SAAS MASTER SERVICES AGREEMENT WITH AI GOVERNANCE CLAUSES

STATE OF ALASKA

TABLE OF CONTENTS

PART A: STANDARD MSA TERMS

1. Parties and Scope
2. Access and Restrictions
3. Service Levels
4. Fees and Payment
5. Data Protection
6. Intellectual Property
7. Confidentiality
8. Warranties
9. Indemnification
10. Limitation of Liability
11. Term and Termination
12. General Provisions

PART B: AI GOVERNANCE ADDENDUM

13. AI Service Definitions
14. Transparency and Explainability
15. Data Usage for AI
16. Bias and Fairness
17. Human Oversight
18. AI-Specific Warranties and Disclaimers
19. AI Risk Allocation
20. Regulatory Compliance
21. AI Audit Rights
22. AI-Specific Termination Rights

PART A: STANDARD MSA TERMS

1. PARTIES AND SCOPE

This SaaS Master Services Agreement with AI Governance Clauses ("Agreement") is entered into as of [EFFECTIVE DATE] by and between:

Provider: [PROVIDER LEGAL NAME] ("Provider")
Customer: [CUSTOMER LEGAL NAME] ("Customer")

1.1 Scope. This Agreement governs Customer's access to and use of Provider's SaaS platform, including AI-powered features as described in applicable Order Forms.

1.2 Order Forms. Services are ordered via Order Forms that reference this Agreement.

2. ACCESS AND RESTRICTIONS

2.1 License. Non-exclusive, non-transferable right to access the SaaS per Order Form.

2.2 Restrictions. No reverse engineering, resale, competitive use, or circumvention of limits.

2.3 User Management. Customer manages user access and is responsible for user compliance.

3. SERVICE LEVELS

3.1 Availability. [99.9]% monthly uptime per SLA Policy.

3.2 Support. Per Support Policy attached.

3.3 Credits. SLA credits as sole remedy except for termination rights for chronic failure.

4. FEES AND PAYMENT

4.1 Fees. Per Order Form; payment within [30] days.

4.2 Late Payment. Interest at [1.5]%/month or Alaska legal maximum.

4.3 Taxes. Customer responsible except Provider's income taxes.

5. DATA PROTECTION

5.1 DPA. Data Processing Addendum governs Personal Data.

5.2 Security. Security measures per Security Addendum.

5.3 Alaska Privacy. Compliance with Alaska Personal Information Protection Act (AS 45.48).

6. INTELLECTUAL PROPERTY

6.1 Provider IP. Provider owns all SaaS IP.

6.2 Customer Data. Customer owns Customer Data.

6.3 Feedback. Licensed to Provider royalty-free.

7. CONFIDENTIALITY

7.1 Protection. Standard confidentiality obligations, [3] years post-termination.

7.2 Trade Secrets. Alaska UTSA (AS 45.50.910 et seq.) applies.

8. WARRANTIES

8.1 Provider. Material conformance, professional services, no malware.

8.2 Disclaimer. AS IS except as stated; no implied warranties to extent permitted.

9. INDEMNIFICATION

9.1 Provider. IP infringement for SaaS as provided.

9.2 Customer. Customer Data, AUP breach, law violations.

10. LIMITATION OF LIABILITY

10.1 Cap. [12/24] months' fees.

10.2 Exclusions. No consequential/indirect damages.

10.3 Carve-outs. Indemnity, confidentiality, willful misconduct.

11. TERM AND TERMINATION

11.1 Term. Per Order Form with auto-renewal.

11.2 Termination. For breach (30-day cure), insolvency, or convenience with notice.

11.3 Effect. Data export for 30 days, then deletion.

12. GENERAL PROVISIONS

12.1 Governing Law. Alaska law.

12.2 Venue. Anchorage, Alaska courts.

12.3 Jury Waiver. WAIVED TO EXTENT PERMITTED.

12.4 Assignment, Notices, Amendments. Standard terms.

12.5 Electronic Signatures. Valid under Alaska UETA (AS 09.80).

PART B: AI GOVERNANCE ADDENDUM

13. AI SERVICE DEFINITIONS

13.1 "AI Services" means any features of the SaaS that utilize artificial intelligence, machine learning, or automated decision-making, including but not limited to:
(a) Predictive analytics and recommendations;
(b) Natural language processing;
(c) Image/document recognition;
(d) Automated content generation;
(e) Decision support systems.

