Insights
June 18, 2026
to read

The Licensing Risk AI Companies Cannot Ignore

AI companies have built products that depend on continuous access to external content, data, and creative work. The legal and commercial frameworks governing that access are catching up fast. The licensing risk this creates is not a distant compliance question. It is an operational and financial exposure that sits at the centre of how AI products are built, priced, and sustained.

AI companies have operated for most of their short history in an environment where the rules around content access were ambiguous enough to permit broad assumptions about what was available and on what terms. That environment is changing. Rights holders are asserting ownership more aggressively, litigation is producing precedents, regulators are imposing transparency requirements, and content providers are building the technical infrastructure to enforce terms that were previously unenforceable at scale.

The licensing risk this creates is not uniform across the AI industry. It varies by business model, content dependency, and how deeply a company's products rely on external material that it does not own. But no AI company that depends on external content for training, retrieval, or grounding is fully insulated from it, and the companies that treat licensing exposure as a background legal concern rather than a strategic operational risk are likely to find it becomes both sooner than they expect.

Understanding the shape of that risk is the starting point for managing it. The exposure runs across three distinct phases of how AI systems use content: acquisition, which covers training and dataset assembly; access, which covers retrieval and grounding at inference time; and output, which covers what AI systems generate and whether that output reproduces, summarises, or displaces protected material in ways that trigger liability.

The training data exposure is larger than most companies have acknowledged

The most visible licensing risk in AI right now concerns training data. Large language models and multimodal systems were trained on datasets assembled from the web, from licensed sources, and in many cases from material whose rights status was not fully resolved before ingestion. The implicit assumption that scraping publicly available content was legally permissible is now being tested in courts in multiple jurisdictions.

The New York Times lawsuit against OpenAI and Microsoft is the most prominent example, but it sits within a broader pattern. Publishers, authors, visual artists, and code repositories have all initiated legal action or regulatory complaints related to training data use. The Authors Guild's position on AI training and class actions involving creative professionals reflect how widely the challenge extends beyond news media.

The financial exposure here is difficult to quantify precisely because the litigation is ongoing and the legal theories are still being tested. What is clear is that training data liability is a category of risk that did not appear on most AI company balance sheets two years ago and now requires serious legal and financial provisioning. For companies that have not conducted thorough audits of what their training datasets contain and under what terms that content was acquired, that exposure is larger than it needs to be.

Retrieval and grounding introduce a different category of ongoing risk

Training data risk is retrospective. It concerns what was ingested before a model was deployed. Retrieval risk is continuous. Every time a retrieval-augmented system pulls from an external source to construct a response, it creates a new instance of content use that may or may not be covered by existing agreements.

Most AI companies that operate retrieval-augmented products have not established licensing frameworks that explicitly cover inference-time access. The bilateral deals that have been announced, such as those between OpenAI and various news publishers, address defined categories of use. They do not automatically extend to every retrieval event the system generates across every content source it accesses.

This gap matters because retrieval at inference time is where content use is most directly tied to commercial value. When an AI product retrieves a premium source to answer a high-value enterprise query, the content is contributing to a transaction at the moment it occurs. Without a licensing framework that covers that moment, the content provider has a legitimate basis for claiming uncompensated commercial use, and the AI company has an unmanaged exposure that grows with every query.

The infrastructure requirements for closing this gap are the same ones that content providers need to build from their side: machine-readable rights expression, retrieval monitoring, and programmatic settlement. The difference is that from the AI company's perspective, these are risk mitigation tools rather than revenue tools. Building or adopting infrastructure that can verify access permissions at retrieval time and trigger compensation automatically reduces legal exposure while also creating a more sustainable relationship with the content ecosystem the product depends on.

Output liability is the least understood exposure

Training data risk is about what went in. Retrieval risk is about what is accessed in real time. Output liability concerns what comes out, and it is the area where legal frameworks are least settled and AI company exposure is hardest to predict.

The core question is whether AI-generated content that reproduces, closely paraphrases, or functionally substitutes for protected material infringes copyright, even when the system was not explicitly instructed to reproduce it. Courts in the United States and Europe are working through different aspects of this question, and the outcomes will vary by jurisdiction, content type, and the degree of similarity between the AI output and the source material.

The EU Copyright Directive's text and data mining provisions established an opt-out mechanism for rights holders that AI companies operating in Europe must respect. The US Copyright Office's ongoing inquiry into AI and copyright reflects how unsettled the American legal framework remains. In both cases, the direction is toward greater rights holder control and greater transparency requirements rather than broader fair use assumptions for AI output.

For AI companies, output liability creates a risk management challenge that is different in character from training or retrieval risk. It is harder to audit in advance, harder to insure against comprehensively, and harder to resolve through bilateral agreements because the specific outputs a system might generate cannot be fully predicted or pre-licensed. The practical response involves a combination of output filtering, source attribution, licensing coverage for the highest-risk content categories, and engagement with the emerging standards landscape.

