All transformational technology is fraught with risk. However, when it comes to AI, Elon Musk said “we are communing with the devil”.

As a commercial lawyer, I like to think that fables about contracts with the devil exist because contracts are the ultimate risk management tool.

Regulators around the world, including the Bermuda Monetary Authority, fully appreciate the importance of using contracts to mitigate, if not avoid, the risks associated with the development and use of transformative technologies.

The BMA’s 2025 Business Plan signalled future policies concerning the risk-managed use of AI by its registrants.

That plan stated that the BMA was “undertaking a review of the Insurance Code of Conduct and the Operational Cybersecurity Code of Conduct to consider the merits of integrating specific guidelines on the use of AI and machine-learning systems”.

As with the BMA’s regulatory requirements for outsourcing and cybersecurity governance, I fully expect that the evolution of those current regulations will include additional risk management guidance involving AI contracts that are relied upon by Bermuda’s financial service sector.

In that regard, the recent emergence of model contracts for all sectors to manage the many risks of AI has been striking.

Among the variations of AI model contracts that I have consulted, there are two that stand out.

In 2023, Britain’s Society for Computers and Law published a 59-page White Paper titled Artificial Intelligence Contractual Clauses, and recently the Digital Transformation Agency of the Australian Government published [AI] Model Clauses, Version 2.0. Both are excellent.

Both organisations take a pragmatic approach to crafting contractual provisions that specifically address the commercial and legal risks of AI development, commercialisation and use. There is nothing abstractly academic about that guidance.

The commercial risks associated with all transformative technology, including AI, include the risks that:

  • The technology doesn’t perform the way that the vendor promised it would
  • Due diligence is difficult to undertake on products and vendors that are new to the market
  • The solution’s operation may not be compatible, interoperable or easily integrated with legacy systems
  • The solution’s performance reliability is yet to be proven

To address those “new-to-market” risks, both the SCL and DTA recommend that AI contracts include terms that:

  • Define the operational and functional specifications of the solution in precise and empirically verifiable terms
  • Require either a vendor-led AI demonstration or an operational demonstration within the customer’s infrastructure
  • Require acceptance testing as a precondition to contract effectiveness and any licence fee payments
  • Stipulate a warranty (of reasonable duration) concerning the solution’s “on spec” operation and that requires expedited defect remediation

Where AI is offered as a service rather than as licensed software, the contract should also address the usual risks that are associated with:

  • The different variations of cloud or distributive computing
  • Any jurisdictional export control restrictions
  • Compliance with all privacy laws, including export restrictions
  • The service provider’s compliance with all applicable law, including outsourcing and cybersecurity regulations
  • Subcontracting restrictions
  • A prohibition on the re-export of data to other jurisdictions

Since many AI solutions are powerful search agents that function as scrapers and “crawler bots”, two of the most prominent and serious AI risks to contractually address are the misappropriation of personal (and often confidential) information that the AI solution accesses, views and copies or uses, and the unlicensed reprography and misappropriation of third-party intellectual property.

As intelligent as AI may appear, it may be unable to identify data and content that is the property of others.

Based on the AI copyright infringement cases that are now before the courts in the US and Britain, AI contracts should include broadly drafted third-party non-infringement covenants as well as indemnities to protect users from such third-party liability. That approach to manage the risk of intellectual property infringement is required for all content or data that AI finds, fetches and brings back to the doorstep.

More specifically, the SCL and DTA suggest that AI contracts include covenants to:

  • Ensure that the AI provides only original work
  • Ensure that AI does not merely customise, enhance or create derivative works of someone else’s property
  • Address whether the service vendor owns the AI or the AI otherwise relies on “open source” software
  • Provide that neither the use nor operation of the AI will breach any third-party rights, including any contractual, privacy, intellectual property or statutory rights

Next week, in part two, I will identify additional development and use risks that AI brings, and the contractual terms that are necessary to address those risks.

First Published in The Royal Gazette, Legally Speaking column, July 2025

Locations

Bermuda

Services

Corporate, Technology & Innovation

Sectors

Technology & Innovation

Type

Insight

Share
X.com LinkedIn Email Save as PDF
More Publications
Appleby-Website-Insurance-and-Reinsurance
15 Jul 2025

Captives are the grass roots of Bermuda risk

Bermuda has seen tremendous growth in the life reinsurance and insurance-linked securities markets i...

Matthew Carr
Matthew Carr
050-Insolvency-Restructuring-Grid-Image
10 Jul 2025

Bermuda: Restructuring & Insolvency

This country-specific Q&A provides an overview of Restructuring & Insolvency laws and regulations ap...

John Wasty
Claire van Overdijk KC
Sam Riihiluoma
James Batten
Robert Nash
John Wasty, Claire van Overdijk KC, Sam Riihiluoma, James Batten, Robert Nash
050-Insolvency-Restructuring-Grid-Image
3 Jul 2025

Insolvency law: secured creditors take note (Bermuda)

The recent judgment delivered by the Supreme Court of Bermuda in the matter of Harold J. Darrell hig...

Robert Nash
Robert Nash
Appleby-Website-Insurance-and-Reinsurance
2 Jul 2025

Bermuda: Education has helped investors get more comfortable as ILS continues to grow

It’s been an exceptionally busy and record first half of the year for the catastrophe bond sector,...

Brad Adderley
Brad Adderley
Appleby-Website-Privacy-and-Data-Protection
25 Jun 2025

Impact of Privacy Law on Bermuda Business

On 1st January 2025, Bermuda’s Personal Information Protection Act 2016 (PIPA) came into full forc...

Duncan Card
Duncan Card
Appleby-Website-Regulatory-Practice
25 Jun 2025

Simplified Due Diligence in Bermuda

Simplified Due Diligence (SDD) and Reduced Due Diligence (RDD) are critical features of a modern, ri...

Jarion Richardson
John Wasty
Jarion Richardson, John Wasty
Appleby-Website-Employment-and-Immigration
23 Jun 2025

Practical Tips for Conducting Workplace Investigations

Allegations of harassment, bullying or other misconduct in the workplace can create a legal mine fie...

Anna Markiewicz
Anna Markiewicz
Bermuda-1024x576-1
19 Jun 2025

Bermuda encourages investment with residential certificates

On March 31, 2023, the Bermuda Government replaced its previous tool intended to attract capital to ...

Anna Markiewicz
Neil Molyneux
Anna Markiewicz, Neil Molyneux
Appleby-Website-Insurance-and-Reinsurance
11 Jun 2025

Bermuda Paves the Way for Captive Insurers with New Stablecoin Policy

The Bermuda Monetary Authority (BMA) has announced a significant new policy framework that allows ca...

Brad Adderley
Ojeda Smith
Brad Adderley, Ojeda Smith
Appleby-Website-Insurance-and-Reinsurance
10 Jun 2025

Bermuda benefits from a strong and capital efficient regulatory regime

Bermuda’s long-term reinsurance sector is experiencing a new phase of complexity and scrutiny but ...

Max Tetlow
Cathryn Minors
Max Tetlow, Cathryn Minors