Ai Licensing: Training Data Rights and Commercial Use Agreements

US Copyright Office Generative AI Policy Statement (March 16, 2023, 88 Fed. Reg. 16190) confirmed that purely AI-generated works lack human authorship and are not copyrightable, with parallel guidance requiring disclosure of AI involvement in registration applications. Zarya of the Dawn registration decision (February 2023) cancelled copyright registration for AI-generated images within graphic novel while preserving protection for human-authored text and arrangement. US Copyright Office Report Part 2 (Copyrightability of AI-Generated Works, January 2025) reaffirmed human authorship requirement with sufficient human creative contribution test for AI-assisted works. Thaler v. Perlmutter, 130 F.4th 1093 (D.C. Cir. March 2025) affirmed Copyright Office position that AI cannot be named author, requiring human authorship for copyright protection. Our artificial intelligence law practice handles AI-generated work copyright analysis, Copyright Office registration coordination, and parallel authorship documentation across AI-assisted creative projects.

AI model training on copyrighted material raises copyright reproduction (§ 106(1)) and derivative work (§ 106(2)) questions with fair use defense analysis under 17 U.S.C. § 107 four factors. Authors Guild v. Google, Inc., 804 F.3d 202 (2d Cir. 2015) provided foundational fair use framework for transformative use of copyrighted material in book scanning, with AI training cases distinguishing transformative purpose vs market substitution. Andy Warhol Foundation v. Goldsmith (May 2023) narrowed transformative use to require meaningful purpose distinction beyond mere new expression, creating substantial uncertainty for AI training fair use defense. Hachette Book Group, Inc. .. Internet Archive, 115 F.4th 163 (2d Cir. Sept. 2024) rejected controlled digital lending as fair use, demonstrating Second Circuit skepticism toward technology-driven copyright transformation defenses. Our artificial intelligence and related fields practice handles AI training fair use analysis, post-Warhol transformative use positioning, and parallel pending litigation strategy across AI infringement claims.

Foundation model licenses (OpenAI GPT-4, Anthropic Claude, Google Gemini, Meta Llama) allocate three principal rights bundles: (1) usage rights with rate limits and acceptable use policy restrictions, (2) output rights with customer ownership subject to similar output disclaimers, and (3) data rights covering customer input handling and training data use. Acceptable use policies typically prohibit harmful content generation, automated decision-making in high-stakes contexts, mass automated content generation, and reverse engineering of model architecture or weights. Enterprise tier agreements typically include enhanced confidentiality (no training on customer data), regional data residency commitments, dedicated infrastructure options, and elevated rate limits compared to consumer or developer tiers. Output indemnification provisions (Microsoft Copilot Copyright Commitment, OpenAI Copyright Shield, Anthropic Customer Copyright Protection) extend defense and damages coverage for copyright claims against customer based on model outputs. Our technology licensing practice handles foundation model license review, acceptable use policy analysis, and parallel enterprise tier negotiation across AI deployment programs.

New York Times Co. .. Microsoft Corp. & OpenAI, No. 1:23-cv-11195 (S.D.N.Y. .iled December 27, 2023) alleges OpenAI trained ChatGPT and GPT-4 on millions of NYT articles without permission, with surfaced output verbatim or substantially similar to articles. Authors Guild v. OpenAI, consolidated multidistrict litigation (S.D.N.Y. 2024-ongoing) consolidates copyright claims from George R.R. Martin, John Grisham, Jonathan Franzen, and other authors against OpenAI training data practices. Andersen v. Stability AI Ltd., No. 3:23-cv-00201 (N.D. Cal. 2023) alleges Stable Diffusion training on artists' copyrighted images violated reproduction and derivative work rights, with court partially granting motion to dismiss and allowing direct infringement and DMCA claims to proceed. Doe v. GitHub, Inc., No. 22-cv-06823 (N.D. Cal. 2022) alleges Copilot training on open source code violated DMCA § 1202 attribution and license attribution requirements with substantial circuit appeals pending. Our technology licensing and IP transactions practice handles training data licensing audit, pending AI litigation impact analysis, and parallel customer indemnification strategy across AI commercialization.

Apache 2.0 (permissive) permits commercial use, modification, distribution, and patent use with explicit patent grant from contributors, requiring attribution notices and unmodified state declaration. MIT and BSD licenses (permissive) permit broad commercial use with minimal attribution requirements but lack explicit patent grants, creating potential patent ambush risk for downstream users. GPL v2 and v3 (copyleft) require derivative works distributed externally to be released under same license terms, with source code availability and modification documentation obligations creating commercial use restrictions. Llama 3 Acceptable Use Policy and other AI-specific licenses include user threshold restrictions (e.g., commercial use restricted for users above 700 million monthly active users), military use prohibitions, and downstream license compliance obligations. Our software licensing practice handles open source license auditing, copyleft compliance analysis, and parallel AI-specific license negotiation across AI development projects.

