chevron-down Created with Sketch Beta.

Landslide®

December 2024/January 2025: IP Portfolio Management

The IP Practitioner’s Guide for Advising the Next Generation of Startups

Charles Stephen Maule and Michael Aaron Silliman

Summary

  • Startups adopting AI should be advised on the USPTO’s AI invention requirements and risks of using LLMs.
  • Increased remote work post-pandemic heightens the importance of startups having robust protection mechanisms and policies for protecting trade secrets.
  • Noncompetes and employee NDAs may become invalid when the FTC’s new rule goes into effect.
  • Important but often-overlooked IP topics for startups include data privacy/GDPR concerns, open-source software, and design patents.
The IP Practitioner’s Guide for Advising the Next Generation of Startups
Artur Debat via Getty Images

Jump to:

The last few years have thrown startups a whirlwind of challenges: a steep drop in venture capital investment, a highly competitive marketplace, the artificial intelligence (AI) revolution, and an abundance of remote work. Helping founders navigate this evolving landscape will require intellectual property (IP) practitioners to stay ahead of the curve. Our 2018 guide generally outlined the key steps IP practitioners need to take when working with startups. Today’s world requires revisiting these guidelines. It is critical that IP practitioners study these new risks and challenges to provide founders with legal advice tailored to the unique needs of startups.

Artificial Intelligence

Over 50% of companies are planning to incorporate AI technologies in 2024. The AI and large language model (LLM) revolution has introduced both opportunities and challenges as startups leverage AI for innovation while grappling with the complexities of IP protection in this domain. Despite the numerous and expanding legal implications of AI, the key issues for IP practitioners to address with startups include the patentability of AI-related inventions, AI-related risks and mitigation strategies, and the dangers of overreliance on AI for legal matters.

Patenting AI Inventions

As AI becomes a widely used technical tool, practitioners must familiarize themselves with the patentability of AI-assisted inventions. The U.S. Patent and Trademark Office (USPTO) has recently issued specific guidance on inventorship and subject matter eligibility of AI inventions, which practitioners should study to effectively navigate the complexities of patenting in this domain.

USPTO’s AI inventorship guidance. The AI inventorship guidance sets out the USPTO’s interpretation of the inventorship requirements for AI-related inventions, aiming to strike a balance between incentivizing AI-assisted inventions without hindering future human innovation by locking up innovation created without human ingenuity. According to the USPTO, AI-assisted inventions are not categorically unpatentable for improper inventorship, but a human must have contributed enough to be considered an inventor. Accordingly, an AI-assisted invention is patentable in the U.S. only if a person “contributes significantly” to the invention. Practitioners with AI-focused clients should analyze their client’s technology to determine which aspects may be patentable under this guidance.

It is worth noting that the USPTO’s AI-assisted inventorship guidance is not without controversy, as the guidance received criticism from both legal and industry representatives. While the guidance has been effective since February 2024, the USPTO has actively sought comments on the guidance and has indicated that it plans to issue further guidance on AI. Practitioners should monitor and stay abreast of further developments—from the courts and USPTO—about the patentability of AI-related inventions.

USPTO’s AI subject matter eligibility guidance. The USPTO also recently issued updated guidance on subject matter eligibility that specifically focuses on AI inventions. This guidance addresses eligibility of AI inventions and introduces three new examples designed to help examiners and stakeholders understand how to apply the subject matter eligibility criteria to AI inventions. The guidance and examples focus on two steps in the subject matter eligibility analysis: (1) determining whether an AI claim recites a judicial exception (e.g., an abstract idea), and (2) evaluating if the AI invention integrates the judicial exception into a practical application by, for example, claiming a specific application of AI to a particular technological field (i.e., a particular solution to a problem). Practitioners should consult this guidance in evaluating the patentability of a client’s technology and in drafting claims that will pass muster at the USPTO.

Patentability of AI-assisted inventions outside of the U.S. Clients seeking patent protection outside of the U.S. will require an even more detailed analysis by practitioners, as requirements for AI-related inventions differ between jurisdictions. For example, the European Patent Office requires AI-related patent applications to include detailed disclosure of the aspects of the AI that bring about the technical effect provided by the invention (e.g., specific training data or a particular algorithm), and the Japan Patent Office has indicated that it will require particular claim terminology and details regarding the function of the AI. Startups with an international presence or plans to expand internationally will need careful advice on patenting of AI-related technology.

AI Risks and Mitigation Strategies

Advising startups on the use of AI involves a careful balance between embracing innovation and managing risk. We are in the nascent stages of AI disputes and litigation, which puts startups in the difficult position of reading about these risks in the news, without the guidance of any established best practices supported by case law. Additionally, that case law will likely take years to develop; meanwhile, the pace of AI development is on the order of weeks, and companies that avoid AI risk being left behind.