Bilateral deals are necessary but not sufficient

The most common commercial response to licensing risk among larger AI companies has been to negotiate direct agreements with major content providers. These deals serve real purposes. They reduce legal exposure for defined content categories, establish commercial relationships with influential rights holders, and signal to the broader market that the AI company recognises content has value.

Their limitations are equally real. Bilateral deals are expensive to negotiate, slow to scale, and structurally favour the largest AI companies and the largest content providers. They leave the middle and long tail of the content ecosystem outside structured compensation frameworks, which means the licensing risk associated with that content remains unmanaged. They also tend to cover training data use more explicitly than retrieval use, leaving the inference-time access question partially unresolved even where a deal exists.

The Reuters Institute's tracking of AI licensing agreements documents the growing number of deals but also their concentration among a small number of large publishers. For AI companies that depend on a much broader range of content sources, the bilateral model addresses only a fraction of the total exposure.

The standards layer reduces systemic risk

The most scalable response to licensing risk is not more bilateral deals. It is participation in the infrastructure layer that makes licensing legible across the whole content ecosystem rather than only in the relationships where both parties have sufficient leverage to negotiate directly.

Machine-readable licensing standards allow rights holders to declare access terms in a format that AI systems can read and act on automatically. The Really Simple Licensing standard, now endorsed by over 1,500 publishers and technology organisations, provides a practical framework for expressing those terms at the content level. AI companies that build systems capable of reading and respecting RSL declarations reduce their retrieval risk across every source that has published terms, not just the ones with which they have signed agreements.

The momentum behind RSL is also expanding beyond web content. In May 2026, RSL Media launched as a public benefit non-profit co-founded by Cate Blanchett and built directly on the RSL standard, extending the same machine-readable consent architecture into human identity, voice, likeness, and creative rights. With supporters including Meryl Streep, Tom Hanks, and George Clooney, and advocates spanning the Music Artists Coalition and Creative Artists Agency, RSL Media signals that standards-based consent is gaining traction well beyond publishing into the creative industries more broadly. For AI companies, that expansion means the population of rights holders expressing machine-readable terms is growing rapidly, and the expectation that those terms will be respected is hardening.

This approach also reduces regulatory risk. The transparency requirements emerging from the EU AI Act and other frameworks increasingly require AI companies to demonstrate that they have processes for identifying and respecting rights holder declarations. A system that can read machine-readable terms and act on them is better positioned to demonstrate compliance than one that relies on case-by-case legal review.

Supertab Connect operates as the managed infrastructure layer on the content provider side of this equation, enabling rights holders to publish RSL-compliant terms, enforce access at the edge, and connect usage to settlement automatically. For AI companies, the existence of this kind of infrastructure on the supply side creates a more tractable licensing environment because it means permissions are expressed, enforceable, and connected to a payment mechanism that does not require manual negotiation to activate.

The cost of inaction is rising

The licensing risk AI companies face is not static. It is growing in three directions simultaneously.

Legal precedent is accumulating. Each court decision that affirms a rights holder's claim against an AI company narrows the space of assumptions that remaining cases can rely on. The legal environment for training data use that existed in 2022 is materially different from the one that exists today, and the trajectory is toward greater rather than lesser rights holder protection.

Technical enforcement is improving. Content providers are deploying access controls, machine-readable terms, and CDN-level enforcement that makes informal scraping harder and more legally risky. The Cloudflare network data on AI bot traffic illustrates how quickly the technical infrastructure for content access control is maturing on the supply side.

Regulatory requirements are expanding. The EU AI Act, national copyright adaptations, and emerging AI governance frameworks in multiple jurisdictions are imposing disclosure, transparency, and compliance obligations that did not exist when most current AI products were built. Meeting those obligations retroactively is harder and more expensive than building for them from the start.

The AI companies best positioned to manage this risk are those that treat licensing not as a legal department concern but as a core operational and product question. That means auditing content dependencies, building or adopting infrastructure that can verify and respect access terms at retrieval time, engaging with the standards landscape rather than waiting for it to stabilise, and pricing licensing costs into product economics rather than treating them as externalities.

The Window for Proactive Resolution Is Narrowing

Licensing risk is the structural constraint that will separate AI companies with durable business models from those whose economics depend on continued access to content on terms that are already changing. The content ecosystem is not going to become more permissive as legal frameworks mature and rights holders build better enforcement infrastructure.

The AI companies that resolve their licensing exposure proactively, through a combination of bilateral agreements, standards participation, and usage-based settlement infrastructure, will operate with lower legal risk, more predictable content costs, and stronger relationships with the content providers whose material makes their products reliable. Those that do not will face compounding exposure as the legal, technical, and regulatory environment continues to tighten around assumptions that were never as safe as they appeared.

Written by the Supertab Team

Pioneering the next generation of web monetization infrastructure and protocol-level content licensing.