Resist AI ‘accidental lock-in’ warning to firms
AI is being acquired and contracts are being negotiated without settled market norms, the William Fry AI summit (14 May) has heard.
Speaking at the panel discussion ‘Procuring AI: from concept to contract’, moderator Leo Moore (William Fry, pictured) identified vendor lock-in, build-versus-buy decisions, and the role of content in AI systems as key issues.
Multi factorial
Rob Owens of the Central Bank described AI procurement as a “multi factorial exercise. It's rarely done independently with the lawyers. It's usually in a collective, multi-disciplinary group”.
He said it was not just important to understand the tech to assess the unusual use case risks because “depending on the use case applied, the level of legal and regulatory compliance oversight can greatly differ”.
Risk-assessment considerations include classification under the EU AI Act, whether personal or sensitive data is involved, whether a data-protection impact assessment (DPIA) has been undertaken, data volumes, and how autonomous the system is.
Consistent approaches
Owens also referred to the challenge of applying consistent approaches to fairness and ethics within evolving governance frameworks.
Tiernan O Moráin of Diageo said procurement decisions should begin with business objectives, rather than technology.
“The trick is to start with the business outcome and not the AI,” he said.
He described an approach involving the creation of user stories and scoring potential use cases against criteria including ease of implementation, return on investment, scalability, and cost.
O Moráin said organisations should prioritise “the scalable solution, or highest return on investment, with the most impact across the organisation, that’s easiest to implement”.
David Sneddon of Google Ireland said that, on the trading value side, organisations must first determine at what point of the AI stack they wished to operate and then “what customisation looks like for you.”
Extract value
In terms of value creation, Sneddon said he was finding “the most underestimated part” of the journey was workforce training.
“Essentially, how you extract value is by training your workforce. And what we found is that, in turn, removes some of the perceived fear about what the future looks like and the role that the technology will play vis a vis the workforce”.
Tiernan O Moráin flagged a risk of “accidental lock-in” arising from pressure to deliver AI solutions quickly.
He said organisations should build optionality through flexible architecture, clear exit provisions, and appropriate commercial structures from the outset.
Exit planning
Noting that organisations were familiar with exit planning in cloud arrangements, Rob Owens said that AI introduced additional complexity, including model portability, data migration, and the treatment of AI agents.
“Who has configured the agents? Would you want to take the agent and move it to a new platform? Would you build the agent from scratch?”
The science of monitoring and managing the technology was being built in parallel to the technology itself, Owens said, and while interoperability was vital, “do you get to a world where you have vector data sets, where agents are talking to each other in machine-readable language that you can’t read?”
David Sneddon agreed that interoperability was key, as no single provider could deliver across the entire AI stack. David Sneddon agreed that interoperability is key as no single provider can deliver across the entire AI stack.
Moving too quickly towards a “walled-garden phase” would lead to a lock-in scenario and increased switching costs over time.
Intellectual-property rights
Solicitor Fergus Foody, of Mediahuis, said high-quality inputs were essential to reliable AI outputs, but that intellectual-property rights “have to be protected”.
“This isn't about constraining innovation;it's not about protecting legacy industry”, he said.
However, particularly where third-party content is used in training or grounding systems, copyright and licensing issues are “an underdeveloped area of the value-chain recognition and the compliance chain”.
Foody said users must understand whether they had the necessary permissions to use third-party data within AI systems.
Chopping up copyright
He warned that “people are now chopping up pieces of third-party copyright and putting it into the system to generate returns”.
He said: “I think there’s a misconception that this is all just fair game. It isn’t.”
“From our perspective”, he said, “we think the fundamental principles of IP and copyright laws still apply”.
Foody also flagged the SPUR coalition of publishers, emerging licensing arrangements involving publishers and technology providers, and the European Commission’s current review of the copyright directive.
Sneddon referred to compliance requirements under the AI Act and said providers were subject to regulatory processes covering model deployment and use within the EU.
He also referred to technical and contractual measures designed to support privacy, security, and data governance.
Detailed service description
On the matter of what an AI contract should contain, Rob Owens said a detailed service description was fundamental.
Contracts must address:
- How changes to models or systems are managed over time, including whether updates are automatic or subject to opt-in mechanisms,
- Audit rights,
- Information rights,
- Ongoing monitoring, including ability to assess bias, traceability and effectiveness of safeguards,
- Data inputs, outputs, and ownership across complex supply chains.
Fergus Foody said many AI contracts placed responsibility for inputs, compliance, and related liabilities on the customer side.
Organisations must understand the implications of warranties, indemnities, and representations relating to data use and compliance, he said.
“I think what looks good [in a contract] is what you can see clearly from the start to the end of the business-use case, the vendor relationship, and how the contract reflects those things. -use case, the vendor relationship and how the contract reflects those things.
“If you don't have that clarity, then you're going to run into problems.”