Copyright, consent, text-and-data-mining exceptions.
Abstract
Training-data governance — the rules on what data may be used to train models, and on what legal basis — is governed directly by several catalogued instruments, notably the GDPR (through purpose-limitation, lawful-basis, and special-category-data rules) and the EU's general-purpose-AI code of practice (through its copyright chapter), among others; a separate set of instruments, including the EU AI Act itself, reaches it only implicitly. Policy Window records the empirical consensus as contested: whether text-and-data-mining exemptions cover commercial foundation-model training is unresolved and under active litigation. This article maps each instrument's training-data obligations with primary-source citations.
Definition & scope
The cross-jurisdiction picture below shows how each of 45 tracked instruments treats this topic. The patterns vary substantially — and 25 regimes are silent, leaving gaps that future policy work could address.
Regulatory approaches
Across the catalogued instruments, training-data governance operates through several distinct modalities rather than a single mechanism 1. The EU layers two: a *disclosure* duty and a *substantive* copyright duty. Under EU AI Act Art. 53(1)(d), providers of general-purpose AI models must publish a "sufficiently detailed summary" of training content using a mandatory template that the Commission's AI Office released on 24 July 2025, with the obligation effective 2 August 2025; the template forces disclosure of data modalities, size, large public datasets, licensed and scraped sources (including top domains), and synthetic data (European Commission, Explanatory Notice and Template for the Public Summary of Training Content, 24 July 2025) — disclosure that matters because large-scale audits find dataset "licence omission rates of more than 70% and error rates of more than 50%" on popular hosting sites 2. Separately, Art. 53(1)(c) requires a copyright policy that respects the text-and-data-mining opt-out reserved under Art. 4(3) of the CDSM Directive 2019/790, an exception whose breadth makes data-driven AI development dependent on it 3.
GDPR governs through *lawful basis*: any personal data in a corpus must satisfy Art. 6, with EDPB Opinion 28/2024 confirming legitimate interest is available only after a three-step necessity-and-balancing test (EDPB, 17 Dec 2024). China's Interim Measures impose a *lawful-source* obligation — Art. 7 demands lawful data provenance and bars infringement of others' IP and personal-information rights. The US relies on *ex-post doctrine*, not statute: the Copyright Office's Part 3 report frames training as a fact-specific fair-use inquiry (U.S. Copyright Office, May 2025). DFARS 252.204-7012 instead treats training corpora as a *security* asset, requiring NIST SP 800-171 safeguards. China adds a second, security-and-management layer through its Deep Synthesis Provisions, whose Art. 14 requires deep-synthesis service providers to strengthen training-data management and take necessary measures to safeguard training-data security, and to comply with personal-information-protection rules where the training data contains personal information.
Key fault lines
The contestation is structural, not merely doctrinal 4. The first fault line is *input versus output* infringement. The EU CDSM regime regulates the act of ingestion (with an opt-out), whereas US litigation increasingly distinguishes the copy made during training from the model's later outputs: in Bartz v. Anthropic, Judge Alsup held that training on *lawfully acquired* books was "quintessentially transformative" fair use, but that ingesting *pirated* copies was not — a split the parties resolved with a US$1.5 billion settlement preliminarily approved in September 2025 (Bartz v. Anthropic, N.D. Cal., June–Sept 2025) (No. 3:24-cv-05417 (N.D. Cal.), Order on Fair Use (Alsup, J.), 23 June 2025). Scholars warn that for foundation models "fair use is not guaranteed" and reject blanket verdicts in favour of case-specific assessment (Henderson, Li, Jurafsky, Hashimoto, Lemley & Liang, 2023; jmlr.org/papers/v24/23-0569.html; Matthew Sag, 2024). The U.S. Copyright Office's Part 3 report likewise refuses a blanket verdict, weighting fair use by work-type and "market harm" (U.S. Copyright Office, May 2025).
The second fault line is the *opt-out's workability*. The EU presumes consent unless rightsholders reserve, but on appeal in Kneschke v. LAION the Hamburg Higher Regional Court (10 Dec 2025) held a natural-language reservation insufficient under Art. 4(3)'s machine-readability requirement; post-LAION analysis shows that while the TDM exceptions "may seem workable in theory," robots.txt, machine-readability and memorisation make implementation hard 5. One proposed escape is the Art. 3 scientific-research exception, argued to be a "safe harbor" for openly released foundation models 6.
