Guidance re AI Procurement and Vendor Selection

Resources & CLE

AI Vendor Evaluation Checklist
Sample AI Procurement RFP Template
Legal AI Vendor Directory
Contract Considerations for AI Vendors

CLE Resources

Online Courses
Webinars
Certification Programs

SBOT TRAIL Toolkit: Key Considerations for AI Procurement by Attorneys

Attorneys, particularly those at smaller firms, face many considerations when procuring tools that employ emerging technologies such as artificial intelligence (AI). For example, is the AI tool necessary, or useful, in the attorney's practice area? Although important, answering this question is only the tip of the iceberg. This article discusses steps attorneys may want to take when considering implementing AI tools in their practice and provides sample contract language aimed at mitigating key risks associated with AI use in the practice of law. These provisions and considerations are meant to be a useful starting point for procurement, but each AI tool is unique and may be subject to complex and changing regulation. Because of these complexities, this article should not be treated as legal advice and specific questions should be handled by attorneys familiar with the details of each agreement and AI tool.

Locate Use Cases & Develop a Risk Profile

The first step is to determine whether AI should be used at all by understanding its advantages and risks. AI can “hallucinate” by pulling fictional sources out of thin air, create data privacy concerns, or become more of a burden than a benefit when improperly leveraged.[1] Despite the risks, AI can help attorneys simplify time-consuming tasks such as timekeeping or billing. It can also streamline work product creation through automated workflows and templates for repeatable tasks, improving client experiences and generating larger returns for practitioners.[2] While AI is not one-size-fits-all, many headaches can be avoided through preliminary information gathering and development of a risk profile. Those hoping to leverage AI should spend time analyzing which tasks AI can simplify and comparing those use cases with the business’ risk appetite.

Use Thoughtful Procurement to Address Barriers to Implementation

If the use of AI fits within your risk profile, the next step is addressing barriers to implementation early in the procurement process. The preliminary considerations are which tool to purchase and the up-front cost of licensing. Attorneys should do research before buying any tool to determine its reliability and compare potential use cases to the initial expenditure. While this initial inquiry can avoid many issues, other barriers and costs are likely to present themselves:

Data Costs: AI tools are data-driven and rely on high quality inputs to deliver worthwhile results. Delivering these inputs can be expensive and time-consuming as data may need to be modified to fit into a program’s framework. Additionally, these tools may demand a certain quantity of data to run efficiently.

Additional Resource Requirements: Human and computer-based resources may be necessary to implement AI tools. For example, firms may need additional staff, training, and computer tools to ensure inputs are appropriate and outputs can be formatted and interpreted. While free resources and coding languages such as Python may be useful for these tasks, other tools may need to be purchased. [3]

Some firms may find addressing these barriers fits within their already standardized procurement process but should be mindful of the unique issues presented by these agreements. Specifically, firms may benefit from internal controls including specialized onboarding questionnaires and due diligence to learn (1) the quantity and type of data required, (2) the types of outputs generated and (3) whether the program requires additional resources to operate efficiently.[4]

Protect Yourself Through Risk-Allocation in Agreements

Although many attorneys vigorously examine and negotiate contracts on behalf of clients, attorneys procuring AI tools may view the agreements as "standard" or "nonnegotiable." However, attorneys should carefully read and consider negotiating these agreements to address common risks and limit exposure to liability. The chart below identifies key provisions and sample language that may be useful for drafting. The sample language is licensee friendly, and licensees who are not positioned to negotiate may need to consider their risk tolerance.

Topic

Sample Language

Human Oversight and Explainability: Procurement agreements typically include language that establishes the responsibilities of each party. These provisions may detail supplier deliverables or include warranties for continued risk management or human oversight. Often, these agreements accomplish this goal by setting up “Statements of Work.” A well-drafted Statement of Work will typically specify the inputs required and outputs generated and be drafted to allow licensees to understand and monitor the supplier’s compliance.

