What the Lawsuits Are Really About

Some time in April of this year, NYT v. OpenAI is scheduled for summary judgment. The legal commentary has been building toward this moment for nearly two and a half years. There are now sixty-plus AI copyright lawsuits in active litigation in the United States. Norton Rose Fulbright is publishing quarterly updates. The Copyright Alliance is publishing year-in-reviews. Multiple lawsuit-tracking resources have launched, scraping court filings into dashboards that make it possible to track the doctrine in real time.

The doctrine matters. It’s also, importantly, not the question that matters most for builders and buyers in 2026. The doctrinal questions — whether training on copyrighted material qualifies as fair use, who owns the output of a generative model, what counts as substantial similarity in a system that produces probabilistic remixes of its training corpus — those questions are real and the courts will eventually answer them. But while the lawyers and journalists have been watching the courtroom, the market has been answering a different question. The settlements, the licensing deals, the contractual posture every major AI vendor has quietly adopted, the way enterprises are negotiating their AI procurement contracts — all of that has been telling a story that has very little to do with whether NYT wins on April fifteenth.

The story is this: AI “IP” is not functioning as an asset class. It is functioning as a price discovery mechanism for training inputs. The copyright shell is the procedural vehicle. What’s actually happening is a market figuring out what training data is worth, and pricing it accordingly, in real time, while the doctrine stays unsettled and probably stays that way for years more.

If you can hear that, the contractual posture you should adopt for AI vendors falls out almost automatically. So does the rest of this series.

The strongest version of “watch the doctrine”

I owe the dominant view its best shot one more time. The dominant view says: this is the most important moment in U.S. copyright doctrine in a generation. The fair-use ruling in Thomson Reuters v. Ross found that headnotes were original and protected and that training a competing AI legal-research product on them was not fair use. That ruling is on appeal at the Third Circuit. The Bartz v. Anthropic class action found that training on copyrighted books was fair use, but that storing pirated copies was not — and the case settled for $1.5 billion, with an estimated payout of roughly three thousand dollars per work. NYT v. OpenAI is now the marquee case, with billions of dollars in statutory damages on the table and a fact pattern that a plaintiff-friendly judge could read either way.

The dominant view is right that these cases are doctrinally important. A clear pro-plaintiff fair-use ruling at the Third Circuit, or a partial summary judgment in NYT’s favor, could meaningfully reshape the economics of foundation model training. Smaller players with less ability to license would feel it first. The cost of training data would go up. The market for licensed training corpora — which already exists but has been small and slow — would expand fast. None of that is nothing.

But — and this is the move the dominant view misses — the market did not wait for the doctrine. It started pricing training data the moment it became clear the doctrine would take years. Every major AI vendor in 2026 has either (a) inked direct licensing deals with major rights-holders, (b) restructured its vendor contracts to push training-data risk down to the customer in highly specific ways, (c) published indemnification policies that effectively buy out the customer’s exposure for a price the vendor calculates against expected settlement frequency, or (d) some combination of all three. The Anthropic settlement was not a doctrinal event; it was a price-discovery event. NYT v. OpenAI, when it resolves, will be the same. The number — whatever it ends up being — is the signal. The reasoning in the opinion is the noise.

This matters because the dominant view tells builders and buyers to wait. Wait for the ruling. Wait for clarity. Wait to see how the doctrine settles. That advice is exactly wrong, and following it has cost organizations the entire eighteen months in which the actual market has been forming under their feet. The right move was never to wait. The right move was to read the market, understand that “IP” was operating as a procurement category and not a property category, and structure your contracts accordingly.

What the cases are actually doing

Let me restate the three big cases through the price-discovery lens.

Thomson Reuters v. Ross established a price for training-data infringement in a specific high-stakes corner of the market. Westlaw headnotes are an unusually clean fact pattern: tightly curated proprietary editorial content with clear authorship, used to train a directly competing product. The summary-judgment ruling against Ross said, in effect, this is the kind of training that has a price, and the price is high. The appeal will refine that number. It will not change the underlying market reality that this category of training data now has a known cost.

