• |

Feb. 18, 2026

Contracting With Vendors to Mitigate Third-Party AI Risk

  • Vincent Pitaro
    Cybersecurity Law Report
When companies and law firms purchase an AI tool from a vendor, they need to consider the risks and controls they can put in place to mitigate them. They will have no control over associated risks unless their contracts with those vendors provide such rights. “Your AI governance program cannot work unless the vendor agreement gives the rights needed to enforce that governance,” William Galkin, partner and founder of Galkin Law, LLC, said during a recent Strafford program. This article synthesizes insights from Galkin and technology executives at BillingNav and morriganAI regarding risks from use of third-party AI tools and considerations for approaching contracting with vendors. It also offers practical advice on six key AI vendor contract clauses to help companies transform an AI governance program from just policy statements into enforceable operational safeguards. See our two-part series on how to manage AI procurement: “Leadership and Preparation” (Sep. 18, 2024), and “Five Steps” (Oct. 2, 2024).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.