In addition to the AI Act, businesses must also consider data protection, copyright, and licensing conditions. This applies to both the inputs into AI systems and the outputs generated by these systems.

Consider data protection

If you enter personal data such as names, addresses, or job application information into an AI system, there is a risk that this data might be used for training the AI model. This would require consent under the GDPR – something most businesses do not have. Therefore, the safest approach is to avoid entering personal data into prompts or to fully anonymize it beforehand, or consult a specialized provider to ensure GDPR compliance. The same caution applies to trade secrets and confidential business information: when in doubt, anything entered could later resurface.

Respect copyright

Copyright also plays an important role. AI is not considered an author, and content created by AI with only minimal human modification is not protected. If you want exclusive usage rights, the content must be significantly edited by a human. Additionally, there is a risk that AI-generated content may violate copyright if it closely resembles training material. In such cases, users are liable – just as with human authors. However, some providers, like Microsoft, offer guarantees against such risks.

Observe licensing conditions

Moreover, the licensing conditions of AI providers must be observed. Free versions often permit the use of your inputs and outputs for training purposes. If you do not want this, you usually need to switch to paid versions and carefully review the conditions – particularly restrictions like "no commercial use."

Finally, businesses should also adjust contract arrangements with suppliers. Many providers now use AI, even if AI is not part of the contract – for example, software providers in code generation or accountants in document processing. A ban is hardly enforceable. It is more practical to set clear rules in purchasing terms, such as an obligation to disclose whether AI systems are used and whether high-risk AI is in operation, requirements to document decision logic and training data on request, guarantees for verified and secure AI versions, and clarifications that AI errors do not limit the supplier's liability.