The third is *jurisdictional divergence on the default rule itself*. After consultation, the UK abandoned its preferred opt-out exception, leaving no government preference in 2025 (UK Data (Use and Access) Act 2025; IPO consultation response); commentators call the opt-in/opt-out framing a "missed opportunity" relative to a broadened research exception plus transparency and remuneration 7. A fourth, quieter fault line — flagged by EDPB Opinion 28/2024 — is whether unlawful processing during development legally *taints* the resulting model, an unresolved question with deletion-of-model remedies in play (EDPB, 17 Dec 2024).
Trajectory — what is changing
Training-data rules are consolidating rapidly along divergent paths 4. In the EU, the binding pieces fell into place across 2024–2025: EDPB Opinion 28/2024 (17 Dec 2024) set the GDPR lawful-basis frame, the GPAI obligations took effect 2 August 2025, and the Commission's training-content summary template published 24 July 2025 — though providers of models already on the market before August 2025 have until 2 August 2027 to comply, and non-compliance carries fines up to 3% of worldwide turnover or €15 million (European Commission template, 2025; AI Act Art. 101). A parallel pressure is rising upstream: a longitudinal audit of 14,000 web domains finds a 2023–24 surge in AI-training restrictions, with "~5%+ of all tokens in C4...fully restricted from use" within a single year 8. Enforcement of the transparency duty has therefore not yet matured, and scholars argue that processing of scraped web data may even implicate Art. 9 GDPR's sensitive-data regime 9.
In the US, 2025 produced the first substantive signals without legislation: the Copyright Office's Part 3 report (9 May 2025) (U.S. Copyright Office, Part 3, May 2025) and the Bartz v. Anthropic summary-judgment ruling and settlement, which together mark lawful acquisition — not transformation alone — as the emerging fault line for liability. The UK reversed course: the Data (Use and Access) Act 2025 received Royal Assent on 19 June 2025 *without* AI-copyright provisions, the government dropping its earlier opt-out preference and committing to an economic-impact report due in 2026 (Hogan Lovells, 2025).
The near-term trajectory (composite editorial assessment) is thus a widening gap: an EU ex-ante disclosure-plus-opt-out regime entering enforcement, a US case-by-case liability regime crystallising through settlements, and a UK still without a settled rule.
Coverage across jurisdictions
Historical primacy & cross-jurisdiction tension
First addressed by General Data Protection Regulation (GDPR) on (governs). Subsequent regimes have either codified, diverged from, or remained silent on this baseline.
- Forum-shoppingInterim Measures for Generative AI Service Management↔Executive Order 14110 on Safe, Secure, Trustworthy AI
- Forum-shoppingNIST AI RMF Generative AI Profile↔Executive Order 14179 — Removing Barriers to American Leadership in AI
- Forum-shoppingIndia Digital Personal Data Protection Act + AI Advisory (MEITY)↔UK Pro-Innovation Approach to AI Regulation (White Paper)
Compare jurisdictions: EU vs US · EU vs UK · EU vs CN
Enforcement & impact
Silent regimes — gap signal
Instruments that do not address Training-Data Rights — candidates for future policy work.
