Why Regulated Industries Must Rethink Copyright and AI - with Roanie Levy of CCC

Welcome, everyone, to the AI and Business Podcast. I'm Matthew DeMello, Editorial Director here at Emerge AI Research. Today's guest is Rowani Levy, Licensing and Legal Advisor at CCC Copyright Clearance Center. Copyright Clearance Center provides collective copyright licensing services for corporate and academic users of copyrighted materials, acting as an agent for rights holders, primarily publishers, by arranging voluntary licenses for institutions and enabling compliant use of text-based works. Levy joins us on today's episode to discuss the essential changes facing enterprises as generative AI reshapes how organizations manage copyright risk and compliance. Our conversation also explores how organizations can future-proof their IP strategies and operationalize responsible innovation, from shadow AI and input-output exposures to the myth of fair use in AI training. The conversation also highlights workflow changes such as moving from ad hoc AI usage to formalized policy, integrating licensing checks, and building cross-functional compliance education. Rawani explains at length how these advancements are delivering measurable reduction in risk in long-term ROI for companies. Today's episode is part of a special series sponsored by Copyright Clearance Center. But first, are you driving AI transformation at your organization? or maybe you're guiding critical decisions on AI investments, strategy, or deployment. If so, the AI in Business podcast wants to hear from you. Each year, Emerge AI Research features hundreds of executive thought leaders, everyone from the CIO of Goldman Sachs to the head of AI at Raytheon and AI pioneers like Yoshua Bengio. With nearly a million annual listeners, AI in Business is the go-to destination for enterprise leaders navigating real-world AI adoption. You don't need to be an engineer or a technical expert to be on the show. If you're involved in AI implementation, decision-making, or strategy within your company, this is your opportunity to share your insights with a global audience of your peers. If you believe you can help other leaders move the needle on AI ROI, visit Emerge.com and fill out our Thought Leader submission form. That's Emerge.com and click on Be an Expert. You can also click the link in the description of today's show on your preferred podcast platform. That's Emerge.com slash ExpertOne. Again, that's Emerge.com slash ExpertOne. Without further ado, here's our conversation with Roani. Rowani, welcome to the program. It's a pleasure having you. Thank you for inviting me, Matthew. I'm happy to be here. I was so relieved yesterday when we had a really quick meeting about what this podcast was going to be about, that you validated my experience as a millennial, as a musician, when I noted that we're going to talk a little bit about what the post-Napster landscape for copyright really looks like. And that, I think, is the landmark in everybody's mind, even across industries today, for our understanding of how copyright works on the internet. Almost, you know, very much to a fault, as we'll get into throughout today's conversation, because so much third-party content is sort of the lifeblood of not just activity on the internet, but then really enterprise activity that's really interacting from there. And it's being reshaped by the rise of generative AI and LLMs by this point of 2025. Leaders in legal compliance and innovation now face unprecedented ambiguity in how to innovate responsibly when the rules around content usage, ownership, and liability are in flux. So industry leaders really want to know where are the landmines right now. But that's a changing field. How copyright awareness can be a strategic advantage is really that kind of open question. Just to start out, I think it's going to help us to really maybe nail down a definition of what you spoke about to me yesterday is shadow AI. And that's, you know, as we've maybe a lot of industry leaders have understood it, that's the AI programs available out there for folks that they can just sign on to. And the enterprise might not have a policy around that usage. But just in so far that that helps us kind of really get to the heart of the problem so many years later after Napster, where do you begin the conversation with a lot of executive leaders around getting their hands around where copyright legal status lies today? Well, first of all, it's great that you mentioned Napster as that landmark decision. We are having new landmark decisions almost weekly right now around generative AI, including probably what's going to prove to be a landmark settlement of $1.5 billion, a minimum of $1.5 billion with against Anthropic. It's not approved by the court yet, but that's going to happen shortly, I'm sure. So copyright has changed quite a bit since those Napster days. Back then, we were talking about photocopying, digital sharing, right? It was P2P digital sharing. It was mostly about distribution of protected content without authorization. And that's no longer what we're talking about when we look at AI. We're actually looking at how employees and and everyone really are consuming copyright protected content. So it's not just about