AI training data and the contracts your enterprise customers will start asking for
Enterprise procurement is now asking SaaS vendors what their AI features were trained on. The answers founders give today will be quoted back to them later.
Two years ago, enterprise security questionnaires asked you to confirm encryption at rest and MFA on admin accounts. Today, the same questionnaires are asking what data your AI features were trained on, whether the training set included customer data, whether you used third-party models, and which third parties had what kinds of access. The questions are not yet uniform across procurement teams, but they are uniformly there.
The reason the questions are getting sharper is that enterprise legal teams have started reading their own SaaS contracts looking for exposure. The provisions they are finding tend to be old: definitions of “customer data” that did not anticipate model training, IP indemnities that assume traditional infringement claims rather than copyright disputes over training corpora, confidentiality clauses that did not contemplate prompts being logged for product improvement. None of those provisions would have looked unusual in a 2023 enterprise SaaS contract. In 2026, they look like risk.
Three things show up consistently in the procurement asks I am seeing across SaaS clients this quarter.
First, an explicit answer on whether the SaaS uses customer data, including prompts and outputs, to train, fine-tune, or improve any model. Most enterprise procurement teams now want a flat “no” to be the contract default and any exception to be a separately negotiated, opt-in clause. The SaaS that has this baked into its standard terms moves through procurement faster than the SaaS that has to negotiate it deal by deal.
Second, disclosure of subprocessors that include foundation model providers, with the same level of contract pass-through that subprocessors have always required. If your product calls an outside model, that outside model is a subprocessor. The argument that the call is “transient” or “stateless” is no longer an argument enterprise privacy reviewers accept, because their counsel has read the providers’ terms of service and seen the retention windows.
Third, an IP-indemnification regime that addresses third-party intellectual property claims arising from outputs the AI feature produces. Standard SaaS indemnities tend to cover infringement caused by the SaaS’s product. Enterprise customers now want indemnification that follows the output, including outputs that touch the customer’s content or are used in the customer’s downstream materials. Negotiating that scope late in the deal cycle is painful. Drafting it cleanly into your standard terms is much less painful.
The practical takeaway for SaaS founders is to read your customer agreement, in 2026 eyes, with the question “would I be embarrassed by my own definitions of customer data, training, and indemnity if quoted back to me by a Fortune 500 procurement team?” The answer for most SaaS products built before 2024 is yes, and the rewrite is overdue.