COMPEL Certification Body of Knowledge — Module 3.4: Regulatory Strategy and Advanced Governance
Article 7 of 10
Intellectual property (IP) has always been a component of technology strategy. But AI introduces IP challenges that have no precedent in traditional software — challenges that existing IP frameworks were not designed to address and that courts, legislatures, and international bodies are still working to resolve. The EATE must understand these challenges well enough to design AI transformation strategies that protect the organization's IP interests, respect the IP rights of others, and navigate the substantial uncertainty that characterizes the current AI IP landscape.
This article is not a legal treatise. It is a strategic guide for the EATE — addressing the IP dimensions that affect enterprise AI transformation architecture, governance design, and competitive positioning.
The AI IP Landscape: What Makes It Different
AI creates IP challenges across every traditional category of intellectual property. Understanding these challenges requires examining how AI interacts with each category.
Patent Challenges
The patent system grants exclusive rights to novel, non-obvious, and useful inventions. AI creates challenges at every element of this framework.
Inventorship: Patent law in most jurisdictions requires that an inventor be a natural person. When an AI system contributes significantly to an invention — for example, when a generative AI system proposes a novel molecular structure that a human researcher then validates and develops — the question of inventorship becomes complex. Courts in the US, UK, EU, and Australia have addressed this question with varying outcomes, but the prevailing position is that AI cannot be named as an inventor. This creates a practical challenge: how does the organization document the human inventive contribution in AI-assisted innovation processes?
Patentability of AI itself: AI algorithms and models exist in a legal grey zone. Mathematical algorithms are generally not patentable. But specific applications of AI algorithms to produce novel and useful results — a particular application of deep learning to medical imaging, for example — may be patentable if they meet the standard requirements. The line between an unpatentable algorithm and a patentable application is drawn differently across jurisdictions and has been interpreted inconsistently by patent offices and courts.
Prior art and novelty: The volume and speed of AI research publication — through preprint servers, open-source repositories, conference proceedings, and industry blogs — creates an enormous and rapidly growing body of prior art. Establishing novelty for an AI innovation requires searching a prior art landscape that includes not only formal patent filings but also academic papers, GitHub repositories, and model releases.
Copyright Challenges
Copyright protects original works of authorship. AI creates copyright challenges in two directions: the copyright status of AI-generated outputs and the copyright implications of AI training data.
AI-generated works: When an AI system generates text, images, code, or other creative content, who owns the copyright? In most jurisdictions, copyright requires human authorship. Works generated entirely by AI — without meaningful human creative contribution — may not be copyrightable at all, meaning they enter the public domain immediately. This has significant implications for organizations that use generative AI to produce content, designs, or code.
The US Copyright Office has issued guidance confirming that works created without human authorship are not copyrightable, while acknowledging that works created with AI assistance where the human provides meaningful creative direction may be eligible for copyright protection. The key variable is the degree of human creative control — a spectrum that creates substantial uncertainty for AI-assisted creative processes.
Training data rights: AI models are trained on data, and that data often includes copyrighted material. The legal status of using copyrighted works to train AI models is the subject of active litigation and legislative debate globally. The EU AI Act requires providers of general-purpose AI models to implement policies respecting copyright, including mechanisms for rights holders to opt out of having their works used for training. In the US, multiple lawsuits are testing whether AI training constitutes fair use under copyright law.
The outcome of these legal proceedings will significantly affect AI development practices. The EATE must design governance that tracks these developments and positions the organization to comply with whatever framework emerges — while making responsible decisions about training data in the interim.
Trade Secret Protection
For many organizations, the most valuable AI IP is protected not through patents or copyrights but through trade secrets. Proprietary training data, model architectures, hyperparameter configurations, feature engineering techniques, and deployment optimizations may constitute trade secrets if they are kept confidential and provide competitive advantage.
Trade secret protection requires the organization to take reasonable measures to maintain secrecy. This has governance implications: access controls for model details, confidentiality agreements with AI practitioners, secure model deployment practices, and careful management of what information is disclosed through publications, patents, or regulatory submissions.
The tension between trade secret protection and regulatory transparency requirements is significant. The EU AI Act requires transparency about AI systems, and regulatory audits may require disclosure of model details that the organization considers trade secrets. The EATE must help organizations navigate this tension — designing governance that satisfies transparency obligations while protecting genuinely proprietary information.
Building the AI IP Strategy
The EATE designs AI IP strategy as a component of the broader AI transformation strategy (Module 3.1). This strategy addresses four dimensions.
Dimension One: IP Protection Strategy
The organization must decide how to protect its AI-related intellectual property — which assets to patent, which to protect as trade secrets, which to open-source, and which to treat as non-proprietary.
Patent strategy: Determine which AI innovations warrant patent protection. This involves assessing novelty, commercial value, enforceability, and the strategic benefit of public disclosure (patents require disclosure) versus secrecy. In AI, patent strategy is complicated by the rapid pace of innovation — by the time a patent is granted (typically two to five years after filing), the technology may have evolved significantly.
Trade secret strategy: Identify which AI assets derive their value from confidentiality and implement the governance controls required to maintain trade secret protection. This includes: documenting what constitutes a trade secret; implementing access controls; requiring confidentiality agreements; and establishing processes for managing trade secret disclosure when required by regulators, auditors, or business partners.
Open-source strategy: Determine which AI assets to release as open source. Open-source release may be strategically valuable — establishing technical standards, attracting talent, building ecosystem relationships, or commoditizing complementary technologies. But it also means surrendering exclusive rights. The decision to open-source should be deliberate and governed, not incidental.
Dimension Two: IP Risk Management
AI creates IP risks that must be managed through governance.
