Common use of Use of Artificial Intelligence Clause in Contracts

Use of Artificial Intelligence. 17.1 Any use of AI including, but not limited to generative AI, via platforms, tools, and software must be consistent with Authority Policies, Standard Procedures, Rules and Regulations and applicable laws. 17.2 To maintain the security of Authority Data and IT systems, Company is prohibited from attempting to gain access to unapproved AI applications when using Authority Data. To avoid potential data leaks or security incidents, Company is prohibited from inputting, 17.3 Company acknowledges and agrees that any Authority Data obtained using AI technology is the property of the Authority, and the Company shall not use such data for any purpose other than to provide Services to the Authority. Specifically, the Company shall not use Authority Data as training data for any AI models or algorithms that will be used by any third‐party organization or individual outside of the Company, without the express written consent of the Authority. The Company shall take reasonable measures to ensure that Authority Data is not inadvertently used as training data for any third‐party AI models or algorithms and shall promptly notify the Authority in the event of any unauthorized use or disclosure of Authority Data. 17.4 Company’s request for approval to use AI must be submitted in writing and contain the following: A. The specific Authority Data to be used; B. The purpose and intended use of the AI; C. The potential benefits and risks associated with using the AI; D. The measures in place to ensure data security and confidentiality; E. The mechanisms in place for ensuring compliance with applicable laws including but not limited to data privacy and data protection laws; and F. A dataflow diagram which illustrates the flow of data within the Services as well as detailed identification of data sources, data stores, data processing, networks and AI utilized. 17.5 Authority shall have sole and absolute discretion to approve or deny the use of AI for any aspect of the Services. 17.6 To maintain the confidentiality of Authority Data, Company must only share information with approved Personnel and must not input Sensitive Security Information (SSI) into AI systems. Company should not input Authority intellectual property into non‐approved generative AI applications or enter PII for Authority employees, customers, or other third‐ parties into any non‐approved AI application. Company should contact the Vice President of Information Technology Services if it is unsure whether it should input certain information. 17.7 Company must implement robust security measures to protect Authority Data from unauthorized access, use or disclosure. This includes but is not limited to: Encryption of data in both transit and at rest; access controls limiting data access to authorized Personnel only; and regular security audits and assessments. 17.8 To maintain transparency and protect the Authority from claims against copyright infringement and/or theft of intellectual property, all AI generated content must be cited and reviewed when used for Authority purposes. At a minimum, a footnote stating “This content generated with the assistance of AI” should exist on any document or work product created with the assistance of AI. Company should clearly attribute any output to the AI application that created the output through a footnote or other means visible to any reader or user. Company should also maintain a record of AI use that can be shared with authorized Authority personnel upon request. The Company will provide the Authority with regular reports detailing any use of AI involving Authority Data including any incidents of unauthorized access or breaches. Company must be able to demonstrate that AI has controlled bias and third‐party infringement mitigation in place. 17.9 Company should not use AI applications to create text, audio, or visual content for purposes of committing fraud or to misrepresent an individual’s identity. 17.10 Company is fully liable for any damages arising out of use of AI and Authority Data. 17.11 Upon termination of this Supplemental Contract, Company agrees to return all Authority Data to the Authority and securely destroy any copies in its possession, including those stored in any AI or other databases.

Use of Artificial Intelligence. 17.1 A. Any use of AI including, but not limited to generative AI, via platforms, tools, and software Software must be consistent with Authority Policiespolicies, Standard Proceduresstandard procedures, Rules rules and Regulations regulations and applicable laws. 17.2 B. To maintain the security of Authority Data data and IT systems, Company is prohibited from attempting to gain access to unapproved AI applications when using Authority Data. To avoid potential data leaks or security incidentsIncidents, Company is prohibited from inputting,, uploading, or otherwise integrating any Authority Information into AI without the prior written consent of the Authority following Company’s request for approval to use AI. Examples of uses that are prohibited unless the Authority grants prior written consent include but are not limited to: design, planning, decision making and on-site operations. 17.3 C. Company acknowledges and agrees that any Authority Data obtained using AI technology is the property of the Authority, and the Company shall not use such data for any purpose other than to provide Services to the Authority. Specifically, the Company shall not use Authority Data as training data for any AI models or algorithms that will be used by any third‐party third-party organization or individual outside of the Company, without the express written consent of the Authority. The Company shall take reasonable measures to ensure that Authority Data is not inadvertently used as training data for any third‐party third-party AI models or algorithms and shall promptly notify the Authority in the event of any unauthorized use or disclosure of Authority Data. 17.4 D. Company’s request for approval to use AI must be submitted in writing and contain the following: A. 1. The specific Authority Data Information to be used; B. 2. The purpose and intended use of the AI; C. 3. The potential benefits and risks associated with using the AI; D. 4. The measures in place to ensure data security and confidentiality; E. 5. The mechanisms in place for ensuring compliance with applicable laws including but not limited to data privacy and data protection laws; and F. 6. A dataflow diagram which illustrates the flow of data within the Services as well as detailed identification of data sources, data stores, data processing, networks and AI utilized. 17.5 E. Authority shall have sole and absolute discretion to approve or deny the use of AI for any aspect of the Services. 17.6 F. To maintain the confidentiality of Authority the Authority’s Data, Company must only share information with approved Personnel and must not input Sensitive Security Information (SSI) into AI systems. Company should not input Authority intellectual property into non‐approved non-approved generative AI applications or enter PII for Authority employees, customers, or other third‐ third-parties into any non‐approved non- approved AI application. Company should contact the Vice President of Information Technology Services if it is unsure whether it should input certain information. 17.7 G. Company must implement robust security measures to protect Authority Data the Authority’s Information from unauthorized access, use or disclosure. This includes but is not limited to: Encryption of data in both transit and at rest; access controls limiting data access to authorized Personnel personnel only; and regular security audits and assessments. 17.8 H. To maintain transparency and protect the Authority from claims against copyright infringement and/or theft of intellectual property, all AI generated content must be cited and reviewed when used for Authority purposes. At a minimum, a footnote stating “This content generated with the assistance of AI” should exist on any document or work product created with the assistance of AI. Company should clearly attribute any output to the AI application that created the output through a footnote or other means visible to any reader or user. Company should also maintain a record of AI use that can be shared with authorized Authority personnel upon request. The Company will provide the Authority with regular reports detailing any use of AI involving Authority Data Information including any incidents Incidents of unauthorized access or breaches. Company must be able to demonstrate that AI has controlled bias and third‐party third-party infringement mitigation in place. 17.9 I. Company should not use AI applications to create text, audio, or visual content for purposes of committing fraud or to misrepresent an individual’s identity. 17.10 J. Company is fully liable for any damages arising out of use of AI and Authority DataInformation. 17.11 K. Upon termination of this Supplemental Contract, Company agrees to return all Authority Data Information to the Authority and securely destroy any copies in its possession, including those stored in any AI or other databases.

