Using AI for contracts

AI is great for drafting contracts or for reviewing them and providing input for improvements.

But is it actually okay to use AI for that?

It depends on which AI solution we are talking about and on the content of the contract.

If the contract contains your own information only, you can do whatever you want with it. You can throw it out the window, upload it to ChatGPT, dance with it on TikTok, and so on.

But as soon as it contains information about others – and especially their confidential information – you need to consider what you are doing and whether your use breaches your obligation to confidentiality.

What is the problem?

Now you might be thinking, “It will never be discovered if I upload a contract to ChatGPT. The answer others get from ChatGPT is not a one‑to‑one copy of what I chose to share with Sam Altman.”

And my response is:
It will usually constitute a breach of your confidentiality obligation. But you do have a point — it is just not a very good one. When I look at what various AI solutions are capable of, the data comes from somewhere. And if we all use ChatGPT for all material, regardless of the level of detail and confidentiality, we might as well give up on having something called confidential information, because it will be available anyway via AI.

There is no added value in being a knowledge‑based company if that knowledge — and more — can quickly be accessed by everyone else through AI solutions.

Google writes the following in the terms of use for the free version of Gemini:

“Human reviewers (including trained reviewers from our service providers) review some of the data we collect for these purposes. Please don’t enter confidential information that you wouldn’t want a reviewer to see or Google to use to improve our services, including machine-learning technologies.”

So do yourself — and your contractual counterparty — the favor of checking what you share with AI and which AI solution you use.

Overview of AI tools

If you want to read the terms and conditions from the various providers yourself, and see how you can potentially disable data sharing or storage, you can click through the overview below.

When it comes to terms and conditions, the European companies Mistral and Proton deserve credit for writing clearly and plainly about their use and storage of data. The US‑based companies are good at generating so much text that the relevant information becomes incredibly difficult to find.

Then there is the back door: US authorities can require American companies to hand over data, regardless of where in the world it is stored (see https://www.law.cornell.edu/uscode/text/18/2713).

This gives European companies a clear competitive advantage. The only question is whether the US‑based providers are technically so much better that you would rather use them anyway.

If you want to secure yourself as much as possible, you can choose a local (on‑premises) solution. Companies such as www.ownlytic.dk and www.promte.dk with that.