Skip to main content
Technology and Life Sciences Transactions

Legal Implications in AI Development and Deployment: Training Data and Grounding Data

July 9, 2026

With AI becoming central to business strategy, the legal questions surrounding it are keeping pace. As companies race to build and deploy AI systems, a critical question is emerging: Do their teams understand the data that powers these tools well enough to manage the risks? For some, the learning curve has come with real legal consequences.

Two categories of AI data sit at the center of these questions: training data and grounding data. Each raises meaningfully different legal and contractual concerns. For organizations working with AI developers and building their own models, understanding the distinction is an increasingly important part of getting AI right.

Training Data: The Textbook

Training data refers to the large datasets used during the development of an AI model. During training, the model analyzes large quantities of information, such as text, images, or software code, to identify patterns that allow the model to generate outputs when responding to prompts.

Think of training data as a student’s textbook.

Once students have read a textbook, they don’t carry it around to solve problems.

Training datasets can originate from a variety of sources, including

  • publicly available internet content, such as websites or online forums

  • digitized books, academic journals, and research publications

  • open-source software repositories

  • commercially licensed databases

  • proprietary enterprise datasets (typically owned by the developer or provided to the developer by an external partner, customer, or collaborator)

Because these datasets often contain copyrighted or proprietary materials, and potentially personal information or other regulated data, the legal rights associated with training data can vary significantly. In some situations, the AI developer may own or curate the dataset itself (including, with respect to curation, to mitigate regulatory risks by using deidentified or synthetic data). In others, the underlying materials may remain owned by third-party publishers, content creators or owners, or database providers (and may still include data subject to various regulatory regimes).

Companies developing AI models internally may also incorporate proprietary operational data, customer information, or research datasets. When external collaborators are involved, training data may be governed by contractual agreements that define ownership, permitted uses, and rights to derivative models and datasets.

Importantly, training data is typically used during the model development phase. Once the model has been trained, the system generally no longer needs direct access to the underlying training dataset in order to function. The distinction can become relevant when licensing arrangements change or when organizations reevaluate their data governance strategies after a model has already been deployed.

Grounding Data: The Exam Fact Pattern

Grounding data serves a different purpose. Rather than teaching the model general patterns, grounding data provides contextual information at the time a model generates a response to a prompt. Organizations frequently use grounding to ensure that AI systems reference authoritative or up-to-date sources when producing outputs.

Think of grounding data as an exam fact pattern with specific facts and context.

Grounding data can include

  • internal company policies or compliance manuals (e.g., an employee handbook retrieved to answer an HR query)

  • corporate knowledge bases and document repositories (e.g., past deal memos surfaced during contract negotiation)

  • regulatory guidance or industry standards (e.g., Food and Drug Administration guidance retrieved to support a compliance question)

  • proprietary databases (e.g., a licensed case law database queried at inference time)

  • user-provided documents or uploaded files (e.g., a contract the user uploads and asks the AI tool to summarize)

To make this concrete: When an attorney asks an AI tool, “What are the notice requirements under this contract?” the user input is that question. The grounding data is what the system automatically retrieves behind the scenes to answer it (e.g., the specific contract, the firm’s internal playbook, a relevant regulatory database). The user does not see that retrieval, but it drives the response.

A common implementation approach for grounding data is retrieval-augmented generation (RAG), where an AI system retrieves relevant documents and information from a database or search index and incorporates those materials into its response.

For businesses deploying AI tools internally, grounding can play an important role in maintaining guardrails around model outputs. By referencing trusted materials, grounding mechanisms can help improve model accuracy and reduce the likelihood that unsupported or misleading responses are generated.

From a legal perspective, grounding data presents a distinct set of considerations because it is actively retrieved and potentially reproduced at the time of each query rather than absorbed into the model’s parameters during the development phase. This distinction also has practical consequences postdeployment: A trained model generally continues to function even if access to its training data is later lost or a license expires, because the learned patterns are encoded in the model’s weights. Grounding data, by contrast, must remain continuously accessible, and loss of access or limitations on access to support risk management needs (e.g., cybersecurity, privacy, or other data governance purposes) may directly impair the model’s outputs.

The following table summarizes the key distinctions between training data and grounding data.

Dimension

Training Data

Grounding Data

When Used

Model development / build phase

Runtime / inference (each query)

Purpose

Teaches the model patterns and capabilities

Grounds outputs in specific, authoritative context

Effect on Model

Modifies model weights and parameters

Does not alter the model itself

IP Risk Profile

Copyright infringement; fair-use analysis

Terms-of-service violations; copyright infringement; database rights; output reproduction

Postdeployment

Model functions without the original data

Ongoing access required; loss disrupts outputs

 

Litigation Trends: Focus on Training Data

To date, the most significant AI copyright decisions have focused on training data practices — specifically, whether copying protected works to build or improve a model is authorized and lawful. No court has yet issued a comparable ruling centered on grounding data or RAG systems, though legal risks in that area are building, as discussed below.