13.2 "AI Model" means the algorithms, neural networks, or other computational models used to provide AI Services.

13.3 "Training Data" means data used to train, validate, or improve AI Models.

13.4 "Output" means results, predictions, recommendations, or content generated by AI Services.

13.5 "High-Risk AI Use" means use of AI Services for decisions significantly affecting individuals regarding:
(a) Employment or workforce management;
(b) Credit, insurance, or financial services;
(c) Housing or essential services;
(d) Healthcare or safety;
(e) Legal or governmental decisions.

14. TRANSPARENCY AND EXPLAINABILITY

14.1 Documentation. Provider shall maintain and provide upon request:
(a) General description of AI Model functionality;
(b) Types of data inputs processed;
(c) Nature of Outputs generated;
(d) Known limitations and appropriate use cases.

14.2 Explainability.
☐ Standard Tier: General explanation of how AI Services function.
☐ Enhanced Tier: For High-Risk AI Use, Provider shall offer explanations of individual Outputs upon request, including key factors influencing the Output.

14.3 Model Updates. Provider shall notify Customer [30] days before material changes to AI Models that could significantly affect Outputs.

14.4 Version Tracking. Provider shall maintain records of AI Model versions deployed.

15. DATA USAGE FOR AI

15.1 Customer Data Usage. Provider's use of Customer Data for AI purposes:

☐ Option A - No Training: Customer Data NOT used to train AI Models.
☐ Option B - Opt-In Training: Customer Data used for training only with express consent.
☐ Option C - Aggregated Only: Only anonymized/aggregated data used for model improvement.

15.2 Data Segregation. If multiple customers' data trains shared models, Provider shall implement technical measures to prevent Customer Data leakage.

15.3 Third-Party Data. Provider warrants that third-party data used to train AI Models was obtained lawfully with appropriate rights.

15.4 Data Minimization. Provider shall process only data necessary for the AI Services.

16. BIAS AND FAIRNESS

16.1 Bias Mitigation. Provider shall:
(a) Implement processes to detect and mitigate bias in AI Models;
(b) Test AI Models for discriminatory outcomes;
(c) Document bias testing methodology and results.

16.2 Fairness Metrics. For High-Risk AI Use, Provider shall provide upon request:
(a) Fairness metrics used;
(b) Testing results across protected categories where applicable;
(c) Mitigation measures implemented.

16.3 Customer Responsibility. Customer acknowledges that:
(a) Customer is responsible for evaluating AI Outputs before consequential use;
(b) Customer should not use AI Services in ways that could result in unlawful discrimination;
(c) Customer shall notify Provider of suspected biased Outputs.

16.4 Alaska Non-Discrimination. AI Services shall not be used in violation of Alaska Human Rights Law (AS 18.80) or other applicable anti-discrimination laws.

17. HUMAN OVERSIGHT

17.1 Human-in-the-Loop.
☐ Required: For [SPECIFIED USE CASES], Customer shall maintain human review before acting on AI Outputs.
☐ Recommended: Provider recommends human review for decisions with significant individual impact.

17.2 Override Capability. Customer shall have the ability to override or reject AI Outputs.

17.3 Escalation Process. Customer shall establish processes for escalating questionable AI Outputs for human review.

17.4 Provider Monitoring. Provider monitors AI Service performance and may intervene if systemic issues are detected.

18. AI-SPECIFIC WARRANTIES AND DISCLAIMERS

18.1 AI Warranties. Provider warrants that:
(a) AI Services perform substantially as documented;
(b) Provider has implemented reasonable processes for AI development;
(c) Provider has the right to use Training Data.

18.2 AI DISCLAIMERS.
(a) NO GUARANTEE OF ACCURACY. AI OUTPUTS ARE PROBABILISTIC AND MAY CONTAIN ERRORS. PROVIDER DOES NOT WARRANT THAT AI OUTPUTS ARE ACCURATE, COMPLETE, OR SUITABLE FOR ANY PARTICULAR PURPOSE.
(b) NO GUARANTEE AGAINST BIAS. DESPITE MITIGATION EFFORTS, AI MODELS MAY EXHIBIT UNINTENDED BIAS.
(c) EVOLVING TECHNOLOGY. AI TECHNOLOGY IS RAPIDLY EVOLVING. PERFORMANCE MAY CHANGE.
(d) NOT A SUBSTITUTE FOR PROFESSIONAL JUDGMENT. AI OUTPUTS DO NOT CONSTITUTE LEGAL, MEDICAL, FINANCIAL, OR OTHER PROFESSIONAL ADVICE.

