While AI creates significant opportunities, it also poses novel legal and commercial challenges for parties seeking to define, measure, and maintain performance standards over the life of a contract. Additionally, the rapid evolution of both AI regulations and shifting customer demands require robust contractual mechanisms that futureproof agreements.

In this article we explore:

1. How to define and test AI performance, including transparency, fairness, and bias metrics.
2. How to draft AI contracts with enough flexibility to accommodate ongoing technological and regulatory change.

By addressing both immediate and longer-term risks, parties can create balanced, forward-looking agreements that reduce disputes and maintain trust.

Unlike traditional software solutions, AI systems typically evolve post-deployment, rely on diverse data sources, and produce non-deterministic outputs. Model drift has recently been highlighted by the ICO and other regulators as a key risk area, underscoring the need for demonstrable monitoring processes rather than ad-hoc spot checks. These characteristics complicate attempts to establish rigid success criteria in contracts. We analyse some of key factors driving this complexity below.

Dynamic training data

AI systems often continue to learn and adapt once in use, a phenomenon known as “model drift”. Over time, changes in data or business needs may lead to performance degradation. Contracts should mandate periodic recalibration or reassessment to ensure ongoing compliance with agreed performance levels. In complex deployments, parties can schedule retraining or tuning the model at specified intervals or trigger points (e.g. when the model’s accuracy drops below a defined threshold).

Opacity of decision-making

Many AI models, especially deep neural networks, operate as “black boxes,” offering limited insight into their reasoning processes. If a contract emphasises explainability, parties need to specify what explanatory methods (e.g. local interpretable model-agnostic explanations (LIME)) or documentation suppliers must provide and set out remedies for insufficient transparency. Where the AI solution is high-risk – such as in financial services or health diagnostics – customers may insist on transparency that goes beyond standard “black box” testing. This may involve requiring a “white box” approach, where a simplified or surrogate model is used to approximate the AI’s logic, so that decision-making pathways become more auditable.

Non-deterministic behaviour

Unlike traditional IT solutions, machine learning or deep learning tools may return different results even when fed identical inputs. Contracts should adopt threshold-based metrics – rather than one-off pass/fail tests – to accommodate this variability.

Data quality and governance

The performance and reliability of AI tools are heavily dependent on the quality of underlying data. Contracts should detail how data is sourced, cleaned, validated, and refreshed, and include data governance provisions (e.g. lineage, logging, security) to maintain visibility over model training and updates.

AI introduces new dimensions to performance evaluation, extending beyond classic metrics like uptime, response speed, or error rates. Essential contract provisions may include:

Bias detection and fairness

It is rarely possible to eliminate all bias, but contracts can impose bias auditing and set tolerance thresholds for consistent performance across different demographic groups. If bias is detected, the contract may require root cause analysis, retraining the model, or revising data inputs. Periodic monitoring helps identify unexpected shifts in the AI’s outputs over time. If the AI system interfaces with sensitive use cases – like recruitment, credit scoring, or patient triage – parties may consider adopting more granular fairness tests.

Transparency and audit rights

Many customers now demand visibility over the AI’s architecture and training parameters – particularly in regulated sectors like finance or healthcare. In practice, complete transparency can conflict with the supplier’s intellectual property interests, so contracting parties often agree on scoped audit rights. Data lineage clauses further boost transparency, ensuring that every stage of data ingestion, cleansing, and training is logged and traceable if an investigation is necessary.

Explainability reporting

Parties may require periodic “explainability” reports, setting out (in accessible language) how the AI arrives at particular outputs, which data sources are most influential, and how any model drift is managed. Where outputs deviate unexpectedly, the contract can oblige suppliers to deploy diagnostics, revert to a known stable version, or implement mitigation measures.

AI’s accelerated pace of change means that obligations can become outdated as technology and regulations evolve. Contractual provisions aimed at “futureproofing” help mitigate the risk of becoming locked into rigid requirements that no longer reflect best practices or legal obligations.