Use of Artificial Intelligence. 17.1 A. Artificial Intelligence (AI) means any machine learning, deep learning, or other automated systems that use algorithms to learn from and make predictions or decisions based on data. B. Authority Information includes all data, drawings, specifications, reports, and any other information provided by the Authority or generated by Authority or Company in the course of providing Services. C. Any use of AI including, but not limited to generative AI, via platforms, tools, and software must be consistent with Authority Policies, Standard Procedures, Rules and Regulations and applicable laws. 17.2 D. To maintain the security of Authority Data data and IT systems, Company is prohibited from attempting to gain access to unapproved AI applications when using Authority Datadata. To avoid potential data leaks or security incidents, Company is prohibited from inputting,, uploading, or otherwise integrating any Authority Information into AI without the prior written consent of the Authority following Company’s request for approval to use AI. Examples of uses that are prohibited unless the Authority grants prior written consent include but are not limited to: design, planning, decision making and on-site operations. 17.3 E. Company acknowledges and agrees that any Authority Data data obtained using AI technology is the property of the Authority, and the Company shall not use such data for any purpose other than to provide Services to the Authority. Specifically, the Company shall not use Authority Data data as training data for any AI models or algorithms that will be used by any third‐party third-party organization or individual outside of the Company, without the express written consent of the Authority. The Company shall take reasonable measures to ensure that Authority Data data is not inadvertently used as training data for any third‐party third-party AI models or algorithms and shall promptly notify the Authority in the event of any unauthorized use or disclosure of Authority Datadata. 17.4 F. Company’s request for approval to use AI must be submitted in writing and contain the following: A. 1. The specific Authority Data Information to be used; B. 2. The purpose and intended use of the AI; C. 3. The potential benefits and risks associated with using the AI; D. 4. The measures in place to ensure data security and confidentiality; E. 5. The mechanisms in place for ensuring compliance with applicable laws including but not limited to data privacy and data protection laws; and F. 6. A dataflow diagram which illustrates the flow of data within the Services as well as detailed identification of data sources, data stores, data processing, networks and AI utilized. 17.5 G. Authority shall have sole and absolute discretion to approve or deny the use of AI for any aspect of the Services. 17.6 H. To maintain the confidentiality of Authority Datathe Authority’s data, Company must only share information with approved Personnel personnel and must not input Sensitive Security Information (SSI) into AI systems. Company should not input Authority intellectual property into non‐approved non- approved generative AI applications or enter PII Personally Identifiable Information (PII) for Authority employees, customers, or other third‐ third-parties into any non‐approved non-approved AI application. Company should contact the Vice President of Information Technology Services Real Estate if it is unsure whether it should input certain information. 17.7 I. Company must implement robust security measures to protect Authority Data the Authority’s Information from unauthorized access, use or disclosure. This includes but is not limited to: Encryption of data in both transit and at rest; access controls limiting data access to authorized Personnel personnel only; and regular security audits and assessments. 17.8 J. To maintain transparency and protect the Authority from claims against copyright infringement and/or theft of intellectual property, all AI generated content must be cited and reviewed when used for Authority purposes. At a minimum, a footnote stating “This content generated with the assistance of AI” should exist on any document or work services product created with the assistance of AI. Company should clearly attribute any output to the AI application that created the output through a footnote or other means visible to any reader or user. Company should also maintain a record of AI use that can be shared with authorized Authority personnel upon request. The Company will provide the Authority with regular reports detailing any use of AI involving Authority Data Information including any incidents of unauthorized access or breaches. Company must be able to demonstrate that AI has controlled bias and third‐party third-party infringement mitigation in place. 17.9 K. Company should not use AI applications to create text, audio, or visual content for purposes of committing fraud or to misrepresent an individual’s identity. 17.10 L. Company is fully liable for any damages arising out of use of AI and Authority DataInformation. 17.11 M. Upon termination of this Supplemental Contract, Company agrees to return all Authority Data Information to the Authority and securely destroy any copies in its possession, including those stored in any AI or other databases.