Article by Howden and Simmons & Simmons: AI and Impacts on Insurance Contracts for Software Publishers

Différenciation entre IA passive et IA passive

Les IA passives se contentent d'analyser des données et de fournir des recommandations, tandis que les IA actives peuvent prendre des décisions autonomes basées sur ces analyses.

Cette distinction est cruciale car elle influence la responsabilité juridique des éditeurs de logiciels et le type de couverture d’assurance nécessaire. Par exemple, une IA active peut entraîner des risques plus élevés en termes de responsabilité, nécessitant une couverture plus robuste en assurance de responsabilité civile professionnelle (RCP) et en cyber risques.

Introduction

The rise of artificial intelligence (AI) technologies, particularly those akin to generative AI, raises crucial questions regarding insurance contracts for software publishers. To shed light on these issues, Jean-Guibert Ciavaldini, Head of the Tech sector at Howden, and Eric Le Quellenec, Tech Partner at the law firm Simmons & Simmons, discuss the legal, contractual, and insurance challenges associated with the use of AI in various sectors such as marketing, process automation, and text analysis and processing.

Differentiating Passive and Active AI

Passive AIs exclusively analyze data and provide recommendations, while active AIs can make autonomous decisions based on these analyses. This distinction is crucial as it influences the legal liability of software publishers and the type of insurance coverage needed. For instance, an active AI can lead to higher risks in terms of liability, requiring more robust coverage in professional liability insurance (PLI) and cyber risk insurance.

Legal and Contractual Issues

In France, the legal framework for AI software publishers is constantly evolving, especially with the implementation of European regulations. Service contracts must be very precise regarding the use of customer data, confidentiality guarantees, and intellectual property issues. Common practices include detailed GTCs (General Terms and Conditions) and SLAs (Service Level Agreements) outlining the obligations and responsibilities of the parties.

Future disputes could involve issues of intellectual property infringement, failure to comply with confidential data, and AI performance defects. In terms of insurance, this raises questions about risk coverage: does it fall under Professional Liability or Cyber Risks? The coverage of intellectual property risks, often under-limited in Professional Liability policies, will need to be reviewed to better protect publishers.

Intellectual Property and Customer Data

In Europe, the reuse of data protected by copyright for AI training is highly regulated. Conversely, information not covered by intellectual property rights can be subject to GDPR compliance. Publishers must therefore ensure they have the appropriate licenses and inform their clients of their rights, particularly in the event of contract termination.

In the event of contract termination, it is essential that software publishers provide clear procedures for the deletion or return of customer data. Contracts should include specific clauses on data management at the end of the contract, including mechanisms allowing customers to withdraw their data from AI systems. This may include secure data destruction, anonymization to ensure it is no longer traceable to a specific individual, or even unlearning from AI models.

International Regulations and Political Vision Differences

Regulations vary significantly by region. In Europe, regulations are strict on the use of data for AI training, limiting copyright exceptions mainly to academic research purposes. In the USA and Canada, the principles of "fair use" and "fair dealing" allow some leniency regarding the author's proprietary rights, permitting more liberal use of data, especially for non-commercial purposes. In Asia, China and Singapore have more permissive legislation explicitly allowing data mining for AI model training purposes.

These regulatory differences influence international contracts. Software publishers must be aware of the legal risks and compliance obligations that vary by jurisdiction. For instance, an international contract might need to include specific clauses for each region addressing local intellectual property, data protection, and high-risk AI compliance requirements.

Insurance Details

It is essential to review the intellectual property section in a Professional Liability and Cyber Risk insurance contract. It must properly guarantee data breach and client data violations without sub-limits in France and the EU, but also in the USA and Canada if the mission scope extends there. This guarantee covers claims from clients and third parties and will notably cover defense costs related to intellectual property violations.

In some situations, the client may wish for intellectual property guarantees that include specific guarantees with a dedicated limit. The insurance market now offers standalone IP policies that present several technical advantages. These policies provide extensive protection against infringement claims, cover defense costs, and proactively protect intellectual property rights.

Conclusion and Perspectives

For technology companies, it is essential to subscribe to a combined Professional Liability (PL) and Cyber policy with the same insurer. This covers both claims related to professional errors and cyber incidents, offering comprehensive protection against the complex risks inherent in these activities. Insurance policies should be regularly reviewed and adapted to legal and technological developments.

Caution and risk anticipation are essential in a rapidly evolving technological environment. Software publishers integrating generative AI tools must stay informed of legal and contractual developments to ensure compliance and protect their activities.

At Howden, our in-depth sector expertise, constant legal monitoring, and commitment to raising insurer awareness enable us to provide tailored and innovative solutions meeting the specific needs of technology companies. We surround ourselves with the best partners, such as Simmons & Simmons, to support our clients at every stage to ensure optimal protection of their activities.

This article was written in collaboration with Jean-Guibert Ciavaldini, Head of the Tech sector at Howden, and Eric Le Quellenec, Tech Partner at Simmons & Simmons LLP.