AI Contracts for a Robotics Company

Overview

We have been assisting one of our clients – Extend Robotics – since 2023. 

Extend Robotics has developed various software solutions to integrate robotic equipment with human operators, using virtual reality (VR). Whether it is using a robot to serve drinks, precision manufacturing, agriculture or space exploration: Extend Robotics is pushing the limits of human capability with an intuitive solution that anyone can use. By strapping on any consumer VR headset, the user can remotely control a precise robotic arm anywhere in the world.

When we were first contacted by Extend Robotics, they asked us for assistance with a review of their existing agreements: : (1) a software licence for the VR application, (2) a supply of goods contract for robotic equipment, and (3) its UK GDPR required privacy notice.

You can read more about that in our other case study for Extend Robotics here.

We were recently contacted by Extend Robotics for further assistance. The team wanted to leverage AI to potentially supercharge its use case. By using an AI tool within its existing VR software, a user could quickly and easily automate a task performed by robotic equipment. Think a robot being “taught” once or twice to harvest a field of fruits or vegetables. Not only that, the AI assisted runtime could be replicated over multiple instances, rapidly scaling up automated production.

EM Law needed to create amendments to Extend Robotics’ existing documentation that would elegantly tackle the issues raised by the involvement of AI. 

Context and Challenge

Integrating AI tools into a SaaS solution such as Extend Robotics’ VR platform, from a legal perspective, doesn’t require us to reinvent the wheel. However, given the involvement of a physical device that would capture the “input” required by the AI, it was crucial that we get to grips with exactly what is going on with the data flows from the user to the robotic equipment and back again. 

Input, in broad terms, refers to what a user provides to an AI – that can be text, audio, images, video and any other materials – in order for a model to produce “output”. Output is a response to the user’s input. That output can also be anything, depending on the AI model in question. 

Ensuring that any intellectual property rights attaching to the input and the output were dealt with was a key consideration for us, and it is particularly important from a potential customer’s perspective. Many businesses are, rightly, alert to the fact that AI developers require data to “train” their models. Training refers to the process by which an AI model can learn from data by a process of (1) “ingestion” and (2) “embedding” that data within the mathematical algorithms within the AI. By this process the algorithm can automatically adjust to real world data, and perform better the next time it encounters the same or similar input. The training process can operate as a use of intellectual property that needs to be taken into account by AI developers such as Extend Robotics and its customers. Getting it wrong might mean that both the customer and the AI developer might be using input or output without the relevant licences. 
Relatedly, Extend Robotics was keen to ensure that it complied fully with the UK GDPR. This meant taking into account any personal data that is used in connection with an AI to ensure that both parties’ (and data subjects’) rights and obligations are taken into account. The UK data protection regulator, the ICO, is incredibly focused on AI. 

One of the key challenges is that, as the ICO rightly points out, AI tools can be trained on personal data. The training process may mean that personal data is being ingested and embedded into the AI tool itself. Ensuring that data subjects are fully aware of what is going on and understanding (a) what personal data is being collected and (b) how it is being used is a core compliance aspect of the UK GDPR. It is more than merely stating that an AI is involved in the processing – it is necessary to get behind the issue and set out in your public facing documentation what is really going on. 

This compliance requirement applies to data controllers. It doesn’t apply to data processors – organisations that process personal data on behalf of another organisation. Data processors, however, are required to enter into a contract that contains certain terms required by the UK GDPR: usually encapsulated in a “Data Processing Agreement” or a DPA. Extend Robotics was no different; we realised quickly that we needed to create a bespoke DPA that delineated between the user data that Extend Robotics processed as a controller and as a data processor. In going through the DPA exercise, Extend Robotics could fully understand its core compliance responsibilities.

Finally, as the AI tool had real world effects, it was necessary to ensure that, if anything went wrong, the contractual liabilities were fully covered. Certain liabilities aren’t able to be limited by law, but others can be addressed by suitable contractual disclaimers that reflect the parties’ real world responsibilities for the operation of the VR platform and the robotic equipment. 

Process and Insight

To address the intellectual property aspects of Extend Robotics’ new AI tool, we really had to dig into the technical aspects of how a user provides data and information that would be used by an AI. Is just a recording of how the robotic equipment was used? Is it more? How is it collected? Can a user reject the recording? What happens to that data? What is produced by the AI in response to input? These are just a few of the questions we had to go through with Extend Robotics in detail to ensure that any intellectual property rights attaching to the input data and output data was being captured. 

Once we went through those questions, the UK GDPR aspects began to fall into place. What we realised at the time is that the key question will be the level of anonymisation that takes place when the AI is using personal data. Sufficiently anonymised personal data isn’t, for the purposes of the UK GDPR, personal data any longer. It is entirely possible that AI tools can be structured in such a way that minimises the processing of personal data and promotes anonymity wherever possible. 

We had to go into detail with Extend Robotics as to the legal test for anonymity and the extensive ICO and EU guidance on this topic. With that information gathered, we could apply it to the DPA and Extend Robotics’ associated privacy notice. 

On liability, we had to think deeply about what might go wrong for both the customer and Extend Robotics. Even, as in this case, the risks are extremely remote, this was a situation where it was necessary to bounce ideas amongst the EM Law team in order to fully appreciate and accommodate who would be responsible for what. 

Solution

We then proceeded to amend Extend Robotics’ existing documentation. Having done the heavy lifting beforehand, the relevant amendments were straightforward to draft for.

Results

We were able to turn around the necessary amendments quickly and finalise the details with the Extend Robotics team on a short call. They’re now working to implement their VR platform in some of the UK’s leading businesses.