Instead of counseling wholesale against any AI use, it is incumbent on practitioners to help startups understand and mitigate risks. Many of the existing AI disputes are centered on the use of copyrighted training data. If startups are using third-party AI tools and do not have control over the training of the AI, their risk will be largely based on their use of the AI outputs. These risks can be mitigated by ensuring that the startup has a strong indemnity for the use of the outputs from the AI vendor. Practitioners should review the indemnities available to the client for each AI tool and help them understand and negotiate the scope of their indemnity, if any. This may affect the startup’s choice of AI tools, as indemnity offerings can vary considerably between vendors.

If companies are building an AI tool, or incorporating AI functionality into products, practitioners will need to do a deeper analysis of the AI tool itself. At a minimum, practitioners should identify whether the training data, the planned inputs of the tool, and the generated outputs of the tool include confidential or copyrighted information of the startup or of third parties, and, if so, consider whether the tool could be modified to eliminate the presence of that information. Putting guardrails on how these tools are designed, trained, and used can significantly reduce the risk in their use, and provide defenses in any disputes down the road.

Indeed, guardrails and other AI policies are key areas where practitioners can provide value to their startup clients. Employees will inevitably seek out generative AI tools that make their job easier. Rather than prohibiting the use of these AI tools, practitioners should help founders create AI policies that establish guardrails, rules, and best practices for the use of AI. A comprehensive AI policy should address key questions such as: Which AI tools can be used? What types of data can be input into the LLM? How will the outputs of the LLM be used? Do these outputs need to be verified for accuracy and legal compliance? By establishing clear guidelines, practitioners can enable their clients to leverage the benefits of AI while minimizing potential risks.

Risks of Using LLMs for Legal Matters

In an effort to keep legal costs low, many founders are tempted to use LLMs to generate legal documents. It is hard to blame them—10 minutes with a publicly available LLM can spit out ostensibly accurate nondisclosure agreements (NDAs), supply agreements, joint development agreements, privacy policies, simple license agreements, and more. These specious documents may appear good enough for a startup on a shoestring budget with little desire to spend that on legal, but, without thorough vetting by an attorney, these documents are at best incomplete and at worst disastrous. Practitioners should warn founders of these risks and counsel them to resist the temptation to use publicly available LLMs for legal advice and document preparation without thorough review and verification by an attorney. For example, an ineffective NDA could jeopardize trade secret protection. Similarly, poorly drafted development, service, or license agreements could lead to costly contract disputes over IP ownership and licensing rights. This temptation can be tempered by offering founders templates for basic agreements and advising them of the risks of using an LLM for legal documents.

Founders may also be tempted to use LLMs for patent drafting. But confidential information like invention disclosures should not be entered into any publicly accessible LLM, as prompts are often stored and may even be used to train the LLM. Furthermore, like other legal documents, LLMs can generate specious patent applications. Practitioners should advise clients of the dangers of inputting confidential information into LLMs, as well as the legal nuances in patent drafting that will be missed by an LLM, risking the validity, enforceability, and scope of the patent.

That said, practitioners should consider whether private and patent-focused LLMs may have a place in provisional patent drafting, where the disclosure is largely a summary of the invention. Unlike public LLMs, some of these private LLMs do not store prompts or use inputs to train the model. A suitably secure LLM from a reputable vendor could reduce the cost of an application. For example, an LLM could generate an initial draft, based on an inventor’s notes or an invention disclosure form, for a practitioner to review and revise. However, practitioners should be cautious about the LLM tool they select and ensure that any client information will be kept confidential and not be used to train the tool.

Remote Work and Trade Secret Protection

Although remote work has always been more common in startups than in larger businesses, it has ramped up in startups following the outbreak of the COVID-19 pandemic. This shift underscores the need for startups to ensure that their virtual work environments maintain robust trade secret protections. These protections are critical to maintaining enforceable trade secrets because a key element of trade secret misappropriation is that the information was actually protected as a trade secret. To protect trade secrets in a remote work environment, startups should implement strict security policies and measures, such as encryption, secure access controls, and regular cybersecurity training for employees. Additionally, practitioners should advise startups to use robust NDAs, with both employees and third parties, to prevent unauthorized disclosure of sensitive information. Practitioners should help startups identify and protect these assets by developing comprehensive trade secret policies and recommending audits to ensure compliance. As discussed in our original 2018 guide, startups often overlook critical but less technical trade secrets, such as customer lists, operating procedures, and supplier lists. Once identified, IP practitioners should counsel startups to distinguish and sequester trade secret information from nonproprietary information in their data management systems.

