Contact

An overview of the European Union’s Model Contractual Clauses for Artificial Intelligence

Back to top

An overview of the European Union’s Model Contractual Clauses for Artificial Intelligence

In 2024, the European Union (EU) formally adopted the Artificial Intelligence Act (AI Act). The AI Act will be fully applicable in 2026, with some provisions currently in force. Flowing from this, in March 2025, the EU Public Buyers Community released updated Model Contractual Clauses for Artificial Intelligence (MCC-AI), including a commentary to guide its use. 

3 Sep 2025 3 min read Corporate & Commercial Alert Article

At a glance

  • In 2024, the European Union (EU) formally adopted the Artificial Intelligence Act (AI Act). The AI Act will be fully applicable in 2026, with some provisions currently in force. Flowing from this, in March 2025, the EU Public Buyers Community released updated Model Contractual Clauses for Artificial Intelligence (MCC-AI), including a commentary to guide its use. 
  • Supply chain management teams should carefully consider the application of the MCC-AI, as it provides a useful foundation for contractual provisions to procure AI solutions.
  • This article breaks down what the MCC-AI offers when procuring AI and the applicability for South Africa.

Supply chain management teams should carefully consider the application of the MCC-AI as it provides a useful foundation for contractual provisions to procure AI solutions. This article breaks down what the MCC-AI offers when procuring AI.

Overview

The MCC-AI sets out the contractual conditions that enable contracting authorities to comply with obligations under the AI Act. The MCC-AI primarily focuses on systems that are classified as “high risk” in the AI Act. These are systems that may pose a high risk to the health and safety or fundamental rights of persons. In instances where a non-high-risk system is used, a lighter and flexible version (light version) of the clauses could be used.

The MCC-AI is intended to be included in contracts as an annexure, and not used as a standalone contract. It focuses on AI-specific obligations drawn from the AI Act, which include transparency, risk management, data governance, human oversight, cybersecurity, etc. The lighter version omits stricter components such as audit rights and conformity assessments.

The table below summarises the key obligations set out in the MCC-AI. These obligations are mapped directly to the AI Act’s requirements:

15083 key obligations[97]

It is important to determine which version of the MCC-AI is required for the specific AI system. For example, if the AI system is intended to be used in in healthcare, and may process health and patient data, this may mandate the use of the high-risk clauses. Therefore, the parties must ensure that the appropriate conformity assessments are conducted, and ongoing risk monitoring measures are implemented. The light version may be used in instances where the processing of data or the AI system does not pose a high risk, for example, incorporating an AI chatbot agent to assist with queries on a website.

Analysis

The MCC-AI is a good starting point to mitigate risk when procuring AI systems. It provides a checklist to cover most of the risks present when considering the impact of AI in a business. However, the MCC-AI alone is not sufficient. For complex technology transactions, parties must consider the overall objective of the contract. Additionally, the AI system will have an impact on intellectual property, liability, warranties and data protection considerations. Therefore, any use of the MCC-AI must essentially be tailored to the specific terms and the actual risk profile of the AI system.

Adapting for South Africa

Organisations are grappling with implementing suitable AI contractual provisions. The MCC-AI will provide South African companies and multinationals with some guidance on how to address AI risk, especially those that supply or procure AI solutions from internationals vendors.

We envisage that the MCC-AI clauses can be customised for operational requirements and adapted for South African-specific legislation, including the Protection of Personal Information Act 4 of 2013 (POPIA).

POPIA will play a prominent role in terms of how to address the processing of personal data and, in particular, automatic processing of personal data. We also envisage considering how South African intellectual property laws will impact a risk-based contractual approach.

Practical recommendations

Any party that intends to use the MCC-AI must consider the following:

  • Have the MCC-AI operate as an annexure to a main agreement.
  • Adjust the terminology to include references to local laws that are applicable.
  • Decide which version of the MCC-AI is more appropriate for the AI system being procured.
  • Negotiate all other aspects of the agreement which will have a bearing on AI risk – for example, data protection, warranties, liabilities and intellectual property.
  • Ensure that the procuring party fully understands the limits and capabilities of the AI system, to ensure that all potential risks are mitigated and provided for in the contract.

