 |
| Frank Azzopardi |
 |
| Matthew Bacal |
 |
| Pritesh Shah |
This article provides a brief overview of the diligence, transactional and other commercial considerations for acquirers engaging in M&A activity in the GAI space.
The release of the AI-powered language model ChatGPT by OpenAI has led to a surge of interest in GAI as companies, consumers and governments seek to leverage GAI's rapid and increasingly sophisticated content-generation capabilities.
Where nongenerative AI tools process or analyze existing data, GAI tools utilize combinations of supervised and unsupervised machine learning algorithms and large volumes of training data to develop models that are capable of quickly producing customizable output in response to relatively simple prompts from users.
The GAI market has been projected to expand at a compound annual growth rate of 39%, reaching $422.37 billion globally by 2028.[1]
As activity involving targets in the GAI space has increased, acquirers and their counsel are facing novel diligence and transactional concerns.
Diligence Concerns
Transactions involving companies in the GAI space present certain unique diligence challenges, including with respect to intellectual property infringement and ownership, product design, and an evolving regulatory landscape.
Infringement
While many of the IP infringement considerations for targets in the GAI space are similar to those for traditional technology companies, the unique characteristics of GAI tools present a number of novel issues.
Training Data
The creation of any GAI tool requires the use of large data sets that the applicable machine learning model uses to learn and improve its output. Such data sets may include images, text or other data subject to copyright and other IP protections, as well as contractual terms, e.g., terms of use.
Multiple developers are facing allegations that their GAI tools were developed by ingesting protected content without a license.[2]
Acquirers of targets developing or heavily reliant on the use of GAI tools should review:
- The manner in which such tools have been developed and trained; and
- Any licensing arrangements related to the acquisition and use of such training data in order to evaluate the risk of infringement or claims based on breach of contract.
Generated Content
There is an inherent risk that the output of GAI tools may reflect certain characteristics of the data used in training and developing such tools. Accordingly, any perceived similarity between the output of such tools and any third-party IP may entail a risk of infringement claims being brought against the developer or user of the applicable tool.
Acquirers should consider the target's terms of service or other platform agreements, IP laws in the relevant jurisdictions, and any applicable license agreements to evaluate the risk that any content created by the target's GAI tools may lead to claims that such content infringes upon or misappropriates the IP rights of third parties or violates applicable contractual terms.
Ownership and IP Protection
Acquirers of targets developing or heavily reliant on the use of GAI tools should closely analyze the specific mechanisms at play in producing the output of such tools, as well as any applicable terms and conditions, to evaluate whether such targets may face any challenges relating to the ownership or protection of their IP rights.
Protection of Output
U.S. courts have held that only output authored or invented by a human being is protectable under current U.S. IP law.[3] Further, the U.S. Copyright Office has indicated that not all GAI tool output is protectable.[4]
Whether any such output is protectable turns on the manner in which the tool produces the output, including whether the output was sufficiently predictable in advance, and the specific prompts provided by the user, among other considerations.[5]
Terms and Conditions
Assuming the output of GAI tools is protectable, whether the output will be owned by the applicable provider or user of a GAI tool will depend on the relevant terms and conditions under which the tool is provided.
Currently, it is common for GAI tool providers to assign ownership of output to the applicable user.[6]
However, certain providers continue to retain ownership and merely license the output to users for limited purposes, or require users to make certain payments, often a subscription or service fee, in exchange for ownership of the output.[7]
Additionally, the terms applicable to GAI tools frequently reserve certain rights to the provider in both the output — including the ability to refine or improve the GAI tool using such output — and the prompts provided by users, including for testing and maintenance purposes.
Safeguards
Acquirers should consider whether the target has adopted, maintained and implemented any technical, administrative or contractual safeguards to mitigate the risks arising from the use of GAI tools, including with respect to misuse, bias or errors, open source software and content regulation.
Misuse
Due in part to the novelty and sophistication of GAI tools, there is a risk that users may employ GAI tools in ways not anticipated by targets developing or commercializing such tools, potentially leading to unlawful or harmful consequences.
