Why a standard SaaS contract is not suffucuent for AI providers

Many companies purchase AI applications under the guise of standard Software as a Service (SaaS) contracts, leading to significant legal blind spots. Where traditional software licenses merely regulate access to a platform, AI systems actively process your business data, learn from it and generate new output. To safeguard your data, intellectual property and compliance, a standard contract is not enough; you need a specific AI addendum that firmly covers the specific risks around ownership, liability and and current European regulations

The illusion of the classic SaaS model in AI implementations

It is a common practice: a company purchases a promising AI solution and the legal department is presented with a classic SaaS contract (Master Services Agreement or MSA), with at most two paragraphs about artificial intelligence added.

This is insufficient. The risk profiles of the two technologies are vastly different. A classic SaaS model focuses on uptime, access management and data security. With artificial intelligence, the risk shifts to data processing. Can the vendor use your anonymized business data to further train its own algorithms? Who is liable if the AI model infringes on a third party's intellectual property? Traditional legal frameworks are simply not built for these probabilistic and generative processes.

Key negotiation points for AI contracts

As a company, you don't have to settle for unilateral standard terms and conditions. The market for AI contracts is evolving. Below we discuss the most important things you need to enforce as a client.

1. Require layered warranties and realistic liability limits

In practice, standard AI contracts play heavily in favor of the supplier. Liability caps are often limited to the past 12 months' fees, and intellectual property indemnities are systematically missing.

AI vendors defend themselves by arguing that AI's output is predictive (probabilistic), making hard outcome commitments impossible. While this is technically true, it does not absolve them of responsibility. Negotiate tiered guarantees tied to the risk of your specific use case. Demand performance statistics, concrete remedies for model failure, and a full indemnification for claims arising from the data on which the model is trained.

2. Shift the focus to a specific AI addendum

The real legal protection is rarely in the core MSA, but in a specific AI addendum. If the vendor does not proactively offer this, you should ask for it.

Reject contracts that are limited to vague, inspirational promises about “responsible AI.” A legally enforceable addendum must include firm agreements on:

• Restrictions on training models with your business data.
• Property rights to the generated output.
• Clear quality and performance standards.

3. Anchor the intellectual property of AI output

The copyright protection of AI-generated content is currently a complex issue under Belgian/European law. Because case law on this issue is still evolving, contractual clarity is crucial.

Your contract should explicitly assign ownership of the output to your company and provide that the supplier will not receive secondary use rights. In addition, require a guarantee that the supplier has trained only on data for which it holds the necessary licenses. If the supplier won't guarantee the provenance of its training data, you run a significant risk of infringement claims.

4. Make audit rights operational, not just theoretical

Transparency is a core requirement, especially in light of the General Data Protection Regulation (GDPR) and European AI frameworks. You need the right to audit the supplier's AI practices or at least request independent third-party reports on bias, fairness and data documentation.

Note that merely including an audit right in the contract is insufficient. In practice, companies get bogged down when regulators demand proof of audit. Make sure the contract not only creates the authorization for an audit, but also lay out the operational procedures: who reports what, how often, and what are the escalation procedures in case of irregularities?

5. Build in flexibility for current AI legislation.

Many vendors are still working with outdated SaaS templates that ignore current legal realities. As of August 2025, the obligations for General Purpose AI (GPAI) under the European AI Regulation (AI Act) finally went into effect. A supplier that still does not provide assurances around transparency or copyright compliance today exposes your company to real risks and penalties.

Moreover, the next deadlines are already looming, such as the stringent requirements for high-risk AI in August 2026. Therefore, always require a mechanism for legislative changes (change-of-law clause) in your AI addendum. This will prevent you from having to laboriously renegotiate the entire master contract with each new legal milestone.

Frequently asked questions (FAQ)

Are AI vendors really willing to adjust their standard terms?
Yes. Although sales representatives often claim that their standard terms are “non-negotiable,” practice shows that - depending on the contract value and your position as a customer - there is almost always room for adjustments, especially regarding data shielding and liability.

Can the supplier just use my data to improve its model?
Often yes, if you are not careful. Many standard processing agreements (DPAs) contain clauses that allow the use of “de-identified” or “anonymized” data for “service improvement.” In the context of AI, this often means using your (derived) data to train the underlying model, which may harm your competitive position or trade secrets. This should be explicitly excluded in the contract.

Who is liable if the AI generates faulty information (hallucinations) that harms my business?
Unless otherwise stipulated, the supplier will attempt to exclude any liability for “probabilistic output.” This emphasizes the need to establish performance metrics and specific indemnities in the SLA (Service Level Agreement) and the AI addendum.

Conclusion

Blindly signing a standard SaaS agreement for an AI integration is an unacceptable risk for modern enterprises in Belgium. The technology requires a completely different legal approach that focuses on data ownership, intellectual rights, operational audit rights and flexibility for changing legislation. Do not accept stripped-down clauses, but demand a full, substantiated AI addendum.