by Prof. Dr. Thomas Wilmer
 

For details, see the publications, FAQs and presentations at www.chatgpt-recht.de and /prof-dr-thomas-wilmer 

1. Do not present the AI results as your own work outputs or achievements

In order for AI results to be presented as your own work/achievements, your own creative contribution to the result must clearly outweigh the AI contribution.

For example, if you have your own copyrightable work processed by AI, the result of AI processing may also be protected in your favour (e.g. in the case of minor rewordings or additions by the AI).

However, if you use a prompt to generate an AI result (without any other work of your own being processed), you will not generally become the author of the AI results.
If you are paid to create something personally, it may constitute fraud if you pass off AI results as your own. Even if you are not paid for a result, you may not claim to be the author of a result created exclusively by AI, as this is considered plagiarism. In examinations, this false claim of authorship also constitutes a serious violation. For greater transparency, it is advisable to indicate the extent to which AI tools (as well as people or calculators) have provided support (e.g. as part of the acknowledgements or as an appendix).

Furthermore, AI results may infringe the rights of those whose content was as AI training data. In this respect, it is particularly important to critically examine whether ‘newly’ created images are too similar to the originals by well-known artists.

2. Do not assume that the AI is perfect and produces error-free results.

AI results are not error-free. GenAI is amazingly good, but it also produces flawed results. AI is only as good, accurate and non-discriminatory as the underlying data and algorithms. This is particularly true for questions on specific scientific subjects, where a lack of access to specialist databases means that AI sometimes invents source references. If AI is used for economic or scientific purposes, the results should always be cross-checked. 

3. Do not feed external AI with sensitive content - the AI not only gives, it also takes!

If you send queries as prompts or upload documents to AI that is not purely internal and appropriately protected, you may be revealing a lot about your company, your health, your political views, etc. to the AI providers. For companies, the following applies: if you hand over your know-how to a third-party AI, it is no longer protected under the German Trade Secrets Act (GeschGehG). Incidentally, this also applies to translation tools and other specialised AI assistants. 

4. Consider whether you want to give your database/website to the AI... use opt-out options.

Openly accessible content on your website can be read by AI. Access to your website by AI can possibly be legally prohibited by a machine-readable objection in the source code, but you can otherwise effectively prevent reading by bot blocks and opt-out markers. From the author's point of view, it is advisable to include the following wording in the meta name="robots" and in the imprint: "The site owner declares a reservation of use in accordance with Section 44b (3) of the Copyright Act on Text and Data Mining (UrhG) and according to Art. 4 Para. 3 of the EU DSM Directive; Der Seiteninhaber erklärt einen Nutzungsvorbehalt nach § 44b Absatz 3 des Urheberrechtsgesetzes zum Text und Data Mining (UrhG) und nach Art. 4 Abs. 3 der EU DSM-Richlinie"

5. Do not use prompts about people and brands carelessly.

You should not include any personal data or data of famous or non-famous personalities in prompts unless

• consent has been given, or
• it is for scientific, artistic or satirical purposes.

In particular, you should not produce and circulate fake images that are difficult for third parties to recognise, as you do not know if and how they will be used later.

When creating images, do not use trademarks and logos of companies that are then integrated into the images. While this is not always illegal, it can still be problematic, especially if the images are redistributed.

6. Read the terms and conditions of AI use: Who owns the input and output?

Bear in mind that, under most terms and conditions, you pay with the input, which may also be used for further data analysis. Many AI providers will initially entice you with free AI outputs, only to formulate new terms and conditions later on, once you have become accustomed to using the system or have geared your activities towards it. Take this into account when considering potential dependence on these systems. 

7. Never use AI results thoughtlessly via API interfaces or otherwise automated as a host.

Anyone who automatically integrates AI and publishes third-party content (in this case AI outputs such as texts and images) via it runs several legal risks. The content may be factually incorrect, offensive, illegal or otherwise problematic, which may be punishable by law or lead to injunctive relief and claims for damages. Even if you yourself only host / automatically pass on the results, you may be liable under the Digital Services Act and other laws, as well as the principles of so-called "Stoererhaftung" (Breach of Duty of Care). In addition, there are obligations to inform site visitors according to the GDPR (General Data Protection Regulation) and the TDDDG (the German Telecommunications Digital Services Data Protection Act). The AI may also make contractual commitments that are then binding on you. 

8. Never use AI outputs carelessly in the human resources area.

If AI is used in an automated manner in the company, this must not lead to automated decisions being made that affect employees, in particular in the HR area, in accordance with Art. 22 GDPR. Even outside of automated decisions, the use of AI may require the consent of employees and, if necessary, co-determination by the works council. Take this into account when planning.

9. AI is not generally forbidden and not generally bad: Compliance

If the rules on the use of AI are observed, AI can be a very useful tool in both education and business. The use of AI should be carefully planned. Above all, it is important to ensure transparency both in the use of AI and in the utilisation of the results and the integration of prompts or API interfaces.
A process for the legal integration of AI should therefore be established that involves all parties at an early stage and discloses the use of AI in a transparent manner. 

10. Keep up to date with legal developments.

You should remain abreast of the positions of the European and national data protection supervisory authorities (e.g. via chatgpt-recht.de and the news ticker there). Violations of data protection when using AI can result in heavy fines and claims for damages under Articles 82 and 83 of the GDPR and may also be punishable by law. So keep yourself up to date with the upcoming legal changes. Always use AI transparently and after weighing up the interests of all parties involved.