- Executive Order 14110 on Safe, Secure, Trustworthy AIUS
- Executive Order 14179 — Removing Barriers to American Leadership in AIUS
- UK Pro-Innovation Approach to AI Regulation (White Paper)UK
- G7 Hiroshima AI Process Code of ConductG7
- OECD AI Principles (Recommendation)OECD
- UN GA Resolution on Safe, Secure, Trustworthy AIUN
- Bletchley Declaration on AI Safetyglobal
- Seoul Declaration on Safe, Innovative and Inclusive AIglobal
- California SB-1047: Safe and Secure Innovation for Frontier AI Models ActUS
- ASEAN Guide on AI Governance and EthicsASEAN
- Anthropic Responsible Scaling Policy (RSP) v2US
- OpenAI Preparedness FrameworkUS
- Google DeepMind Frontier Safety FrameworkUS
- UK-US AI Safety Institute Memorandum of Understandingglobal
- White House Voluntary AI CommitmentsUS
- Singapore Model AI Governance Framework for Generative AISG
- OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI)US
- DoD Responsible AI Strategy and Implementation PathwayUS
- California SB-53: Transparency in Frontier Artificial Intelligence Act (TFAIA)US
- California SB 243: Companion ChatbotsUS
- California SB 942: AI Transparency ActUS
- Revised Product Liability Directive (Directive (EU) 2024/2853)EU
- Directive (EU) 2024/2831 on improving working conditions in platform workEU
- New York RAISE Act: Responsible AI Safety and Education ActUS
- TAKE IT DOWN Act (Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act)US
See also
Further reading
27 academic & grey-literature sources bearing on this topic — catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- Open Foundation Models and TDM Exceptions to Copyright – Building Blocks for an AI Ecosystem Peer-reviewed✦ AIArgues Art. 3 CDSM Directive's scientific-research TDM exception 'does not grant rightsholders any control' and can be a 'safe harbor' for training openly released foundation models without licensing data.
- Copyright and AI in the UK: Opting-In or Opting-Out? Peer-reviewed✦ AIContends the UK opt-in/opt-out framing is a 'missed opportunity'; a broadened research exception plus market-entry transparency and creator remuneration would better serve both innovation and rightsholders.
- Technical Challenges of Rightsholders' Opt-out From Gen AI Training after Robert Kneschke v. LAION Peer-reviewed✦ AIExamines post-LAION practical obstacles to the EU TDM opt-out (robots.txt, machine-readability, memorisation): 'While the TDM exceptions may seem workable in theory, implementing them in practice presents a variety of practical…
- Generative AI in EU law: Liability, privacy, intellectual property, and cybersecurity Peer-reviewed✦ AIExamines how the EU AI Act, liability regimes, GDPR, copyright and cybersecurity rules apply to generative AI, identifying gaps and proposing targeted regulatory refinements.
- A large-scale audit of dataset licensing and attribution in AI Peer-reviewed✦ AIAudit of 1,800+ AI training datasets finds "licence omission rates of more than 70% and error rates of more than 50%" on popular hosting sites.
- Lawfulness of the mass processing of publicly accessible online data to train large language models Peer-reviewed✦ AIArgues LLM training on scraped web data should be assessed under Art. 9 GDPR (sensitive data), and that consent and the 'manifestly made public' route leave only a 'limited amount of personal data' lawfully usable.
- Copyright protection during the training stage of generative AI: Industry-oriented U.S. law, rights-oriented EU law, and fair remuneration rights for generative AI training under the UN's international governance regime for AI Peer-reviewed✦ AIComparatively maps US (industry-oriented fair use), EU (rights-oriented TDM opt-out) and a proposed UN fair-remuneration approach to copyright at the generative-AI training stage.
- Fairness and Fair Use in Generative AI Peer-reviewed✦ AIRejects blanket lawful/unlawful verdicts on AI training, proposing 'an analytical framework for making that assessment in particular cases' for where owners' rights end and use freedoms begin.
- Consent in Crisis: The Rapid Decline of the AI Data Commons Preprint✦ AILongitudinal audit of 14,000 web domains finds a 2023-24 surge in AI training restrictions, with '~5%+ of all tokens in C4...fully restricted from use' within a single year.
- Foundation Models and Fair Use Peer-reviewed✦ AIShows foundation models "are trained on copyrighted material" and warns "fair use is not guaranteed", urging technical mitigations to keep training and deployment within fair use.
- A Deeper Look into the EU Text and Data Mining Exceptions: Harmonisation, Data Ownership, and the Future of Technology Peer-reviewed✦ AICritiques the EU TDM regime: "an excessively broad definition of TDM" makes data-driven AI development dependent on an exception, with narrow beneficiaries and lawful-access hurdles.
- Datasheets for Datasets Peer-reviewed✦ AIProposes "that every dataset be accompanied with a datasheet that documents its motivation, composition, collection process, recommended uses" for transparency and accountability.
