July 06, 2026

Synthetic Data as a Deal Asset: Ownership, Provenance, and Diligence Considerations in AI Acquisitions

Share

In acquisitions of artificial intelligence (“AI”) companies or AI businesses, the most familiar data-related risks involve training datasets sourced from the real world, such as information scraped from the internet, licensed from data owners, or generated by users. But a growing number of AI companies have built their technology on a different foundation: synthetic data, or datasets created or transformed by AI models or other methods, rather than used in their raw collected form. Synthetic data may appear to sidestep many of the privacy and copyright concerns associated with real-world training data, but it raises a distinct set of legal uncertainties. For any buyer of an AI business that relies on synthetic data for model training, fine-tuning, or evaluation, the questions of ownership, provenance, quality, and regulatory treatment are threshold issues that determine whether the asset delivers its intended value. This Legal Update examines key legal and practical considerations around synthetic data as a deal asset in M&A transactions.

Why Synthetic Data Matters

AI companies increasingly generate their own training data rather than sourcing it externally. For example, they may start with human-written material and then use AI models to rewrite, expand, or create new versions. This practice has become more common as developers run short on high-quality public data suitable for training AI systems. As Ari Morcos of Datology noted, “the internet is a very, very small minority of the total data that exists in the world,” and “[t]he vast majority of data in the world is proprietary, and sitting on company servers.” Synthetic data addresses in part the scarcity of non-proprietary data, while avoiding some of the licensing costs and litigation exposure associated with real-world data. Unlike traditional training datasets, synthetic data has several features that make it unique in the M&A context.

Uncertain ownership

The U.S. Copyright Office’s January 2025 report stated that copyright protection for generative AI outputs depends on sufficient human expressive contribution and that prompts alone generally do not provide enough human control for copyright protection.1 The DC Circuit affirmed in Thaler v. Perlmutter in March 2025 that the Copyright Act requires all eligible work to be “authored in the first instance by a human being.”2 As a result, if a synthetic dataset lacks sufficient human authorship, the target may not be able to rely on copyright ownership as the basis for exclusive control over an important asset. This creates a tension: the easier synthetic data is to create at scale, the harder it may be to claim copyright protection over it. Where copyright protection is uncertain, it becomes even more important to protect the synthetic data as a trade secret. To do so, the company must take reasonable steps to maintain its secrecy, such as confidentiality agreements, access controls, and internal handling protocols, the adequacy of which buyers will want to verify during due diligence.

Inherited infringement risk

A synthetic label does not eliminate source-data risk. If the generating model was trained on unlicensed real-world data, the relevant questions include whether the synthetic dataset reproduces protectable expression from upstream works or is substantially similar to them. The U.S. Copyright Office’s May 2025 Part 3 report discusses output-side risks, including memorization, safeguards designed to prevent infringing outputs, and the possibility that generated content may infringe when it is substantially similar to copyrighted training material.3 Courts have not yet resolved how that risk applies to synthetic datasets used for downstream training, fine-tuning, or evaluation.4

Quality degradation and model collapse

Research published in Nature in 2024 found that the indiscriminate use of model-generated content in training can cause “model collapse.” Over time, model outputs can degrade and lose the tails of the original data distribution.5 In practical terms, rare or less common features may disappear while errors accumulate across iterations. This creates a form of hidden “data debt”: the target may appear to have substantial data assets even though those assets may actually be weakening model performance in ways that are not apparent without technical evaluation.

Regulatory ambiguity

The EU AI Act requires providers of covered general-purpose AI models to publish a “sufficiently detailed” summary of their training content, and to maintain a policy for complying with EU copyright law.6 The European Commission’s template expressly contemplates disclosure of training data sources, including synthetic data. However, it remains unclear whether a summary must identify only the synthetic dataset, the model that generated it, or some information about the real-world data used to train or fine-tune that model. This regulatory uncertainty creates compliance risk that buyers must assess prospectively. Particularly as AI regulations continue to come into effect across the European Union, US states such as California, and other jurisdictions, buyers should consider whether the target can trace its synthetic data back through its pipeline to support potential future regulatory disclosures if standards become more demanding.

Considerations

Due Diligence

Buyers should conduct targeted diligence on synthetic data assets early in the deal process. Key questions include, but are not limited to:

What proportion of the target’s training data is synthetic versus sourced from the real world?

Obtain a complete inventory of all datasets used in model training, fine-tuning, and evaluation, distinguishing synthetically generated data, licensed real-world data, and scraped public data. This will help to assess the ownership and infringement risk issues.

What model generated the synthetic data, and what was that model trained on?