Acquirers should review whether the applicable GAI tools were developed in a manner designed to address these and other risks, including, for example, by incorporating built-in filters, response limitations, design guardrails or other safety features.
Acquirers also should evaluate any applicable acceptable use policies or other contractual terms designed to reduce such misuse.
Bias and Errors
As discussed, the output of GAI tools often reflects the characteristics of the training data used to develop such tools. If the training data used to develop a GAI tool is inaccurate, biased, or otherwise flawed, then such tool and its output may in turn be inaccurate, biased or otherwise flawed.
Acquirers should seek to diligence the accuracy and reliability of a target's GAI tools, any biases in the underlying training data, and any related disclosures the target may make to its users.
Open Source Software
GAI tools are frequently trained on large data sets that may incorporate open source software, including such software governed by licenses containing copyleft or other restrictions or obligations relating to the use of the software.
For example, companies using GAI tools that improve, modify or distribute any open source software could be obligated under such licenses to make any output produced by such GAI tools publicly available at no cost, or to provide required attribution in connection with such output.
Importantly, any restrictions applicable to open source software used by GAI tools in their development or operation also may apply to the output produced by such GAI tools, undermining users' perceived ownership of or exclusive rights to such output.
Acquirers should seek to understand the manner in which open source software is used by the applicable GAI tool to evaluate whether:
- The target is in violation of any open source software licenses; and
- The output of such GAI tool may be subject to open source software license restrictions or obligations.
Content Regulation
Targets in the GAI space also may be subject to content regulation in various jurisdictions that may penalize such targets for any GAI tool use that produces illicit or harmful output.
Acquirers should evaluate any applicable content regulations and whether the applicable GAI tool's content policies and practices may tarnish or impair the brand or reputation of the applicable target.
Regulatory
Regulatory activity related to GAI tools is rapidly increasing[8] and, given privacy concerns related to automated decision making[9] and the cybersecurity issues raised by GAI tools, data privacy and cybersecurity regulations will be especially relevant to acquirers.
Data Privacy
Due to the scale of the data sets used to train machine learning models and the costs associated with screening such large volumes for personal information, the training data used to develop GAI tools may incorporate personal or sensitive information.
Additionally, users of GAI tools may submit personal information, related to themselves or others, in their prompts. Any personal or sensitive information used in the training of GAI tools or contained in user prompts may be incorporated in the output of these tools.
Any of the foregoing uses or perceived uses of personal or sensitive information may constitute a violation of applicable laws or regulations.
Acquirers should consider, among other concerns, whether:
- Appropriate privacy protections were implemented in acquiring or refining the relevant training data;
- Users are party to any relevant privacy policies or other agreements governing the processing of personal or sensitive information; and
- Targets have implemented other practical or contractual privacy protections.
Cybersecurity
GAI tools may provide threat actors with powerful new vectors of attack, including, e.g., using GAI to execute sophisticated phishing attacks, or producing false or misleading information. These include deep fakes, rapidly developing malware or other malicious software, and exploiting vulnerabilities in source code produced by GAI tools.
Acquirers should consider whether the applicable GAI tool has been designed to prevent its use for these purposes, and whether the target has any contractual or other remedies available in the event its tools are used in a cyberattack.
In addition, training data may contain security weaknesses, vulnerabilities, errors and other flaws, increasing the risk that the source code produced by a GAI tool also may contain these defects.
Transaction Agreement Considerations
Asset transactions
With asset purchases, as opposed to stock or equity transactions, acquirers should ensure the asset purchase agreement fully covers all the technology and data required to operate and continue the development of the applicable GAI tools owned or used by the target, including, as applicable:
- All the target's IP rights in the applicable GAI tools — their output, the underlying training data, and all related GAI tool technology; and
- Any licenses being transferred in connection with the purchase.
Acquirers should evaluate whether any such licenses include the full set of rights needed for underlying training data and should be mindful of any restrictions regarding the use of GAI tools trained on such data.
Representations and Warranties
In addition to a typical, fulsome set of IP, IT, privacy and cybersecurity representations and warranties, the relevant transaction agreement should also include representations and warranties specifically designed to backstop the acquirer's due diligence.