- Dual-Use Research Norms (DURC for AI) PreprintSolaiman, I., et al. (2019), 'Release Strategies and the Social Impacts of Language Models' — the canonical articulation of structured-access norms for foundation models.
- Training-Data Attribution PreprintGrosse, R., et al. (2023), 'Studying Large Language Model Generalization with Influence Functions' (Anthropic) — the canonical articulation of scalable influence-function-based attribution for foundation models.
- Data Poisoning PreprintCarlini, N., et al. (2024), 'Poisoning Web-Scale Training Datasets is Practical' — establishes practical feasibility of poisoning frontier-model training corpora.
- Model-Merging Risk PreprintBhardwaj, R., et al. (2024), 'Language Models are Homer Simpson! Safety Re-Alignment of Fine-tuned Language Models through Task Arithmetic' — canonical demonstration that safety training is not preserved under task arithmetic / merging.
- Retrieval-Augmented Generation (RAG) PreprintLewis, P., et al. (2020), 'Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks,' NeurIPS — the canonical articulation of RAG.
- AI Risk Management Framework | NIST Standards body✦ AIUS voluntary AI risk-management framework (Govern/Map/Measure/Manage).
- ISO/IEC JTC 1/SC 42 - Artificial intelligence Standards body✦ AIInternational committee developing AI standards.
- ISO - Security, safety and risk Standards body✦ AIISO security, safety & risk standards portal.
- OECD AI Incidents Monitor, an evidence base for trustworthy AI - OECD.AI Incident database✦ AIOECD tracker of real-world AI incidents and hazards.
- Artificial Intelligence Research institute✦ AIUS National Academies' AI consensus-study hub.
- Capturing the Potential of Generative AI’s Use in Health and Medicine Requires Collaboration and Oversight, Consideration of Risks, Says NAM Special Publication Research institute✦ AINAM special publication on generative AI in health & medicine.
- One Hundred Year Study on Artificial Intelligence (AI100) Research institute✦ AIStanford's standing century-long study of AI's societal impact.
- Measuring up | Ada Lovelace Institute Civil society✦ AIAda Lovelace Institute policy briefing.
- Anthropomorphic AI terms create gaps in accountability | Brookings Think tank✦ AICommentary on how anthropomorphic AI language obscures accountability.
- Policy Brief: Our recommendations for strengthening data access for public interest research Civil society✦ AIRecommends stronger platform data-access rules so independent researchers can study automated systems in the public interest.
References
Sources cited inline in the analysis (linked from the superscript markers), then the primary instrument sources behind the classifications.
- Novelli, Casolari, Hacker, Spedicato & Floridi (2024) Generative AI in EU law: Liability, privacy, intellectual property, and cybersecurity, Computer Law & Security Review. 10.1016/j.clsr.2024.106066 — Examines how the EU AI Act, liability regimes, GDPR, copyright and cybersecurity rules apply to generative AI, identifying gaps and proposing targeted regulatory refinements. ↩
- Longpre, Mahari, et al. (Data Provenance Initiative) (2024) A large-scale audit of dataset licensing and attribution in AI, Nature Machine Intelligence. 10.1038/s42256-024-00878-8 — Audit of 1,800+ AI training datasets finds "licence omission rates of more than 70% and error rates of more than 50%" on popular hosting sites. ↩
- Margoni & Kretschmer (2022) A Deeper Look into the EU Text and Data Mining Exceptions: Harmonisation, Data Ownership, and the Future of Technology, GRUR International. 10.1093/grurint/ikac054 — Critiques the EU TDM regime: "an excessively broad definition of TDM" makes data-driven AI development dependent on an exception, with narrow beneficiaries and lawful-access hurdles. ↩
- Kaigeng Li, Hong Wu, Yupeng Dong (2024) Copyright protection during the training stage of generative AI: Industry-oriented U.S. law, rights-oriented EU law, and fair remuneration rights for generative AI training under the UN's international governance regime for AI, Computer Law & Security Review, 55. 10.1016/j.clsr.2024.106056 — Comparatively maps US (industry-oriented fair use), EU (rights-oriented TDM opt-out) and a proposed UN fair-remuneration approach to copyright at the generative-AI training stage. ↩
