AI clauses in NDAs: Protecting confidentiality without killing collaboration

AI clauses in NDAs: Protecting confidentiality without killing collaboration

Author

Laurence Baker

|

Read time: 

4 minutes

Published date: 

July 6, 2026

As AI tools reshape legal workflows, NDAs increasingly need AI-specific clauses. Here's what to include—and what to avoid—to protect confidentiality.

Confidentiality has always been the foundation of dealmaking. But as generative AI tools weave themselves into everyday legal and compliance workflows, a new question is emerging: How do you protect sensitive information in an era where the tools you use to analyze, summarize, and manage it are, by design, data-hungry?

Over the past year, we've started to see NDAs—and increasingly, engagement letters—include clauses that seek to address AI use.

Most are well-intentioned; few are practical.

Some go so far as to ban AI entirely. Others ignore it altogether.

Both approaches miss the point.

Why this is happening

For many parties, the motivation is simple: protect their data. The rise of large language models (LLM) has created understandable anxiety about where information goes once it's entered into a tool—and whether it could reappear elsewhere.

But the response has been uneven.

In practice, AI clauses have been relatively uncommon. Until recently, they were only appearing in a small minority of NDAs we review. However, the proliferation of AI now means we're increasingly advising clients on the practical implications of such clauses, and we're now seeing a corresponding uptick in their inclusion across the market. Outside of NDAs, we're also seeing it crop up in other contracts, like engagement letters, where the client is the one disclosing information.

The earliest examples were sweeping prohibitions drafted out of caution rather than understanding. The problem is that many standard enterprise tools already embed AI functionality—from Microsoft 365 and Google Workspace to specialist legal platforms—meaning a blanket ban can make an NDA effectively unworkable.

Today, we're starting to see a more targeted approach: clauses that limit the use of confidential information in training or fine-tuning generative models, rather than prohibiting all AI use.

The problem with most AI clauses

The biggest issue isn't intent; it's execution. Many clauses are drafted by lawyers who don't fully understand how AI systems operate—or what risks they actually pose.

A typical example reads:

"Without the Discloser's consent, no Recipient shall use, input, or incorporate any Information into any artificial intelligence or machine learning models, including but not limited to large language models (such as but not limited to ChatGPT), whether for training, fine-tuning, inference, or any other purpose. This prohibition applies to both public and private AI or ML systems."

The problems are visible from the outset: The clause sweeps in far more activity than is necessary or commercially realistic. It would prohibit the use of any AI-enabled tool—including secure, private enterprise systems—and create obligations that most recipients simply cannot meet. Instead of addressing specific risks, provisions drafted this widely tend to hinder normal business operations and create unnecessary uncertainty about what tools can be used at all. Most software used in financial and corporate environments now includes some form of embedded AI, including Microsoft 365 with Copilot, Gemini in Google Workspace, Salesforce Einstein, Adobe Acrobat/Creative Cloud, Zoom, Slack, DocuSign—the list of AI-enabled applications goes on. So, a provision drafted this broadly becomes effectively unworkable.

When our clients are the receiving party, these clauses are usually challenged or negotiated down. But counterparties rarely agree to full deletion. The compromise we're increasingly seeing is prohibiting open-source or public generative AI that would potentially result in making the information available or searchable to the public, while allowing use of controlled, enterprise-grade systems—provided confidential data isn't shared externally or used for training large language models.

What the real risk looks like

The genuine concern isn't just that someone might ask an AI tool about a deal; it's that, for any large language model to generate content, it must read and internally represent the data. In multi-tenant or vendor-hosted systems, those representations and logs may be retained for quality assurance, safety, or model improvement—meaning once confidential data is input, you cannot reliably prevent it from influencing outputs available to other users.

That exposure is highest with public or open models where prompts and data may be stored and used for training or evaluation. It can be materially reduced in private or enterprise deployments that enforce strict data-isolation controls, retention limits, and no-training guarantees (for example, prompts not persisted, weights not updated, or vendor personnel access tightly controlled). But it isn't "zero-risk" unless those technical and contractual safeguards are explicitly in place.

NDAs should make this distinction clear. Referring to "open-source" or "third-party accessible" AI systems is far more precise than prohibiting "AI" as a category.

A risk-based—not fear-based—approach

AI clauses shouldn't be written to eliminate risk entirely—that's impossible. They should be written to manage it intelligently.

That means recognizing how professionals actually work, and ensuring protections are focused where they matter: preventing confidential information from being used to train or refine external models or from making it available to unauthorized third parties.

Carta Law's team advises clients on how to update NDA and engagement letter templates, building clauses that are realistic, enforceable, and commercially acceptable. It's about drafting for the world you now operate in—not the one you left behind.

AI-Native Law Firm for Private Capital
Scale your legal and compliance operations through AI-native workflows with expert oversight built into every step.
Get started

What to say—and what not to say

As the market matures, we expect to see best practice begin to converge around a few simple principles:

Do:

  • Define "AI" and "Generative AI" precisely.

  • Allow for the use of secure, enterprise-grade or private AI tools.

  • Specify that confidential data cannot be used to train or fine-tune models.

Don't say:

  • "No AI tools may be used."

  • "AI or similar technologies."

  • Clauses that require disclosure of every internal system used—they're unworkable and commercially intrusive.

Where this is heading

Over the last 6 months, we've seen an increase in the number of NDAs that include AI specific clauses, and one we only expect to continue. As definitions and norms start to settle, firms that understand both the legal and technological implications will negotiate faster and with more confidence and less friction.

The bigger risk lies in ignoring the issue altogether.

  • As recipients, firms may find themselves signing unworkable obligations that block standard workflows

  • As disclosers, they risk confidential data being used in ways that weren't intended—including for model training or inference

Now is the time to review your NDA and engagement letter playbooks. Updating templates to reflect a balanced, risk-based approach will protect both sides—and make negotiations smoother.

If your NDAs don’t currently include AI-related clauses, or you’d like to see how they match up to market standards, reach out to the Carta Law team.

AI-Native Law Firm for Private Capital
Scale your legal and compliance operations through AI-native workflows with expert oversight built into every step.
Get started


Laurence Baker
Laurence has over 15 years of B2B marketing experience, having worked with global brands including Universal Pictures, Toshiba, and Sky. Since 2016 he has focused on regulated industries, spanning fintech, regtech, and legal technology for private markets.

DISCLOSURE: This publication contains general information only and neither eShares, Inc. dba Carta, Inc. (“Carta”) nor Carta Law is, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication does not give rise to any lawyer-client relationship, is not a substitute for such professional advice or services and nor should it be used as a basis for any decision or action that may affect your business or interests. Before making any decision or taking any action that may affect your business or interests, you should consult a qualified professional advisor. Carta does not assume any liability for reliance on the information provided herein. © 2026 eShares, Inc. dba Carta, Inc. All rights reserved. Reproduction prohibited.