Alexa Baltodano and Linda Henry Present on AI Risk Allocation at the ACC Lunch & Learn

On May 21, attorneys from Patrick Law Group, together with Lynee Campos, Assistant General Counsel at Delta Air Lines, and Madiha Merchant, Associate GC-Corporate & Compliance at Pep Boys, presented a CLE focused on negotiating AI contracts and managing AI-related legal risks in the age of generative AI. One theme emerged throughout the discussion: while AI technology is evolving rapidly, many organizations are still relying on contracting approaches developed for traditional SaaS products when procuring AI tools. The result is a significant gap between contractual protections and real-world risk.

Many companies approach AI procurement the same way they would a conventional SaaS purchase. That works fine for some tools. But when AI-generated outputs are being used to make decisions or interact directly with customers, the legal and business risks look very different, and the contract needs to reflect that.

The pivotal question is not whether a product uses AI, as almost everything does now, but what role the AI plays in the workflow.

AI solutions exist on a spectrum. At one end, AI  functions as a productivity aid (drafting emails, summarizing documents)  where the generated output requires  human review. Further along, AI augments professional judgment in areas like financial analysis, underwriting, or hiring decisions. At this stage, automation bias becomes a meaningful risk, because the human in the loop may defer to the AI more than they should. At the far end of the spectrum  are fully customer-facing or automated decision systems, where the AI’s output is the product and human review is minimal or absent.

As organizations move along this spectrum, the potential consequences of an AI failure increase significantly. Liability terms that may be reasonable for an internal productivity tool can be wholly inadequate when AI is making, or materially influencing, decisions that affect customers, employees, or regulatory compliance.

This disconnect creates a liability gap. In many AI agreements, the vendor’s liability remains capped at the fees paid under the contract, while the customer’s real-world exposure may include regulatory investigations, customer claims, reputational harm, remediation costs, and other losses that far exceed the contractual cap.

The gap is especially pronounced with AI-generated outputs. While some AI hyperscalers  are beginning to offer robust intellectual property protections, many vendors remain reluctant to assume meaningful responsibility for output failures, including hallucinations, inaccurate outputs, biased results, or harmful customer interactions. Vendors typically argue that these risks depend on factors within the customer’s control, including their prompts, workflows, and degree of human review. As a result, responsibility for downstream consequences is frequently allocated to the customer, even where the underlying technology contributed to the failure.

Organizations are unlikely to negotiate their way out of AI risk through indemnities and liability caps alone. While contractual protections remain important, they represent only one component of a broader risk management framework. Effective AI governance controls, meaningful human oversight, deployment design, insurance coverage, and clear internal policies are now as fundamental to AI risk management as the contract itself.

If you have questions about AI contracting, vendor negotiations, or governance frameworks, the attorneys at Patrick Law Group are available to help. We regularly advise clients on AI-related transactions and risk management strategies and would be pleased to discuss how these issues may affect your organization. For more information, please contact Linda Henry at lhenry@patricklawgroup.com or Alexa Baltodano at abaltodano@patricklawgroup.com.

 

Skip to content