AI Clauses in Commercial Agreements: A Manager's Guide to Contracts That Actually Protect You

Adv. Samuel Even

AI Clauses in Commercial Agreements: A Manager's Guide to Contracts That Actually Protect You

AI Clauses in Commercial Agreements: A Manager’s Guide to Contracts That Actually Protect You

The bottom line: In 2026, nearly every commercial agreement touches artificial intelligence — directly or indirectly. But most contracts in Israel are still written as if AI doesn’t exist. The result: legal gaps that could cost you millions.

Courts in the U.S. are already hearing cases of “algorithmic negligence.” In the EU, AI systems are officially classified as products for liability purposes. In Israel, the legal ground is shifting — and those who don’t prepare will pay the price.

The Problem: Your Contracts Don’t Account for AI

Suppose your company uses an AI tool to generate marketing content, or your vendor runs an algorithm to make decisions. Who’s liable if:

The generated content infringes copyright? AI tools are trained on billions of protected works. In the Anthropic case in the U.S., a landmark settlement of $1.5 billion was reached over the use of copyrighted materials to train models.

An algorithm makes a decision that harms a client? Seven lawsuits were filed against OpenAI alleging that its chatbot caused real harm to users. Courts are now debating whether AI qualifies as a product subject to product liability law.

Who owns the IP in AI-generated output? In Israel, there’s still no definitive answer. A 2025 opinion from the Ministry of Justice clarified some issues, but significant legal uncertainty remains.

If there’s no specific clause in the contract — you have no protection. It’s as simple as that.

1. IP Ownership of AI-Generated Output

What it covers: Who owns the rights to content, code, designs, or analyses created using AI.

Why it’s critical: Without this clause, ownership can be disputed. In most jurisdictions, including Israel, it’s unresolved whether a human creator is required for copyright protection. Arkansas has already legislated that ownership belongs to the person who crafted the prompt — and if that person is an employee, ownership passes to the employer.

What to write: Explicitly state that all AI output created under the agreement belongs to the client/commissioning party, including rights to use, modify, and distribute.

2. IP Infringement Indemnification

What it covers: Who bears responsibility if AI output infringes a third party’s copyright, patent, or trademark.

Why it’s critical: AI tools generate content based on billions of data points from the internet. The risk that a specific output infringes existing rights is real. The vendor must indemnify you if you’re sued.

What to write: A full indemnification clause requiring the AI vendor to cover any claim, legal expense, and damages arising from IP infringement.

3. “Algorithmic Negligence” Liability

What it covers: Who’s responsible when an AI system makes a flawed decision that causes harm — a faulty credit decision, an incorrect medical recommendation, or a discriminatory ranking.

Why it’s critical: In the EU, Directive 2024/2853 classifies software and AI systems as products for liability purposes. U.S. courts are examining whether an algorithm defect constitutes a design defect triggering product liability. In Israel, the Privacy Protection Authority has clarified that the Privacy Protection Law applies to every AI model — including information the model generates indirectly.

What to write: Precise allocation of responsibility: who’s liable for data quality, who for algorithm integrity, and who for decisions made based on its output. Include a mandatory human oversight requirement (Human in the Loop) for critical decisions.

4. Transparency and Documentation

What it covers: The vendor’s obligation to document which models and data were used, how decisions were made, and to provide explanations in case of failure.

Why it’s critical: If an AI system causes harm, you’ll need to prove what happened. Without documentation, there’s no evidence. Additionally, Israel’s Privacy Protection Authority requires transparency regarding personal data processing via AI.

What to write: Mandatory log retention, documentation of decision-making processes, and the client’s right to audit.

5. Data Protection and Privacy

What it covers: How personal data entering the AI system is handled — collection, storage, processing, and transfer.

Why it’s critical: Amendment 13 to Israel’s Privacy Protection Law applies fully to AI systems. The Authority has clarified that the law applies at every stage of the system’s lifecycle — development, training, and operation. Fines for violations can reach 5% of annual revenue.

What to write: Define the data controller and processor, processing purposes, security measures, incident reporting obligations, and compliance with data security regulations.

6. Usage Restrictions and Training Prohibition

What it covers: Whether the AI vendor is permitted to use your data to train or improve its models.

Why it’s critical: Without this clause, your business data could be used to train models that also serve your competitors. This is one of the clauses businesses most commonly overlook.

What to write: An explicit prohibition on using the client’s data for training, improving, or developing models. If consent is granted — define exact conditions.

7. Exit and Data Portability

What it covers: What happens when the business relationship ends — who holds the data, how it’s returned, and when it’s deleted.

Why it’s critical: Vendor lock-in in the AI world is particularly severe. If your data is “trapped” in a vendor’s model, switching to another provider can be impossible.

What to write: Mandatory return of all data in a standard format, a deletion timeline, and written confirmation of deletion.

Common Mistakes Businesses Are Making Right Now

“We’re not a tech company, so this doesn’t apply to us.” If you use ChatGPT, Copilot, AI-powered marketing tools, or a CRM with AI features — it applies to you.

“The vendor said everything is covered in their standard terms.” Standard terms of service from AI vendors almost always limit their liability and shift the risk to you.

“There’s no specific AI law in Israel yet, so there’s nothing to worry about.” True that there’s no comprehensive AI law, but contract law, tort law, IP law, and the Privacy Protection Law all apply — and they apply in full force.

Why Act Now?

The trend is clear. In Europe, the AI Act is already in effect. In the U.S., a wave of lawsuits against AI companies is gaining momentum. In Israel, the Privacy Protection Authority has published a landmark draft directive applying the Privacy Protection Law to AI systems.

Any failure or damage related to AI can become grounds for a lawsuit — and without proper contract clauses, you bear the liability alone.

How Our Firm Can Help

Samuel Even & Co. Advocates assists businesses in drafting and updating commercial agreements for the AI era, including:

  • Existing agreement audits — identifying legal gaps in contracts with AI and technology vendors
  • Drafting dedicated AI clauses — IP ownership, liability, indemnification, privacy, and exit terms
  • Negotiation support — with AI vendors, business partners, and clients
  • Compliance advisory — alignment with Amendment 13, Privacy Authority directives, and international regulation

Don’t sign a contract that doesn’t protect you in an AI world. Contact us today for an initial consultation.

03-6348020 | [email protected]