If the target used a third-party foundation model (i.e., an externally developed base AI model that the target uses, licenses, fine-tunes or integrates into its own products or services) to generate synthetic data, review the terms of service governing that mode and its outputs. Many proprietary AI providers’ terms include restrictions on using outputs to train competing models, which could render the target’s synthetic dataset unusable for its intended purpose. If the target used an open-weight model (i.e., a model whose trained parameters are publicly released), assess whether the model’s license or acceptable use terms restrict downstream commercial use of generated outputs. Buyers should confirm that the target has a clear, documented right to use the synthetic data for its intended commercial purpose. 

Does the target benefit from any output or IP indemnity from its model providers, and has it satisfied the conditions of that indemnity?

Some foundation model providers offer contractual indemnities covering third-party intellectual property claims arising from model outputs, but those indemnities are typically conditioned on the customer using approved model versions, enabling specified safety or filtering features, and not modifying outputs in prohibited ways. Confirm whether any such indemnity exists, whether it extends to synthetic data used for training rather than only to end-user outputs, and whether the target has complied with the conditions necessary to preserve it.

Can the target trace the synthetic data back to its source materials?

Buyers should not stop at the model that generated the synthetic data. Assess whether the target can demonstrate that the generating model was trained on lawfully acquired data by asking what real-world data, licensed data, customer data, public data or prior synthetic data was used to train or fine-tune the generating model and by determining whether those inputs were lawfully acquired and permitted for the target’s intended use. The June 2025 Bartz v. Anthropic ruling drew a useful but fact-specific distinction: the court found digitizing lawfully purchased print books for internal use and training on those books to be fair use, while assembling and retaining a central library of pirated books was not.7 Although that case was later resolved by a class settlement before any damages trial, the diligence lesson remains relevant: buyers should underwrite the full provenance chain rather than assume fair use will cure upstream acquisition issues.

Has the target validated its synthetic data for quality and model collapse risk (i.e., has it tested whether its synthetic data actually improves model performance)

Inquire whether the target maintains quality-assurance processes to detect degradation that can occur when models are trained repeatedly on AI-generated data. Without testing, the synthetic data may look valuable on paper but weaken over time, making it more of a wasting asset than a durable one.

Does the target claim copyright ownership of its synthetic data, and is that claim defensible?

Ask whether the target is claiming copyright ownership over the synthetic dataset, and if so, what human contribution supports that claim. Under current US law, purely AI-generated outputs without sufficient human authorship are not copyrightable. The European Union takes a similarly human-centered approach: while there is no specific EU rule for copyright in AI outputs, CJEU case law requires a work to reflect the author’s own intellectual creation, meaning free and creative human choices. If the target has asserted proprietary rights over synthetic data without human contribution sufficient to support copyright, those assertions may be hollow, and its claimed competitive moat may be weaker than represented. If copyright claims cannot survive the analysis, buyers should look to other protections such as contract, confidentiality, or trade secrets. Because trade secret protection depends on the target having taken reasonable steps to maintain secrecy, buyers should confirm that those measures are in place and consider further discounting the value of the synthetic data if those protections are weak.

Could the synthetic data implicate privacy obligations notwithstanding its synthetic label?

Synthetic data is not automatically anonymous. Where it was generated from, or modeled on, datasets containing personal information, it may retain re-identification risk or reproduce personal data through model memorization, potentially implicating the General Data Protection Regulation, the California Consumer Privacy Act, and other privacy regimes. Assess whether the target generated any synthetic dataset from personal data and, if so, what testing, de-identification procedures, contractual controls, or technical safeguards it applied to prevent the synthetic output from reproducing or revealing that information.

Purchase Agreement Provisions

Where synthetic data is material to the value of the target, the transaction documentation should address several categories of risk.

Representations and warranties

The target should represent that: (i) it has sufficient rights, licenses, permissions, and authorizations to use, commercialize, and exploit each synthetic dataset in the manner currently used and as contemplated for its business, including for model training, fine-tuning, product development, and customer-facing services; (ii) it has complied in all material respects with the terms governing any third-party model used to generate synthetic data, including any restrictions on using outputs to train, fine-tune, or improve competing models; (iii) for synthetic data generated using models trained, fine-tuned, or controlled by the target, it has a lawful basis for the source data used in that training or fine-tuning; (iv) for synthetic data generated using third-party foundation models, it has conducted commercially reasonable diligence on the relevant model terms, documentation, and available provenance information and has not identified any restriction or source-data issue that would materially impair the target’s use of the synthetic data; (v) it has maintained and applied documented quality-control procedures reasonably designed to evaluate the accuracy, reliability, and performance impact of its synthetic datasets, and no such testing has identified material degradation or other material defect in those datasets; (vi) it has not received any written claim, notice, demand, or regulatory inquiry alleging that any synthetic dataset, or the generation or use of any synthetic dataset, infringes, misappropriates, or otherwise violates any third-party intellectual property, privacy, contractual, or other proprietary right; and (vii) it has taken reasonable measures to maintain the secrecy of its synthetic datasets and to protect them as trade secrets, including appropriate confidentiality agreements and access controls.

