USA – GEORGIA Trends and Developments Contributed by: James Paine and Sarah Parker, Holland & Knight LLP
Vendor strategy and the new landscape of risk ERP vendors have been quick to recognise the power of this new paradigm. By bundling sophisticated AI capabilities directly into their core cloud ERP offer - ings, they are not only creating a powerful differentia - tor but also forging a much deeper, more integrated relationship with their customers. This strategy, how - ever, introduces a new dynamic that corporate buy - ers and their legal teams must carefully navigate: the creation of significant operational dependency, vendor lock-in and heightened barriers to exit. When a company’s core business processes – from financial forecasting to supply chain management – become reliant on a vendor’s proprietary AI models trained on that company’s unique data, the ERP sys - tem evolves from a system of record into the opera - tional brain of the enterprise. While migrating data to a new system has always presented challenges, the increased functionality offered by modern ERP sys - tems also requires a customer to migrate the accu - mulated intelligence, the trained models, and the AI-driven workflows, which is a far more complex undertaking. This “stickiness” makes switching pro - viders potentially prohibitively expensive and disrup - tive, granting the incumbent vendor immense negoti - ating leverage upon renewal. This enhanced dependency requires a proportional evolution in how companies assess and mitigate risk. As IT leaders consider these outcome-based AI func - tionalities, they are grappling with a new set of chal - lenges. • Data integrity and liability: The old adage of “gar - bage in, garbage out” has never been more critical. The quality of a company’s data is of paramount concern, as inaccurate or incomplete data will severely undermine the desired results of any AI model and, in some cases, potentially even expose the customer to liability resulting from decisions based on bad analytics. While the costs and timelines associated with cleaning and migrating data have always presented challenges, a key legal question must now also be asked: if an AI provides a faulty recommendation based on poor customer- provided data or a faulty algorithm, who bears the liability for the negative business outcome? Con -
tracts must clearly delineate these responsibilities and provide remedies where fault rests with the ERP provider. • Data security, data monetisation and privacy: With powerful new AI capabilities come new data security and privacy considerations. Companies must ask potential vendors critical questions. How is our corporate data used to train the AI models? Is it co-mingled with data from other customers? How do you prevent the model from inadvertently exposing sensitive data in its outputs? How do you ensure that the data sets shared with the model will not benefit competitors or otherwise be monetised by the vendor? These new vectors create potential blind spots for data security, data monetisation and privacy compliance that must be addressed contractually. • Outcome-based commitments: As vendors mar - ket their AI capabilities on the basis of business outcomes, buyers are rightly beginning to demand contractual commitments that reflect this value proposition. This marks a departure from traditional service level agreements (SLAs) that were often focused on system uptime, system response time and problem response and resolution times. Cus - tomers must now also consider SLAs that measure the quality of the new functionality afforded and the level of quality needed for that functionality to sup - port the business needs and requirements. In addi - tion, in this new frontier, customers are looking for fees and service level credits that scale based on quantifiable business results, such as a percentage improvement in forecast accuracy or a reduction in manufacturing defects. Whether service providers are willing to agree to such firm commitments often depends on the negotiating power between the parties, but it is a conversation legal teams must be prepared to have. • Business dependency and impact: With the increased integration of ERP systems into the business, operations and strategy of companies, it is critical that companies evaluate, plan for and, where possible, contract in a way that pro - vides them with the right level of protections to guard against the financial, operational and legal risks that flow from the cloud-based model and enhanced capabilities of modern ERP systems. Interestingly, from a contractual standpoint, the
112 CHAMBERS.COM
Powered by FlippingBook