In Thomson Reuters Enterprise Centre GmbH v. ROSS Intelligence Inc., Thomson Reuters, the owner of Westlaw, sued ROSS Intelligence, a developer of an AI-powered legal research tool, alleging that ROSS used Westlaw headnotes as training data. ROSS argued that its use of the headnotes to train its model constituted fair use because the system learned from the material without reproducing it (i.e., without including the material in outputs). The U.S. District Court for the District of Delaware rejected that argument (in part) and found infringement, emphasizing that the use of proprietary, curated content to train a competing product weighed heavily against fair use. The decision suggests that training on copyright-protected materials, particularly where the resulting system functions as a market substitute, can give rise to copyright infringement risk even if the model does not use the original content in its output. Notably, the court explicitly mentioned in its holding that only nongenerative AI was at issue in this case.1

Two decisions issued in June 2025 by the U.S. District Court for the Northern District of California reached different conclusions in cases involving generative AI and together illustrate how fact-specific the fair-use analysis has become.

In Kadrey v. Meta Platforms, a group of authors sued Meta alleging that training its LLaMA large language model on copyrighted books constituted infringement. The court found for Meta, concluding that the training use was a highly transformative fair use. The court also found that the plaintiffs had failed to develop sufficient evidence of market harm (one of the central fair-use factors) and analyzed the copying and the training as a single, unified act rather than as separate instances of reproduction and use. The decision is notable, but its reach is limited: The court declined to issue a broad ruling that AI training on copyrighted materials is categorically fair use, and the outcome turned heavily on the specific evidence presented (or lack thereof).2

In Bartz v. Anthropic, also decided in June 2025, the court drew a sharper line based on how training copies were obtained. The court found that training the Claude model on lawfully acquired or purchased books constituted fair use but declined to extend that protection to a central library Anthropic had compiled from pirated sources. The distinction (fair use for legally obtained copies, no fair use for pirated ones) has practical implications for how AI developers source and document their training data. The case settled for approximately $1.5 billion following the ruling.3

Taken together, ROSS, Kadrey, and Bartz reflect a landscape in which outcomes turn on particular facts: what kind of content was used, how it was obtained, whether the resulting system competes with the original market, and what evidence of harm was presented. No appellate court has yet weighed in on the merits of AI training and fair use, meaning none of these decisions is binding precedent beyond its own jurisdiction. Significant cases remain in active litigation, including The New York Times Co. v. OpenAI and Microsoft in the Southern District of New York (the first major generative AI case brought by a news organization) and Disney v. Midjourney in the Central District of California, both of which are pending.4 5 The appellate trajectory of ROSS, which is on interlocutory appeal to the Third Circuit, may also provide the first appellate guidance on these questions. For now, the law remains unsettled, and companies with significant exposure should monitor developments closely.

RAG Systems, Scraping, and Emerging Risks

As AI systems increasingly rely on grounding techniques such as RAG, new legal issues are beginning to emerge. Many RAG implementations retrieve information from external sources in real time, which may involve web scraping, application programming interface (API) access, or database queries. These practices raise potential risks that differ from traditional training-data disputes. That distinction drives the broader IP risk profile:

  • Terms of service violations — RAG systems that query external sources in real time may exceed what a website or API permits

  • Circumvention of access restrictions — retrieving content from paywalled or restricted sources can trigger additional liability beyond copyright (e.g., risks related to computer crime, privacy, or cybersecurity laws)

  • Output reproduction — because retrieved text may appear verbatim in model response, copyright infringement risk arises at the moment of each query, not just during development

  • Contractual limitations on database usage — licensed databases often do not contemplate AI systems incorporating their content into generated outputs, creating potential breach risk

Organizations deploying RAG-based systems should therefore evaluate how their AI models retrieve and present external information. Practical risk-mitigation steps may include prioritizing vetted and licensed data sources, reviewing website terms before scraping content, and implementing technical safeguards that limit the amount of retrieved material incorporated into model outputs.

Contractual Considerations

Understanding the legal distinctions between training data and grounding data has direct implications for how organizations should structure their AI-related agreements. The two data types raise different contractual concerns, and companies entering into AI development or deployment arrangements should evaluate each category separately.

Training Data Agreements

When training data is sourced from third parties, whether licensed databases, research partners, or content providers, agreements should address several core issues. First, ownership and chain of title should be clearly defined: who owns or controls each component of the dataset, and who owns any derived datasets, curated subsets, or annotation outputs produced during the development process. This is particularly important where multiple parties contribute data or where the dataset is assembled by a third-party curator.

