Generative AI: A Legal and Commercial Analysis of Service Models, Copyright, and User Rights

by Gemini 2.5, Deep Research. Warning LLMs may hallucinate!

Executive Summary

The rapid proliferation of generative artificial intelligence (AI) has ignited a fierce debate, pitting the technology’s transformative potential against profound legal, economic, and ethical challenges. A social media post by creative industry professionals Nick Dunmur and Adam Shaw serves as a microcosm of this conflict, articulating a series of critical claims regarding the nature of AI platforms, their reliance on copyrighted material, the ownership of their outputs, and their broader economic and environmental impact. This report provides an exhaustive analysis of these claims, concluding that while the sentiments expressed are directionally correct on several key points, the underlying reality is a complex tapestry of unsettled law, significant economic disruption, and substantial hidden costs.

Key Finding 1: Generative AI is a “Service,” Not a “Tool.” The assertion that generative AI platforms are legally and operationally structured as “Software-as-a-Service” (SaaS), not as standalone tools, is fundamentally correct. This is not a mere semantic distinction; it is a critical classification with profound consequences for user rights, data privacy, provider liability, and control over the technology’s use and outputs.

Key Finding 2: AI Training Models are Built on a Legally Contested Foundation. The claim that AI models are trained on vast quantities of copyrighted works without permission or payment is substantially true and is the subject of existential, industry-shaping litigation. The primary legal defense offered by AI developers in the United States, “fair use,” is a high-risk, fact-specific, and unreliable gamble. The immense legal and financial pressure is forcing a systemic shift away from a “scrape-first” model toward a future where training data must be ethically sourced and licensed.

Key Finding 3: Users Do Not Truly “Own” AI Outputs. The claim that users do not own AI-generated outputs is legally complex but practically true in the most commercially meaningful sense. A fundamental conflict between platform Terms of Service, which often promise “ownership,” and foundational copyright law, which requires human authorship, creates a state of “phantom ownership.” Users typically receive a contractual right to use an output but not a legally defensible copyright they can protect from infringement by others, rendering such assets commercially vulnerable.

Key Finding 4: The Economic Impact is One of Value Transfer, Not Contraction. The assertion that AI contributes to a “shrinking of the economy” is inaccurate at the macroeconomic level, where generative AI is widely projected to boost productivity and GDP. However, the statement accurately reflects the severe economic disruption, value transfer, and potential for significant job displacement within the creative industries. The economic pie may grow, but its distribution is being radically altered, with value flowing from creative labor to technology capital.

Key Finding 5: The Environmental Footprint is Real and Substantial. The claim that using generative AI adds to one’s carbon footprint is unequivocally true. The energy and water consumption required for both the initial training of large models and the continuous, large-scale deployment for user queries (inference) are substantial, largely invisible to the end-user, and represent a significant and growing environmental externality.

Strategic Imperative: For both businesses and individuals, the central conclusion of this analysis is that generative AI must be approached not as a simple, inert tool, but as a complex service relationship. This relationship is fraught with unresolved legal questions, significant ethical considerations, and profound commercial risks that demand active, informed, and strategic management.

I. Deconstructing the “Service vs. Tool” Dichotomy: A Legal and Practical Analysis

The initial assertion in the analyzed social media post—that generative AI is a “service” and not the “tool” its providers wish users to believe—is the foundational argument upon which all other claims rest. This distinction is not merely semantic; it is a strategic framing battle that dictates the fundamental nature of the relationship between the user and the provider, with profound implications for control, liability, ownership, and data privacy. Classifying these platforms correctly is the essential first step in understanding the true terms of the user’s engagement.

1.1 The Legal and Commercial Framework: Defining SaaS vs. Licensed Tools

To understand the classification of generative AI, one must first distinguish between two dominant software distribution models: the traditional licensed “tool” and the modern “Software-as-a-Service” (SaaS) model.

A traditional software tool is analogous to a physical good. The user typically pays a significant, one-time upfront fee to purchase a perpetual license. The software is then installed on the user’s local machine or private server.¹ In this model, the user has a high degree of control and ownership over their instance of the software. They are responsible for maintenance, updates, and security, but in return, their data and operations remain within their own environment. The software is a tangible, albeit digital, asset.²

In stark contrast, the SaaS model is a service agreement, not a product sale.³ This model is characterized by several key features:

• Subscription-Based Access: Users pay a recurring fee (monthly or annually) for the right to access the software, rather than purchasing it outright. This lowers the initial cost of entry for users.³

• Cloud Hosting: The software is not installed locally but is hosted on the provider’s remote servers and accessed by the user over the internet, typically through a web browser or a lightweight client application.¹

• Centralized Management: The SaaS provider is solely responsible for all aspects of infrastructure management, including security updates, feature improvements, bug fixes, and server maintenance. Users are always on the latest version of the software without needing to take any action.¹

• Service Agreement: The legal relationship is governed by a service agreement or Terms of Service (ToS), which grants the user a right to use the software under specific conditions, rather than a license that transfers ownership rights.³

While the SaaS model offers significant benefits in terms of cost-effectiveness, scalability, and accessibility, it comes with a critical trade-off: a fundamental loss of user control. The user is entirely dependent on the provider for the continued availability and functionality of the service. The provider retains control over the software, its features, and the infrastructure it runs on. This dependency creates potential risks related to data security, as user data is processed and stored on the provider’s servers, and contractual obligations that can be complex and heavily favor the provider.⁴

1.2 Classifying Generative AI Platforms within the SaaS Model

When examined against this framework, it becomes clear that all major generative AI platforms—including OpenAI’s ChatGPT, Anthropic’s Claude, Midjourney, and Stability AI’s models—operate unequivocally as SaaS products. They are accessed via subscription fees, are hosted exclusively on the providers’ cloud infrastructure, and are managed and updated centrally.⁵ The user does not download and install a “ChatGPT tool” on their computer; they log into a service hosted by OpenAI.