sharing and or reproducing and sharing. It's actually the process of consuming the content itself is triggering important copyright questions that organizations are, you know, quite read not quite ready to to handle and deal with today Yeah It interesting to try to separate the wheat from the shaft in terms of like is this systemic in that no one really going to solve kind of for this large scale problem very much on their own? And what's the best then risk position for their facts and circumstances and getting a sense of whether or not what they can put in place is in scope with the fact that a lot of these issues are systemic. And when we spoke about this in preliminary conversations about this podcast we were going to put on, I think something we really came down to is differentiating the risk at least between inputs and outputs goes a long way. To what extent, describe that for us, those assessments? And how far does that help really leaders make that difference between what's the organization and really what's more the system? First is to speak to the point of whether or not it's a systemic risk. I think it's quite important to compare it, for example, to the Napster era. So in Napster, we were mostly dealing with personal uses, right? P2P file sharing, kids sharing music, maybe students P2P file sharing textbooks. But what we're seeing today is that infringing activity, that potentially infringing activity is actually moved into the enterprise because it is enterprises that are adopting en masse generative AI tools that interacting with protected content in gen AI tools often will trigger a reproduction and a potential infringement. And that's where it's the systemic risk is happening. Just as a comparison, there is a lot of content that circulates in organizations. So there is an outsell, a recent outsell report that was done on copyrighted content usage trends in organization. And what we see out of that report is that first of all, the usage trends is increasing, people are using more content every year. And on average, employees are using 8.1 times content or sharing 8.1 times content per week with 17 other people. And 48% of that content comes from external sources. So 48% is on all likelihood protected content that if the organization does not have the rights to share and in today's environment to use an AI system, we're looking at up to 66 instances of unlicensed sharing and potential AI uses of content per employee per week. So it is a systematic use. And of course, the issue of shadow AI amplifies that risk, right? Shadow AI, it's the use of AI tools that are having gone through the governance process, the approval process of an organization. It's essentially the use of AI tools that is flying under the radar. And when you have that, you have employees potentially uploading and using copyright protected content in public AI tools that then get used to train AI systems, right? So you're like doubling down on your copyright exposure. And also when you have shadow AI usage, well, then you have a lot more uncontrolled usage, you're you've got employees using the tools that they haven't been properly trained on where they haven't assessed the risk of how they They use the tool and what happens to the input that they put on. Copyright is just one of the risks with Shadow AI. You've got, of course, other risks such as privacy and hallucination and bias and security. The list is actually quite long. And that creates a lot of the risk around copyright material, especially being used by these systems. I think there's a broader assumption, especially in the culture. I don't know. I don't think it's necessarily within the enterprise culture, but you see traces of it. of folks figuring we've come this far from the Wild West. We'll call that the Napster rulings. We don't really see it moving in the opposite direction where it would impact the enterprise. Inversely, with a court ruling, that would withhold the use of copyright material. But as you guys know, probably more than anybody, that's not true. But the whole problem is that this landscape is changing kind of on a daily basis at this point. And it's with a lot of political will behind it, both from the courts and from, you know, just the brass taxes politics, both sides of the aisle really agree that early 2000s period was a missed opportunity to really set regulatory foundations for the internet that might have protected kids at the time of social media. And I think Napster has a huge history of that. You don't need to go see any Aaron Sorkin movies to know that necessarily. But just nailing down, where are we at today in terms of the rulings that have happened since? And what are we waiting to see in the short term from rulings that will help set this new foundation for Web 3.0? So what you're referring to, Matthew, is the kind of the fair use misconception that it applies to training of AI just out of the gate and nobody needs to worry about it. Right, right. You see that argument in the in the courtrooms themselves. They make that case. Well, you know, everybody else today, you're really going to give us the speeding ticket. Right. They make that case, but they're actually not winning that case. This is not far from a slam dunk. So there are