Buying or Selling AI and Robotics Systems
If you’re in the market for AI or robotics systems or if you’re seeking to sell the same, you’re up against a series of new and interesting challenges. Technology is changing so rapidly and systems are becoming so capable of human-like behavior, the complexity of buying and selling software and hardware has increased and will continue to increase exponentially over time.
One of the most important parts of any artificial intelligence or robotics deal is to make sure that the seller and the purchaser understand the unique context of an AI or robotic system that is distinct from “normal” software and hardware. Often that comes with questions such as, “What does this need to actually do?” and “What do we need to hold the seller to?” Answers to these questions are often going to be criteria based on how the AI system is going to perform in the field, or what the robot is going to be doing. From there it’s important to ensure that there are success criteria laid out in the specifications for that product or service that are going to be very specific to that robot or AI system.
It’s also necessary to think about the risks that are unique to AI. Because AI is so diverse and complex, you can't simply provide a laundry list of what the top three risk factors are. That said, you would at least be seeking to find out if the system works the way the seller is promising. For example, it’s very important to check if the algorithm at the heart of an AI system produces results that are off in some way because the data used to train the algorithm is biased in some way. Naturally, creating a bias against customers or potential customers is a huge legal risk that needs to be mitigated. Even if the algorithm produces no bias, it’s important to find out if there are possibilities of attack or manipulation by the users or by people who might encounter the system (those seeking to maliciously create bias, for example). When you're facilitating a deal like this, you have to drill down deeply to understand what are the things that can go wrong with this particular system and what are the ways that the seller can mitigate those risks.
Negotiating Robotics and AI Purchase Agreements
SVLG’s AI and Robotics group helps clients create contracts to sell products and services related to artificial intelligence and robotics. We also help purchasers of those technologies to procure products and services using AI and robotics. If a company wants to offer robots in the marketplace or sell AI systems (or license the software having to do with AI), it has to create an agreement in order to get the revenue. The company will want to have a contract that is an agreement for the customer to pay for the product and or service. The agreement sets up that business relationship, and at the same time mitigates the legal risk of the seller. The process that the seller considers first is to establish the business model between the company and the customer. The business model answers the questions of:
What kind of relationship are we having?
Am I offering software that will be placed in a data center?
Am I offering this software as a service?
Am I selling a robot that will also have embedded firmware and software?
Next, is thinking about an appropriate form of agreement that matches what that business model is. The number one problem with contract drafting and negotiation for sellers is that they're starting with an incorrect form. They've got the business model wrong, so they don't have something that matches their needs (and perhaps the client’s needs as well), so they end up wasting a lot of time and energy. Once the correct form is established, then it’s vital to ensure it contains proper terms and conditions about everything that they're providing. At the same time, it’s important to ensure that the seller is holding the customer to what they need them to do. They want to also make sure that the customer isn’t abusing their product in some way (for example, misusing the software in some fashion). It’s important to include general terms and conditions that are true for a lot of software and hardware products; this provides a certain level of generalized protection for both sides. When it comes time to negotiate these agreements, the vendor sends out a form agreement to a customer, the customer looks at it, there's some discussion about it, they may mark it up, and at some point, legal representation will have a conversation. Hopefully, at the end of the time, they strike a deal and the product and service are then provided to the customer.
Buyer Considerations
First and foremost, the customer must go through a process of due diligence. A big part of due diligence is first understanding themselves to find out what their needs truly are. This is of utmost importance to ensure they're not buying the wrong product or service. Once they've identified a proper product or service, they investigate the marketplace to see who provides that product and/or service. There may be multiple providers that they can talk to at the same time to see who's got the best deal. During that period of time, it's critically important for the purchaser to make sure they understand what they're buying, what the risks of buying are, and the privacy and security implications of what they would be receiving. What kind of personal data would they be providing to that vendor? What kind of personal data would the vendor have access to? From there, it’s important to make sure that whatever agreement is coming from the vendor satisfies their needs. Often, the purchaser is receiving a vendor form agreement that is very unfavorable to the purchaser. If that’s the case, the purchaser (guided by legal counsel) is best served to mark it up and make sure that its legal interests are protected. After that comes the process of negotiation, and ultimately the purchase.
Risk Assessment: Protecting Yourself and Your Clients
When a company rep is buying or offering a product or service, especially in AI and robotics, he or she should be thinking about what the potential uses are of the personal data that might be accessed by the system.
What kind of information is being collected?
How is it being used?
How might it be shared?
Where does that information go?
If you can't answer these fundamental questions you are putting your company and your clientele at risk, so you have to understand the answers to these questions first.
Next, you have to ask yourself:
What's the universe of threats out there?
Of all the problems that we might see, from a privacy and security perspective, what are the real threats to our organization, this product, or to the public from using it?
How likely are these threats to come to pass, and what could happen if they do?
When you have the risk assessment in your hands, you can then identify the major threats. You’ll be able to identify which ones might cause the most harm, and the ones that are likely to occur (and hopefully with what frequency). With our expertise, SLVG can help prioritize them and also help ensure those risks don't crop up and subsequently cause legal risk to your company and problems for your customers or for the public.
Data Privacy and Security
Once you've investigated privacy and security threats, you can assess your program to make sure that you’re addressing any issues that arise, that you're handling information the way you should, and that people are doing what you instruct them to do to ensure safety (employees, contractors, etc.) It’s vital to ensure that you've trained people on how to protect personal data and to make sure that they keep it secure. It’s equally important to assess their performance through audits or other metrics to make sure that they're following the policies and procedures, reporting incidents properly, and learning from what they've done in the past to improve the next time. It’s important to note that there are local, federal, and international laws that need to be taken into consideration when developing and implementing AI and robotics systems.