This classification is implicitly recognized in legal and professional guidance. For example, guidance for lawyers using these platforms emphasizes the need to “regularly review the generative AI vendor’s data management, security and standards” and to “establish whether the generative AI tool is a closed system within your firm’s boundaries or also operates as a training model for third parties”.⁷ These are considerations unique to a service relationship, where the user must trust a third-party vendor with their data and operations. The focus is on vendor management, reviewing service level agreements, and understanding data governance policies—all hallmarks of procuring a service, not buying a tool.⁹

The framing of generative AI as a “tool” by its proponents is a deliberate and strategic choice. A “tool”—like a camera, a paintbrush, or a word processor—is a passive instrument wielded by an active human user. This metaphor implies that the user is in complete control, the output is a direct result of their skill, and the responsibility for that output rests solely with them. This framing conveniently positions the AI company as a mere technology provider, deflecting responsibility for the platform’s outputs, its potential biases, and the legal status of the content it generates.¹¹

However, the “service” classification more accurately reflects the operational, legal, and commercial reality. It highlights the ongoing, dependent relationship between the user and the provider. It correctly frames the provider as an active participant that controls the platform, has access to user data, dictates the terms of use, and bears a degree of responsibility for the service it delivers. The distinction is not academic; it is a proxy war over control, liability, and the nature of the value exchange. Recognizing generative AI as a service is essential to accurately assessing the risks and limitations inherent in its use.

1.3 Consequences of the “Service” Classification for Users and Businesses

Understanding generative AI as a service reveals several critical consequences that are often obscured by the “tool” metaphor.

First, there is a profound loss of user control and autonomy. Unlike a locally installed tool, a SaaS platform can be modified, restricted, or even terminated by the provider at any time, subject to the terms of the service agreement. Users have no ownership of the underlying software and are perpetually subject to the provider’s policies, which can change with little notice. This creates a significant dependency risk for businesses that integrate these services into critical workflows.⁴

Second, the service model introduces significant data security and confidentiality risks. When a user inputs a prompt or uploads a document to a public-facing AI service, that data is transmitted to and processed on the provider’s servers. This act immediately removes the data from the user’s direct control. The security and confidentiality of that information then depend entirely on the provider’s infrastructure, security protocols, and internal policies.⁶ A critical concern, particularly for businesses, is the risk that this input data could be reviewed by the provider or used to further train the AI models, potentially exposing proprietary information or client-confidential data.⁷ While enterprise-grade services may offer stronger data protection guarantees, the default for many consumer-facing services is that inputs are not fully private.

Third, the service model complicates liability and risk allocation. With a traditional tool, the user is generally liable for how it is used and the outputs it creates. In the SaaS model, liability is a complex issue governed by the service agreement. These agreements are often drafted to heavily limit the provider’s liability for any number of issues, including inaccurate outputs (”hallucinations”), service outages, or even outputs that infringe on third-party copyrights. The user, by agreeing to the ToS, often assumes a significant portion of the risk associated with using the service, even though they have no control over the underlying technology or its training data.¹¹

In conclusion, the initial claim is correct: generative AI is a service. This reality shifts the user’s position from that of an empowered owner of a tool to a dependent subscriber to a service, with all the attendant risks related to control, data, and liability.

II. The Copyright Conundrum: Analyzing the Use of Creative Works in AI Training

The most explosive claim in the social media post is that generative AI platforms “are built on the backs of human authors’ creative works and without permission or payment... and without being able to rely on any exception to copyright law.” This assertion lies at the heart of a wave of high-stakes litigation that poses an existential threat to the generative AI industry. A thorough analysis reveals that the core of this claim—the unauthorized and uncompensated copying of copyrighted works for training purposes—is factually accurate. The legality of this practice, however, remains one of the most contentious and unsettled questions in modern intellectual property law.

2.1 The Foundation of Infringement: Data Acquisition and Training Methods

Generative AI models, particularly large language models (LLMs) and diffusion models for image generation, are created through a process of “training” on staggeringly large datasets. This training process fundamentally involves making digital copies of the source material to be analyzed by the machine learning algorithms.¹² A significant portion of these training datasets is composed of copyrighted material—including books, articles, photographs, illustrations, and source code—that has been scraped from the public internet without the explicit permission of, or payment to, the respective rights holders.¹⁴

The scale of this copying is immense. Lawsuits filed by rights holders allege that AI companies have engaged in “industrial-scale” data harvesting, creating copies of billions of images and texts.¹⁶ Evidence presented in these cases suggests that training data has been sourced not only from the open web but also from illicit sources, such as “pirate” websites like LibGen and Z-Library, which host vast archives of copyrighted books without authorization.¹⁶ Furthermore, companies like Reddit have filed lawsuits alleging that AI firms have actively circumvented technical protections (such as robots.txt protocols and API restrictions) designed to prevent mass scraping of their user-generated content, sometimes by acquiring the data through third-party “data laundering” services.¹⁷

From a copyright law perspective, these acts of downloading, copying, and storing protected works to create a training dataset prima facie implicate the copyright owner’s exclusive right of reproduction.¹³ Unless a valid legal exception applies, this unauthorized copying constitutes copyright infringement.

Continue reading here (due to post length constraints): https://p4sc4l.substack.com/p/gemini-ai-must-be-approached-not