Supplier will perform and provide deliverables as mutually agreed and described in written statements of work executed by the Parties from time to time (each, an “SOW”) including all services, tasks, deliverables, and responsibilities identified in an SOW, or required for proper performance, development, or delivery (the “Services”). Supplier represents and warrants the design elements of the AI System contain sufficient human-machine interface tools to allow a natural person to understand and explain the Output and operation of the AI System, as well as allow for effective oversight of such operation and Output.

Intellectual Property: To avoid confusion AI agreements typically clarify the ownership of inputs, outputs and the program itself. Generally, the supplier will exclusively own the program. However, purchasers will want to retain ownership of the data used for procurement (including any training materials developed) and the inputs/outputs.

As between the Supplier and Licensee, Supplier acknowledges and agrees that Licensee exclusively owns all right, title and interest to all materials, Intellectual Property and data used, whether generated by Supplier, Supplier’s systems, whether preexisting or created after the Effective Date of the Agreement, including any derivatives thereof in or related to (i) the Procurement Process (including, but not limited to, any Training Materials developed by Licensee), and (ii) Inputs or Outputs.

Data Protection: The usage of data in an AI System may create client confidentiality concerns for attorneys under Texas Disciplinary Rules of Professional Conduct Rule 1.05.[5] If an AI System will ingest or process personal data, licensees may want to require the supplier to comply with applicable data protection laws and note personal data should only be used in accordance with the agreement. Licensees may also ask suppliers to give an indemnity for third-party claims resulting from any breach of these obligations. However, some suppliers are unlikely to agree to indemnities and may even ask licensees to indemnify them for any claims associated with the Inputs. The parties may compromise by leaving the agreement silent on responsibility for third-party claims resulting from breach of the data protection obligations in the agreement.

All Inputs are Confidential Information of Licensee.

Supplier shall process all Inputs and other information provided by Licensee in compliance with applicable Data Protection Laws.

Termination Rights: If a product does not function as intended or becomes burdensome licensees may desire to terminate their usage without having to provide a cause. Because outputs may be stored in the Supplier's environment, licensees may want to clarify that they continue to have access the outputs after any termination.

Either Party may terminate this Agreement for any or no reason upon thirty (30) days advance written notice to the other.

In the event of termination or expiration of this Agreement, for any reason, Licensee will continue to have access to and own all Outputs created prior to the date of such termination or expiration.

Regulatory Assistance: Because laws are changing rapidly in this area and many attorneys will be procuring AI Systems, rather than building their own, it may be advantageous to require the Supplier to assist the Licensee in responding to regulatory inquiries.

If a Regulator requires Licensee to verify its compliance with applicable laws enforced by such Regulator in connection with Licensee's use of the AI System ("AI Verification"), then, upon Licensee's written request, Supplier will promptly assist Customer with such AI Verification by providing any required information or documentation related to the AI System.

[1]What are the Risks of AI in Law Firms?, Bloomberg Law (May 23, 2024), https://pro.bloomberglaw.com/insights/technology/what-are-the-risks-of-ai-in-law-firms/#litigation-risks.

[2] J. Scott Duda, How Small Law Firms Can Use Generative AI to Boost Business, Cherry Bekaert (June 5, 2024), https://www.cbh.com/insights/articles/how-small-law-firms-can-use-generative-ai-to-boost-business/#:~:text=Rather%20than%20using%20limited%20time,Perform%20data%20analysis%20and%20research.

[3] Viktoriia Yadoshchuk, Why Use Python for AI and Machine Learning, Waverley (April 29, 2024) https://waverleysoftware.com/blog/python-for-ai-and-ml/.

[4] Maura R. Grossman and Rees W. Morrison, 7 Questions Attorneys Should Ask Vendors About Their AI Products, New York State Bar Association, https://www.txs.uscourts.gov/sites/txs/files/SevenQuestions-March%20NYSBA%20Journal%202019.pdf.

[5] The American Bar Association Model Rules of Professional Conduct contain a similar obligation in Rule 1.6.

Considerations for an Initial Due Diligence Checklist:

Data Usage: How does the AI use your data?
- Will your data be shared with third parties?
- Will your data be used to train the AI?