👋 Welcome the OnlyLawyer newsletter! Each week I tackle legal topics for the tech industry — cybersecurity, data privacy, AI legal issues, and other current legal issues

The Benchmark Blind Spot

Here’s the thing about AI in contracts: we all want to treat it like software, but AI doesn’t behave like software.

If you buy a CRM, you can measure uptime, latency, and whether the “export CSV” button actually exports CSVs. Clean, testable, enforceable.

But if you buy an AI model (whether it’s a foundation model, a SaaS tool with embedded GenAI, or a bespoke model trained on your data) what do you measure?

• Accuracy? Against what baseline?

• Bias? Compared to which population?

• Explainability? To whom, exactly?

It’s like rating a first date…are we grading the conversation, the jokes, or how they treated the waiter?

The EU AI Act (final text adopted July 2024, phasing in 2026) and NIST’s AI Risk Management Framework 2.0 are already pushing for measurable assurances. That’s regulator-speak for “Don’t just say your model is safe, prove it.”

Which means the next time you’re handed an AI contract, don’t be surprised if there’s a line that says something like “Vendor warrants the model will achieve 95% accuracy.”

And that’s when the real trouble starts.

Why Accuracy Isn’t Accurate Enough

Let’s play this out.

You’re negotiating an AI-powered hiring tool. The vendor says: “Our model is 90% accurate in predicting top candidates.”

Sounds great. Until you ask:

• 90% compared to what?

• On which roles?

• In which markets?

• Tested when, with whose data, under what conditions?

Suddenly, “90% accurate” looks less like a warranty and more like a Tinder bio—technically true, broadly misleading, destined to disappoint.

Here’s the legal problem. Without a defined benchmark, you can’t prove breach. Which means your shiny AI SLA is basically written in pencil.

If you’re the vendor, this is where you get ahead of the problem: define the testing conditions, specify the dataset, and narrow the scope. Otherwise, you’ve just promised to be 90% accurate everywhere, forever…which is like promising your teenager will “always” clean their room. Good luck enforcing that.

The First Wave of Disputes

We haven’t seen the big case yet, the “AI warranty class action,” but the contours are forming.

Three pressure points to watch:

1. Investor lawsuits

Public companies touting AI performance metrics without standardized benchmarks are already catching SEC attention. It’s only a matter of time before shareholders sue over “materially misleading AI claims.”

2. Enterprise customers

If your enterprise AI vendor promised 95% accuracy and you got 62% in production, you’ll be looking for a refund. Without a defined test, you’ll struggle.

On the vendor side, this is why you fight hard for disclaimers about training data, customer input quality, and use case scope. Otherwise every bad output turns into “your model failed,” instead of “our people prompted it with nonsense.”

3. Regulators

The EU AI Act, FTC guidance, and UK CMA investigations are all circling the same drain: AI performance claims must be verifiable. Translation = benchmarks, or else.

Think of it like a legal whack-a-mole. Whoever swings first (i.e. investors, customers, regulators) the rest will pile in. No one wants to be left without a mallet.

The disputes won’t hinge on whether the AI “worked.” They’ll hinge on whether anyone agreed how to measure it.

The Benchmark Menu (None Perfect)

So what could a benchmark look like in practice? Here are the four main flavors I’m seeing in contracts right now:

1. Static dataset tests

• Example: “Model must achieve 92% accuracy on Dataset X.”

• Pros: Clear, measurable, repeatable.

• Cons: Models drift; performance on static datasets quickly becomes stale.

2. Ongoing KPI alignment

• Example: “Model recommendations must lead to a 5% reduction in customer churn, averaged quarterly.”

• Pros: Tied to business value.

• Cons: External factors muddy causation. Was it the model or just a new pricing plan?

3. Comparative performance

• Example: “Model output must outperform baseline tool by 15%.”

• Pros: Flexible; adapts to evolving tech.

• Cons: Requires defining and maintaining the “baseline.”

4. Process benchmarks

• Example: “Vendor will document and test for bias at least annually using Methodology Y.”

• Pros: Focuses on governance, not outcomes.

• Cons: Feels soft to business leaders used to uptime SLAs.

It’s the AI buffet. None of it is healthy, but you’ll probably need a little of everything to survive.

For buyers: benchmarks are your leverage. For vendors: they’re your liability. Which means the art of this negotiation is picking benchmarks that are specific enough to mean something, but narrow enough that you can actually hit them.

No one benchmark solves everything. The smart play is hybrid by combining a performance metric, a process assurance, and a disclosure obligation.

Where This Hits Your Contracts

Here’s where you’ll start seeing benchmark fights show up:

1. AI Warranties

Expect vendors to offer weak “performance warranties” (“model trained to industry standards”) and customers to push for hard numbers.

Buyers will want numbers (95% accuracy, reduced churn). Vendors will want softer standards (“trained with reasonable care and skill”). The fight is where those two meet, and whether the vendor can carve out factors outside its control—like customer data quality, market conditions, or the user who insists on typing prompts in all caps.

2. SLAs

Some providers are already dangling AI SLAs as differentiators. Look closely though. Are they promising accuracy, or just uptime of the API?

3. Indemnities

Watch for “if model fails to meet benchmark, liability capped at fees paid.” Without clarity on benchmarks, that’s an empty remedy.

4. Diligence

In M&A and VC deals, expect diligence checklists to ask: “What benchmarks do you use for your AI systems?” A startup with none will look riskier than one with bad ones.

The GC’s Playbook

If you’re advising on AI contracts, here’s how to keep from getting stuck with the world’s vaguest SLA:

Short-term (next quarter)

• Audit current AI deals for any performance promises (explicit or implied).

• Flag contracts with undefined “accuracy” or “bias” warranties.

• Train sales and product teams: stop making unqualified AI performance claims.

Medium-term (next 6–12 months)

• Develop a benchmark playbook: which measures are acceptable, which aren’t.

• Build internal guidance on hybrid benchmarks (performance + process + disclosure).

• Negotiate AI warranties around measurable, not aspirational, standards.

• If you’re on the vendor side, start standardizing “safe benchmarks” you can live with (e.g., tied to process and governance, not raw performance). That way you’re not reinventing the wheel (or the risk exposure) on every deal.

Long-term (12+ months)

• Expect regulators to set sector-specific benchmarks (healthcare, hiring, finance).

• Align procurement and product to those benchmarks early.

• Re-engineer templates so “AI warranty” doesn’t mean “AI litigation magnet.”

Because nothing says “we prepared well” like avoiding a lawsuit no one wants to be the test case for.

Footnotes:

• Want to work together? Reply to this email for sponsorship opportunities or other ways we can collaborate

• Share with your lawyer friends and subscribe below