Bartz v. Anthropic did the same thing for a different category. Books, especially fiction, especially books with named individual authors, especially when the training corpus included pirated copies. The ruling that fair use covered the training but not the piracy was doctrinal cover for what the settlement actually did, which was establish a price — about three thousand dollars per work — for that specific kind of input. The number is not surprising; it’s roughly what literary licensing has historically cost in adjacent markets. The doctrine was the procedural vehicle. The market was the actual outcome.

NYT v. OpenAI is going to be the largest of the three, with the most expansive fact pattern: news content, ongoing publication, alleged near-verbatim reproduction in some prompts, billions in statutory damages alleged. When this resolves — and the most likely resolution, given the way OpenAI has been negotiating other licensing deals in parallel and the way both sides are postured, is a settlement that establishes a tiered licensing rate for major news content — the price for that category will be set. The doctrine will remain unsettled. The market will not.

This is what I mean by “AI IP is functioning as a price discovery mechanism.” The cases are not adjudicating property rights in any final sense. They are, in the way that mass-market litigation has been doing for half a century, establishing market clearing prices for inputs that are too expensive to license individually. The plaintiffs’ bar gets a fee. The vendors get certainty. The rights-holders get a payment structure they can predict. The doctrine stays loose enough that the market can move.

If you treat the lawsuits as price-discovery events instead of doctrinal events, your reading of the news shifts. Settlement amounts become signals about input categories. Licensing deals become signals about market segmentation. Indemnification policies become signals about how vendors expect their downstream customers to share the cost. None of this requires a J.D. to read. It requires reading the market the way you’d read any other immature market that’s pricing a new commodity.

What this means for your contracts

The implication, if you accept the price-discovery framing, is direct. You stop negotiating AI vendor contracts as though the IP doctrine matters more than the market structure, and you start negotiating them as though you’re a sophisticated buyer in a maturing market for compute, model access, and workflow integration. The conventional priorities — IP indemnification, output ownership, SLA — get rearranged. The unconventional priorities — no-train clauses, portability, model substitution — move to the top because they are the ones that protect against the things that actually go wrong.

The number-one term you should fight hardest for in any AI vendor contract in 2026 is the no-training-on-our-data clause. This is the clause that determines whether the workflow signal you generate by using the vendor’s product becomes training data for the vendor’s other customers — including your competitors. This is the asset of the loop. Every other contractual term in the punch list is a defensive position around this asset. If you lose this fight, you have effectively become an unpaid training data contributor for your industry’s eventual AI vendor. Read the clause carefully. Watch for “anonymized,” “aggregated,” and “improving the service” language that creates training-data exceptions through the side door. Negotiate hard.

The second term is portability and termination rights. The Anthropic-Pentagon crisis of February 2026 was the cleanest possible test of this. As I have flagged in the previous essays in this series, I cannot point to a specific named organization whose contract terms demonstrably carried it through February with workflows intact, and the kinds of customers most likely to have negotiated those terms — defense primes, regulated enterprises — do not publish case studies on how their procurement contracts handled a political event. What is publicly documented is the inverse: organizations whose contracts had only basic SaaS termination clauses spent quarters in operational confusion, with the Pentagon estimating months to fully transition, HHS staff given hours of notice to save their work, defense tech companies scrambling to drop Claude, and the federal-news press reporting the chaos in real time across multiple agencies and primes. The architectural and contractual asymmetry is the lesson. The next adverse event in the AI stack will not be a copy of the Anthropic event — it will be different, in shape and timing — and the contracts that hold up will be the ones whose portability rights were written for adverse events generally, not for any specific scenario.

The third term is model-substitution rights. Can you swap the underlying model — provider, version, fine-tune — without renegotiating the contract? If yes, the vendor has agreed that the model is a substitutable component and that your relationship is with the vendor’s product, not with any specific underlying AI provider. If no, the vendor has reserved the right to control which model serves your traffic, which means in practice the vendor controls your workflow’s substitution risk. The latter posture used to be common in 2024. It should be unacceptable in 2026.

After those three, the priority drops sharply. Audit rights on data and model lineage matter — without them, indemnification clauses are uncashable in practice — but they’re enabling rights for the top three rather than primary protections. PII handling and data-residency guarantees matter, but most of what they’re trying to achieve is more reliably achieved through architecture (gateway tokenization, regional processing) than through vendor commitments.

