Contents
- The Ownership Gap: Contract vs. Copyright
- The Copyright Landscape in 2025–2026
- Vendor IP Terms Compared
- Provision 1: Output Ownership Assignment
- Provision 2: Input IP Retention
- Provision 3: IP Indemnification
- Provision 4: Training Exclusion
- Provision 5: Fine-Tuned Model Ownership
- Provision 6: Non-Compete on Output Use
- Provision 7: Warranty and Liability Allocation
- Provision 8: Disclosure and Regulatory Compliance
- The Human Authorship Threshold
- Enterprise IP Playbook
- FAQ
In March 2025, the D.C. Circuit affirmed that U.S. copyright law requires human authorship — AI cannot be a legal author. In May 2025, the U.S. Copyright Office concluded that some uses of copyrighted training data qualify as fair use and some do not. In June 2025, Anthropic settled a training-data copyright lawsuit for $1.5 billion. Meanwhile, every major vendor now contractually assigns output ownership to enterprise customers. The result is a legal environment where you can own your AI outputs contractually but may be unable to protect them under copyright law — and where the vendor that produced them may face massive liability for how its models were trained. Understanding both dimensions is no longer optional for enterprise procurement.
1. The Ownership Gap: Contract vs. Copyright
When an AI vendor says “you own the output,” they are making a contractual commitment. Specifically, the vendor is (a) disclaiming any ownership interest in the content their model generated for you, and (b) assigning to you whatever rights, if any, they hold in that output. This is meaningful. It means the vendor will not claim your AI-generated marketing copy, code, analysis, or creative content as theirs. It means you can use, modify, publish, sell, and sublicence that output without seeking the vendor’s permission.
But contractual ownership is only half the picture. Copyright law — the legal framework that actually prevents third parties from copying your work — operates independently of your vendor contract. Under current U.S. law, copyright requires human authorship. A work created entirely by an AI system, without sufficient human creative contribution, is not copyrightable. It exists in the public domain, freely usable by anyone.
This creates a paradox that enterprise legal teams must understand. Your vendor contract says you own the output. Copyright law says you may not be able to stop anyone else from using it. Your contract gives you freedom to commercialise. Copyright law gives your competitors freedom to copy.
The practical consequence is significant. If your organisation generates a marketing strategy, a product description library, a codebase, or a research analysis using AI, and the output reflects minimal human creative input, that content may not be protectable. A competitor could take it, repurpose it, and publish it as their own — and you would have no copyright claim. The vendor contract protects you from the vendor. Copyright law is supposed to protect you from everyone else. When copyright does not apply, you have a gap.
2. The Copyright Landscape in 2025–2026
The legal framework around AI-generated content is evolving rapidly, but several principles have crystallised.
Human authorship is required for copyright protection. The D.C. Circuit’s 2025 decision in Thaler v. Perlmutter affirmed that the Copyright Act requires a human author. AI cannot be listed as an author on a copyright registration, and works generated autonomously by AI systems without meaningful human creative input cannot be copyrighted. The U.S. Copyright Office has been consistent: “copyright protects original expression created by a human author, even if it also includes AI-generated material,” but “copyright does not extend to purely AI-generated material.”
AI-assisted works may be copyrightable. The key question is the degree of human involvement. If a human makes substantial creative decisions — selecting, arranging, modifying, or directing the output in ways that reflect original expression — the resulting work may qualify for copyright protection. The Copyright Office evaluates this on a case-by-case basis. Simply entering a prompt, even an elaborate one, is unlikely to meet the threshold. Substantial editing, selection, arrangement, and creative modification of AI output is more likely to qualify.
Training-data liability is the vendor’s problem — mostly. Multiple lawsuits have challenged whether AI vendors’ use of copyrighted material to train their models constitutes fair use. In May 2025, the Copyright Office concluded that this depends on the specifics: training that produces expressive content competing with original works goes beyond fair use. In June 2025, Anthropic settled a major training-data lawsuit for $1.5 billion. These disputes primarily target the AI platforms themselves, not individual enterprise customers. However, if your AI output is substantially similar to a copyrighted work in the training data, you could face an infringement claim as the publisher of that output.
