Enterprises that merely use AI tools can inherit copyright liability for outputs trained on infringing data. The indemnity you signed may quietly cap out below the exposure you carry.
The prevailing assumption inside most enterprises is comfortable and wrong. It holds that the copyright fights over generative AI are a problem for the model makers, the labs that scraped the open web and now answer for it in federal court. The buyers, the thinking goes, are spectators. They licensed a tool. They didn't train anything.
That assumption is about to get expensive. The legal exposure created by training on infringing material does not stop at the lab door. It travels downstream, attached to every output, into the codebase your engineers shipped and the marketing copy your team published. And the contract meant to protect you from that risk is, in most cases, narrower than the people who signed it believe.
This is no longer a hypothetical drawn from one marquee case. It is a pattern with a docket.
The litigation is widening, not settling
The New York Times action against OpenAI remains live in 2026, anchored by the uncomfortable demonstration that ChatGPT could reproduce Times articles close to verbatim. That alone reframed the debate from abstract fair-use theory to concrete reproduction. But the more telling signal is breadth.
On May 5, 2026, a coalition of publishers — Hachette, Macmillan, McGraw Hill, Elsevier and Cengage — joined the novelist Scott Turow in a proposed class action against Meta. A month later, in June, Jamendo sued Nvidia over training audio, pulling music rights into a fight that had been dominated by text. Each new plaintiff class expands the universe of works that an enterprise's chosen model might have ingested, and therefore the universe of outputs a court could one day deem tainted.
The center of gravity is not only American. On March 10, 2026, the Grand Chamber of the EU's top court heard Like Company v Google, the first case to test whether training a large language model violates European copyright. A fifteen-judge panel is now weighing how the text-and-data-mining exceptions apply to commercial model training. Whatever it decides will set the floor for every enterprise operating in the bloc, regardless of where the model was built.
The deploying enterprise inherits a risk it did not create and cannot inspect, because the provenance of the training data sits entirely inside the vendor.
Why the buyer carries risk it never made
Copyright liability for AI output is not confined to reproduction at the source. If your team ships code generated by a model trained on infringing repositories, or publishes content derived from protected works, the infringing artifact now lives in your product. You distributed it. That you never touched the training set is, in a copyright claim, beside the point.
The cruelty of the position is informational. You cannot audit what you cannot see, and no enterprise buyer has visibility into the corpus a frontier lab trained on. The provenance question — what went in, under what license — is answerable only by the vendor, and the vendor has every incentive to keep the answer vague. So the buyer absorbs an exposure that is, by design, invisible to it.
There is one genuinely new development worth weighing against the gloom. Anthropic paid a substantial settlement to resolve copyright claims against it. That matters less as a verdict than as a market signal: a vendor that has priced and paid this kind of liability is a vendor that can credibly stand behind a real indemnity. The settlement may mark the moment indemnification stops being boilerplate and starts being a product feature worth paying for.
Visual 1 — Where the gap opens
Contract term | What buyers assume it covers | Where it often falls short |
|---|---|---|
IP-infringement indemnity | Vendor defends and pays for any copyright claim tied to outputs | Frequently excludes fine-tuned, modified, or RAG-augmented use — much of how enterprises actually deploy |
Data-sourcing representations | A warranty that training data was lawfully obtained | Often replaced by softer "commercially reasonable efforts" language with no provenance disclosure |
Liability cap | Generous enough to absorb a serious claim | Commonly capped at 12 months of fees — orders of magnitude below class-action exposure |
How to read it: The protection most buyers picture is in the left two columns. The risk lives in the right one. Read each clause for the carve-outs, not the promise.
The indemnity is the deal, not the footnote
Most AI indemnities are written to look reassuring while doing limited work. They cover the vanilla case — an unmodified model, used as shipped — and quietly exclude the configurations enterprises actually run: fine-tuned weights, retrieval pipelines stuffed with third-party content, agents chaining tools together. The moment your deployment leaves the showroom condition, coverage can evaporate.
The liability cap is the second trap. A clause that limits the vendor's exposure to twelve months of subscription fees reads like a number until you set it beside the settlements now circulating in these cases. The cap is not a detail. It is the answer to the only question that matters: when the claim lands, who actually pays?
What this means for leaders
Move indemnification into procurement, not legal review. By the time a contract reaches sign-off, the leverage is gone. The IP-infringement indemnity, data-sourcing representations, and liability cap should be scored during vendor selection, weighted alongside accuracy and price, so that a weak indemnity can lose a deal rather than merely annoy your counsel.
Demand provenance, and treat refusal as data. Ask vendors to represent the lawful sourcing of training data in language stronger than "commercially reasonable efforts." A vendor that will warrant its corpus is telling you it has done the work. One that won't is telling you where the risk will sit.
Map your own deployment against the carve-outs. Inventory where you fine-tune, where you feed third-party content into retrieval, where agents act autonomously. Each of those is a place a standard indemnity may not reach, and each is a candidate for a negotiated rider or a deliberate, documented decision to accept the risk.
The labs will keep fighting their cases, and some will lose. But the enterprises that get hurt won't be the ones in the headlines. They will be the buyers who treated the indemnity clause as paperwork, discovered the cap only after the claim arrived, and learned too late that "we just used the tool" is not a defense a court recognizes.
A BusinessInfomatics original. Drawn from 2026 case reporting and legal analyses by firms including Stradling, Ropes & Gray, and Bochner.



