Last modified:  June 26, 2026

The terms of this AI Attachment will apply to the extent Supplier is permitted by Purchaser to use AI under the Contract and is intended to ensure that Supplier meets Purchaser’s data protection, data security, data integrity, and Intellectual Property standards in connection with AI use. 

1.         Incidental Use of AI. Supplier is allowed to use Incidental AI under the terms of this Attachment. “Incidental AI” means the use of AI to perform administrative, operational, or security internal tasks that are not material to perform the Services or to generate or produce any Inventions or related work product (or any component thereof), such as  grammar and spell checks, summarization, translation, meeting note generation, other productivity tools, security tools, and for which the AI would have limited access to Purchaser Materials to what is strictly necessary for the task to be performed. Incidental AI includes use of Purchaser Data under the terms of this Section with the purpose of improving the Services solely for the benefit of Purchaser. As a condition for Supplier to use Incidental AI, Supplier agrees that: 

(a)        Purchaser Materials used by AI contains no personal data, protected health information (“PHI”), or trade secrets; 

(b)       the AI does not retain any Purchaser Materials upon task completion other than necessary for purposes of safety and abuse monitoring or to support the Services; 

(c)        AI use is contained in Supplier’s, its Affiliate’s, or its subcontractor’s environment subject to and in compliance with confidentiality, IP, and privacy requirements in the Contract; and 

(d)       Except as otherwise permitted in the Contract, subcontractors providing generative AI models are contractually bound not to use Purchaser Data for training, developing, or improving its generative AI models, nor will Supplier permit any subcontractor to use Purchaser Materials for any purpose that is inconsistent with the Contract. Supplier shall disclose to Purchaser the identity of all subcontractors, including those that use Purchaser Materials for Incidental AI. Notwithstanding anything to the contrary in this subsection (d) and in compliance with confidentiality, intellectual property, and privacy requirements in these Terms and Conditions, training or fine-tuning of AI with Purchaser Materials is allowed for Incidental AI in the following cases: (i) by Supplier or its subcontractors for the purpose of security or fraud prevention; and (ii) by Supplier for the purpose of improving the Services generally, provided that (1) in the case of (ii), the resulting models are used exclusively by Supplier for Purchaser and are not made available directly to other customers or to third parties, and (2) in no event will any such use of Incidental AI subject any Purchaser Materials, including any data of its Affiliates, to any training of Supplier’s general AI models.  

2.         Process for Approval of Use of AI. If Supplier desires to use AI in a manner otherwise not permitted by the Contract, Supplier shall seek Purchaser’s prior written approval, including providing to Supplier a detailed proposal describing the specific AI involved, the purpose and function of the AI, risk assessments conducted for the AI, known potential risks for the use of the AI, mitigation procedures that Company will establish and maintain for the use of the AI, data used in the AI, data privacy and data security impact assessments for use of the AI, audit and testing procedures, and other information reasonably requested by Purchaser. Supplier’s proposal shall be provided with full transparency to enable Purchaser to meaningfully evaluate the use of the AI by Purchaser.

3          Other AI Use. In the event that Purchaser provides its consent for Supplier to use or incorporate any AI in connection with the provision of Goods or Deliverables or provision of the Services, the following will apply:

(a)        If any data or content that Supplier or Personnel inputs into any AI includes Purchaser Materials, regardless of the format, including audio, text, documents, files, content, or imagery (“Inputs”), then the resulting data, content, results, insights, or other output generated by the AI (“Generated Outputs”) are Purchaser Confidential Information and to be used only for the benefit of Purchaser;

(b)       Supplier shall not incorporate Generated Outputs into the Services or Deliverables until they have been validated by its Personnel;

(c)        Supplier shall: (i) permit access to Purchaser Materials by any AI only to the minimum extent necessary to perform the Services and provide the Goods and Deliverables; and (ii) turn off any AI features that store (even temporarily), review, or allow human access (other than by Personnel) to Inputs or Generated Outputs;

(d)       Supplier shall ensure Purchaser Materials are not comingled with data of any third parties; and

(e)        if required by Law, Supplier shall provide appropriate disclosures to notify users when they are interacting with AI.

4.         Representations and Warranties. Supplier represents and warrants to Purchaser (in addition to any other representations and warranties in the Contract) that:

(a)        Inputs will not contain any Personal Data (as defined in the Data Protection Addendum Attachment) unless, and to the extent, specifically permitted in the Contract; and

(b)       Supplier has obtained all licenses, consents, and rights necessary to allow Purchaser to use or license any AI provided by a third party as provided under the Contract and to own all Generated Outputs.

5.         Security and Data Protection. In addition to, and without limiting the confidentiality, security, and data protection requirements under the Terms and Conditions, with respect to Supplier’s provision or use of AI, Supplier shall maintain a written information program of policies, procedures, and controls that comply with Laws governing the use of AI and all applicable data privacy and data security standards, including NIST. Such AI program will follow a “Responsible AI” model that focuses on security, reliability, ethical, and fairness principles. 

6.         Indemnification. In addition to Supplier’s indemnification obligations in the Contract, Supplier shall, at its own cost and expense, defend, indemnify, and hold harmless Purchaser Indemnities, from and against any third-party Liabilities arising out of, related to, or alleging (a) that the Generated Output or AI used by Supplier in connection with the Contract infringes, misappropriates, or otherwise violates any third-party Intellectual Property Rights; (b) use of Purchaser Materials in violation of the Contract; or (c) any breach by Supplier’s obligations to comply with Laws with respect to AI.