International approaches vary significantly. China’s Beijing Internet Court has recognised copyright in AI-generated works where a human demonstrated sufficient creative involvement in the process, even without directly executing the creative elements — a lower threshold than the U.S. approach. The EU requires that a work be an “author’s own intellectual creation” with the involvement of a human mind making free and creative choices. The UK has a “computer-generated works” provision in its copyright law, though its application to modern generative AI is contested. For multinational enterprises, the same AI output may be protectable in one jurisdiction and unprotectable in another.
AI models are probabilistic. Multiple users can receive similar or identical outputs for similar prompts. Your vendor’s terms typically address this: OpenAI’s terms state that “output may not be unique and other users may receive similar output.” This means your contractual ownership of an output does not grant you exclusive rights to it. Another customer may have received the same content. Neither of you can prevent the other from using it, because the vendor’s assignment explicitly does not extend to other users’ outputs. For organisations that depend on unique, protectable content, this non-exclusivity is a material risk that no vendor contract can fully resolve.
3. Vendor IP Terms Compared
All major AI vendors now assign output ownership to customers, but the specifics — particularly around indemnification, licensing, and training data use — differ substantially.
OpenAI (ChatGPT Enterprise / API)
Enterprise and API customers retain ownership of inputs and own all outputs. OpenAI assigns all its right, title, and interest in outputs to the customer. Enterprise customers receive IP indemnification (Copyright Shield): OpenAI will defend and pay costs for third-party copyright infringement claims arising from outputs. API customers on standard terms also receive output IP indemnification. Consumer-tier users (ChatGPT Plus/Free) receive the same ownership assignment but no indemnification, and their data may be used for model training unless they opt out. Liability under standard terms is capped at 12 months of fees; indemnification obligations are excluded from this cap.
Microsoft (Azure OpenAI / Copilot)
Microsoft licensing knowledge hub’s Customer Copyright Commitment (CCC) extends its existing IP indemnification to cover AI-generated output from paid commercial Copilot services and Azure OpenAI. The CCC covers copyright, patent, trademark, trade secret, and right of publicity claims. Five conditions must be met: the customer must not tamper with safety systems, must have rights to the input, must not knowingly generate infringing content, must not be involved in trademark disputes arising from the output, and (for Azure OpenAI) must implement all required mitigations in the documentation. The CCC applies to paid commercial products only — not free products, custom-built Copilots, or consumer services. Microsoft will defend customers and pay adverse judgments or settlements.
Anthropic (Claude Enterprise / API)
Anthropic’s commercial terms enable customers to retain ownership of inputs and outputs. Under their expanded legal protections (effective January 2024), Anthropic defends customers from copyright infringement claims arising from authorised use of Claude or its outputs, covering settlements and judgments. This applies to API customers and Claude through Amazon Bedrock. Enterprise agreements can include additional IP protections and custom terms around fine-tuned model exclusivity and derived data ownership. Anthropic does not use enterprise or API customer data for model training.
Google (Gemini / Vertex AI)
Google offers a two-pronged IP indemnity. The training-data indemnity covers claims that Google’s use of copyrighted training data infringes third-party rights. The generated-output indemnity covers claims that unmodified generated output from indemnified services infringes third-party IP. Indemnified services include Gemini for Google Workspace and specified Vertex AI models. Exclusions apply: the customer must not knowingly create infringing content, must not circumvent safety systems or source citations, must not use output after receiving an infringement notice from a rightsholder, and trademark claims are excluded. Google does not claim ownership of customer-generated content.
AWS (Bedrock)
AWS provides IP indemnification for Amazon Bedrock customers. Under their Customer Agreement, AWS will defend customers against claims that the services infringe third-party IP. However, model provider-specific terms can vary: while AWS does not train on customer data, each third-party model provider on Bedrock (Anthropic, Meta, Cohere, Stability AI) has its own IP terms. Customers must verify that IP protections flow through from the specific model provider. AWS’s shared responsibility model means the customer retains obligations around how outputs are used and distributed.
