Setting the Standard for AI Contracts: A Practical Guide to Australia’s ‘AI Model Clauses’
Businesses are adopting AI technologies at an unprecedented pace, but contractual clarity around what to demand—and who is accountable—remains elusive. For companies and public agencies that develop or procure AI solutions, a well-structured contract is not just helpful—it’s essential for minimizing legal and operational risk.
This post introduces the core content of version 2.0 of the AI Model Clauses, published by Australia’s Digital Transformation Agency (DTA) in late 2024. These model clauses offer actionable legal guidance for both suppliers and buyers of AI systems.
You can view the original document here:
https://media.licdn.com/dms/document/media/v2/D4D1FAQEW4d5Hgn-FfA/feedshare-document-pdf-analyzed/B4DZbxj612GwAc-/0/1747809458951?e=1748476800&v=beta&t=5yWN1_FnyaIUiSiMNXEOUg4b-mlYI6IWOXQSue7OJIw
What Are the AI Model Clauses?
The AI Model Clauses provide a set of standard legal terms for the use of AI systems in service delivery or as standalone solutions. While created for public sector contracts, these clauses reflect global best practices and can be highly valuable in private-sector B2B AI transactions as well.
Foundational Requirements for AI Use and Accountability
Suppliers must obtain prior written approval from the buyer before using AI systems in delivering services. Even if AI is used only for internal or partial functions, full responsibility remains with the supplier.
Suppliers are required to verify the accuracy and reliability of AI-generated outputs and maintain comprehensive records related to data flow, system interaction, and storage.
Additionally, the use of prohibited AI systems (e.g., DeepSeek) is strictly banned. Any breach may result in immediate termination of the contract.
Contract Terms for AI System Development Projects
Where the buyer commissions the development of an AI system, the contract must clearly outline:
The intended use, deployment environment (e.g., cloud-based), and integration requirements
User manuals, explainability thresholds, and testing procedures
The model architecture, ownership, and origin of training data
A mandatory "circuit breaker" capability to immediately suspend system operation in emergencies
The model stresses that AI systems must be designed for human oversight, with provisions allowing for immediate interruption if the system behaves unpredictably or harms users.
Privacy and Data Management Obligations
The clauses incorporate robust data protection provisions under Australia’s Privacy Act 1988, including:
Mandatory notification and impact assessment within 72 hours of any eligible data breach
Equal legal obligations for subcontractors and supply chain participants
Data must be stored and processed within national borders unless explicitly authorized in writing
Explainability and Human Oversight
AI systems must produce outputs that are understandable to human reviewers. Both public officers and end users should be able to comprehend, override, or question automated results.
This requires:
Clear documentation explaining AI-generated outcomes
Technical details including model components, parameters, training methods, and algorithmic logic
Features to prevent overreliance on AI judgments, including user training and guidance prompts
Training Data, Testing, and Continuous Monitoring
Suppliers must declare the source of training data, indicate any embedded bias or personal information, and allow buyer audits as needed.
The system should undergo regular testing and validation, including:
Defined Acceptance Testing and Pilot Testing
Version tracking and update documentation
Potential delivery of source code depending on contract terms
Intellectual Property and Data Rights
Ownership of the developed AI system and related datasets is determined by the contract. Public-sector agreements typically grant IP ownership to the buyer, while the supplier receives a limited-use license.
Suppliers are strictly prohibited from using buyer data for training external AI models (e.g., data mining or ingestion). Upon contract termination, all buyer data must be either returned or securely deleted.
(This clause is especially relevant to AI vendors and SaaS providers.)
This document serves as a practical reference point for any company involved in building or procuring AI solutions. It is designed to ensure that essential legal safeguards—ISO 42001 compliance, privacy, accountability, explainability, and testing—are clearly defined and enforceable.
In an era where AI continues to evolve, contracts must evolve with it.
At LexSoy Legal LLC, we remain committed to sharing actionable legal frameworks and risk management strategies to help companies stay ahead in the AI age.
For legal support or contract review inquiries, contact sc@lexsoy.com.
© LexSoy Legal LLC. All rights reserved.
All content on this site is the property of LexSoy Legal LLC and is protected by copyright and intellectual property laws.