Chapter 34 Further Reading: Legal and Intellectual Property Considerations

Reminder: These resources are for educational purposes. They are not a substitute for legal advice from qualified counsel for specific situations.

1. U.S. Copyright Office — Copyright and Artificial Intelligence (copyright.gov/ai) The Copyright Office's formal guidance and inquiry reports on AI-generated content and copyright protection. The primary official source for understanding the current legal standard for human authorship requirements and the "sufficient human creativity" threshold. Updated as the Office issues new guidance; essential to check for the most current version. Free.

2. U.S. Copyright Office — AI Policy Report Part 1: Digital Replicas (2024) The Copyright Office's first major report on AI and copyright policy, addressing digital replicas, deepfakes, and personality rights. Establishes current official thinking on these questions and previews the forthcoming reports on training data and output copyrightability.

3. Grimmelmann, J. (2023). Copyright for Literate Robots. Iowa Law Review, 108(2), 401-430. A rigorous legal analysis of the copyright implications of AI text generation. Grimmelmann argues that the copyright questions raised by AI writing are not as novel as they appear — existing copyright doctrine is adequate to resolve most of them. Essential reading for practitioners wanting to understand the theoretical foundations of the current legal landscape.

4. Samuelson, P. (2023). Generative AI Meets Copyright. Science, 381(6657), 158-161. A brief but authoritative overview by one of the leading copyright scholars on the key legal questions raised by generative AI. Accessible to non-lawyers and covers both the training data and the output dimensions of AI copyright questions.

Open Source and AI Code

5. Software Freedom Conservancy — Copilot and the GPL (sfconservancy.org/blog/2021/aug/09/github-copilot-copyleft-gpl) The Software Freedom Conservancy's detailed analysis of the potential copyleft implications of GitHub Copilot. Represents the perspective of open source license enforcement advocates and provides the most thorough public analysis of why this is a real concern. Free to read.

6. GitHub Copilot — Copyright and Licensing Documentation (docs.github.com/en/copilot) GitHub's current documentation on the IP indemnification commitments it provides to enterprise Copilot customers and its description of its approach to copyright. Practitioners using Copilot for commercial code should read and understand what GitHub has and hasn't committed to. Free.

7. Hemel, D., & Ouellette, L. L. (2023). The Development of Copyright in AI. Stanford Technology Law Review. A scholarly analysis of how copyright law should develop in response to AI. Provides the legal academic context for understanding where the current unsettled law may be heading.

Data Privacy

8. European Data Protection Board — Guidelines on Generative AI (edpb.europa.eu) The EDPB's official guidance on GDPR implications of generative AI. This is the authoritative European source on how GDPR applies to AI tools, including questions of lawful basis, data subject rights, and processor obligations. Free; check for most current version as guidance continues to develop.

9. U.S. Department of Health and Human Services — HIPAA and Artificial Intelligence (hhs.gov/hipaa) HHS guidance on HIPAA obligations in the context of AI tools. Essential reading for anyone in healthcare or working with health data. The section on Business Associate Agreements is directly relevant to AI tool selection for PHI. Free.

10. California Office of the Attorney General — CPRA Compliance Resources (oag.ca.gov/privacy) Official California resources on CPRA (formerly CCPA) compliance. Essential for organizations subject to California privacy law who are using AI tools with California consumer data. Free.

11. Solove, D. J., & Schwartz, P. M. (2024). Information Privacy Law (7th ed.). Aspen Publishing. The leading privacy law casebook. Provides comprehensive coverage of US federal and state privacy law, GDPR, and emerging AI-specific privacy questions. Used in law school courses; accessible to non-lawyers who want deep understanding of the legal framework.

The EU AI Act

12. European Commission — EU AI Act Official Text and Implementation Resources (digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai) The official source for the EU AI Act text and implementation guidance. As the Act moves through its phased implementation, the European AI Office will publish additional guidance documents here. Essential for any practitioner whose work may fall under the Act's scope. Free.

13. Veale, M., & Borgesius, F. Z. (2021). Demystifying the Draft EU Artificial Intelligence Act. Computer Law Review International, 22(4), 97-112. A scholarly analysis of the EU AI Act's structure and implications. Provides accessible context for understanding the risk classification framework, the scope of obligations, and the enforcement mechanisms. Available via SSRN (free).

14. Future of Life Institute — EU AI Act Summary and Practical Guide (futureoflife.org/ai/the-eus-artificial-intelligence-act) A practitioner-accessible summary of the EU AI Act by a leading AI policy organization. More accessible than the formal legal text for practitioners who need to understand the Act without reading the full legal document. Free.

15. American Bar Association — Model Rules of Professional Conduct — AI and Lawyer Competence (americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct) The ABA's formal guidance on lawyer professional responsibility in the context of AI tools. The competence obligations that require lawyers to understand the technology they use, and the implications for AI tool use in legal practice. Essential for legal professionals and instructive for other professional services practitioners.

Risk Management and Governance

16. National Institute of Standards and Technology — AI Risk Management Framework (ai.nist.gov/ai-rmf) NIST's comprehensive framework for AI risk management, developed with extensive stakeholder input. The framework covers governance, risk identification, and mitigation practices at a level of detail useful for organizations developing AI use policies. Free.

17. CISA (Cybersecurity and Infrastructure Security Agency) — Guidelines for Secure AI System Development (cisa.gov/ai) US government guidance on security considerations in AI development and deployment. Relevant for organizations deploying AI in any context where security is a consideration, and for understanding the emerging US government standards for responsible AI use. Free.

Monitoring Resources

For staying current on the rapidly evolving AI legal landscape:

  • Law360 AI Digest — legal news aggregation covering AI-related litigation and regulatory developments
  • IAPP AI Privacy Resources (iapp.org) — regularly updated resources on AI and privacy law from the International Association of Privacy Professionals
  • AI Now Institute (ainowinstitute.org) — research and policy analysis on AI governance, including legal and regulatory developments
  • Electronic Frontier Foundation AI Reports (eff.org/ai) — civil liberties perspective on AI law and policy