AI
& Generative AI Companies

Yes — and it needs to address three surfaces: the brand (trademark), the training data (copyright and licensing), and the model outputs (ownership and registration strategy). AI-generated works face evolving registration requirements at the U.S. Copyright Office, and your product name competes in the same trademark clearance process as any other brand. We build the IP stack that protects what you've built and holds up during fundraising and acquisition diligence.

If you have employees or contractors using AI tools day-to-day, yes — at minimum an AI Acceptable Use Policy. If your product includes AI features, you need a governance charter before the first enterprise deal or investor diligence round. The cost of having no governance documentation isn't regulatory fines. It's the deal that stalls when procurement asks for a document you don't have.

It depends on where your users are and what your AI does. The EU AI Act applies if your AI reaches EU users regardless of your headquarters. California's synthetic media transparency bills (SB 942 and AB 2655) apply to AI-generated content. The Colorado AI Act SB 24-205 targets consequential decision-making systems. In Canada, AIDA is in development and Quebec Law 25 cross-border data obligations apply now. We map your specific regulatory footprint based on your product, your users, and your jurisdictions.

Possibly — but it needs analysis. Copyright law on AI training data is actively litigated in the U.S., U.K., and Canada, with courts and legislatures reaching different conclusions. The question turns on where the data came from, whether licenses permit AI training use, whether the content constitutes personal data under GDPR, CCPA, or Quebec Law 25, and whether fair use or fair dealing applies to your specific use case. We review your data provenance and document the analysis so you have a defensible position.

The answer depends on three variables: how much human creative input shaped the output, your AI vendor's terms on output ownership, and the applicable copyright law. The U.S. Copyright Office doesn't register purely AI-generated works lacking meaningful human authorship. Most AI vendor agreements assign output rights to the customer but retain training and quality-review rights over inputs. An IP ownership memo documents the analysis and gives you a defensible answer for investor and enterprise due diligence.

A DPA governs how personal data is processed — by you, by your AI vendors, and by any sub-processors your model uses. For AI companies specifically, it addresses whether personal data enters your training pipeline, what disclosure obligations apply when personal data informs AI outputs, and the cross-border transfer mechanisms needed when EU data flows through a U.S.-hosted model. We draft customer-facing DPAs, review vendor DPAs, and build the sub-processor schedule that enterprise procurement requires.

The EU AI Act classifies AI systems as unacceptable risk (prohibited), high-risk (heaviest obligations), limited risk (transparency duties), or minimal risk (no mandatory requirements). High-risk systems include those used in employment screening, education, creditworthiness, biometrics, and critical infrastructure. Most consumer SaaS AI doesn't hit high-risk, but the classification exercise is required before you can confirm that. We produce a risk-classification memo that maps your specific AI features to the EU AI Act Annex III categories and documents the determination.

Yes. California has layered AI-specific statutes on top of existing privacy law. The CCPA/CPRA governs automated decision-making and profiling with opt-out rights. The California AI Transparency Act requires provenance disclosure from large AI providers. AB 2655 and SB 942 impose synthetic media labeling obligations. The California AI governance debate continues to evolve every legislative session. Companies operating in California face the densest state-level AI compliance environment in the U.S.