Revolutionize your business with AI: Expert legal guide to harnessing the power of ChatGPT and DALL-E

It is hard to overestimate the speed with which the different artificial intelligence (“AI”), specifically OpenAI’s ChatGPT or DALL-E-based instruments, took over entire industries. While the opportunities for growth offered by AI are seemingly endless, they do not remove the obligation of an entrepreneur to stay legally compliant. The use of OpenAI’s integrations is still based on legal contracts and is subject to terms and conditions.

This article uses the opportunity before AI replaces us lawyers to describe what legal issues you may need to deal with when working with or using OpenAI’s products for your business and establishing new business models. Considering the pace with which the field develops, it needs to be said that the article is written based on the data available in April 2023.

Usage Policies – what is prohibited

OpenAI has a comprehensive set of usage policies that expressly prohibit their technology use in certain areas. The prohibition includes using AI for illegal purposes, including scams, abuse, and harassment. The use of OpenAI’s models is also prohibited for otherwise legal activities, such as multi-level marketing, gambling, payday lending, determinations of eligibility for credit, employment, educational institutions, or public assistance services, some adult content (like pornography) and building products for political campaigning or lobbying purposes.

Consumer-facing uses in offering financial, legal, and health services, news generation, or summarization must provide a disclaimer that AI is being used. Models require disclosure to the user that they are interacting with an AI system. Simulation of another person must have explicit consent or be labeled as “simulated” or parody.

The building of plugins is also restricted, as they must have a clearly stated description that matches the functionality of the API. Prohibited is the use of plugins to automate conversations with real people, whether by simulating a human-like response or by replying with pre-programmed messages. Plugins that distribute personal communications or content generated by ChatGPT (such as emails, messages, or other content) must indicate that the content was AI-generated.

Liability & Intellectual Property 

As the first showcase of Bing’s chatbot proved, AI can wrongly but confidently answer many questions submitted to it. A service that integrates AI in a way could cause harm to the user and liability to the company that uses AI.

OpenAI disclaims liability for its platform. The terms of use include an indemnity clause, which means an obligation to compensate OpenAI for claims, losses, and expenses. A tool developed with OpenAI’s API infringes on someone’s IP resulting in a court case. The developer may need to defend OpenAI. 

Concerning the generated copyright, OpenAI does not claim copyright over content generated by the API for you or your end users. Any output generated using AI can be used for any purpose, including commercial purposes such as sales or publication. 


Italy was the first EU country to ban the use of ChatGPT, for example, due to the data breach that allowed users to view the titles of conversations other users were having with the chatbot. The Italian regulator found that, among other matters, no information is provided to users and data subjects whose data are collected by Open AI. There appeared to be no legal basis underpinning the massive collection and processing of personal data to ‘train’ the algorithms on which the platform relies. Finally, the lack of an age verification mechanism allegedly exposed children to receiving responses that are “absolutely inappropriate to their age and awareness.” OpenAI has since updated its privacy policy, and there are hopes that the issues will be resolved.

OpenAI promises not to use data submitted by customers via the API to train or improve the AI models unless the user explicitly decides to share the data for this purpose. Even then, any data sent through the API is promised to be retained for abuse and misuse monitoring purposes for a maximum of 30 days, after which it will be deleted. For some services, for example, GitHub Copilot, it is clearly stated that the code snippets data is only transmitted in real-time to return suggestions and is discarded once a suggestion is returned.

Notably, these restrictions on data policy do not apply to OpenAI’s non-API consumer services like ChatGPT or DALL-E, for which OpenAI reserves the right to use content such as prompts, responses, uploaded images, and generated images to improve their services. Those who wish to opt out of having their content used must fill out a separate Google form. 

That leads to the conclusion that companies under the confidentiality obligation must avoid inserting confidential data. For example, if you are using ChatGPT for document generation, you should remove any confidential information in the files before inserting your prompt.


In conclusion, the rapid advancement and integration of AI technologies, such as OpenAI’s ChatGPT and DALL-E, offer immense opportunities for businesses to grow and innovate. However, entrepreneurs must remain mindful of these AI tools’ legal landscape. Ensuring compliance with usage policies is the first step to adopting these new tools, and we can help you get on the right track. Contact us.

What legal issues should businesses be aware of when using OpenAI’s ChatGPT and DALL-E?

Businesses should be aware of legal issues related to usage policies, liability and intellectual property, and privacy when using OpenAI’s ChatGPT and DALL-E.

What are the prohibited uses of OpenAI’s technology according to its usage policies?

OpenAI’s usage policies prohibit using AI for illegal purposes, certain legal activities, and the use of plugins to automate conversations with real people. Consumer-facing uses must provide a disclaimer, and the simulation of another person must have explicit consent or be labeled as “simulated” or parody.

What are the privacy concerns related to the use of OpenAI’s ChatGPT and DALL-E, and how has OpenAI addressed them?

Privacy concerns related to the use of OpenAI’s ChatGPT and DALL-E include data breaches and a lack of age verification mechanisms. OpenAI promises not to use customer data to improve AI models without explicit permission and retains data for monitoring purposes for a maximum of 30 days. Meanwhile, users can opt out of having their content used, but still providing confidential data should be avoided altogether.

Get the latest about Hedman law firm


Our memberships:
FinanceEstonia, Lexing®,
Estonian Service Industry Association,
Estonian Chamber of Commerce and Industry,
EstVCA, EstBan, FECC,
IBA & IBA European regional Forum