon termination with certification
• Transparency and Explainability: Requirements for vendor documentation (model purpose, training data, limitations, bias testing) and reasonable explanations for AI-generated outputs upon request
• Performance and Quality: Accuracy standards with specific metrics, monitoring requirements, and notification obligations when performance degrades
• Bias and Fairness: Vendor representations that AI is designed to minimize unlawful discrimination, bias testing requirements with summary results provided to customer, and ability to request additional testing
• Security Requirements: AI-specific security controls including adversarial attack protection, access controls, encryption, SOC 2 certification, and incident notification
• Regulatory Compliance: Vendor obligations to comply with applicable AI regulations and notify customer of regulatory changes affecting services
• Intellectual Property: Clear allocation of IP rights including vendor pre-existing technology, customer-specific developments, and output ownership
• Indemnification: Vendor indemnification for breaches, IP infringement, discrimination from AI defects, and security breaches
• Human Oversight: Vendor support for customer oversight processes including confidence scores, flagging for human review, and override mechanisms

Who This Is For

• Procurement/Vendor Management negotiating AI vendor contracts
• Legal Teams reviewing AI service agreements
• Chief AI Officers establishing vendor governance standards
• IT Leaders onboarding AI vendors with appropriate protections
• Risk/Compliance Officers ensuring vendor AI meets requirements

Why This Resource

Negotiating AI-specific contract terms from scratch is time-consuming and easy to get wrong. This addendum provides professionally-drafted provisions covering the key AI risks, ready for your legal team to review and customize.

The provisions balance protection with practicality—they're designed to be acceptable to vendors while ensuring the protections your organization needs.

FAQ

Q: What's the most important provision in this addendum?

A: Data rights restrictions are critical. Without explicit prohibition, vendors may use your data to improve their general models—which means your proprietary data benefits their other customers and your competitors. Section 2.2 explicitly prohibits training on customer data without consent.

Q: How do we negotiate this with vendors?

A: The provisions are drafted to be reasonable and commonly accepted. Reputable AI vendors should agree to most terms. If a vendor refuses core provisions (like data usage restrictions), that's important information about how they view the relationship. Your legal team can prioritize must-haves vs. nice-to-haves based on your risk tolerance.

Q: Does this replace our standard vendor agreement?

A: No. This addendum supplements your existing MSA, adding AI-specific provisions. It's designed to work alongside your standard vendor agreement terms, with language specifying that AI-specific provisions prevail in case of conflict.