Three contract clauses decide whether an enterprise AI deployment is safe to sign: data residency, training rights, and output indemnity. As of May 2026, only two of the six major AI vendors offer all three in their standard enterprise paper, and the indemnity caps range from 100 percent of fees paid to uncapped. The default AI contract leaks training data, hands the vendor unlimited rights to your prompts, and exposes you to copyright damages the vendor will not cover. The fix is six negotiated paragraphs.
This guide compares OpenAI, Anthropic, Microsoft, Google, AWS Bedrock, and IBM Watsonx on the three clauses most likely to land in legal hold during procurement review. It also documents the EU AI Act obligations that took binding effect on 2 February 2025 for prohibited practices and 2 August 2025 for general-purpose AI models, with full provider obligations applying from 2 August 2026.
The three clauses that matter
Most AI vendor master agreements run 40 to 80 pages. Only three clauses materially shift risk: data residency, training opt-out, and copyright indemnity. A fourth clause, audit rights, is rising in importance under the EU AI Act and US state-level AI laws.
| Clause | Default vendor position | Negotiated buyer position |
|---|---|---|
| Data residency | Vendor-elected region, no contractual lock | Named region, written notice required before any cross-border processing |
| Training on customer data | Permitted for service improvement | Prohibited, no opt-out form required, audit right attached |
| Output IP ownership | Customer owns outputs, vendor disclaims warranties | Customer owns outputs, vendor warrants no third-party rights |
| Copyright indemnity | Excluded or capped at fees paid | Uncapped or 3x annual fees, with named carve-outs |
| Audit rights | Vendor self-attestation only | Third-party SOC 2, ISO 42001, and right to direct audit for regulated workloads |
Data residency under the EU AI Act and beyond
Data residency is the first question general counsel asks. It is also the easiest clause for the vendor to soften without changing the technical architecture. The contractual goal is to name the processing region in the order form and require written notice plus customer consent before any cross-border move. The technical reality is that most providers offer EU residency for inference but not for the underlying model training infrastructure.
| Vendor | EU inference | EU training | US inference | India / Canada / Australia |
|---|---|---|---|---|
| OpenAI (ChatGPT Enterprise) | Yes (Ireland, Germany) | No (US only) | Yes | Australia yes, Canada partial |
| Anthropic (Claude Enterprise) | Yes (Frankfurt, Dublin) | No (US only) | Yes | Via AWS Bedrock regions |
| Microsoft Azure OpenAI | Yes (Sweden, Switzerland, France) | No (model fine-tuning yes, base training no) | Yes | 14 regions globally |
| Google Vertex AI / Gemini | Yes (Belgium, Netherlands, Finland) | No (US, Singapore) | Yes | Multi-region |
| AWS Bedrock | Yes (Frankfurt, Ireland, Paris) | Not applicable (Bedrock is inference-only) | Yes | Multi-region |
| IBM Watsonx | Yes (Frankfurt, London) | Yes (selective) | Yes | Multi-region |
The EU AI Act adds a layer above GDPR. Providers of general-purpose AI models placed on the EU market must comply with transparency, copyright, and risk obligations starting 2 August 2025, with high-risk system obligations applying 2 August 2026. Customer contracts should reference Article 53 obligations of the AI Act so that the vendor commits to the disclosures buyers will be asked for under their own AI Act compliance program.
The residency trap that catches most buyers: Vendor standard contracts say "data processed in customer-selected region" but exclude logs, abuse monitoring data, and human-reviewed safety samples from that scope. Push for "all customer content, including telemetry, prompt logs, completion logs, and human-reviewed safety samples, processed and stored in the named region" with no carve-outs.
Training opt-out: the four positions
Enterprise contracts now fall into four bands on training rights:
Position one: vendor trains by default, opt-out via dashboard toggle. This is the OpenAI consumer position and the Google Workspace AI feature default. Unsuitable for any enterprise deployment.
Position two: vendor trains by default for service improvement, contractual opt-out available on request. This is the legacy Microsoft and Google enterprise position.
Position three: vendor does not train on customer content, written in master agreement, no opt-out form needed. This is the OpenAI Enterprise, ChatGPT Team, Anthropic Claude Enterprise, Azure OpenAI Service, and Google Vertex AI position as of May 2026.