18.3 Customer Acknowledgment. Customer acknowledges reviewing and accepting the AI-specific disclaimers.

Customer Initials: _______

19. AI RISK ALLOCATION

19.1 Provider Risk. Provider bears risk of:
(a) AI Service non-conformance with documentation;
(b) IP infringement by AI Models themselves;
(c) Data breaches affecting Training Data;
(d) Failure to implement represented bias mitigation.

19.2 Customer Risk. Customer bears risk of:
(a) Decisions based on AI Outputs;
(b) Use of AI Services for unauthorized purposes;
(c) Failure to maintain appropriate human oversight;
(d) Customer Data quality issues affecting Outputs.

19.3 Shared Risk. Parties shall cooperate on:
(a) Investigating AI-related incidents;
(b) Responding to regulatory inquiries;
(c) Addressing third-party claims involving AI Services.

19.4 Insurance. Provider maintains [describe AI-related insurance coverage, if any].

20. REGULATORY COMPLIANCE

20.1 Current Regulations. Provider shall use commercially reasonable efforts to comply with applicable AI regulations, including:
(a) Federal Trade Commission guidance on AI;
(b) Equal Employment Opportunity Commission guidance (if applicable);
(c) Sector-specific AI regulations (healthcare, financial services, etc.).

20.2 Emerging Regulations. As AI regulations evolve:
(a) Provider shall monitor and assess applicability;
(b) Provider shall notify Customer of regulations materially affecting the AI Services;
(c) Parties shall cooperate on compliance efforts.

20.3 Alaska Regulations. As of the Effective Date, Alaska has not enacted AI-specific regulations. Provider shall monitor and comply with any Alaska AI regulations that may be enacted during the term.

20.4 Customer Compliance. Customer is responsible for compliance with laws governing Customer's use of AI Outputs, including employment, lending, and consumer protection laws.

21. AI AUDIT RIGHTS

21.1 Audit Scope. Customer may audit Provider's AI governance practices:
☐ Annually
☐ Upon reasonable suspicion of non-compliance
☐ As required by Customer's regulators

21.2 Audit Process.
(a) Customer provides [30] days' notice;
(b) Audit conducted during business hours;
(c) Audit limited to AI governance practices, not source code;
(d) Customer bears audit costs unless material non-compliance found.

21.3 Third-Party Audits. Provider shall provide upon request:
(a) SOC 2 Type II reports covering AI Services;
(b) Third-party AI audit reports (if available);
(c) Penetration test summaries related to AI infrastructure.

21.4 Remediation. Provider shall address material audit findings within [60] days or provide a remediation plan.

22. AI-SPECIFIC TERMINATION RIGHTS

22.1 Customer Termination for AI Issues. Customer may terminate if:
(a) Material change to AI Model significantly degrades Output quality for [90] days;
(b) Provider materially breaches AI governance commitments;
(c) Regulatory changes make continued use unlawful.

22.2 Provider Termination for AI Issues. Provider may terminate if:
(a) Customer uses AI Services for prohibited High-Risk purposes;
(b) Customer's use creates material legal risk to Provider;
(c) Customer refuses to implement required human oversight.

22.3 Transition Assistance. Upon termination, Provider shall:
(a) Provide Customer Data export;
(b) Provide reasonable transition assistance for [30] days;
(c) Document any Customer-specific AI Model configurations.

SIGNATURES

IN WITNESS WHEREOF, the parties have executed this Agreement as of the Effective Date.

PROVIDER:

CUSTOMER:

ATTACHMENTS

• Attachment A: Order Form
• Attachment B: SLA Policy
• Attachment C: Support Policy
• Attachment D: Data Processing Addendum / Security Addendum
• Attachment E: Acceptable Use Policy
• Attachment F: AI Services Description
• Attachment G: AI Model Documentation