AI, Copyright and Risk: Understanding Ownership and Compliance in the Generative Era

As generative AI reshapes how organisations create, automate, and innovate, it also introduces unprecedented risks to intellectual property (IP). For data leaders and compliance officers, managing these risks is no longer optional—it’s central to AI governance maturity. As organisations adopt AI technologies for various applications, understanding how to protect innovations while complying with IP laws becomes crucial. With regulators and courts now playing catch-up, navigating this new terrain calls for both strategic foresight and technical rigour. Notably, 82% of global companies are either using or exploring the use of AI in their operations, highlighting the rapid adoption and the pressing need for clear legal frameworks¹.

Navigating AI Copyright Infringement

The rise of generative AI has brought copyright concerns to the forefront, with major legal battles underscoring the complexity of the issue. The New York Times has filed lawsuits against major AI players like OpenAI, alleging unauthorised use of its articles for training AI models². In a similar vein, Canadian media companies have initiated legal action against OpenAI, accusing it of using their copyrighted content without consent to train its AI systems³. These cases illustrate the tension between technological innovation and the protection of original creative work, raising the central legal question: Does using copyrighted material to train AI models qualify as fair use?

Fair use permits limited use of protected content without explicit permission, but the boundaries are often ambiguous and subjective. Organisations must critically evaluate how their AI systems interact with copyrighted data, especially when the output closely resembles original works, because the legal and reputational risks of unlicensed data usage are mounting³.

Cultural backlash adds another layer to the debate. OpenAI’s trend of generating Studio Ghibli–style images has sparked outrage among fans and artists. When told the aim was to build a machine that “draws like humans,” Studio Ghibli director Hayao Miyazaki reflected grimly, “I feel like we are nearing the end of the times. We humans are losing faith in ourselves…”⁴ This sentiment encapsulates broader anxieties around AI’s role in replacing human creativity.

Together, these legal and cultural flashpoints highlight the global nature of the issue and reinforce the urgent need for clearer IP frameworks that balance innovation with creator rights.

Governance Frameworks for Responsible AI

This growing legal and cultural scrutiny underscores a critical takeaway: organisations must integrate AI risk and quality management into their development and procurement processes from the outset. Structured risk mapping, at the use case level, is no longer optional. It’s the only way to anticipate where copyright exposure, bias, or poor model provenance could trigger regulatory penalties or legal disputes.

To help organisations navigate these complexities, international standards and frameworks can be adopted to guide risk management and ethical implementation.

ISO/IEC 42001:2023, the first international management‑system standard for AI, specifies requirements for establishing, implementing, maintaining and continually improving an AI Management System (AIMS). Key components include:

1. Risk Management: Processes to identify and mitigate technical, ethical and legal risks throughout the AI lifecycle.
2. Impact Assessments: Evaluations of societal consequences arising from AI deployments.
3. Supplier Oversight: Controls to ensure third‑party AI tools comply with organisational standards.
4. Lifecycle Controls: Governance over AI systems from design through decommissioning .

NIST AI Risk Management Framework (AI RMF 1.0), published January 2023, provides voluntary guidance across four core functions, namely Govern, Map, Measure and Manage. In July 2024, NIST released a Generative AI Profile to address risks unique to generative models (e.g., bias, misinformation, hallucinations) .

AIQURIS integrates these standards into its governance maturity assessments, delivering tailored roadmaps aligned to an organisation’s data strategy.

Through continuous scenario testing and AI‑native assessments, AIQURIS systematically maps use‑case risks while ensuring compliance with ISO/IEC 42001 and NIST AI RMF before any AI solution goes live.

Small and medium-sized enterprises (SMEs) integrating third-party AI tools, such as ChatGPT or vendor-provided APIs, must navigate emerging compliance requirements under frameworks like the EU AI Act and standards such as ISO/IEC 42001.

1. EU AI Act Compliance: The EU AI Act employs a risk-based approach to AI regulation:
2. High-Risk Systems: AI applications in sectors like healthcare and finance are classified as high-risk and must undergo rigorous conformity assessments to ensure they meet stringent safety and transparency standards.
3. Transparency Obligations: All AI systems, regardless of risk level, are required to provide clear information about their operations, ensuring end-users are informed about AI involvement in decision-making processes.

Support Measures for SMEs:

Recognising the unique challenges faced by SMEs, the EU AI Act includes provisions to facilitate compliance:

1. Regulatory Sandboxes: SMEs are granted priority access to regulatory sandboxes, allowing them to test AI systems in a controlled environment to ensure adherence to regulatory standards.
2. Tailored Guidance: Dedicated communication channels and awareness-raising activities are established to provide SMEs with the necessary support and information for compliance.
3. Supplier Management and ISO/IEC 42001 Alignment: SMEs are expected to exercise due diligence in managing AI suppliers:
4. Vendor Audits: Conduct thorough assessments of AI vendors to ensure their products comply with ISO/IEC 42001 standards, focusing on aspects like data governance, bias mitigation, and ethical AI deployment.
5. Integration with Existing Systems: ISO/IEC 42001 provides a framework for integrating AI management systems with other organisational processes, promoting a cohesive approach to AI governance.

AIQURIS empowers SMEs to navigate AI compliance and risk management by providing comprehensive visibility into AI risk exposure, enabling informed decision-making. The platform automates the identification of relevant standards and regulations, ensuring continuous compliance and keeping organisations ahead of evolving regulatory landscapes. Additionally, AIQURIS assesses and enhances organisational maturity against AI risks, offering actionable insights to strengthen risk posture and ensure preparedness for any AI eventuality.

Proactive Strategies for Intellectual Property Protection

In the rapidly evolving landscape of AI technology, companies must adopt strategic measures to safeguard their intellectual property. Here are actionable strategies:

1. Early Patent Filing: Don’t wait until all details are finalised; file patents early to secure your ideas before they enter the public domain.
2. Robust Documentation: Maintain thorough records of your creative processes. This documentation can support patent claims and defend against potential disputes.
3. Licensing Agreements: Consider entering licensing agreements with content creators to access high-quality datasets legally and ethically.
4. Regular Policy Reviews: Adapt internal guidelines for AI usage regularly to ensure compliance with changing regulations and standards.
5. Leverage Technology: Utilise platforms like AIQURIS, which enables firms to deploy AI confidently while maintaining visibility over risks and quality requirements. With features like the Use Case Risk Profile, organisations can proactively address specific risk factors aligned with legal and performance metrics, aiding both innovation and compliance.

By implementing these strategies, businesses not only protect their innovations but also foster a culture of creativity and accountability in AI development.

Conclusion

Navigating the intersection of AI, intellectual property, and governance presents numerous challenges and opportunities. By adopting proactive strategies for IP protection and staying informed about emerging trends, organisations can leverage AI responsibly while safeguarding their innovations. Tools like AIQURIS are vital in this journey, allowing businesses to scale AI initiatives with confidence and control, ensuring compliance with evolving IP laws.

As we delve deeper into this, it's clear that those who stay ahead of the curve will lead the charge toward a future where AI enriches human creativity rather than undermines it.

Whether you’re auditing AI vendors, managing compliance across AI use cases, or building your governance roadmap—AIQURIS offers the tools to assess, de-risk, and future-proof your AI initiatives. Talk to an AI risk and quality management expert today.

1. Exploding Topics
2. CMS Wire
3. American Bar
4. IndieWire