State-of-the-art obligations

Parties often reference external standards (e.g. relevant ISO/IEC guidelines) or “good industry practice” to determine whether the AI solution meets the required quality benchmark. Including language that obliges the supplier to continue improving or updating the system allows the contract to adapt to fast-moving developments. At the same time, suppliers may resist bearing the entire cost of technical upgrades demanded by new regulations or customer-specific changes, so cost-sharing and clear change management provisions become critical.

Regulatory roadmap and cost allocation

With multiple AI-specific laws either in force or under consideration worldwide (e.g. the EU AI Act), drafters should anticipate both substantive and jurisdictional changes. Useful mechanisms include:

• Cost-sharing: As a rule of thumb, suppliers bear “internal” compliance costs (e.g. updating AI architecture to meet new transparency requirements), while customers bear costs related to their specific operations.
• Regular reviews and notifications: Contract governance schedules should include a standing agenda item requiring each party to flag material new or amended AI laws.
• Escalation and exit: If the commercial or regulatory environment shifts dramatically and no compromise can be reached, well-crafted termination rights (and transition support obligations) allow parties to exit with minimal disruption.

Ongoing change control and iterative reviews

Borrowing from agile methodologies, AI contracts often stipulate scheduled check-ins or trigger-based reviews (like new laws or major technological breakthroughs). These reviews allow parties to update service-level agreements (SLAs), add new AI features, or revise performance thresholds without having to renegotiate the entire contract.

Contracts can include a ‘Technology Roadmap Update’ as a standing agenda item in regular governance meetings, obliging the parties to identify and discuss emerging AI trends or tools that could improve system performance or compliance, and fostering constructive collaboration rather than reactive contract amendments when challenges arise.

Proprietary AI models can lead to excessive dependence on a single supplier. To mitigate this risk, modern AI contracts incorporate:

Ownership and licensing of AI models

When an AI solution is trained on the customer’s data, parties often negotiate perpetual rights for the customer over data-derivived outputs while the supplier retains core model IP. This ensures the customer retains access to the value it helped create, even if it later switches providers, while the supplier retains core ownership of the underlying AI model architecture encouraging the supplier to invest in innovation.

Data portability

Upon termination or expiry, the supplier should deliver data and model outputs in usable formats (e.g. CSV, JSON). Transition services can ensure that the customer can migrate its data to another provider and continue operations with minimal delay.

Clear IP allocations

If the parties jointly develop new functionalities, the contract should clarify ownership and licensing of any foreground IP. This clarity bolsters certainty and mitigates legal disputes if either party wants to commercialise or modify the jointly developed features elsewhere.

To provide structure in the face of uncertainty, many parties adopt phased or iterative approaches:

Phased contract structures

A two-stage process (for instance, a proof-of-concept phase followed by a longer-term service) allows the parties to refine acceptance criteria once the AI’s performance has been observed in practice. Similarly, short contract durations or break clauses help avoid prolonged commitments to outdated models.

Shared data governance

Building joint governance processes into contracts ensures that datasets remain accurate, appropriately licensed, and secure. Detailed logging of data transformations and sources is especially valuable if regulatory authorities later scrutinise the AI’s decisions.

Continuous improvement obligations and SLAs

In higher-risk contexts, such as AI-assisted medical diagnostics or autonomous financial decision-making, parties often negotiate specific thresholds for accuracy or fairness. Service levels often focus on process-based commitments such as data quality and timely investigations, rather than definitive outcome guarantees. If the supplier repeatedly fails to meet agreed performance levels – such as accuracy metrics or bias thresholds – escalation provisions can allow the customer to bring in independent experts or auditors to conduct a root cause analysis.

AI offers immense potential for delivering cutting-edge technology services but demands more nuanced contracts than many parties are accustomed to. By combining flexible performance metrics, thorough data governance obligations, and carefully structured change control, suppliers and customers can mitigate the inherent complexities of AI projects.

Equally critical are futureproofing strategies – such as built-in upgrade paths, robust regulatory change provisions, and measures to avoid supplier lock-in – that ensure AI systems remain safe, legally compliant, and commercially viable over time. Through well-drafted, balanced clauses that anticipate both today’s requirements and tomorrow’s uncertainties, parties can harness AI’s power while managing its attendant risks in a constantly evolving market.