Meta (Llama)
Meta’s open-source Llama models represent a fundamentally different IP model. The Llama licence permits commercial use (subject to a revenue threshold for certain licence tiers), and users retain all rights in their inputs and outputs. However, Meta does not provide IP indemnification for Llama users. The risk of infringement claims falls entirely on the entity deploying and distributing the model’s outputs. For enterprises using Llama through a cloud provider (e.g., Bedrock, Azure), the cloud provider’s indemnity terms may apply, but the underlying Llama licence does not include output IP protection.
4. Provision 1: Output Ownership Assignment
What it governs: Who holds the legal right to use, modify, distribute, sublicence, and commercialise the text, code, images, or other content generated by the AI system.
What your contract must say: An explicit assignment of all right, title, and interest in outputs from the vendor to the customer. The assignment should be unconditional — not contingent on payment status, account tier, or compliance with usage policies (which should be addressed separately). The contract should confirm that the vendor retains no licence, interest, or claim to the output, except for the limited right to process it in providing the service.
The common gap: Some vendors assign ownership but retain a broad licence to “use content to provide, maintain, develop, and improve our services.” This is a training licence disguised as an operational necessity. If the contract includes such a licence, verify that it explicitly excludes model training, fine-tuning, and evaluation — or negotiate it out. Additionally, some vendors state that they assign rights “to the extent permitted by applicable law,” which correctly acknowledges the copyright limitation but can create confusion about what, precisely, is being assigned.
5. Provision 2: Input IP Retention
What it governs: Ownership of the proprietary data, documents, prompts, and creative material you provide to the AI system as input.
What your contract must say: An unambiguous confirmation that you retain all existing intellectual property rights in your inputs. The vendor should not acquire any ownership interest in your input data. Any licence granted to the vendor must be strictly limited to the purpose of providing the service (processing the input to generate the output) and must terminate when the service interaction is complete or the data is deleted.
The common gap: Some vendor terms grant a licence to use input content that extends beyond service delivery. Vendor terms that say “we may use content to provide, maintain, develop, and improve our services” give the vendor rights to your proprietary input that survive the individual interaction. Enterprise agreements should narrow this to “solely to provide the services” with no development, improvement, or training rights. Some platforms (notably xAI’s Grok) claim an extensive licence over submitted content — verify before deploying corporate data.
6. Provision 3: IP Indemnification
What it governs: Who bears the financial and legal risk if the AI’s output infringes a third party’s intellectual property — a copyright, patent, trademark, or trade secret.
What your contract must say: The vendor will defend and indemnify the customer against third-party IP infringement claims arising from the customer’s authorised use of the service and its outputs. The indemnity should cover legal defence costs, settlements, and judgments. It should be excluded from general liability caps, or subject to a separate, higher cap. The conditions for coverage should be clearly defined and reasonable (e.g., the customer must not have intentionally generated infringing content, must have used safety systems as intended, and must provide timely notice of claims).
The common gap: IP indemnification is the single most important — and most inconsistent — provision across AI vendor agreements. The current landscape divides into three tiers. Full indemnity: Microsoft (commercial Copilot and Azure OpenAI), Google (Vertex AI and Workspace Gemini), OpenAI (Enterprise and API), and Anthropic (commercial API) all provide output IP indemnification subject to conditions. Partial or limited indemnity: AWS provides general service indemnity, but coverage depends on the specific model provider’s terms flowing through Bedrock. No indemnity: Meta (Llama open-source), consumer tiers of most platforms, and free-tier API access. If your agreement does not include IP indemnification, you bear the full risk of any infringement claim arising from AI-generated content your organisation publishes.
IP indemnification protects you from the financial consequences of an infringement claim. It does not prevent the claim from being filed, it does not guarantee the output is non-infringing, and it does not protect you from reputational harm. Every vendor indemnification includes conditions: you must have used the service as intended, you must not have deliberately generated infringing content, you must have kept safety systems enabled, and you must not use the output after receiving an infringement notice from a rightsholder. If you knowingly published content you suspected was infringing, the indemnity is void. Treat indemnification as insurance, not as a substitute for content review processes.
