AI clause in a SaaS agreement: what it should cover
Model training, output ownership, liability limits: the key provisions every SaaS vendor should include in a dedicated AI clause.
An increasing number of SaaS vendors are integrating artificial intelligence into their products. Text generation, image creation, recommendations, automation — AI is becoming a core feature of many SaaS platforms. Yet most standard SaaS agreements do not include any provision specifically addressing AI. That is a gap worth closing.
Here are the key points that every dedicated AI clause should address.
This is the most important commitment to make explicit. GDPR compliance alone is not sufficient. The agreement should clearly state that:
This is essential for confidentiality, security and commercial trust. Customers are increasingly aware of this risk and will raise it during negotiations.
AI is a rapidly evolving technology. The model in use today may not be the model in use next quarter. The agreement should therefore make clear that:
This follows the same logic as standard software updates. The vendor must preserve its ability to evolve the product without renegotiating the agreement after every technical change.
AI-generated outputs are inherently uncertain. They can be inaccurate, incomplete or misinterpreted. The agreement should set clear boundaries:
This protects the vendor’s position while ensuring the customer understands the nature of the service.
This is the most uncertain area. Who holds the rights to AI-generated outputs?
If the output is a text, a visual or a line of code, does it belong to the customer, the vendor, or neither? What happens if the output draws on third-party data?
The agreement must address this directly:
The key is clarity and consistency with the technical reality of the solution.
Most SaaS vendors integrating AI do not develop their own models. They rely on third-party providers (OpenAI, Anthropic, Mistral, Google). The agreement should address this subprocessing chain: which model is used, under what conditions does customer data pass through the provider, and whether the vendor may change model providers without the customer’s prior consent. This is closely linked to the broader question of usage data ownership.
The EU AI Act now imposes transparency and documentation obligations on AI system providers — including SaaS vendors that embed AI features — even for limited-risk systems. The AI clause in a SaaS agreement must be consistent with these regulatory requirements. For a detailed analysis, see my article on contractual obligations for AI providers under the AI Act.
There is no established benchmark or settled case law on AI clauses. Each service, each model, each use case is different.
An AI clause should never be copied from another agreement. It must be tailored to the specific role AI plays in your product, the level of autonomy of the model, the type of content generated and the uses permitted to the customer. For an overview of the key provisions in a SaaS agreement, see the SaaS contracting guide.
The AI clause is no longer a theoretical topic. It is a negotiation point that customers are raising earlier and earlier in the sales process. It is better to have it in your agreement than to improvise under pressure. If your SaaS includes AI features and your agreement does not yet address them, book a call.
The Data Act limits what SaaS vendors can charge when you switch providers. Permitted fees, prohibited charges, and the 2027 deadline explained.
Stuck in a SaaS contract your company no longer needs? The EU Data Act gives you a legal right to switch providers. Eligibility, process, and pitfalls.
Let's build together to grow your business
I have been supporting software and SaaS companies for over 10 years, helping them structure their business, protect their intellectual property and strengthen their contracts.
