The legal implications of GenAI

Through collaboration with our Tax & Legal business, Deloitte Legal published "The Legal Implications of Generative AI," which explores legal issues arising in the Generative AI space, considerations for intellectual property, data protection, contracts for corporations, and Generative AI policy.

The current enthusiasm for AI adoption is being fueled in part by the advent of Generative AI

While definitions can vary, the EU AI Act defines Generative AI as "foundation models used in AI systems specifically intended to generate, with varying levels of autonomy, content such as complex text, images, audio, or video." (Art. 28b (4) AI Act)

As businesses explore how to use these new tools, there are potential concerns for enterprise stakeholders, particularly legal and compliance professionals.

Generally, a legal executive’s role in examining the use of Generative AI is to knowledgeably advise stakeholders (i.e., business leaders, executive peers, the board, and others) on the risks associated with business applications of Generative AI. To this end, it is helpful to understand how Generative AI works and the risk implications the technology presents.

Here we look at some common legal issues arising in the Generative AI space. Because regulatory frameworks applicable to Generative AI are emerging and quickly evolving, this article avoids a comprehensive discussion of existing or proposed regulations, except where a particular example might provide a better understanding of the relevant risks. And there’s even more in the full report.

Explore the Legal implications

Intellectual property

AI can process vast quantities of data, and without much noteworthy human intervention, transform it into an AI-generated output. The discussion on how to treat any intellectual property rights arising in both the materials used to train the AI (input) and the results created by the AI (output) is still in its early days.

To keep these issues comprehensible, we focus in our report on legal questions concerning copyright laws, but the same concepts are likely to be applicable to other sorts of protected IP.

Personal data and confidentiality

Generative AI systems both ingest and generate large amounts of data, including images, text, speech, video, code, business plans, and technical formulae. Training, testing, uploading, analyzing, consulting, or otherwise processing such input and output data requires various levels of protection.

In our report, we turn to some of the main challenges organizations face when using personal and confidential data in Generative AI systems, as well as the measures they could adopt to mitigate the relevant legal risks.

Data protection principles

Across jurisdictions, there are several common personal data principles and protections that are highly impacted by Generative AI systems. When using Generative AI, organizations should pay specific attention to the following aspects of the solutions they use: transparency, data minimization, lawfulness, sensitive data, and individual rights.

Contractual terms

Given the legal risks associated with the use of Generative AI in a business context, when licensing or otherwise entering into a contract that relates to a Generative AI solution, careful consideration to the terms of the contract under which the solution is procured is important.

There are a number of key points that will likely be required to be addressed and understood — from liability to AI regulations.

The path ahead

While the competitive advantage of Generative AI is enticing, adoption of this powerful, differentiating technology demands attention to the risks that could imperil an enterprise’s brand, reputation, stakeholder trust, or critically, its compliance with legal and regulatory obligations.

Did you find this useful?