- Stepanka Havlikova (2025) Technical Challenges of Rightsholders' Opt-out From Gen AI Training after Robert Kneschke v. LAION, JIPITEC – Journal of Intellectual Property, Information Tech. source — Examines post-LAION practical obstacles to the EU TDM opt-out (robots.txt, machine-readability, memorisation): 'While the TDM exceptions may seem workable in theory, implementing them in practice presents a variety of practical… ↩
- Arne Radeisen (2026) Open Foundation Models and TDM Exceptions to Copyright – Building Blocks for an AI Ecosystem, GRUR International. 10.1093/grurint/ikag002 — Argues Art. 3 CDSM Directive's scientific-research TDM exception 'does not grant rightsholders any control' and can be a 'safe harbor' for training openly released foundation models without licensing data. ↩
- Martin Kretschmer, Bartolomeo Meletti, Lionel Bently, Gabriele Cifrodelli, Magali Eben, Kristofer Erickson, Aline Iramina, Zihao Li, Luke McDonagh, Emma Perot, Luis Porangaba, Amy Thomas (2025) Copyright and AI in the UK: Opting-In or Opting-Out?, GRUR International. 10.1093/grurint/ikaf093 — Contends the UK opt-in/opt-out framing is a 'missed opportunity'; a broadened research exception plus market-entry transparency and creator remuneration would better serve both innovation and rightsholders. ↩
- Shayne Longpre, Robert Mahari, Ariel Lee, et al. (2024) Consent in Crisis: The Rapid Decline of the AI Data Commons, arXiv (Data Provenance Initiative; presented NeurIPS Dataset. arXiv:2407.14933 — Longitudinal audit of 14,000 web domains finds a 2023-24 surge in AI training restrictions, with '~5%+ of all tokens in C4...fully restricted from use' within a single year. ↩
- Taner Kuru (2024) Lawfulness of the mass processing of publicly accessible online data to train large language models, International Data Privacy Law. 10.1093/idpl/ipae013 — Argues LLM training on scraped web data should be assessed under Art. 9 GDPR (sensitive data), and that consent and the 'manifestly made public' route leave only a 'limited amount of personal data' lawfully usable. ↩
- EU-AIA-2024: Recital 105; CDSM Directive provides primary copyright framework
- CN-GENAI-2023: Art. 7 (legal source + IP requirements)
- COE-AI-CONV: Art. 11 (privacy + data protection)
- NIST-AI-RMF: Manage 4: data integrity
- NIST-AI-RMF-GENAI: NIST AI 600-1 §3.4 Data Privacy + §3.7 Intellectual Property
- IN-DPDP-2023: DPDPA §§4-7 (consent + purpose limitation for AI training data)
- BR-AIBILL-2024: PL 2338/2023 cross-references LGPD (2018) for data-rights baseline
- AU-AI-STRATEGY-2024: AU Strategy §5 + Malabo Convention (2014) data-protection baseline
- META-FRONTIER-2024: Open-weight framing engages training-data + IP issues; not the framework's primary lane
- JP-METI-AI-2024: Principle 4 (Safety) + Principle 2 (Education-Literacy) brush against training-data norms; ACA copyright regime separately addresses
- EU-GDPR-2016: Art. 5(1)(b) purpose limitation; Art. 6 lawful basis; Art. 9 special-category overlay for sensitive training data; Art. 5(1)(c) data minimisation
- EU-GPAI-COP-2025: Chapter 2 (Copyright) — Art. 53(1)(c) training-data summary obligations + Art. 53(1)(d) text-and-data-mining opt-out compliance
- GSA-AI-GUIDE-2024: Supply-chain risk-management considerations include training-data provenance + dependency disclosure
- FEDRAMP-AI-2024: Supply-chain risk-management considerations include training-data + model-weight provenance disclosure within the SSP
- DFARS-252-204: 252.204-7012 — training-data sets stored on covered contractor information systems require NIST SP 800-171 implementation when designated CDI; data-spill / exfiltration events trigger 72-hour cyber-incident reporting under 252.204-7012(c)
- UNESCO-AI-ETHICS-2021: Policy Area 'Data Policy', para 71 — data-governance strategies ensuring continual evaluation of training-data quality
- CN-DEEPSYN-2022: Art. 14
- IT-AILAW-2025: Art. 25 (new Art. 70-septies l. 633/1941) permits text-and-data-mining reproductions/extractions for AI training from lawfully accessible material (per Arts. 70-ter/70-quater); Art. 16 delegates the Government to enact an organic regime on data, algorithms and mathematical methods for training AI.
