
Copyright and Artificial Intelligence: how to protect your interests in the UK
With the Government adopting a “wait and see” approach to AI and copyright reform, organisations should consider practical steps now to safeguard content, reduce risk and preserve future licensing opportunities.
As explored in our first article in this series, the UK Government published its Report on Copyright and AI and an Economic Impact Assessment on 18 March, as required under the Data (Use and Access) Act 2025. After over 11,500 responses to the initial consultation and eighteen months to deliberate, the Government evaluated a number of reform options but did not identify a preferred path.
The Government elected to follow a wait and see approach, which places the burden of protection on the businesses and individuals who are stakeholders. Whether a rights holder, AI business or user, you should take steps to protect your interests until policy crystallises.
This article covers some of the proactive measures you can take and explains why they can help reserve your position as the UK’s legal position comes into focus.
Rights holders
As a rights holder, the core risk is that the Government adopts a policy providing a broad text and data mining exception, meaning that openly accessible works are fair game for training without any licensing. Even if this does not materialise, to identify potential infringing use, transparency obligations are needed, for which there is no firm commitment.
Login portals
For rights holders whose content carries sufficient commercial value to support access controls, login portals and paywalls offer a structurally different form of protection. Where some of the measures discussed below rely, to varying degrees, on the voluntary compliance by AI businesses, access controls work by simply removing content from the publicly crawlable internet. Content that sits behind authentication is, in principle, invisible to most AI crawlers, which are not equipped or authorised to log in. This is not a universally available option: pay walling content that derives its value from open reach would be self-defeating, and the commercial trade-offs are significant, even if this strengthens leverage for licensing. However, for publishers, data providers, research institutions, and others whose content is both valuable and naturally suited to subscription or registration models, the paywall is arguably the most robust technical protection currently available. It doesn't resolve the underlying legal questions, but it removes the practical opportunity for unauthorised ingestion before it arises, opening licensing opportunities to commoditise datasets.
Terms of use
Your website terms of use provide a contractual layer of defence that will sit alongside any technical measures you implement. Updating terms to prohibit the use of your works in a non-transient way (such as developing weights or embeddings) without a separate licence, sets out your position clearly and provides a potential new revenue stream. A clear contractual prohibition against AI usage can provide additional avenues for the enforcement of your rights and may in fact protect you beyond the jurisdiction of the UK if other countries’ laws require permission. Drafting robust terms of use allows rights to be secured while the Government finds its footing on AI and Copyright.
Site-level access controls
If going behind a portal is not commercially viable, the most immediate and widely accessible tool available to rights holders is the Robots Exclusion Protocol, often known as the robots.txt directives. This instructs web crawlers on which parts of the site they may or may not access. Many major AI companies operate named crawlers (for example, ClaudeBot by Anthropic and Google-Extended by Google), and often publicly state that they respect robots.txt directives.
It is also worth distinguishing between training crawlers and web crawlers – the latter being those that are used for web-scraping information to add to responses to user requests. Some AI companies operate separate agents for real-time search retrieval which index content so that it appears in AI-generated answers but are not used for model training. This enables models to provide more current information than their knowledge cut off would allow.
You can take a deliberate view on training crawler permissions, while allowing web crawlers to grant visibility in AI-generated results. This can help prevent content being absorbed into model weights, whilst providing an avenue to allow users to click through to your site.
Importantly, robots.txt alone is a statement of preference, not a technical barrier and adherence is voluntary. Crawlers that ignore robots.txt, or that use unlabelled agents to spoof legitimate traffic, are not stopped by the file itself.
Digital Watermarks
A robots.txt file protects content at the point of access to your website. It provides no protection once that content has been downloaded, shared, or aggregated elsewhere. To address this, rights holders can focus on technical standards that travel with the content, embedding rights information within the asset itself so that it persists wherever the content goes.
The most significant standard in this space is the Coalition for Content Provenance and Authenticity (C2PA) specification, which underpins the Content Credentials framework. C2PA is an open standard, collaborative consortium that includes members such as Adobe, Microsoft, Google, and the BBC, and is supported by over 5,000 organisations through the Content Authenticity Initiative.
A C2PA manifest is a cryptographically bound structure attached to a digital asset, an image, video, audio recording, or document, that records provenance information:
- When and where it was created
- What tools were used
- Whether and how AI was involved.
Alongside C2PA, the EU’s Text and Data Mining (TDM) Reservation Protocol allows publishers to embed machine-readable rights reservations directly into assets indicating that the content may not be used for TDM purposes. Whilst not enforceable in the UK, it evidences an intention to reserve rights and offers protection in the event of an EU based dispute.
AI businesses
For businesses that either develop or use AI as part of their operations, contractual and licensing protections are vital to mitigate risk.
Business users
Businesses that use AI tools, whether this be frontier models or application layer solutions, will want protections in the forms of warranties or indemnities that their proper use will not infringe third parties’ copyright, and possibly even seeking confirmation that they follow best practices, like those outlined above.
Whether AI businesses agree to this will depend on the nature of the tool and its use, meaning that internal policy, training and best practices will also play their role to mitigate risk.
AI businesses
If operating at the application layer, the terms and conditions are key for businesses to reflect the reality of their offering. In some scenarios it is reasonable for customers to expect warranties in relation to the service provided, but there will be others where it is not. For example, if an AI tool performs actions on user-inputted data or documentation without the necessary permissions, the vendor should not be liable if the outputs of the AI system infringe copyright by virtue of the inputs. Therefore, warranties, indemnities and intellectual property provisions need careful attention.
If a business's solution relies on key datasets, opting to seek a licence for their use mitigates the uncertainty and can be built into the pricing model.
Licensing is mutually beneficial. For rights holders, licences can provide a revenue stream, and both parties have protection against costly and uncertain legal action. This makes commercial negotiation the rational pathway for rights holders and AI businesses alike.
The Legal Power of Technical Measures
Technical standards are not merely IT solutions. Deployed correctly, they can be deterrents to prevent scraping.
The Copyright Designs and Patents Act 1988 (CDPA) already provides a meaningful framework for protecting technical controls. Sections 296ZA to 296ZF prohibit the circumvention of effective technological measures applied to copyright works.
Although not tested in the courts, it is arguable that, if you deploy a paywall, an access control, encryption, or another protection mechanism, ideally alongside a contractual prohibition, and an AI developer or third party circumvents it to access your content, that act is treated as if it were copyright infringement.
This alongside the prohibition of commercial text and data mining creates sufficient risk to push many developers towards licensing fees. Reddit changed its API policy in 2023 to require authorisation for commercial data access, including AI training. It subsequently is reported to have struck licensing deals with companies like Google and OpenAI to a combined value of over $200 million.
Closing thoughts
Technical measures are not infallible, and it is important to be honest about their limitations. However, whichever part of the ecosystem a business occupies, proactive steps now can help mitigate the uncertainty of the wait and see approach.
If you would like to discuss points raised in this article or require assistance, please contact Jonathan Bywater in our Commercial team.
Co-authored with the Innovation Trainee, Angus Wilson.
Get in touch today
Are you looking for legal services?
Fill out our form to find out how our specialist lawyers can help you.