7. Provision 4: Training Exclusion
What it governs: Whether the vendor can use your inputs or outputs to train, fine-tune, evaluate, or otherwise improve their AI models.
What your contract must say: An explicit, unconditional prohibition on using any customer content (inputs, outputs, embeddings, metadata) for model training, fine-tuning, evaluation, or improvement. This is both a data privacy and an IP issue: if your proprietary input becomes part of the model’s training data, elements of your intellectual property could surface in outputs generated for other customers — including competitors.
The common gap: All major vendors now exclude enterprise and API data from training by default, but consumer and free-tier data is often used for training unless the user opts out. The IP risk arises when employees use consumer-tier accounts for work: their prompts, documents, and outputs may enter the training pipeline, potentially surfacing as fragments in outputs for other users. Your contract should address not only the enterprise agreement but also organisational policies that prevent consumer-tier use with corporate data.
8. Provision 5: Fine-Tuned Model Ownership
What it governs: Who owns and controls a model that has been customised or fine-tuned using your proprietary data.
What your contract must say: If you fine-tune a vendor’s foundation model using your proprietary data, the contract should establish that the fine-tuned model is for your exclusive use. The vendor must not offer the fine-tuned model, or any derivative of it, to other customers. The fine-tuned model weights must be deleted upon termination of your agreement, with written confirmation. The vendor must segregate your fine-tuned model from general infrastructure to prevent cross-contamination.
The common gap: Fine-tuning creates a grey area in IP terms. You do not own the foundation model (that remains the vendor’s IP). You do own the training data you provided. The fine-tuned model is a derivative of both. Standard agreements often grant you “exclusive use” of the fine-tuned model but do not explicitly address what happens to the model weights at termination, whether the vendor can retain learnings from your fine-tuning process, or whether your fine-tuned model influences the vendor’s broader model development. Negotiate explicit deletion obligations and segregation requirements.
9. Provision 6: Non-Compete on Output Use
What it governs: Whether you can use AI-generated outputs to compete with the vendor or train competing AI models.
What your contract must say: Clear, reasonable restrictions that do not impede your normal business operations. Most vendors restrict using their outputs to train competing AI models, and this is reasonable. However, the contract should confirm that using outputs for all other legitimate business purposes — including internal automation, customer-facing products, research, and publication — is unrestricted.
The common gap: Some vendor terms include broad restrictions that could be interpreted to limit legitimate use. Restrictions on “reverse engineering” or “extracting model capabilities” are standard and reasonable. But overly broad restrictions on “competitive use” could theoretically encompass any business activity that reduces your dependency on the vendor. Ensure that the non-compete clause is narrowly scoped to training competing models and does not extend to normal commercial use of outputs.
10. Provision 7: Warranty and Liability Allocation
What it governs: What the vendor guarantees (or, more precisely, does not guarantee) about the IP status of outputs.
What your contract must say: Every vendor disclaims warranties on output originality, accuracy, and non-infringement. This is industry standard and unlikely to change. Your contract should, at minimum, establish that the vendor warrants the service will conform to its documentation, that the vendor’s IP indemnification is excluded from general liability caps, and that the vendor will cooperate in resolving any IP dispute related to outputs.
The common gap: Consumer and standard API terms often cap liability at extremely low levels. OpenAI’s standard terms cap liability at 12 months of fees or $100, whichever is less. Enterprise agreements are more reasonable but still cap liability at 12 months of fees, with IP indemnification obligations typically excluded from the cap. Verify that IP indemnification is truly uncapped or has a separate, adequate super-cap. If your use case involves publishing AI-generated content at scale, a 12-month fee cap is not proportionate to the potential infringement exposure.
11. Provision 8: Disclosure and Regulatory Compliance
What it governs: Whether and when you must disclose that content was generated with AI assistance, and how the vendor’s terms interact with industry-specific regulations.