Infringement risk: AI systems that are trained on or that generate content may inadvertently infringe third-party copyrights, patents, or trade secrets. Governance should include processes for clearing training data rights, monitoring AI-generated outputs for potential infringement, and responding to infringement claims.
Employee IP risk: AI practitioners who move between organizations may carry knowledge of proprietary techniques, architectures, or data. Governance should include appropriate (and legally enforceable) IP assignment agreements, non-disclosure agreements, and onboarding/offboarding processes that manage the risk of IP transfer through employee mobility.
Open-source licensing risk: Open-source AI components carry licenses with varying terms. Some licenses (such as GPL) include copyleft provisions that may require derivative works to be released under the same license. Using such components in proprietary AI systems without understanding the licensing implications can create significant legal exposure. Governance should include processes for reviewing open-source licenses before incorporating components and tracking license obligations across the AI portfolio.
Third-party AI IP risk: When the organization uses third-party AI, the contractual allocation of IP rights must be clear. Who owns models trained on the organization's data using a vendor's platform? Who owns outputs generated by a vendor's AI system applied to the organization's inputs? These questions should be resolved contractually during procurement, guided by the third-party governance framework described in Module 3.4, Article 6: Third-Party and Supply Chain AI Governance.
Dimension Three: IP in the AI Development Lifecycle
IP governance should be embedded in the AI development lifecycle rather than applied as an afterthought.
Ideation phase: When AI practitioners propose new AI capabilities, the ideation process should include a preliminary IP assessment — identifying potential patentable inventions, trade secret considerations, and third-party IP risks.
Data acquisition phase: When acquiring data for AI training, the process should include IP review — confirming that the organization has the right to use the data for training, understanding any restrictions on use, and documenting data provenance for future compliance.
Development phase: During model development, governance should require documentation of human inventive contributions (supporting future patent claims), management of open-source license obligations, and protection of proprietary techniques through access controls and confidentiality measures.
Deployment phase: When deploying AI systems, governance should address output IP — establishing whether the organization can claim IP rights in AI-generated outputs and how those rights are managed, particularly when outputs are provided to customers or partners.
Monitoring phase: Ongoing monitoring should include IP-relevant surveillance — monitoring for potential infringement of the organization's AI IP by competitors and monitoring the organization's AI outputs for potential infringement of third-party IP.
Dimension Four: IP Strategy in the Regulatory Context
AI IP strategy intersects with regulatory compliance in several ways that the EATE must navigate.
Disclosure requirements: Regulatory frameworks, including the EU AI Act, require disclosure of information about AI systems that may include proprietary details. The EATE must help organizations design disclosure practices that satisfy regulatory requirements while maintaining appropriate IP protection. This may involve working with regulators to establish confidential treatment procedures for proprietary information disclosed during regulatory review.
Patent-regulatory interaction: In regulated industries (pharmaceuticals, medical devices, financial services), the interaction between patent strategy and regulatory approval timelines can significantly affect the commercial value of AI innovations. The EATE should ensure that IP strategy accounts for regulatory timelines and that regulatory strategy accounts for IP protection needs.
International IP coordination: Different jurisdictions offer different IP protections. The EATE must design IP strategy that accounts for the jurisdictional variation described in Module 3.4, Article 2: Multinational Governance Architecture — filing patent applications in jurisdictions with strong AI patent protection, implementing trade secret protections that satisfy legal requirements across jurisdictions, and managing copyright considerations in a landscape where training data rights vary by country.
Emerging IP Challenges
The AI IP landscape is evolving rapidly. The EATE must monitor several emerging developments.
AI-generated inventions legislation: Several jurisdictions are considering legislation that would address the inventorship question for AI-generated innovations. The EATE should monitor these developments and prepare governance that can adapt to new inventorship frameworks.
Training data compensation frameworks: The question of whether and how rights holders should be compensated when their works are used to train AI models is the subject of active debate. The EU approach (opt-out mechanisms) differs from proposals in other jurisdictions. The EATE should design data acquisition governance that can adapt to emerging compensation requirements.
Model weight and architecture protection: As AI models become more valuable, legal protections for model weights (the numerical parameters that define a trained model) and model architectures are being tested. The legal status of model weights — are they copyrightable? Patentable? Protectable as trade secrets? — is unresolved and will significantly affect how organizations protect their most valuable AI assets.
Synthetic data and IP: Synthetic data — artificially generated data used to train AI models — raises novel IP questions. If synthetic data is generated by one AI model to train another, what IP rights attach to the synthetic data? Can synthetic data circumvent IP restrictions on real data? The EATE should monitor these questions and design governance that addresses synthetic data IP appropriately.
The EATE's IP Role
The EATE is not a patent attorney or IP specialist. The EATE's role is to ensure that AI IP strategy is integrated into the broader AI transformation strategy — that IP considerations are addressed in governance design, that IP risks are managed through the enterprise risk framework (Module 3.4, Article 5: AI Risk Governance at Enterprise Scale), and that IP opportunities are captured as part of the value creation strategy.
This integration role requires the EATE to work closely with the organization's legal and IP functions — bringing AI-specific knowledge to IP strategy discussions and ensuring that IP strategy informs governance design. The EATE ensures that the organization's IP posture is proactive rather than reactive, strategic rather than tactical, and integrated rather than siloed.
Key Takeaways for the EATE
- AI creates IP challenges across patents, copyrights, trade secrets, and licensing that existing frameworks were not designed to address.
- AI IP strategy has four dimensions: protection strategy, risk management, lifecycle integration, and regulatory coordination.
- The legal landscape for AI IP is evolving rapidly, with active litigation and legislation on training data rights, AI-generated works, and AI inventorship.
- IP governance should be embedded in the AI development lifecycle, not applied as an afterthought.
- The EATE integrates AI IP strategy into the broader transformation strategy, working with legal and IP specialists to ensure that IP is governed proactively and strategically.