AI Providers: Best Practices nach OLG Hamburg | IT-Medienrecht

So schützen Sie Ihr AI-Modell rechtlich! Erfahren Sie, wie AI Providers nach dem OLG Hamburg Urteil Urheberrecht beim Training beachten.

Hamburg Court Ruling: Legal Framework for AI Training Data & Copyright

Hamburg Court Ruling: Legal Framework for AI Training Data & Copyright

Today, the development of modern AI systems is inextricably linked to the question of how training data is obtained, processed, and legally evaluated. The ruling by the Higher Regional Court of Hamburg on the handling of copyrighted content in the context of training data sets has marked a turning point. This decision represents the clearest reference point to date in German case law concerning automated data analysis and the application of the text and data mining (TDM) limitations of Sections 44b and 60d UrhG. Together with the first-instance judgment of the Hamburg Regional Court, a coherent picture emerges that combines legal and technical principles.

These decisions indicate that the copyright assessment of automated TDM processes can no longer be based solely on traditional reproduction rules. Instead, it must align with the technical reality of modern AI models. This provides companies developing specialized AI systems with a reliable framework for the first time. However, compliance requirements are increasing considerably. Key components of AI governance now include:

This article classifies the case law and outlines the practical and strategic guidelines for AI providers. It also explains how specialized AI models—for sectors such as medicine, law, finance, logistics, or media—can be set up in a legally compliant manner. Beyond legal explanations, it demonstrates how corresponding contracts, TDM policies, and data architecture guidelines can be designed, and that such documents can be professionally drafted via itmedialaw.com.

The Hamburg Case Law: Data Set, Training Step, and Separation of Use

The decisions of the Regional Court (LG) and Higher Regional Court (OLG) Hamburg stem from a circumstance often underestimated in legal discourse. Technically, AI systems comprise several layers: the source material, generated metadata, embedding-based representations, and the actual training process. For a long time, copyright law focused solely on whether a work was reproduced. The Hamburg courts have clarified this classic analogous approach, differentiating for the first time between the various levels typically found in an AI system.

In the original case, the decisive factor was that LAION briefly reproduced images as part of an automated process. However, the process's result did not consist of copies of the images, but rather of metadata and text-image assignments. The courts emphasized that this structured data does not constitute a copy of the work, thus falling outside the scope of copyright exploitation. They also clarified that limitation rules can apply to temporary reproduction within technically necessary intermediate steps, provided the legal requirements are met.

This differentiation holds considerable importance. Companies utilizing specialized AI benefit when technical architectures avoid permanent storage of original works, instead relying on derived representations. This approach not only aligns with modern machine learning methods but also distances the data from the scope of copyright protection. Consequently, legally compliant AI training processes become more feasible.

The practical consequence is that data collection processes can be designed as part of a comprehensive compliance strategy. Storing embeddings or abstract feature vectors minimizes the risk of infringing copyright exploitation rights. The Hamburg decisions confirm that such representations are generally not to be regarded as reproductions of the work under Section 16 UrhG. This provides a structured method for designing legally compliant training processes.

Companies requiring suitable contracts or technical guidelines for this architecture—for example, for development teams, data suppliers, or external data science service providers—can have corresponding documents drafted based on this case law. At itmedialaw.com, it is possible to adapt such contracts precisely to the technical organization.

Rights of Use and Machine Readability: The New Frontier of TDM

A key aspect of the OLG decision concerns what constitutes an effective reservation of use under Section 44b (3) UrhG. In implementing the DSM Directive, the legislator introduced the principle that text and data mining is generally permitted unless a rights holder has expressly objected. However, this objection must be structured to be automatically recognizable.

The Higher Regional Court of Hamburg clarified that a reference in terms of use or general terms and conditions does not meet these requirements. In an era of automated data collection, reservations of use must be addressed to technical systems, not merely to legal persons. A notice intended only for human readers is insufficient to prevent automated access.

This implies two crucial points:

  1. Rights holders must employ technical standards to communicate opt-out declarations in machine-readable form.
  2. AI providers must utilize technical mechanisms to recognize and respect such reservations of use.

This obligation extends beyond moral or contractual considerations; it is a legal requirement for the TDM limitation to apply. This results in clear compliance requirements for AI companies.

