When 35% of AI-generated code samples contain licensing irregularities, the question of who actually owns the software your team ships is no longer theoretical. It is a contract risk, an IP risk, and a client-relationship risk that every technology services company must address head-on.

AI coding assistants have become standard equipment in modern software development. GitHub reports that Copilot now generates a significant share of new code across its platform, and enterprises using staffing firms, outsourced teams, and Global Capability Centers (GCCs) increasingly expect their vendors to use these tools. But speed and productivity gains come with a legal complication that most Master Services Agreements (MSAs) were never designed to handle: if an AI writes the code, copyright law may not protect it at all.

This article translates the latest legal developments—including the U.S. Copyright Office’s definitive position on AI-generated works and the D.C. Circuit’s landmark ruling—into practical guidance for GCC contracts, MSAs, and IP protection strategies. You will learn how to distinguish AI-assisted work from AI-generated output, what your agreements must say, how to document human involvement, and when trade secret protection is the stronger play.

The Legal Landscape: What U.S. Law Actually Says

The U.S. Copyright Office settled the core question in January 2025 with Part 2 of its Report on Copyright and Artificial Intelligence. The conclusion was unambiguous: purely AI-generated material created by entering prompts is not copyrightable. The Office found that prompts alone do not provide sufficient human control over the expressive elements of the output, because AI models do not consistently follow instructions and frequently fill in gaps autonomously.

Two months later, the D.C. Circuit reinforced this position in Thaler v. Perlmutter, affirming that the Copyright Act requires all eligible works to be authored by a human being. In March 2026, the U.S. Supreme Court declined to hear an appeal, effectively closing the door on AI-only authorship for the foreseeable future.

The practical consequence for service companies is stark. Code that your developers accept verbatim from an AI tool—without meaningful human creative contribution—enters the public domain the moment it is created. You cannot copyright it, your client cannot copyright it, and neither party can prevent competitors from using identical code.

The Critical Distinction: AI-Assisted vs. AI-Generated Code

The Copyright Office draws a clear line between AI-generated and AI-assisted work, and understanding this distinction is the foundation of every IP protection strategy. AI-generated code is output accepted as-is from a tool like Copilot or ChatGPT, with no substantive human modification. AI-assisted code, by contrast, is the product of meaningful human creative direction—iterative prompting, architectural design decisions, editing, refactoring, and integration into a larger human-authored system.

The Office confirmed that use of AI to assist in the process of creation does not bar copyrightability, provided a human author has determined sufficient expressive elements. This includes situations where a human makes creative arrangements or modifications of AI output, or where human-authored work is perceptibly integrated with AI-generated material.

For development teams, the distinction is practical, not philosophical. A developer who uses Copilot to generate a boilerplate function, then restructures the logic, adds error handling, integrates it into a custom architecture, and tests and refines the result has created an AI-assisted work with a strong copyright claim. A developer who prompts an AI to generate an entire microservice and commits the output unchanged has created an AI-generated work with no copyright protection.

‍

‍

The Licensing Minefield: Why AI-Generated Code Creates Hidden Liability

Beyond the copyright vacuum, AI-generated code introduces a second category of risk: open-source license contamination. AI coding tools are trained on vast repositories of publicly available code, including code governed by restrictive licenses like the GPL. When these tools generate output, they may reproduce snippets subject to copyleft obligations or attribution requirements—without any indication to the developer.

The Doe v. GitHub lawsuit directly challenges whether AI coding tools can train on open-source code and output similar code without preserving licenses or copyright notices. By 2026, this case is shaping new compliance standards and forcing organizations to adopt stricter IP risk controls.

Research also shows that repositories using AI coding assistants exhibit a 6.4% secret leakage rate, which is 40% higher than that of typical repositories. This compounds the IP risk with security exposure—leaked API keys, credentials, and internal configuration data embedded in AI-suggested code that developers commit without thorough review.

For services firms, the exposure is amplified. If your developers unknowingly introduce GPL-licensed code into a client’s proprietary codebase through an AI tool, you may have triggered copyleft obligations that require the client to open-source their entire application—a catastrophic outcome for any commercial software product.

What Your GCC Contracts and MSAs Must Say

Standard software development agreements were drafted for a world where humans wrote all the code. The emergence of AI-assisted development requires specific contractual provisions that most MSAs lack. Here is what your agreements need to address.

