Insights: AlertBasics for Corporate Counsel to Consider About Generative AIAugust 24, 2023 Generative artificial intelligence (“GenAI”) and GenAI tools like ChatGPT have a significant opportunity to revolutionize how many organizations do business. GenAI tools allow users to brainstorm ideas, quickly generate content, and save precious time, which can provide organizations who leverage these tools a significant commercial advantage over those that do not. For these reasons and others, many organizations are leveraging (or preparing to leverage) GenAI tools for their internal business purposes, developing GenAI products, or incorporating GenAI into their existing products. Regardless of the particular use case, GenAI presents various legal risks. However, an informed attorney can mitigate these legal and regulatory risks to drive an organization's adoption of GenAI and help an organization derive tremendous benefit from GenAI. Key Legal Considerations Regarding GenAI Although legal issues when using GenAI vary depending on the use case, below are a few key legal issues to consider.
GenAI policies will vary depending on an organization's use of GenAI, but may include, for example, the following: (a) requiring employees to obtain prior approval for the use GenAI outside of pre-approved or basic time-saving tasks; (b) prohibiting proprietary information and sensitive data from being entered into the GenAI tool; (c) including a rule that all GenAI produced documents are drafts that must be carefully reviewed; (d) a process for how concerns and complaints regarding GenAI will be addressed; (e) individuals at the organization responsible for overseeing GenAI (which will likely consist of stakeholders from multiple departments, including legal, marketing, product, and employment); and (f) accounting for how to revise the policies given the evolving legal landscape for AI. If an organization is providing a GenAI product to its own customers, to mitigate this risk, the organization should disclaim the accuracy and reliability of content created through GenAI and encourage customers to carefully review and edit their GenAI content. Other ways businesses providing GenAI tools to their customers can mitigate risk concerning inaccurate, harmful, or illegal outputs include: (a) prohibiting use by customers in higher-risk industries; (b) implementing a content moderation process; and (c) drafting terms of service shifting responsibility of the outputs to customers and prohibiting customers from using the GenAI tool to produce illegal, harmful, defamatory, or infringing outputs.
High-Level Overview of AI Regulation and Enforcement It is important to note that most countries currently lack comprehensive AI regulation, so developments should be carefully monitored.2 In the United States, there is currently no comprehensive law regulating AI. For now, the executive branch has largely taken the lead on addressing AI, including: (a) publishing a White House fact sheet announcing new actions to promote responsible AI innovation; (b) creating a National Institute of Standards and Technology AI Risk Management Framework; and (c) creating a Blueprint for an AI Bill of Rights. Internationally, there have been significant developments concerning comprehensive AI regulation. On August 15, 2023, China's Interim Measures for the Management of Generative Artificial Intelligence Services entered into effect. On June 14, 2023, the European Parliament formally adopted a compromise text on the European Union's AI Act, which is being followed by a negotiation process. Other countries, such as Canada, with its Artificial Intelligence and Data Act, may also ultimately take the lead on comprehensive AI regulation. For companies utilizing or leveraging GenAI, it is also important to monitor AI enforcement. Italy's data protection authority temporarily banned ChatGPT but lifted its ban after OpenAI addressed or clarified issues surrounding ChatGPT. Although much is to be seen on how AI is to be enforced, organizations can learn from other applicable enforcement regarding data science initiatives and automated decision-making. Notably, in May 2023, the FTC issued a proposed order requiring a video doorbell camera provider to pay $5.8 million in consumer refunds and delete data, models, and algorithms. The FTC stated that the company deceived its customers by allowing any employee or contractor to access consumer's private videos, using customer videos to train algorithms without consent, and failing to implement basic privacy and security protections. This enforcement highlights the need for proper internal governance and policies and procedures and providing adequate transparency to consumers surrounding the use of data, which are concepts that will also apply with respect to GenAI. As the regulatory framework and enforcement regarding AI evolves, it is important for attorneys tasked on advising an organization on GenAI to be aware of the legal considerations surrounding GenAI. If done effectively, an attorney can effectively implement appropriate risk mitigation measures to ensure businesses can derive the benefit from the use or provision of GenAI tools. The exact legal issues regarding GenAI and how to best mitigate risk will depend on the particular use case. For questions regarding this article or advice on a particular use case, please contact us. FootnotesRelated People![]() Meghan K. Farmer
mfarmer@ktslaw.com ![]() Jon Neiditz
jneiditz@ktslaw.com ![]() John M. Brigagliano
jbrigagliano@ktslaw.com |