almost 50 cases that deal with training and using copyrighted protected content in order to train AI in the US alone. And there are more of them outside of the US as well. In the US, it all hinges on the argument that or the assessment of whether or not this use is fair. We seeing divergent decisions So we had like three early decisions in 2025 The courts are giving conflicting signals They are adopting divergent approaches We have one decision the Thomson Reuters versus Ross case where the court concludes that it in fact not fair use Now that one wasn a gen AI case it was a training AI but not generative AI We have two other decisions that one is cadre versus meta and then the other one is Barts versus anthropic Anthropic. Both of those decisions do conclude that the use is transformative and conclude to fair use, but for very different reasons in terms of training. And in the Anthropic case, this is the one that has a $1.5 billion settlement. The court concludes that using pirated copy is not fair use. And by that, you could see that it is a huge gamble, training and using protected content without authorization in AI systems that enterprises are taking. In the beta case, for example, the court concludes the fair use, but really kind of against the judge's better judgment. If you read the decision, the judge makes it very clear. And in fact, in more than one place in the case, the judge concludes that in most cases, training with protected content is not going to be fair use. So very mixed signals, lots and lots of uncertainty. I think that's the only thing we really could take away from these cases at this point is that the legal landscape is completely uncertain. and getting it wrong. I think this is the other important takeaway. Getting it wrong could cost you a lot of money. Just given that we're not really going to get clarity on this, even in the short term, what are the big ways to do it wrong right now? What are the least hygienic activities that enterprises could be engaging in that bring them the most risk? Right. So when you look at copyright exposure, I think it's helpful to break it down into two categories, the input risk and the output risk. So the input risk is using copyrighted protected material in your AI system. And this is whether you're using the material to train your system, to fine tune your system, or even just to prompt your system, right? So if you're using protected content to in a prompts, for example, can you summarize this article for me? Can you translate this article for me? Can you compare these five resources and give me the key insights in them? All of that use of protected content triggers the reproduction right and is potentially infringing. So that is the input risk. So that comes up in training, in rag systems all the time. You got to make sure that the use of the content, you have the right. So if you've licensed the content for, you know, reading and sharing internally, that does not mean that you have the rights to use it in an AI system. So, you need the specific rights to use in an AI system. So, that's the input risk. For the output risk is when the AI generates something that closely resembles, that is, significantly resembles a work that it was either trained or prompted with. And that could potentially also trigger the reproduction right and therefore be an infringement of copyright. Another way you could be exposed is if the output is a derivative of a work that it was trained or prompted with. So asking, for example, an AI to translate in another language a work that is a derivative work, that is a derivative work of the original work that it was prompted with, And that itself can be an infringement of copyright. So that's what you're looking at on the output. Now, another thing, particularly for enterprises that have a robust IP strategy, another element that's important for enterprises to consider is the copyrightability of the output. AI-generated content that doesn't have enough human authorship is not protected by copyright. So you could invest quite a bit. Even a very, very clever prompt in and of itself will not give you copyright protected. So these could be really important corporate assets that you're not able to protect with copyright. So that's another kind of exposure and element that you need to be careful with and be strategic about. So yeah, it sounds like enterprises are kind of at an impasse now, as we'll see with so many industries and so many kinds of workflows where they're moving from reactive to proactive. But I think even for a lot of regulated industries, that really means more changing an entire mindset of going from defense to offense. And we see this in financial services and customer experiences where things that were typically thought of as a cost center are now seen as profit centers. Tell us just a little bit about what's gained from thinking about copyright more proactively. So you're absolutely right. Enterprises need to move away from playing defense and have a more proactive strategy to this risk area. They need to have an AI-ready copyright policy. If their copyright policy was before the era of generative AI, they need to revisit it. It should be the mainstay of any responsible AI policy and innovation process. But