Position four: vendor does not train, customer has audit rights to verify, and any training breach triggers liquidated damages. This is the position to negotiate for regulated workloads, particularly financial services, healthcare, and EU public sector.
| Vendor | Standard position | Contract language to look for |
|---|---|---|
| OpenAI Enterprise | Position 3 | "OpenAI does not train its models on Customer Content" |
| Anthropic Claude Enterprise | Position 3 | "Anthropic does not train our models on Customer Inputs or Outputs" |
| Microsoft Azure OpenAI | Position 3 | "Your prompts (inputs) and completions (outputs) are NOT available to other customers, NOT used to improve the OpenAI models" |
| Google Vertex AI | Position 3 | "Google does not use Customer Data to train, fine-tune, or improve any Generative AI Models" |
| AWS Bedrock | Position 3 | "AWS does not use Customer Content to train or improve the AWS Generative AI Services" |
| IBM Watsonx | Position 3 (negotiable to 4) | "IBM will not use Client Content to train its Foundation Models" |
Output IP and copyright indemnity
Output ownership is now uniform across enterprise contracts: the customer owns the outputs. The contested clause is what happens when the outputs infringe third-party copyright. Six vendors take materially different positions.
| Vendor | Indemnity scope | Cap | Carve-outs |
|---|---|---|---|
| Microsoft Copilot Copyright Commitment | Copyright claims for outputs from Microsoft Copilot services | Uncapped for Copilot, subject to volume license terms | Customer must use content filters; misuse forfeits indemnity |
| OpenAI Copyright Shield | Copyright claims for ChatGPT Enterprise and API outputs | Fees paid in prior 12 months as a floor; negotiable above | Customer must not bypass safety systems; covers Enterprise and Team only |
| Anthropic indemnity | Third-party IP claims arising from Claude outputs | Up to fees paid in prior 12 months, negotiable to 3x for enterprise | Customer's misuse, off-policy content, or bypassed safety controls |
| Google Vertex AI Generated Output Indemnification | Third-party IP infringement for output generated by approved Google models | Per master agreement cap, often 2x fees | Customer prompt that is itself infringing |
| AWS Bedrock IP indemnification | Copyright claims for output from Amazon Titan and selected partner models | Subject to AWS Enterprise Agreement cap | Customer-provided fine-tuning data |
| IBM Watsonx | IBM IP indemnity, uncapped for IBM-developed Granite models | Uncapped for Granite, capped for third-party models routed via Watsonx | Customer fine-tuning with non-IBM data |
For commercial workloads where outputs will be published externally, the indemnity floor should be at least 12 months of fees. For workloads where outputs feed into customer-facing products, push for 3x annual fees uncapped on direct damages. Reject any "customer indemnifies vendor for use" clause that flips the indemnity direction.
The clause that quietly removes indemnity: "Customer agrees to use the content filters and safety classifiers as provided by Vendor. Indemnity does not apply where Customer disables, modifies, or routes around safety systems." This is reasonable, but enforcement is by vendor discretion. Negotiate a 30-day cure period, written notice, and the right to dispute the determination before indemnity is forfeited.
Audit rights and the EU AI Act
Audit rights were optional through 2024. From 2026, regulated industries need them. The EU AI Act Article 50 transparency obligations and Article 26 deployer obligations require customers to evidence that their AI vendor complies with documented practices. Standard vendor contracts give the customer no audit right. Negotiated contracts grant either a SOC 2 Type II inspection right, ISO 42001 certification disclosure, or a direct audit right for regulated workloads at the customer's expense with reasonable notice.
For financial services workloads under DORA (Digital Operational Resilience Act, effective 17 January 2025), the audit clause is non-negotiable. DORA Article 30 requires financial entities to have audit and inspection rights over ICT third-party service providers supporting critical functions. AI vendors classified as critical ICT providers must accept the direct audit right or be replaced.
The negotiation framework
Apply the framework below to every AI vendor contract review before signature. Aim for green on all five rows for any workload above $250,000 in annual fees or any workload involving customer or employee data.
| Row | Green | Amber | Red |
|---|---|---|---|
| Data residency | Named region, no carve-outs, written notice required | Named region with logs carve-out | Vendor-elected, no contract lock |
| Training opt-out | "Vendor does not train on Customer Content" in MSA | Opt-out by dashboard toggle | Vendor trains by default |
| Output IP | Customer owns, vendor warrants no third-party rights in outputs | Customer owns, no warranty | Customer indemnifies vendor for outputs |
| Copyright indemnity | Uncapped or 3x fees, named carve-outs only | Capped at 12 months of fees | Excluded, customer bears risk |
| Audit rights | Direct audit + SOC 2 + ISO 42001 disclosure | SOC 2 Type II only | Vendor self-attestation only |
The contractual workbook above is the same one our advisors use during enterprise AI procurement reviews. For the full procurement framework that pairs these contract clauses with vendor capability scoring, see our enterprise AI vendor selection framework and enterprise AI RFP template. For pricing benchmarks across the same vendors, see our enterprise LLM cost comparison and ChatGPT Enterprise pricing pillar. Engagement details for AI contract review are on our AI procurement advisory service page. For vendor-specific commercial context, see our Microsoft vendor hub and Google Cloud vendor hub.