AI API licensing agreements include rate limits (requests per minute/hour, token throughput limits, concurrent connection caps), service level agreements (uptime guarantees, response time commitments, error rate thresholds), and termination provisions for breach of acceptable use policy. SaaS Master Service Agreements address subscription pricing tiers, automatic renewal terms, data security obligations (SOC 2, ISO 27001 certifications), termination assistance, and post-termination data return/deletion requirements. Data Processing Addenda under GDPR Article 28 and CCPA service provider exemption frame personal data handling between AI vendor and customer with sub-processor approval requirements and audit rights. Vendor risk management requires assessment of model performance disclosure, training data sources, security certifications, business continuity planning, and parallel contractual remediation rights. Our SaaS agreements practice handles API license terms review, SaaS termination negotiation, and parallel Data Processing Addendum drafting across AI vendor procurement.

EU AI Act (Regulation 2024/1689, effective August 1, 2024, full application August 2, 2026) classifies AI systems into four risk tiers: (1) unacceptable risk (prohibited), (2) high risk (extensive obligations), (3) limited risk (transparency obligations), and (4) minimal risk (voluntary codes). High-risk AI systems (employment, education, law enforcement, critical infrastructure) require conformity assessment, technical documentation, post-market monitoring, and CE marking with substantial penalties (up to €35 million or 7% of worldwide annual turnover for prohibited AI). General-purpose AI (GPAI) model obligations under EU AI Act Article 53 require technical documentation, training data summary disclosure, EU copyright compliance, and policy implementation for high-impact models (>10^25 FLOPs training compute). Extraterritorial application reaches non-EU providers placing AI systems on EU market, providers based outside EU whose output is used in EU, and employers using high-risk AI on EU workers. Our AI cloud infrastructure practice handles EU AI Act risk classification, GPAI compliance documentation, and parallel extraterritorial application analysis across global AI deployments.

Microsoft Copilot Copyright Commitment provides defense and damages indemnification for paid Copilot service customers facing third-party copyright claims based on Copilot outputs, conditioned on customer compliance with guardrails and acceptable use. OpenAI Copyright Shield (announced November 2023) provides similar indemnification for ChatGPT Enterprise and OpenAI API customers with defense and damages coverage for copyright claims based on model outputs. Anthropic Customer Copyright Protection (announced 2024) covers customers using Anthropic API and Claude.ai Enterprise with similar defense and damages framework for IP claims based on Claude outputs. Google Vertex AI Generated Output Indemnity, Adobe Firefly Indemnification, and other vendor commitments create competitive landscape with substantial variation in coverage scope, conditions, and exclusions requiring careful customer-side review. Coordinated cloud computing defense manages indemnification clause negotiation, vendor commitment comparison, and parallel customer-side coverage strategy across multi-vendor AI deployments.

Purely AI-generated content cannot be copyrighted under US Copyright Office guidance (March 2023, January 2025) and Thaler v. Perlmutter (D.C. Cir. March 2025) confirming human authorship requirement. AI-assisted works with sufficient human creative contribution can qualify for copyright protection covering human-authored elements, with required disclosure of AI involvement in registration applications. Outside the US, jurisdictions including UK provide limited copyright protection for computer-generated works under specific statutory frameworks.

Foundation model providers (OpenAI, Anthropic, Google, Microsoft) typically grant customer ownership of model outputs in commercial licensing terms, subject to acceptable use policy compliance and similar output disclaimers. However, ownership of AI output remains uncertain under copyright law since purely AI-generated content lacks copyrightability. Customer "ownership" therefore primarily addresses contractual rights between vendor and customer rather than independent copyright in output, with potential third-party rights based on training data or similar prior works.

Pending litigation (NYT v. OpenAI, Authors Guild v. OpenAI, Andersen v. Stability AI, Doe v. GitHub) addresses AI company liability for training on copyrighted material without permission, with key issues including fair use defense scope, direct vs secondary liability, and statutory damages availability. Outcomes will substantially shape AI training data licensing markets and customer indemnification commitments. Current vendor indemnification (Microsoft Copilot, OpenAI Copyright Shield, Anthropic) addresses customer exposure even as underlying training liability remains contested.