Second, the scope of the license should be carefully defined. Agreements should specify which model versions may be trained on the data, whether use is limited to internal deployment or extends to commercial products, and whether fine-tuned derivatives of the trained model fall within the license. Restricting sublicensing of training data to third parties is also worth addressing explicitly, particularly in multiparty development arrangements.

Third, agreements should address model ownership. Whether the trained model constitutes a derivative work of the training data (and if so, who owns it) is a contested question. Parties should allocate model ownership explicitly rather than leaving it to inference. This can be a significant negotiation point, particularly where a data provider is contributing proprietary content that materially shapes the model’s capabilities.

Finally, training data agreements should include representations and warranties from the data provider confirming that it has sufficient rights to license the dataset and that the licensee’s use of the dataset as permitted will not infringe third-party intellectual property rights. Indemnification provisions covering third-party infringement claims arising from the training data are increasingly standard in well-negotiated AI development agreements. Companies should also consider what happens when a training data license expires or is terminated postdeployment. As discussed, a trained model typically continues to function even without ongoing access to its training data, but audit rights and data deletion obligations may still apply and should be addressed in advance.

Grounding Data Agreements

Grounding data raises a distinct set of contractual issues, driven by the fact that grounding data likely must remain accessible throughout the life of the deployment. Unlike training data, which is consumed during the build phase, grounding data is actively retrieved on each query, making ongoing access a functional dependency rather than a historical one.

License agreements covering grounding data should be drafted to cover runtime retrieval specifically, not just one-time processing or storage. Traditional database licenses often do not contemplate an AI system incorporating retrieved content into generated outputs, a use that is meaningfully different from a human reading a record. Companies should audit their existing data licenses to confirm they extend to AI inference use before deploying RAG-based systems that draw on licensed sources.

Because grounding data may be directly reproduced in AI outputs, agreements should also address output ownership and attribution: whether the data provider retains any rights in AI-generated responses that incorporate its content and whether attribution or citation requirements apply. This is an emerging area, and parties should not assume that silence in a license means no rights are retained.

Where enterprise grounding data contains sensitive business information or trade secrets, confidentiality and data security provisions are essential. Agreements with AI vendors should specify how grounding data is stored and accessed, who within the vendor’s organization can retrieve it, and whether the vendor may use the data to train or improve its own models. This last point is often buried in vendor terms of service and deserves careful review.

Finally, because loss of access to grounding data can immediately impair a live AI system, agreements should include provisions addressing continuity and license termination. This may include uptime and availability service-level agreements for critical data sources, step-in rights if access is revoked, and data portability provisions allowing the organization to migrate to alternative sources without disruption. The operational stakes here are often higher than with training data, where the model continues to function even after the underlying data is no longer accessible.

Key Takeaways for Businesses

  • For companies adopting AI technologies, data governance is a critical component of responsible AI deployment.

  • Training data raises questions about IP rights, licensing, and model development practices as well as privacy, regulated data, and cybersecurity-related risks.

  • Grounding data affects how AI systems operate in real time and how organizations maintain reliability and control over model outputs and may present similar privacy, regulated data, and cybersecurity risks.

  • As AI adoption continues to expand across industries, companies that carefully evaluate both aspects of the AI data pipeline will be better positioned to capture the technology’s benefits while minimizing legal and operational risk.

1 Thomson Reuters Enter. Ctr. GMBH v. Ross Intel. Inc., 765 F. Supp. 3d 382, 391 (D. Del. 2025), motion to certify appeal granted, No. 1:20-CV-613-SB, 2025 WL 1488015 (D. Del. May 23, 2025). 
2 Kadrey v. Meta Platforms, Inc., 788 F. Supp. 3d 1026, 1034 (N.D. Cal. 2025).
Bartz v. Anthropic PBC, 787 F. Supp. 3d 1007, 1014 (N.D. Cal. 2025).
The New York Times Company v. Microsoft Corporation, OpenAI, Inc., et al., 2025 WL 1697064 (S.D.N.Y.).
5 Disney Enterprises Inc. et al. v. Midjourney Inc., 2:25CV05275 (C.D. Cal. 2026).

律师广告—Sidley Austin LLP 是一家全球性律师事务所。我们的地址及联系方式可在 www.sidley.com/en/locations/offices 查阅。

Sidley 提供本信息仅作为向客户及其他友好人士提供的服务,且仅供教育目的使用。本信息不应被解释或依赖为法律意见,亦不构成律师与客户关系。读者在未寻求专业顾问意见之前,不应依据本信息采取任何行动。Sidley 和 Sidley Austin 指 Sidley Austin LLP 及其关联合伙实体,详见 www.sidley.com/disclaimer

© Sidley Austin LLP

联系我们

如果您对本次 Sidley 更新有任何疑问,请联系您平时合作的 Sidley 律师,或

Related Resources