What your contract must say: The contract should not restrict your ability to disclose AI use where legally required. It should confirm that you retain full control over disclosure decisions. For regulated industries (healthcare, finance, legal, government), the contract should support compliance with sector-specific rules around AI-generated content — including any emerging requirements around AI transparency, labelling, or risk management.
The common gap: Currently, no major jurisdiction mandates blanket disclosure of AI-generated content, but sector-specific rules are emerging rapidly. Political advertising in several jurisdictions requires AI disclosure. The EU AI Act establishes transparency requirements for certain AI systems. Financial regulators are developing guidance on AI use in client communications. Healthcare regulators are examining AI-generated clinical content. Your vendor contract should not create barriers to compliance with these evolving requirements. Additionally, vendors like OpenAI encourage disclosure of heavily AI-assisted publications, while Google warns against deceptive presentation of AI content as human-authored.
12. The Human Authorship Threshold
For enterprises that need copyright protection for AI-generated content, the critical question is: how much human involvement is enough? The U.S. Copyright Office evaluates this on a case-by-case, fact-specific basis, but the emerging framework provides useful guidance.
Not protectable: Content generated entirely from a prompt with little or no human editing. Entering a prompt — even a detailed, multi-paragraph prompt — is generally considered providing instructions to the AI, not exercising creative authorship. The machine, not the human, determines the expressive elements of the output.
Potentially protectable: Content where a human makes meaningful creative decisions about selection, arrangement, or substantial modification. For example: a human who generates multiple AI outputs, selects specific elements from different outputs, arranges and edits those elements into a cohesive work, and adds original content reflects sufficient creative control. The copyright protects the human’s contribution — the selection, arrangement, and original additions — not the underlying AI-generated material itself.
Protectable: Content where AI is used as a tool in a substantially human creative process. If an author writes a report and uses AI to generate a first draft of specific sections, then substantially rewrites, restructures, and edits those sections with original expression, the resulting work reflects human authorship. The AI functioned as a tool (like a spell-checker or research database), and the human’s creative expression dominates the final work.
The practical implication for enterprises is clear: if you need copyright protection, you need documented human creative involvement. This means establishing internal workflows that track how AI-generated content is reviewed, edited, and transformed by human contributors. The higher the human creative contribution, the stronger the copyright claim. For content that will be published externally, used in competitive markets, or relied upon for its uniqueness, invest in a human-in-the-loop process and document it.
13. Enterprise IP Playbook
Audit your vendor agreements. For every AI platform your organisation uses — sanctioned and unsanctioned — map the IP terms: ownership assignment, indemnification scope and conditions, training exclusion, liability caps, and warranty disclaimers. Identify where your enterprise agreement provides stronger terms than the standard terms, and ensure all users are on the enterprise plan.
Classify output by IP risk. Not all AI-generated content carries the same IP risk. Internal analysis and first-draft content used only internally carries minimal risk. Customer-facing content, marketing materials, published research, and code shipped in products carries significant risk. Establish a tiering system: low-risk outputs (internal use, human-edited substantially) can follow a streamlined process; high-risk outputs (external publication, minimal human editing) require human review, editing, and documentation of creative contribution.
Establish content review workflows. For outputs that require IP protection, implement a human creative review process. At minimum: a human reviewer must evaluate the output, make substantive editorial decisions (not just approve/reject), add original analysis or expression, and document the nature and extent of their contribution. This creates both better content and a defensible record of human authorship.
Prohibit consumer AI for corporate data. Consumer-tier AI plans (ChatGPT Plus, Claude Pro, Gemini Advanced) do not provide IP indemnification, may use data for training, and offer minimal liability protection. Implement organisational policies that prohibit use of consumer AI tools with corporate data, provide sanctioned enterprise alternatives, and monitor for unsanctioned usage through expense report review and IT controls.
Document human creative involvement. For any AI-generated content where your organisation may need to assert copyright, maintain a record of the human creative process: who reviewed and edited the content, what creative decisions they made, what original expression they added, and what percentage of the final work reflects human vs. AI contribution. This documentation becomes critical if you ever need to register copyright or defend against an infringement claim.