Pre-closing covenants

Between signing and closing, the target should be required to: (i) not generate new synthetic training data using models or methods materially different from those used in the ordinary course without the buyer’s consent; (ii) not materially modify, relax, or cease applying its data-quality validation protocols; (iii) promptly notify the buyer of any claim or inquiry relating to the provenance or ownership of its synthetic data; and (iv) not enter into agreements with any third party that would restrict the buyer’s post-closing use of synthetic data.

Risk allocation

Given the unsettled state of the law regarding AI-generated content ownership and inherited infringement risk, buyers and sellers may negotiate responsibility for losses arising from: third-party IP infringement claims based on the provenance of the generating model’s training data; the inability to assert or enforce proprietary rights over synthetic datasets due to lack of copyrightability or insufficient trade secret protection; and/or regulatory fines or compliance costs arising from deficiencies in training-data transparency disclosures under the EU AI Act or analogous regimes.

Practical Takeaways

Buyers should consider treating synthetic data as a separate asset class in diligence. Copyright analysis may answer only part of the question, and privacy analysis may miss datasets that are modeled on personal information without obviously containing it. Its value depends less on the fact that it was generated by AI than on whether the buyer can use it lawfully, protect it commercially, verify its quality, and confirm its provenance. Buyers should not assume that synthetic data is clean and avoids material IP risk simply because it was not scraped directly from the internet. The analysis should trace the full chain: the source data used to train the generating model, the terms governing the model, the process used to create the synthetic dataset, and the target’s intended downstream use. If any link is weak, a synthetic dataset may still carry copyright, contract, privacy, or regulatory risk.

Buyers should also assess whether the synthetic data is actually a defensible asset. If the data can be easily generated by competitors using the same third-party model, the target’s competitive moat may not be the dataset itself. The more defensible value may lie in the target’s data-generation methodology, proprietary prompts or workflows, quality-assurance protocols, and human curation decisions that directed the generation process. In that case, buyers should diligence the processes and controls that enable the target to produce higher-quality model performance.

Transaction documents should reflect these distinctions. Where synthetic data is material, representations should cover rights to use the data, compliance with model terms, upstream provenance, quality validation, claims history, trade secret protection, privacy safeguards, and regulatory disclosure readiness. Covenants and indemnities should be adjusted to cover the specific risks identified in diligence.

Synthetic data is not a shortcut around diligence, risk allocation, or post-closing operational risk in an M&A transaction. It creates new questions about ownership, provenance, quality, and regulatory transparency. As AI companies rely more heavily on synthetic data, these issues will only become more central to the M&A process.

We would like to give recognition to summer associate Marton Teichner for support in publishing this article

 


 

1 U.S. Copyright Off., Copyright and Artificial Intelligence, Part 2: Copyrightability (Jan. 29, 2025); see also our Legal Update, Supreme Court Denies Cert in AI Authorship Case – Updated with Comments from Dr. Thaler.

2 Thaler v. Perlmutter, 130 F.4th 1039, 1041 (D.C. Cir. 2025) (decided Mar. 18, 2025), aff’g 687 F. Supp. 3d 140 (D.D.C. 2023).

3 U.S. Copyright Off., Copyright and Artificial Intelligence, Part 3: Generative AI Training (Pre-Publication Version May 9, 2025) (discussing, with regards to output risk, whether generated content reproduces protectable expression or is substantially similar to training material, including in light of memorization and safeguards designed to prevent infringing outputs).

4 See Shivani Kapania et al., Examining the Expanding Role of Synthetic Data Throughout the AI Development Pipeline, in Proceedings of the 2025 ACM Conference on Fairness, Accountability, and Transparency 45, 46 (2025).

5 Ilia Shumailov et al., AI Models Collapse When Trained on Recursively Generated Data, 631 Nature 755, 755–59 (2024) (published online July 24, 2024). The authors found that “indiscriminate use of model-generated content in training causes irreversible defects in the resulting models, in which tails of the original content distribution disappear.”

6 Regulation (EU) 2024/1689 (Artificial Intelligence Act), art. 53, annex XI, 2024 O.J. (L 1689) 1 (requiring general-purpose AI model providers to publish a “sufficiently detailed summary” of training content per a template provided by the AI Office).

7 Bartz v. Anthropic PBC, 787 F. Supp. 3d 1007 (N.D. Cal. 2025) (holding that training on lawfully acquired books was fair use in that it was “exceedingly transformative”/“spectacularly” transformative, but that assembling and retaining a “central library” of pirated copies was not fair use).

Related Services & Industries

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.
Subscribe