Battleground 3

Risk Allocation

When an AI output infringes a third-party copyright, or when a hallucinated response causes financial loss, the law is still figuring out who owns that harm. The vendor's contract is the only architecture you have to fill the gap right now.

Most vendor paper is designed to make sure the buyer carries the cost. Three levers determine the outcome: indemnification (who pays when a third party sues), liability caps (the maximum either party can lose), and carve-outs (which losses are not capped at all). In an AI deal, these determine whether the vendor is selling you a tool or a liability.

Vendors typically open with a symmetrical structure: mutual IP indemnification, but only for the vendor's underlying platform — not for what the AI generates. Liability capped at 12 months of fees. No dollar floors. No separate cap for data breaches. The message: we will stand behind our code. What the AI does with your data is your problem.

Buyers look at the same structure and see a risk chasm. The buyer did not train the model. The buyer cannot predict when it will hallucinate or reproduce training data. Yet under standard paper, the buyer indemnifies the vendor for output-related claims, and the vendor's total exposure is capped. For a $100K contract, that is a $100K cap on a risk that could generate millions in damages. The math does not work.

The fix requires three components working together. First: output indemnification. The vendor carries the infringement risk for unmodified outputs used as intended. The carve-outs are narrow: input materials that are themselves the basis of the claim; the buyer's combination of output with non-Provider materials; uses the vendor warned against in writing. This flips the baseline — the vendor stands behind what its AI produces. Second: dollar floors. A pure fee-multiple cap is a trap in small deals. A $50K contract with a 1x cap means the vendor's maximum exposure for a data breach is $50,000 — immunity, not risk management. A $250,000 floor ensures the vendor has skin in the game regardless of contract size. Third: a super-cap for data breaches. Security incidents should not share the same cap as commercial liability. The 2x fee multiple with a $500K floor creates a separate risk architecture for the vendor's most consequential failure mode.

The compromise that closes enterprise deals: the cap stays at 12-month fees, but a $250K floor applies to contracts below that threshold. Data breaches get a separate super-cap at 2x fees with a $500K floor. Output indemnification is available for unmodified outputs used as intended, with narrow carve-outs the vendor needs to avoid unbounded risk. Both sides carry proportionate exposure: the vendor carries the risk it controls (model selection, integration, marketing), the buyer carries the risk of downstream use.

Vendor View

"We carry sophisticated platform indemnification. We own the model selection, the integration, and the security of our infrastructure. We will stand behind those choices. What the AI generates is based on the customer's data and prompts. Our cap structure is calibrated to the fees we earn. Unbounded liability for edge-case outputs would make the business uninsurable."

Buyer View

"We are buying a product. We do not control the model, the training data, or the inference pipeline. When the AI produces a hallucinated fact, a biased recommendation, or a near-verbatim copy of training data, that is a product failure — not a customer misuse. A cap at 12 months of fees on a $50K contract means a $50K ceiling on a class-action-sized exposure. That is not risk allocation. That is risk transfer."

Red Flags

  • A liability cap expressed solely as a fee multiple with no floor
  • An indemnification clause that covers the platform but explicitly excludes AI outputs
  • A contract that caps data breach liability at the same level as general commercial liability
  • Vendor disclaims all liability for AI-generated outputs infringing intellectual property rights, except for gross negligence
  • No output indemnification at any tier — the buyer absorbs full risk for what the AI generates

Sample Clause (Illustrative)

"Provider shall indemnify, defend, and hold harmless Customer against any third-party claim alleging that an unmodified AI Customer Output, used by Customer in accordance with the Documentation and Provider's acceptable use guidelines, infringes the third party's intellectual property rights. This obligation excludes claims arising from: (a) AI Customer Output generated from Customer's own AI Customer Input where such Input is the basis of the infringement claim, (b) Customer's combination of AI Customer Output with non-Provider materials where the combination, and not the Output alone, is the basis of the claim, or (c) Customer's use of AI Customer Output in a manner Provider expressly warned against in writing. Provider's aggregate liability for all claims arising out of or relating to this Agreement shall not exceed the greater of (a) the fees paid by Customer in the 12 months preceding the claim, or (b) $250,000. Notwithstanding the foregoing, Provider's liability for claims arising from a Security Breach shall not exceed the greater of (a) two times the fees paid in the 12 months preceding the claim, or (b) $500,000."

Establishes three components of AI-native risk allocation. First: output indemnification — the vendor stands behind what its AI generates, but only for unmodified outputs used as intended. The carve-outs are narrow and define the vendor's risk boundary without creating a free pass. Second: dollar floors — a pure fee-multiple cap on a $50K deal is a $50K ceiling, immunity rather than risk management. The $250,000 floor ensures the vendor has meaningful exposure regardless of contract size. Third: super-cap for data breaches — a security incident is not the same risk category as a commercial dispute, and the cap should not be the same. The 2x multiple with a $500K floor creates a separate risk architecture for the vendor's most consequential failure mode.

Illustrative only. Clause language requires adaptation to your jurisdiction, deal context, and risk profile. Not legal advice.

Drawn from the Enterprise AI MSA Playbook (June 2026) by Laith Sarhan, Sarhan Data Law. Educational content only — not legal advice.