Negotiate vendor-specific protections. Standard enterprise terms are a starting point, not a ceiling. Key negotiation targets include removing broad content licences that extend beyond service delivery, expanding IP indemnification to cover all products and features you use (not just the primary endpoint), ensuring fine-tuned model exclusivity and deletion obligations, securing uncapped or super-capped IP indemnification separate from general liability, and including most-favoured-terms clauses that protect against future terms degradation.
Monitor the legal landscape. Copyright law around AI is evolving rapidly. Major pending and recent cases involve training-data fair use, output copyrightability, and the threshold for human authorship. Court decisions in any of these areas could materially change your organisation’s IP risk profile. Designate an internal owner (typically in legal or IP counsel) to monitor developments and update policies accordingly.
14. FAQ
If my vendor says I own the output, why can’t I copyright it?
Contractual ownership and copyright protection are different legal concepts. Your vendor contract is a private agreement between you and the vendor that determines which party can use the content. Copyright is a statutory right granted by government that prevents anyone — not just the vendor — from copying your work. Copyright requires human authorship. If the output was generated primarily by AI with minimal human creative input, it is not eligible for copyright protection regardless of what your contract says. Your contract gives you freedom to use the output. Copyright law determines whether you can prevent others from using it.
Does IP indemnification protect me from all copyright claims?
No. IP indemnification protects you from the financial consequences of specific claims under specific conditions. Every vendor’s indemnification includes exclusions: you typically are not covered if you intentionally generated infringing content, disabled safety systems, used content after receiving an infringement notice, or combined the output with infringing material of your own. Indemnification also does not prevent claims from being filed, does not guarantee your content is non-infringing, and does not cover reputational damage. Treat it as financial insurance with conditions, not blanket immunity.
Which vendor has the strongest IP protection?
Microsoft and Google currently offer the most comprehensive IP indemnification for enterprise customers. Microsoft’s Customer Copyright Commitment covers copyright, patent, trademark, trade secret, and right of publicity across commercial Copilot products and Azure OpenAI. Google’s two-pronged indemnity covers both training-data claims and generated-output claims for Workspace Gemini and Vertex AI. OpenAI and Anthropic provide strong output indemnification for enterprise and API customers. AWS provides general service indemnification but with model provider-specific nuances. Meta (Llama) provides no indemnification. For organisations where IP risk is a primary concern, factor in indemnification breadth as a vendor selection criterion alongside model quality and cost.
Can my competitors legally copy my AI-generated content?
If the content was generated primarily by AI with minimal human creative input, it may not be eligible for copyright protection in the United States. In that case, the content effectively exists in the public domain, and third parties may be free to copy it. However, if you substantially edited, restructured, selected, and arranged the AI output with original human creative expression, your contribution may be copyrightable. Additionally, other legal protections may apply: trade secrets (for internal content), contractual restrictions (if the content was shared under NDA), and unfair competition laws may provide some protection even where copyright does not.
How do we handle AI-generated code from an IP perspective?
Code generated by AI carries specific IP risks. AI coding tools may generate snippets that closely match open-source code with licence restrictions (GPL, AGPL), potentially creating compliance obligations. Microsoft’s GitHub Copilot includes a duplication detection filter to flag code matching public repositories. When deploying AI-generated code in production: enable duplication detection where available, review outputs against open-source compliance tools, treat AI-generated code the same as code from unknown external sources (requiring human review and approval), and document human modifications. Your enterprise agreement’s IP indemnification should explicitly cover code generation use cases.
Should we negotiate these terms ourselves?
Enterprise procurement and legal teams can negotiate many of these provisions directly, particularly if you represent significant contract value. However, the negotiation is more effective with vendor-specific intelligence: understanding what the standard terms actually say, where each vendor has shown flexibility in past negotiations, what precedent exists for specific provisions, and how terms compare across vendors. Redress Compliance provides this intelligence across OpenAI, Microsoft, Google, Anthropic, and AWS AI agreements. Learn more about our GenAI independent software licensing advisory services Services →