This includes with respect to the nature and provenance of any training data used by the target and any applicable safeguards.
Interim Operating Covenants
In addition to traditional covenants to maintain IP assets and not to amend or terminate material agreements, given the pace of change in the GAI market, practitioners should consider including covenants restricting the target's ability to materially change, except where legally required:
- The training data used by the target;
- The terms of use or other agreements governing the target's use or development of GAI tools or related assets; or
- The target's data privacy or security policies or practices.
Due to the increasing focus of regulators on GAI tools, acquirers should also consider the target's obligations to provide notice of any investigations or regulatory inquiries, and consider bargaining for rights to participate in any related discussions where legally permissible.[10]
Recourse
Depending on the risks identified in due diligence and the availability of representation and warranty insurance, acquirers should consider incorporating specific indemnities in the relevant transaction agreement to address any such known risks.
Post-Transaction Considerations
Acquirers should pay careful attention to a target's scope of ownership and licensing rights with respect to GAI tools and their output when integrating such tools or output with the acquirer's existing operations.
Given the current uncertainty regarding the protectability of GAI tool output, combining such output with otherwise protectable content may present unique risks.
Moreover, integrating GAI tool output with preexisting proprietary tools or systems may present reputational risks, especially given GAI tools' potential to produce inaccurate, biased or flawed output, and potential requirements to disclose the role of GAI in producing any such output.
Frank Azzopardi is a partner and head of IP, tech and commercial transactions at Davis Polk & Wardwell LLP.
Matthew Bacal is a partner at the firm.
Pritesh Shah is a partner at the firm.
Davis Polk associate Joshua Shirley contributed to this article.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of their employer, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
[1] $422.37+ Billion Global Artificial Intelligence (AI) Market Size Likely to Grow at 39.4% CAGR During 2022-2028, Bloomberg, accessed July 3, 2023. Available from: https://www.bloomberg.com/press-releases/2022-06-27/-422-37-billion-global-artificial-intelligence-ai-market-size-likely-to-grow-at-39-4-cagr-during-2022-2028-industry.
[2] See e.g., Getty Images (US), Inc. v. Stability AI, Inc., 1:23-cv-00135, (D. Del.); and DOE 1 v. GitHub, Inc., 4:22-cv-06823, (N.D. Cal.).
[3] See e.g. Thaler v. Hirshfeld
, 558 F. Supp. 3d 238 (E.D. Va. 2021).[4] Letter from United States Copyright Office, RE: Zarya of the Dawn (Registration #VAu001480196), February 21, 2023. Available from: https://www.copyright.gov/docs/zarya-of-the-dawn.pdf.
[5] Copyright Registration Guidance: Works Containing Material Generated by Artificial Intelligence, United States Copyright Office. Updated March 16, 2023, accessed July 3, 2023. Available from: https://copyright.gov/ai/ai_policy_guidance.pdf.
[6] Terms of Use, Open AI, Updated March 14, 2023, accessed July 3, 2023. Available from: https://openai.com/policies/terms-of-use.
[7] Terms of Service, Midjourney, Updated June 8, 2023, accessed July 3, 2023. Available from: https://docs.midjourney.com/docs/terms-of-service.
[8] The AI Act, Development, European Commission, accessed July 3, 2023. Available from: https://artificialintelligenceact.eu/developments/; Artificial Intelligence Act, European Commission, accessed July 3, 2023. Available from: https://www.europarl.europa.eu/doceo/document/TA-9-2023-0236_EN.pdf.
[9] Automated individual decision-making, including profiling, Article 22, Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR). Available from: https://gdpr-info.eu/art-22-gdpr/.
[10] FTC Chair Khan and Officials from DOJ, CFPB and EEOC Release Joint Statement on AI, Federal Trade Commission (FTC), accessed July 3, 2023. Available from: https://www.ftc.gov/news-events/news/press-releases/2023/04/ftc-chair-khan-officials-doj-cfpb-eeoc-release-joint-statement-ai.
For a reprint of this article, please contact reprints@law360.com.