- JP-AIPROMO-2025: Act No. 53 of 2025, Arts. 12 & 3(4)
- UN-GDC-2024: GDC Objective 3 para 36(c) and Objective 5 capacity-building (A/RES/79/1, Annex I)
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/training-data — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here
20 instruments tracked.
Does governance work? — the social-science evidence
What the peer-reviewed social science shows: whether the harm this topic addresses is empirically real, and whether governance of it works. The badge is the epistemic status of the evidence(not the policy debate) — “thin” or “absent” efficacy evidence is itself a finding (the “second silence”). Each epistemic-status label is Policy Window's editorial assessment of the cited evidence base (a structured classification), not a verdict any single source issues.
That foundation models ingest copyrighted and personal works without consent is undisputed; whether that ingestion produces legally cognizable reproduction harm is genuinely contested. The CS evidence that models can memorize and emit verbatim training text is robust and replicated — Carlini et al. (2021) extracted hundreds of verbatim sequences (including PII) from GPT-2, and follow-up work (Carlini et al., Quantifying Memorization, ICLR 2023) showed extraction scales log-linearly with model size and with example duplication. Honest caveat: verbatim reproduction is the exception, not the norm — the UK High Court held that Stable Diffusion's model weights never stored copies of the training images (defeating the secondary-infringement theory), and Getty abandoned its primary training-infringement claim at trial for lack of evidence, so whether the empirical phenomenon amounts to actionable harm (rather than transient, non-expressive use) remains the open question driving NYT v. OpenAI and parallel regimes.
Sources: Carlini, Tramèr, Wallace, Jagielski, Herbert-Voss, Lee, Roberts, Brown, Song, Erlingsson, Oprea & Raffel 2021 (Extracting Training Data from Large Language Models, 30th USENIX Security Symposium); Carlini, Ippolito, Jagielski, Lee, Tramèr & Zhang 2023 (Quantifying Memorization Across Neural Language Models, ICLR 2023; arXiv:2202.07646); Getty Images (US) Inc & ors v Stability AI Ltd [2025] EWHC 2863 (Ch) (UK High Court, 4 Nov 2025 — no secondary infringement; primary training claim abandoned at trial); The New York Times Co. v. Microsoft Corp. & OpenAI (S.D.N.Y., No. 1:23-cv-11195; consolidated In re OpenAI Copyright Infringement Litigation, Apr. 2025; ongoing 2025-2026)
There is no impact evaluation showing that the CDSM Directive Article 4 TDM exception plus its Article 4(3) opt-out reservation regime actually reduces unlicensed ingestion or channels compensation to rightsholders — the evidence that the rule works as designed is itself missing. The only available evidence is early case law and doctrinal scholarship, which document the mechanism's contested operation rather than its success: in Kneschke v. LAION the Hamburg Higher Regional Court (on appeal, 10 Dec 2025) held that a rights reservation in natural language did NOT satisfy Article 4(3)'s machine-readability requirement, invalidating the opt-out (note: the first-instance Regional Court had left the Article 4 question largely open and the case ultimately turned on the Article 3 scientific-research exception, so this machine-readability holding is appellate and not yet settled — a further appeal to the Federal Court of Justice was permitted). Legal scholars characterize the Article 4 opt-out as practically difficult and unharmonized, with no observed market in TDM licences or systematic enforcement to evaluate.
Sources: Kneschke v. LAION (Hamburg Regional Court, 27 Sept 2024, 310 O 227/23; on appeal Hamburg Higher Regional Court, 10 Dec 2025, 5 U 104/24 — opt-out held not machine-readable; further appeal to BGH permitted); Margoni & Kretschmer 2022 (A Deeper Look into the EU Text and Data Mining Exceptions, GRUR International 71(8):685-701); Quintais 2025 (Generative AI, Copyright and the AI Act, Computer Law & Security Review 56:106107)