Mutual NDAs for AI Vendors: Why “Standard” Terms Aren’t Enough
As fractional and outside general counsel across multiple industries, I have to stay ahead of legal changes that hit each of my clients differently. Right now, one theme is universal: almost everyone is trying to figure out how to implement AI safely.
For many companies, that journey starts with AI‑related SaaS vendors—LLM copilots, data‑analysis tools, “AI layers” on top of existing platforms, and custom AI integration shops. And almost every one of those early conversations starts the same way: “Can you sign our standard mutual NDA?”
The problem is that “standard” mutual NDAs were built for a very different world.
Why Traditional NDAs Don’t Fit AI Use Cases
Traditional NDA forms still assume that confidential information means a few files over email or Dropbox and maybe a shared folder with some PDFs. The risk model is simple: a human reads what you sent, and the NDA controls what they can do with it.
That is not how AI‑driven vendors work. When you share data with an AI vendor today, that information can end up in:
The vendor’s existing or future models
Embeddings and vector stores
Fine‑tuned model weights and parameters
Prompt and inference logs
Third‑party AI tools and infrastructure they plug into
If your company holds sensitive customer or client data—financial records, trade secrets, proprietary business data, or regulated personal data—you cannot just give an AI vendor access on 2010‑era confidentiality terms. You are typically already on the hook under an NDA (or a broader commercial agreement) with your own customers or clients. If your vendor mishandles that data, you are the one your clients/customers look to first. That is a fundamentally different risk profile, and it calls for a fundamentally different NDA.
Introducing a Mutual NDA for AI Services and Vendors
To address this gap, I drafted a Mutual NDA tailored specifically for AI services and AI vendors and I’m making it available for free.
This mutual NDA is designed for company ↔ AI vendor / AI developer relationships, including:
AI‑enabled SaaS tools that ingest or access your company’s data
AI consultancies and integrators building or fine‑tuning models for you
Vendors offering retrieval‑augmented generation (RAG), analytics, or copilots on top of your systems
Any vendor that wants to plug into your environment and use AI on your behalf
Instead of treating AI as an afterthought, the NDA treats AI‑related risk as the core design problem.
Key AI‑Specific Protections Built Into the NDA
The Mutual NDA for AI vendors keeps the familiar structure of a standard mutual NDA, but adds several AI‑specific protections that most “market” forms still lack.
1. Expanded definition of Confidential Information
The NDA expands “Confidential Information” to expressly capture AI‑derived artifacts, including:
Embeddings and vector indexes
Model weights, parameters, and fine‑tunes derived from your data
Prompt logs and inference logs that incorporate your information
Any other technical artifacts reasonably capable of revealing your data
The goal is simple: if the vendor or its tools can reconstruct or infer your confidential information from it, it should be treated as confidential and governed by the NDA.
2. No‑training, no‑commingling, and tenant isolation
Most off‑the‑shelf NDAs say “don’t use our information for any purpose other than X.” In AI, that is not enough.
This NDA adds tighter use restrictions, including:
No‑training provisions that prohibit the vendor from using your information (or AI‑derived artifacts) to train, fine‑tune, benchmark, or otherwise improve any model not owned by you
No‑commingling language that forbids mixing your data with other customers’ data in a way that enables cross‑use
Tenant isolation requirements for vector stores, embeddings, and models so that what is built on your data is logically and physically segregated from other customers
If a vendor tells you “our models learn from all clients by design,” these provisions smoke that out quickly.
3. Guardrails on third‑party AI tools and subprocessors
Most AI vendors don’t build everything themselves. They rely heavily on:
Third‑party foundation models
Cloud AI services
Infrastructure‑level AI tools and observability platforms
The NDA therefore builds in guardrails around third‑party AI tools and subprocessors, requiring the vendor to:
Disclose material third‑party AI tools that will receive your Confidential Information
Flow down no‑training and no‑commingling obligations to those tools
Remain responsible if those subprocessors mishandle your data
If a vendor says “we just use whatever’s in the default SaaS terms,” this NDA gives you a structure to push for something stronger.
4. AI‑specific incident, deletion, and audit provisions
AI systems create unique incident and remediation challenges that traditional NDAs never contemplated. This NDA adds:
AI‑specific incident provisions, recognizing that “misuse” may include prompt injection, model inversion, or unintended memorization of your data
Deletion and isolation language targeting models, embeddings, prompt logs, and backups, not just “documents”
Audit‑oriented protections focused on verifying that your data is not being used to train or benefit other customers and that tenant isolation is actually being enforced
When to Use the “Full‑Strength” AI NDA vs. a Slimmer Version
The draft NDA is a form, a starting point, not legal advice. It is being provided for informational purposes only and should be adapted to your specific situation, jurisdiction, and risk profile.
It also has teeth. It assumes you are dealing with real risk around sensitive data and a sophisticated AI stack. In many low‑risk use-cases, you may not need every bell and whistle. You can dial it back into a slimmer mutual NDA that still keeps, for example:
Strong AI‑aware definitions
Clear no‑training / no‑public‑AI clauses
Sensible isolation and third‑party tool language
But if exposing your customers’ or clients’ data is even on the table—and you are already bound by their NDA or data‑protection obligations—you should be asking hard questions about which protections your AI vendor cannot live with and why.
“Standard mutual NDA” is not a magic phrase. If the form is 15 years out of date, it is not standard for AI work—it is just outdated.
How This Fits into a Broader AI Contracting Strategy
A thoughtful AI NDA is one piece of a broader AI contract strategy. In many deals, you will also want:
AI‑specific provisions in your master services agreement or SaaS agreement
Clear data‑processing and information security addenda
Practical data‑mapping and vendor‑risk processes on your side
If you’re interested in more on those topics, let’s grab a coffee!
Who This NDA Is For—and How I Can Help
If you’re a privacy, AI, or cloud security lawyer, or in‑house counsel on either side of these deals, I would genuinely value your feedback on this mutual NDA and on how you are handling AI risk in your own confidentiality agreements.
If you are a founder, executive, or in‑house leader working on AI implementation or negotiating AI contracts and you don’t understand half of the terminology in this post, that’s okay—this is exactly the kind of work I do as outside general counsel.
Among other things, I help companies:
Negotiate and modernize NDAs and commercial contracts for AI use
Align their vendor agreements with their own client and customer obligations
Build practical, business‑oriented contract frameworks that keep pace with technology
If that’s where your company is right now, I’d love to talk about how I can help you implement AI without accidentally giving away the store. Click here to learn more about my practice, and contact me today!