Crawlers and data pipelines must be capable of evaluating robots.txt files, machine-readable license files, or standardized metadata formats. Systems need to document whether a reservation of use existed on source data and how this was technically recognized. The Hamburg decisions underscore that responsibility for this lies with the AI provider.

Companies acquiring training data from public sources therefore require a TDM policy that combines technical and organizational rules. Such a policy should be implemented in development teams and documented within the framework of internal responsibilities. Via itmedialaw.com, corresponding policies, internal instructions, and technical compliance concepts can be drafted and directly implemented in development environments.

Contracts with Data Suppliers, Platforms, and API Providers: License Architecture as a Competitive Advantage

The Hamburg case law also highlights that copyright limitations do not substitute for contractual regulations. Many valuable data sets required for specialized AI models are not publicly accessible. Licensing remains the central legal mechanism for these scenarios.

For highly specialized AI models—such as medical diagnostic systems, legal expert systems, financial market analyses, industrial IoT systems, or game balance engines—essential training data often originates from commercial sources. This includes large platforms and companies’ internal data pools. The specific details of using this data cannot be governed solely by limitation provisions; they necessitate robust contracts.

The Hamburg decisions provide a structure for this: contracts should clearly distinguish between the data set level and the model parameter level. While raw data can be regular copyrighted material, derived representations like embeddings can no longer be considered copies of works themselves. This distinction offers significant scope for contract design.

License agreements can be structured to permit raw data use solely for creating derived representations, while subsequent model parameters can be used more freely. This offers clear protection for the licensor and a precise framework for commercial exploitation for the licensee. Simultaneously, it minimizes the risk of subsequent model use conflicting with copyright rights. Companies can seek expert advice to draft contracts for AI-based services.

Companies requiring such contracts can have them drawn up individually. At itmedialaw.com, it is possible to draft structured license agreements, API usage agreements, data supply agreements, or data collaboration agreements. These documents consider both legal limitations and technical circumstances. By combining legal expertise with technical architecture analysis, contracts can be created that are not only legally compliant but also practical to use.

AI Compliance: Documentation, Model Transparency, and Regulatory Future

The OLG decision comes at a time when the European regulation of AI is undergoing its biggest upheaval in history. The AI Act creates new documentation and transparency obligations. The case law from Hamburg indicates that copyright law will also increasingly focus on organizational and technical documentation in the future.

This necessitates that AI providers document all steps of data handling in a comprehensible manner. This includes the crawl process, the recognition of machine-readable reservations of use, the generation of derived representations, and internal access control. Courts are increasingly focusing on technical standards. Proving compliance through clear documentation reduces the risk of legal disputes and simultaneously meets the requirements of investors, business partners, and supervisory authorities. This is crucial for managing legal aspects of artificial intelligence within a company.

Model transparency plays a key role here. Systems should be structured so they function as abstraction machines, not replication machines. The more clearly recognizable it is that models are not capable of extracting or reconstructing original works, the easier it is to justify limitations under contract and copyright law.

This is highly important for providers of specialized AI systems. Industries such as MedTech, LegalTech, FinTech, and GameTech increasingly rely on models demonstrating comprehensible and auditable training processes. A well-formulated compliance framework therefore becomes a competitive advantage. Companies requiring corresponding documents—such as TDM policies, data governance manuals, internal training documents, or regulatory documentation as defined by the AI Act—can have these created specifically.

Conclusion

The Hamburg decisions mark a turning point in the handling of training data and automated analysis processes. This case law provides clarity, emphasizes the importance of technical machine recognition mechanisms, and precisely distinguishes between the data record level and the model parameter level. For AI providers, this signifies that legally compliant training processes are technically feasible today, provided they are accompanied by suitable compliance structures.

Designing the data architecture is not merely a technical task, but increasingly a legal one. The more carefully companies document their data pipelines and differentiate between raw data and derived representations, the more stable their business model will be.

Furthermore, the decision clarifies that contracts with data providers, platforms, and developers continue to play a central role. They establish the foundation for high-quality, domain-specific training data, enabling the development of specialized models that are both legally and economically robust.

Companies have the option of having all necessary documents—from TDM policies and compliance guidelines to detailed data supply agreements—drawn up on a customized basis. The legal framework permits innovation if it is taken seriously and implemented in a structured manner. The Hamburg decisions provide a strong foundation for this.