Open-Source Software

Open-source software (OSS) can be an attractive tool for startups, as it enables software developers to hit the ground running by building on the efforts of a community of developers and without dipping into limited financial reserves. Relying upon open-source technology can also be complementary to developing other IP, including patents and trade secrets. Practitioners should help guide startups as to what IP protections are available and how those mesh with open-source technology. And they should also caution founders that using OSS can open the door to a number of licensing and security risks.

OSS may be free of cost, but it is not free. Rather, it is typically released under one of numerous licenses and often imposes obligations on those using the OSS. The first step to evaluating OSS is to identify and understand the corresponding license. For example, some “copyleft” licenses allow startups to modify the licensed software but include obligations that derivative works also be made available under the same license, while permissive licenses merely ensure that the original OSS project remains publicly available. Wikipedia (and likely other sites) may offer helpful comparisons of many open-source licenses, but the wide variations in licenses necessitate that IP practitioners advise startups on the scope and specific contractual language in any OSS license.

Additionally, some OSS projects may include security vulnerabilities that risk exposing confidential information. Some vulnerabilities are likely inadvertent, as OSS projects are often managed by small teams of volunteers. However, attempts have been made to hijack OSS to introduce new security vulnerabilities. Software audits may be one way to identify and address risks but can be costly. Ultimately, OSS can be hugely valuable to startups (as well as established entities), but it is critical that IP practitioners advise startups to keep robust records of each OSS package used to limit the risk of legal disputes and track potential security vulnerabilities.

FTC Ban on Noncompetes

The FTC recently announced a new rule that would ban entering into and enforcing most noncompete agreements. This rule, originally scheduled to go into effect in September 2024, is now in limbo following one decision upholding the rule in Pennsylvania and two decisions striking down the rule in Florida and Texas. The FTC has appealed the Texas and Florida courts’ decisions. The FTC’s rule may ultimately be headed to the U.S. Supreme Court, but in the meantime, startups should be aware that noncompete rules of varying scope are already in effect in multiple states.

Traditionally, noncompetes have been used to protect trade secrets and prevent employees from joining competitors for a limited period of time after leaving a company. The FTC proposes NDAs as alternatives to noncompete agreements. However, startups should be cautious, as overly strict NDAs could qualify as de facto noncompetes banned under the new FTC rule. For example, an employment agreement could be unenforceable if it includes a confidentiality obligation that “has the effect of prohibiting the worker from seeking or accepting” other work. A startup with this sort of language in its employment agreements could be placing its trade secrets in jeopardy.

With noncompetes potentially off the table and NDAs requiring careful review, startups must reevaluate both existing and future employment agreements and explore alternative methods for safeguarding their IP. For example, startups may consider more robust trade secret protections and recordkeeping; keeping a closer eye on departing and newly hired employees, and any information leaving or introduced with employees; and limiting access of trade secret information to only those employees with a true need to know. In addition to being smart IP housekeeping tips, these are the tools that startups can use to protect critical IP wherever noncompete bans are in place.

To strike the right balance, employee NDAs should be specific and narrowly tailored to protect the most critical trade secrets. They should clearly define what constitutes confidential information and outline the obligations of employees regarding the protection and nondisclosure of such information. And startups may consider patents as safer alternatives to relying on NDAs to protect critical trade secrets. Practitioners should monitor the ongoing impact of and decisions addressing the FTC’s rule, watch for guidance and case law regarding the scope of the FTC’s de facto noncompete definition, and consider any relevant state-level noncompete rules that may be applicable.

Data Privacy

Client Base Considerations

Data privacy regulations, like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), are on the rise and require careful consideration. Practitioners should ensure that startups consider numerous factors in their data collection practices such as: What kind of personally identifiable information (PII) is collected? Whose PII is collected? Where do these persons or entities reside? How do the startups plan to use this PII? And what are the ages of individuals whose PII is being collected? These and other factors determine which statutes are in play. Privacy regulations may dictate individuals’ rights in their information and implicate whether and how their data can be used to train AI systems.

Data Policy and Contracts

In order to comply with these regulatory frameworks, startups should have comprehensive data policies in place that comply with the appropriate regulations. Practitioners should also caution startups that they may be held liable for any commitments to their clients, but transparent policies enable startups and customers alike to engage on agreeable terms. These policies need to address data collection, storage, encryption, and sharing practices. Practitioners should ensure that agreements that may involve data transfers include the appropriate data privacy language (often seen in a data privacy addendum) to ensure compliance and mitigate legal risks.

Prosperous Startups Prefer Proficient IP Practitioners

Navigating the evolving landscape for startups will require IP practitioners to be flexible, proactive, and well-informed. By staying updated on the latest trends and regulatory changes, practitioners can provide valuable guidance to startups, helping them to protect their IP and achieve their business goals.

©2024. Published in Landslide, Vol. 17, No. 2, December 2024/January 2025, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.

    Authors