you need to go beyond that, right? So you have your AI policy. You need to make sure that you've also done a bit of a risk assessment on where your company is and where your enterprise is regarding readiness. You need to ask yourself some fairly tough questions. We talked about, do you have a generative AI and copyright policy? But more importantly, is it actively communicated? Do people understand it? Is there a solid process for vetting new AI vendors? And this is not just a vetting for like shiny features but for understanding where their data actually comes from Are you training your staff on the policy And have you operationalized your AI policy Have you made it easy for staff to be able to be compliant? You could say till the cows come home that you have to only use licensed content, but have you licensed the content in order to make it easy? And this is where it becomes, You have your AI copyright policy, then you have your licenses that provide the rights or access to the content that can then be used by your employees in the AI system. And when you're looking at licenses, you're looking at direct licenses, you're looking at licenses with aggregators, and you're looking at licenses with collective management organizations, such as the licenses that CCC offers, which provide rights, it harmonized rights so that it's simple for your staff to understand what they can do with the content across a broad spectrum of works. That makes it really, really easy. So you have your AI policy, you have your licenses, and then you have tools. You want to have tools that make it easy for your staff to be able to check the rights regarding a given piece of content before they use it into the workflow. And you want to make it easy because if you don't have these three elements in place, compliance will become a burden rather than a habit. And you want to turn this into a habit. Right, a regular practice. I think it's going to be a very broad space for a lot of regulations to come in, especially as we see whether or not these court cases stand in place versus public opinion. and it's really one of the few areas where we see some consensus from both sides that there was a missed opportunity in the early 2000s, whether you want to call that the Napster moment or not, but I think there's a lot of feeling that we didn't do enough to really build in basic protections to the internet in ways that we're still paying for today, and we see that in the systemic risk from copyright. Rohani, really appreciate you being with us. Thank you so much for this week. You're welcome, and thank you again for having me. As we close today's episode, here are three critical takeaways we took from our conversation with Rowani. First, it is now essential for all organizations to develop a clear copyright policy tailored for generative AI that covers risk for inputs in the form of training and uploading data, as well as outputs in generation and use. Second, using collective licenses and operational tools makes compliance routine and lowers the internal burden of monitoring and approving content use, as emphasized through the CCC's voluntary licensing frameworks. And finally, shifting from informal or shadow AI practices to structured workflows like formal vendor vetting, employee education, and integrated rights checks builds a foundation for responsible AI adoption with measurable reductions in compliance risk. Are you driving AI transformation at your organization, or maybe you're guiding critical decisions on AI investments, strategy, or deployment. If so, the AI in Business podcast wants to hear from you. Each year, Emerge AI Research features hundreds of executive thought leaders, everyone from the CIO of Goldman Sachs to the head of AI at Raytheon and AI pioneers like Yoshua Bengio. With nearly a million annual listeners, AI in Business is the go-to destination for enterprise leaders navigating real-world AI adoption. You don't need to be an engineer or a technical expert to be on the show. If you're involved in AI implementation, decision-making, or strategy within your company, this is your opportunity to share your insights with a global audience of your peers. If you believe you can help other leaders move the needle on AI ROI, visit Emerge.com and fill out our Thought Leader submission form. That's Emerge.com and click on Be an Expert. You can also click the link in the description of today's show on your preferred podcast platform. That's Emerge.com slash expert one. Again, that's Emerge.com slash expert one. We look forward to featuring your story. If you enjoyed or benefited from the insights of today's episode, consider leaving us a review on Apple Podcasts and let us know what you learned, found helpful, or just liked most about the show. Also, don't forget to follow us on X, formerly known as Twitter, at Emerge, and that's spelled again, E-M-E-R-J, as well as our LinkedIn page. I'm your host, at least for today, Matthew DeMello, Editorial Director here at Emerge AI Research. On behalf of Daniel Fagella, our CEO and head of research, as well as the rest of the team here at Emerge, thanks so much for joining us today, and we'll catch you next time on the AI in Business podcast. I'll see you next time. Outro Music Thank you.