AI Clauses in NDAs: Protecting Confidentiality Without Killing Collaboration

Confidentiality has always been the foundation of dealmaking. But as generative AI tools weave themselves into everyday legal and compliance workflows, a new question is emerging: how do we protect sensitive information in an era where the tools we use to analyse, summarise, and manage it are, by design, data-hungry?

Over the past year, we’ve started to see NDAs - and increasingly, engagement letters - include clauses that seek to address AI use. 

Most are well-intentioned; few are practical. 

Some go so far as to ban AI entirely. Others ignore it altogether. 

Both approaches miss the point.

Why this is happening

For many parties, the motivation is simple: protect their data. The rise of large language models (LLMs) has created understandable anxiety about where information goes once it’s entered into a tool - and whether it could reappear elsewhere.

But the response has been uneven. 

In practice, AI clauses have been relatively uncommon. Until recently, they were only appearing in only a small minority of NDAs we review. However, the proliferation of AI now means we're increasingly advising clients on the practical implications of such clauses, and we’re now seeing a corresponding uptick in their inclusion across the market. Outside of NDAs, we’re also seeing it crop up in other contracts, like engagement letters, where the client is the one disclosing information.

The earliest examples were sweeping prohibitions drafted out of caution rather than understanding. The problem is that many standard enterprise tools already embed AI functionality - from Microsoft 365 and Google Workspace to specialist legal platforms - meaning a blanket ban can make an NDA effectively unworkable.

Today, we’re starting to see a more nuanced approach: clauses that limit the use of confidential information in training or fine-tuning generative models, rather than prohibiting all AI use.

The problem with most AI clauses

The biggest issue isn’t intent, it’s execution. Many clauses are drafted by lawyers who don’t fully understand how AI systems operate - or what risks they actually pose.

A typical example reads:

“Without the Discloser’s consent, no Recipient shall use, input, or incorporate any Information into any artificial intelligence or machine learning models, including but not limited to large language models (such as but not limited to ChatGPT), whether for training, fine-tuning, inference, or any other purpose. This prohibition applies to both public and private AI or ML systems.”

The problems are visible from the outset: the clause sweeps in far more activity than is necessary or commercially realistic. It would prohibit the use of any AI-enabled tool — including secure, private enterprise systems — and create obligations that most recipients simply cannot meet. Instead of addressing specific risks, provisions drafted this widely tend to hinder normal business operations and create unnecessary uncertainty about what tools can be used at all.  Most software used in financial and corporate environments now includes some form of embedded AI, including Microsoft 365 with Copilot, Gemini in Google Workspace, Salesforce Einstein, Adobe Acrobat/Creative Cloud, Zoom, Slack, DocuSign - the list of AI-enabled applications goes on and on. So, a provision drafted this broadly becomes effectively unworkable.

When our clients are the receiving party, these clauses are usually challenged or negotiated down. But counterparties rarely agree to full deletion. The compromise we’re increasingly seeing is prohibiting open-source or public generative AI that would result in making the information available or searchable to the public, while allowing use of controlled, enterprise-grade systems - provided confidential data isn’t shared externally or used for training large language models.

What the real risk looks like

The genuine concern isn’t just that someone might ask an AI tool about a deal; it’s that, for any large language model to generate content, it must read and internally represent the data. In multi‑tenant or vendor‑hosted systems, those representations and logs may be retained for quality assurance, safety, or model improvement—meaning once confidential data is input, you cannot reliably prevent it from influencing outputs available to other users.

That exposure is highest with public or open models where prompts and data may be stored and used for training or evaluation. It can be materially reduced in private or enterprise deployments that enforce strict data‑isolation controls, retention limits, and no‑training guarantees (e.g., prompts not persisted, weights not updated, vendor personnel access tightly controlled). But it isn’t “zero‑risk” unless those technical and contractual safeguards are explicitly in place.

NDAs should make this distinction clear. Referring to “open-source” or “third-party accessible” AI systems is far more precise than prohibiting “AI” as a category.

Right now, there’s no formal regulatory guidance on this issue, but we expect that to change as generative AI becomes more embedded in professional services.

A risk-based - not fear-based - approach

This is where Avantia’s experience is different.

Our firm was built on AI - not as a buzzword, or something we’ve plugged in, but as part of how our lawyers work every day. We understand both the technology and the law because our workflows rely on both. That means when we advise on AI clauses, we’re not speculating about how these tools function; we’re working from first-hand experience.

Like everything, AI clauses shouldn’t be written to eliminate risk entirely - that’s impossible. They should be written to manage it intelligently.

That means recognising how professionals actually work, and ensuring protections are focused where they matter: preventing confidential information from being used to train or refine external models or from making it available to unauthorized third parties.

Avantia’s teams are already advising clients on how to update NDA and engagement letter templates, building clauses that are realistic, enforceable, and commercially acceptable. It’s about drafting for the world we now operate in - not the one we left behind.

What to say - and what not to say

As the market matures, we expect to see best practice begin to converge around a few simple principles:

Do say:

• Define “AI” and “Generative AI” precisely.

• Allow for the use of secure, enterprise-grade or private AI tools.

• Specify that confidential data cannot be used to train or fine-tune models.

Don’t say:

• “No AI tools may be used.”

• “AI or similar technologies.”

• Clauses that require disclosure of every internal system used - they’re unworkable and commercially intrusive.

Where this is heading

Within the next 12–18 months, AI clauses are likely to become a standard part of NDAs. As definitions and norms start to settle, firms that understand both the legal and technological implications will negotiate faster and with more confidence and less friction.

The bigger risk lies in ignoring the issue altogether.

• As recipients, firms may find themselves signing unworkable obligations that block standard workflows.

• As disclosers, they risk confidential data being used in ways that weren’t intended - including for model training or inference.

Now is the time for firms to review their NDA and engagement letter playbooks. Updating templates to reflect a balanced, risk-based approach will protect both sides - and make negotiations smoother.

Next steps

Avantia is helping asset managers and deal teams review and update their contractual playbooks to reflect emerging AI risks - balancing confidentiality with commercial reality.

If you’d like to understand how these clauses are evolving, or to review your NDA templates for AI coverage, speak to us for a playbook review and ensure you’re protected before the next deal lands on your desk.