AI Disclosure and Usage Policies

Every MSA should include an AI usage clause that requires the service provider to disclose which AI tools are permitted, define acceptable use boundaries, and commit to specific quality controls. According to legal analysis from Morgan Lewis, outsourcing agreements should now address AI governance, data quality, human-in-the-loop requirements, and IP ownership of AI-enabled outputs.

IP Ownership and Assignment

Because AI-only output cannot be copyrighted, traditional IP assignment clauses (“all work product is owned by the client”) may assign rights to material that has no legal protection. Contracts must distinguish between AI-generated and AI-assisted deliverables and assign ownership accordingly. Legal experts recommend that AI contracts explicitly assign ownership of all IP rights in outputs to avoid ambiguity, while acknowledging that copyrightability depends on the degree of human authorship.

Human Involvement Documentation Requirements

The contract should mandate that the service provider maintain auditable records of human creative involvement in all deliverables. This includes prompt logs, version control history showing human modifications, code review records, and architectural decision documentation. These records become the evidentiary foundation for any future copyright claim.

Licensing Compliance and Indemnification

Include specific representations that the delivered code has been scanned for open-source license conflicts, that the AI-generated output has been reviewed for license contamination, and that the provider indemnifies the client against third-party IP claims arising from AI tool usage. Require the use of license detection tools and real-time tracking systems as part of the development workflow.

‍

‍

Documenting Human Involvement: Building the Evidentiary Record

Copyright protection for AI-assisted code depends entirely on demonstrating a meaningful human creative contribution. This requires deliberate documentation practices embedded into your development workflow, not retroactive efforts.

1. Maintain detailed version control: Commit history should show the progression from AI-generated suggestion to final human-modified code. Avoid squashing commits that obscure this trail.
2. Log prompt-and-response sequences: Record the prompts used to generate code and the specific modifications developers made to the output. Tools like GitHub Copilot for Business offer audit logging capabilities.
3. Document architectural decisions: Human decisions about system design, integration patterns, and technology selection are creative contributions that strengthen copyright claims.
4. Conduct and record code reviews: Peer review is both a quality control and an IP protection mechanism. Reviews that result in modifications create additional evidence of human authorship.
5. Tag AI-generated vs. human-authored sections: Use code comments, metadata, or internal tooling to mark which portions of the codebase originated from AI tools and which were written or substantially modified by humans.

The goal is to create an unbroken evidentiary chain showing that a human author exercised creative judgment at every material stage of development. Developers should think critically while using AI coding tools and ensure their creative decisions are visible in the development record.

When Trade Secret Protection Is the Better Strategy

For code that cannot meet the human authorship threshold for copyright—or where the copyright question remains uncertain—trade secret protection offers a powerful alternative. Unlike copyright, trade secret law does not require a human inventor, making it inherently compatible with AI-generated output.

Trade secret protection applies to any information that derives economic value from being kept secret and is subject to reasonable measures to maintain its secrecy. This includes proprietary algorithms, training data configurations, internal-use code, and AI-generated solutions that are never publicly disclosed.

When to Choose Trade Secret Over Copyright

• The code is primarily AI-generated with limited human modification, making copyright protection uncertain.
• The code will be used internally and never distributed or open-sourced.
• The competitive advantage lies in the specific implementation, not the code structure itself.
• You need protection that can theoretically last indefinitely, rather than the fixed term of copyright.

Implementing Trade Secret Protection in Contracts

GCC agreements and MSAs should include robust confidentiality provisions that specifically cover AI-generated deliverables. Require non-disclosure agreements from all personnel with access, implement access controls and audit trails, and include contractual remedies for unauthorized disclosure. The key is ensuring that reasonable measures to maintain secrecy are documented and enforceable.

One critical limitation: trade secret protection cannot prevent reverse engineering or independent development. If a competitor independently arrives at the same AI-generated solution, trade secret law offers no recourse. For this reason, many organizations adopt a combined strategy—maximizing human involvement where feasible to preserve copyright, while layering trade secret protection over AI-generated components.

Conclusion

The rules are clear: AI-only code has no copyright protection, AI-assisted code can be protected with proper documentation, and licensing contamination is a measurable risk that demands contractual safeguards. Every GCC agreement and MSA your organization signs should reflect these realities with explicit AI usage policies, human authorship warranties, and layered IP protection strategies.

Start by auditing your current contracts for AI-related gaps and implementing documentation practices this quarter. For organizations building or scaling GCCs that need expert guidance on AI-compliant contracts and IP frameworks, Crewscale specializes in helping technology services companies navigate these complexities with confidence.