Conclusion

While the MCC-AI is a solid starting point for incorporating key AI provisions when contracting for AI systems, further consideration is required to ensure AI accountability, including in terms of South Africa’s specific laws. Contracting parties should adapt them to suit their particular needs, while ensuring that any AI risks are covered.

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2025 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.

You might also be interested in

24 Oct 2024

by Njeri Wagacha

Watch Njeri in conversation with Kageni Mbungu, Anne Muruka and Evelyn Manasseh from M-Kopa

Every month CDH Kenya Partner Njeri Wagacha publishes a podcast 'Njeri Talks Law'.

Corporate & Commercial Law

41:27 Minutes

31 Mar 2025

by Jean Ewang, Sashin Naidoo and Marcel Bothma

Underlying cause in a section 197 transfer? Labour Appeal Court clarifies

The recent Labour Appeal Court (LAC) decision in Zeda Car Leasing (Pty) Ltd t/a Avis Fleet v Belinda Perlee (JA01/24) provides further clarification on the interpretation of section 197 of the Labour Relations Act 66 of 1996 (LRA).

Employment Law

3 min read

10 Sep 2024

by Muhammad Ziyaad Gattoo

The critical role of the South African Deeds Offices in property transactions and common issues that can arise during registration

The 11 South African Deeds Offices play a pivotal role in the country’s immovable property transactions by ensuring the security and legality of immovable property ownership, or rights thereof. These offices, established under the Deeds Registries Act 47 of 1937, are responsible for maintaining public records of all immovable property transactions and registering ownership changes, mortgages and other rights related to immovableproperty. 

Real Estate Law

2 min read

23 Oct 2024

by Megan Rodgers, James Ross and Dean Tennant

The State’s energy champion: What the SANPC Bill is and where we are with it

On 14 October 2024 the Department of Mineral Resources and Energy (DMRE) (soon to be the Department of Mineral and Petroleum Resources) published an explanatory summary of the 2024 South African National Petroleum Company Bill (SANPC Bill) which confirms that the Minister of Mineral Resources and Energy intends to introduce the SANPC Bill in the National Assembly “ shortly ”.

Corporate & Commercial Law

3 min read

13 Aug 2025

by Shem Otanga and Nicole Gacheche

To register or not to register: The Ugandan Personal Data Protection Office’s decision on the registration of data controllers

On 18 July 2025, Uganda’s Personal Data Protection Office (PDPO) delivered a decision that could reshape how multinational entities approach data protection in Uganda. The PDPO found that Google LLC (Google) was in breach of Uganda’s Data Protection and Privacy Act of 2019 (DPPA) for failing to register as a data controller or data collector and for failing to demonstrate adequate safeguards in its cross-border transfer of personal data belonging to Ugandan data subjects.

Technology & Communications

4 min read

7 Mar 2025

by Jerome Brink and Dylan Greenstone

Understanding wealth tax: Viability and implications in South Africa

“ Eat the rich ” might sound like a radical slogan, but its origins are more philosophical than we may think. The phrase is often attributed to the 18th-century French philosopher Jean-Jacques Rousseau, who famously wrote, “ Quand les pauvres n’auront plus rien à manger, ils mangeront les riches! ” (“ When the poor have nothing more to eat, they will eat the rich! ”) While Rousseau’s words were metaphorical, they underscore a timeless truth, that extreme inequality can lead to social unrest. The concept of a wealth tax has been a recurring topic in South Africa’s tax policy discussions, particularly in light of the country’s growing budget deficit and wealth disparities. As policymakers explore potential revenue sources, the feasibility and implications of a wealth tax remain a subject of debate. This article looks at whether a wealth tax could be a viable solution for South Africa’s fiscal and inequality hurdles, focusing on its potential design, perceived benefits and implementation challenges.

Firm News

5 min read

This website uses cookies to enhance the browsing experience. For more information, please see our Cookie Policy.

Accept Decline