Then the conventional top priorities — IP indemnification, output rights, SLA — sit at the bottom of the punch list. This is not because they don’t matter. They matter. It’s because they’re now standard, the courts and settlements have created enough market structure that vendors have converged on similar positions, and they’re not the front line of any fight that will determine whether your AI architecture survives the next three years. They’re the SaaS hygiene of the AI era.

The mistake most enterprises are making in 2026 is exactly the inverse of this priority order. They’re spending most of their negotiating capital on items six through eight — IP indemnification, output rights, SLA. They’re spending almost none on items one through three, which is where the real risk lives. Procurement leaders, in defense of this allocation, will tell you that the bottom-three items are “what counsel knows how to negotiate.” That is true and it is the problem. The top-three items are what your architecture has to support, and your counsel doesn’t read code.

What the AOSentry architecture has shown about contracts

I’ll be honest about something that sits uncomfortably with the editorial pose I’ve been taking through this series. AOSentry — the product I founded AOCyber to build, and that I built from scratch after two years exploring gateway architectures and AI tooling — is structured around the architectural assumption that the contractual punch list above is more or less correct. Customer engagements have been the empirical test of that assumption. I am writing this from inside the test. I have a stake in the answer.

What I can tell you, with appropriate caveat, is that the customers who have come to the gateway-architecture posture — through AOSentry, through their own in-house gateway, or through some combination — have universally been the ones whose contracts at the model-provider layer ended up looking like the top three items on the punch list. The architecture and the contract are not separate decisions. They are the same decision, made twice — once in code and once in language. Customers who built gateway architectures wrote model-substitution rights into their downstream contracts because the architecture made substitution real. Customers who structured no-train clauses into their vendor agreements built tokenization into their gateway because the architecture made the clause enforceable. The two halves of the decision reinforce each other, and the customers who made one half ended up making the other half too.

This is, I think, the deepest version of the thesis I have been trying to develop across this series. The IP framing splits contract from architecture and treats them as separate disciplines: the lawyers handle one, the engineers handle the other, and the strategy team writes a slide about how the company has “AI IP.” The framing that works in 2026 — the framing the market has been quietly adopting underneath the doctrine — collapses the two. The contract is architecture written in legal language. The architecture is contract written in code. Neither one alone protects anything that matters. Together, they protect the workflow position that is the actual asset.

The line, one more time

I’ll close where I started. Across four essays, the same line has been the thesis from different angles, and the angles have all pointed at the same target.

Stop protecting. Start owning the loop.

For data, the version was: stop measuring AI defensibility in terms of corpus size, start measuring it in terms of feedback closure rate. The data is exhaust. The loop is the asset.

For prompts, the version was: stop investing in legal protection for prompts that leak the moment they ship, start investing in architecture that makes the protection real. The protection model the industry has built for prompts is theater. The protection that works is contractual and architectural.

For agents, the version was: stop treating agentic IP strategy as the locus of defensibility, start scoring your agents against workflow ownership. The components commoditize. The position compounds.

For the lawsuits — for the contracts you sign with the AI vendors who are the inputs to all of this — the version is: stop watching the doctrine, start reading the market. The doctrine will stay unsettled for years. The market is pricing inputs in real time. The contractual posture that protects you is the one that takes the market seriously and treats the IP framing as the procedural shell that it is.

If I had to compress the whole series into the language a single executive could use to redirect their organization tomorrow, I would put it like this. Most of the budget your organization currently allocates to “AI IP” is theater. Most of what you actually need to do involves changing your architecture and your contracts so that adverse events — provider blacklists, model degradation, doctrinal shifts, vendor acquisitions, pricing changes, training-data leaks — become inconveniences rather than crises. The architecture and the contracts are the same decision made twice. The decision is own the loop, not the artifacts. Make that decision once, in both halves, and most of the AI-defensibility conversation that has been consuming your last two years stops being a strategic question and becomes an execution question.

The execution question is hard. The strategic question never had to be.

Justin Donnaruma is the founder and CEO of AOCyber. He built AOSentry from scratch after two years exploring gateway architectures and AI tooling. AOSentry is an AI security gateway and governance platform that gives organizations one API across every major AI provider, with PII tokenization, immutable audit logs, and post-quantum cryptography from Day 1. If you’ve read all four essays in this series and want to compare the contractual posture and architecture against what your organization currently has in place, start a conversation.