Artificial intelligence has rapidly moved from experimentation to daily use across investment management firms. From research and data analysis to internal workflows, reporting, and knowledge management, AI-powered tools are increasingly embedded in how firms operate.
Artificial intelligence has rapidly moved from experimentation to daily use across investment management firms. From research and data analysis to internal workflows, reporting, and knowledge management, AI-powered tools are increasingly embedded in how firms operate.
Investment teams, operations, compliance, and legal departments are leveraging AI to:
Analyze large datasets and generate insights
Summarize research and internal documents
Automate repetitive workflows
Enhance reporting and client communications
Build internal AI copilots and knowledge management tools
In many cases, these capabilities are being introduced through existing vendor relationships and integrated into current platforms and services—including OMS/PMS systems, market data providers, research tools, CRM systems, and operational platforms.
The challenge is that many of the agreements governing these relationships were negotiated before today’s AI-related use cases, data rights considerations, and operational risks were contemplated.
As firms expand their use of AI, there are now two increasingly important contractual questions:
Whether vendors can use client portfolio, or other sensitive firm data within the vendors’ own AI systems and services; and
Whether clients have the rights to use vendor-provided data within their own internal AI initiatives and systems.
Both sides of this equation require careful review and increasingly specific contractual language as AI adoption continues to evolve.
Part One: Vendor Use of AI
Many vendor agreements lack clarity—or even acknowledgment—of how AI is being used behind the scenes. This creates several areas of potential risk including (1) data usage and model training rights, (2) confidentiality and data handling, (3) liability and risk allocation, and (4) transparency and interpretability.
Data Usage and Model Training Rights
Are vendors using your firm’s sensitive / portfolio data to train their models?
Many agreements do not explicitly restrict:
Use of client or proprietary data for model training
Aggregation of data across clients
Retention of submitted inputs
Use of prompts, workflows, or outputs to improve AI systems
Without clear contractual limitations, firms may unintentionally grant broader rights than intended.
Confidentiality and Data Handling
Traditional confidentiality provisions may not fully account for:
AI processing layers
Third-party AI providers or sub-processors
Data flowing through external APIs or large language models
This raises important questions about where sensitive information is actually being processed—and who ultimately has access.
Liability and Risk Allocation
As vendors roll out AI-enabled functionality, many are also revising liability frameworks.
Firms should evaluate whether agreements:
Disclaim responsibility for AI-generated outputs
Limit liability related to automated recommendations or analytics
Shift validation obligations entirely onto the client
In some cases, AI-related carve-outs may materially alter the overall risk profile of the agreement.
Transparency and Interpretability
Firms may also have limited visibility into:
How outputs are generated
What datasets are being utilized
Whether results can be audited or reproduced
This becomes particularly important in regulated environments where firms may need to explain or validate decisions supported by AI-generated outputs.
Part Two: Client Rights to Use Vendor Data in Internal AI Systems
While firms are evaluating how vendors may use AI within their own platforms and services, many are simultaneously exploring how to leverage vendor-provided data and content within internal AI initiatives. These initiatives often rely on ingesting, indexing, searching, or analyzing vendor-provided datasets, research, and other licensed content.
This introduces an entirely different set of contractual considerations including (1) the permitted uses of vendor data and research within AI tools, (2) the ability to train proprietary AI models using vendor data or research, (3) data retention permissions and deletion requirements, and (4) operational and legal risk.
Permitted Uses of Vendor Data and Research Within AI Tools
Many existing agreements were negotiated before internal AI use cases became common and generally do not address whether firms can use licensed vendor data within AI-enabled systems.
The lack of clear language permitting internal AI use may result in the unwanted effect of:
Prohibiting AI-related usage entirely
Restricting data extraction or indexing
Limiting derivative works or automated processing
· Containing unclear or outdated permitted use provisions
Newer agreements may include explicit provisions on how the vendor data may be used in AI tools, albeit mostly addressing restrictions on such use. In newer agreements, vendors typically require:
Firms to identify specific AI models or providers being used (for example, OpenAI, Anthropic’s Claude, or Google’s Gemini)
Firms to confirm that access to the vendor’s data can be permissioned, meaning such access is limited only to authorized users within the firm (vendors that charge on a per-user basis may require firms to implement controls that prevent unlicensed users from accessing the information)
That, if an AI model generates summaries, insights, or analyses based on vendor data, those outputs are considered derivative works of the vendor’s data, and, thus, firms are restricted from sharing the outputs with third parties
These issues often depend on how the agreement defines key terms such as “use,” “distribution,” and “derivative works.
Ability to Train Proprietary AI Models Using Vendor Data or Research
Many vendor agreements:
Prohibit replication or redistribution of the underlying data
Restrict creation of derivative datasets
Training a model on licensed data may potentially be viewed as creating a derivative product or dataset, even if the original data is not directly exposed.
Because of this, firms should examine whether their agreements address:
Whether vendor data can be used to train or fine-tune proprietary AI models, and
Whether using vendor data to develop models that generate insights or analytics could be considered creating a derivative product.
Data Retention Permissions and Deletion Requirements
Vendor agreements often require firms to delete or purge licensed data and research at the end of the contract. While this is straightforward for raw files, AI systems create new challenges because:
Data may be embedded in AI models in ways that are not directly visible
AI models may generate outputs derived from vendor data
Knowledge from the data may persist even after the original files are deleted
These factors create tension because firms must comply with deletion requirements while ensuring they do not unintentionally destroy AI capabilities. This tension is especially pronounced with older contracts, which rarely contemplated AI and provide little guidance.
To manage these concerns, investment firms should ensure their vendor contracts:
Clearly define what must be deleted, distinguishing raw data from AI models and outputs; and
Permit retention of internal AI models and outputs for legitimate use, even after raw data is purged.
Operational and Legal Risk
The risk is not necessarily immediate non-compliance, but rather the creation of unidentified and unmanaged operational, legal, and commercial exposure.
Without clear contractual language, firms may lack certainty around:
What AI-related usage is actually permitted
Whether outputs created using licensed data remain compliant
How vendors may interpret evolving AI-related restrictions over time
As AI capabilities continue to evolve, these questions are becoming increasingly important components of vendor contract review and negotiation. By clarifying these questions upfront, firms can comply with their contracts while continuing to leverage AI systems effectively.
How Quadrangle Helps Firms Navigate AI-Related Contract Risk
The challenge is no longer simply negotiating a contract at signing — it is maintaining visibility into how agreements align with rapidly evolving technology usage over time.
Quadrangle helps investment management firms address these issues through a combination of legal expertise, market intelligence, and technology-enabled contract management.
Using the QDS platform, firms can:
Extract and categorize AI-related provisions across agreements
Track data usage rights, confidentiality obligations, and licensing restrictions
Compare terms across vendors and counterparties
Benchmark provisions against broader industry standards
Identify gaps between operational AI usage and contractual permissions
Support renegotiations as vendor offerings and internal use cases evolve
As AI continues to reshape investment operations, firms increasingly need more than static contracts—they need ongoing term-by-term visibility into how those agreements impact evolving business and technology initiatives.
