AI Legal Assurance

  • Our AI legal assurance service is aimed at helping organisations (and their IT developers) to ensure compliance with AI regulations and to ensure their AI products and services do not expose them to other legal risks.
  • The service allows organisations to keep an audit trail of their decision making in developing an AI product or service.
  • This is not an automated service. We think that a combination of a standardised starting point and the flexibility and insight of a specialist lawyer is the best way to achieve compliance.
  • A lawyer is assigned to walk through our legal assurance questions with the client. There is a follow up workshop with a specialist lawyer, at the end of which a report is produced with actionable recommendations.


The assurance service is divided into three separate modules:

  • Regulation: EU, UK and sector specific regulation.
  • Intellectual Property: Rights to use content in the training of an AI tool and the intellectual property rights that may be produced by the AI tool.
  • Data Privacy: Data protection issues in the lifecycle of the AI tool.


  • EU AI Act is the first comprehensive AI regulation. Although not yet in force, we assess compliance based on current text to allow organisations to get ahead of the implementation of the regulation.
  • UK regulation is currently more high level. The assurance service will test against the published principles. The assurance service will be updated when more detailed guidance is issued.
  • UK sector specific regulation is expected and the assurance service will offer sector specific modules to assess compliance with these as they are released.


Input IP

  • We review whether an organisation has the requisite rights to use IP in the development and deployment of an AI tool?. What licences may be required or whether an IP exemption can be used.

Output IP

  • We review whether the IP output material is patentable and who the owner will be.
  • In addition, we look at the Copyright position and commissioning requirements.
  • If applicable, we review the contract clauses with third party developers to ensure IP rights are protected.


  • We review if personal data is used in any stage of the AI life-cycle and, if so, whether there is any special category data.
  • We look at whether the GDPR principles of Data Protection by Design and Data Protection by Default have been complied with and whether a Data Protection Impact Assessment is required.
  • We review whether privacy policies need to be updated.
  • We look at data subject rights under UK and EU GDPR and whether these can be correctly exercised in relation to the data used by the AI tool.
  • We review automated decision rights and associated transparency requirements under UK and EU GDPR.
  • A review of UK ICO guidance on AI is also included.


If you would like to discuss your AI project with us please contact:

Stephen Ollerenshaw
Codified Legal

0845 351 9092