All transformational technology is fraught with risk. However, when it comes to AI, Elon Musk said “we are communing with the devil”.

As a commercial lawyer, I like to think that fables about contracts with the devil exist because contracts are the ultimate risk management tool.

Regulators around the world, including the Bermuda Monetary Authority, fully appreciate the importance of using contracts to mitigate, if not avoid, the risks associated with the development and use of transformative technologies.

The BMA’s 2025 Business Plan signalled future policies concerning the risk-managed use of AI by its registrants.

That plan stated that the BMA was “undertaking a review of the Insurance Code of Conduct and the Operational Cybersecurity Code of Conduct to consider the merits of integrating specific guidelines on the use of AI and machine-learning systems”.

As with the BMA’s regulatory requirements for outsourcing and cybersecurity governance, I fully expect that the evolution of those current regulations will include additional risk management guidance involving AI contracts that are relied upon by Bermuda’s financial service sector.

In that regard, the recent emergence of model contracts for all sectors to manage the many risks of AI has been striking.

Among the variations of AI model contracts that I have consulted, there are two that stand out.

In 2023, Britain’s Society for Computers and Law published a 59-page White Paper titled Artificial Intelligence Contractual Clauses, and recently the Digital Transformation Agency of the Australian Government published [AI] Model Clauses, Version 2.0. Both are excellent.

Both organisations take a pragmatic approach to crafting contractual provisions that specifically address the commercial and legal risks of AI development, commercialisation and use. There is nothing abstractly academic about that guidance.

The commercial risks associated with all transformative technology, including AI, include the risks that:

  • The technology doesn’t perform the way that the vendor promised it would
  • Due diligence is difficult to undertake on products and vendors that are new to the market
  • The solution’s operation may not be compatible, interoperable or easily integrated with legacy systems
  • The solution’s performance reliability is yet to be proven

To address those “new-to-market” risks, both the SCL and DTA recommend that AI contracts include terms that:

  • Define the operational and functional specifications of the solution in precise and empirically verifiable terms
  • Require either a vendor-led AI demonstration or an operational demonstration within the customer’s infrastructure
  • Require acceptance testing as a precondition to contract effectiveness and any licence fee payments
  • Stipulate a warranty (of reasonable duration) concerning the solution’s “on spec” operation and that requires expedited defect remediation

Where AI is offered as a service rather than as licensed software, the contract should also address the usual risks that are associated with:

  • The different variations of cloud or distributive computing
  • Any jurisdictional export control restrictions
  • Compliance with all privacy laws, including export restrictions
  • The service provider’s compliance with all applicable law, including outsourcing and cybersecurity regulations
  • Subcontracting restrictions
  • A prohibition on the re-export of data to other jurisdictions

Since many AI solutions are powerful search agents that function as scrapers and “crawler bots”, two of the most prominent and serious AI risks to contractually address are the misappropriation of personal (and often confidential) information that the AI solution accesses, views and copies or uses, and the unlicensed reprography and misappropriation of third-party intellectual property.

As intelligent as AI may appear, it may be unable to identify data and content that is the property of others.

Based on the AI copyright infringement cases that are now before the courts in the US and Britain, AI contracts should include broadly drafted third-party non-infringement covenants as well as indemnities to protect users from such third-party liability. That approach to manage the risk of intellectual property infringement is required for all content or data that AI finds, fetches and brings back to the doorstep.

More specifically, the SCL and DTA suggest that AI contracts include covenants to:

  • Ensure that the AI provides only original work
  • Ensure that AI does not merely customise, enhance or create derivative works of someone else’s property
  • Address whether the service vendor owns the AI or the AI otherwise relies on “open source” software
  • Provide that neither the use nor operation of the AI will breach any third-party rights, including any contractual, privacy, intellectual property or statutory rights

Next week, in part two, I will identify additional development and use risks that AI brings, and the contractual terms that are necessary to address those risks.

First Published in The Royal Gazette, Legally Speaking column, July 2025

Locations

Bermuda

Services

Corporate, Technology & Innovation

Sectors

Technology & Innovation

Type

Insight

Share
X.com LinkedIn Email Save as PDF
More Publications
Website-Code-Bermuda-1
16 Oct 2025

Privacy issues in new beneficial ownership regime

Bermuda has passed the Beneficial Ownership Act 2025, a landmark reform that consolidates and simpli...

Jarion Richardson
Brad Adderley
John Wasty
Jarion Richardson, Brad Adderley, John Wasty
Regulatory Advice
10 Oct 2025

BMA requires greater operational resilience

Last month, the Bermuda Monetary Authority issued its code of conduct to bolster the resiliency of r...

Duncan Card
Richard Collis
Duncan Card, Richard Collis
Appleby-Website-Insurance-and-Reinsurance
1 Oct 2025

Private Cat Bonds and Casualty Sidecars Gaining Momentum in ILS Space

Following a particularly busy quarter for privately placed catastrophe bond transactions, this appea...

Brad Adderley
Brad Adderley
Technology and Innovation
25 Sep 2025

IT Enables Global Business Alignment

In Bermuda, many — if not most — of our international businesses are part of a multinational ent...

Duncan Card
Duncan Card
Appleby_preview_Bermuda_1
23 Sep 2025

Continuous Compliance: Building Confidence, Reducing Risk

Over the past decade, Bermuda businesses have faced a steady rise in regulatory and legal obligation...

Jarion Richardson
Jarion Richardson
Bermuda-1024x576-1
11 Sep 2025

A guide to selling your Bermuda home

Bermuda homeowners should protect their interests by enlisting expert advice when they decide to sel...

Neil Molyneux
Neil Molyneux
Bermuda-1024x576-1
10 Sep 2025

Discipline Now Key as Pressures on Reinsurers Mount

The reinsurance market is in a strong position after two years of profits and covering its cost of c...

Brad Adderley
Brad Adderley
Appleby-Website-Insurance-and-Reinsurance
10 Sep 2025

Education and Acceptance Fuel Wave of New Sponsors in Cat Bond Market

With the catastrophe bond market seeing eleven new sponsors enter the space so far this year, the tr...

Brad Adderley
Brad Adderley
Appleby-Website-Insurance-and-Reinsurance
9 Sep 2025

Built on Governance, Driven by Innovation: The Bermuda Advantage

Holding 85% of the cat bond market, Bermuda’s edge in alternative capital is no accident. “Re...

Brad Adderley
Brad Adderley
Appleby-Website-Employment-and-Immigration
26 Aug 2025

Walking the Tightrope of Restrictive Covenants

Restrictive covenants in employment agreements can often be a tightrope for employers. Ideally, thos...

Anna Markiewicz
Anna Markiewicz