open-agreements 0.2.2 → 0.3.1

package/content/templates/common-paper-ai-addendum-in-app/metadata.yaml

@@ -18,4 +18,92 @@ fields:
     type: string
     description: Additional AI-specific terms
     section: Legal
+  - name: training_data_none
+    type: boolean
+    description: No Training Data types selected
+    section: AI Training
+  - name: training_data_usage
+    type: boolean
+    description: Usage Data is Training Data
+    section: AI Training
+  - name: training_data_feedback
+    type: boolean
+    description: Feedback is Training Data
+    section: AI Training
+  - name: training_data_input
+    type: boolean
+    description: Input is Training Data
+    section: AI Training
+  - name: training_data_output
+    type: boolean
+    description: Output is Training Data
+    section: AI Training
+  - name: training_data_prompts
+    type: boolean
+    description: User prompts (excluding other Input) are Training Data
+    section: AI Training
+  - name: training_data_customer_content
+    type: boolean
+    description: Customer Content is Training Data
+    section: AI Training
+  - name: training_data_additional
+    type: boolean
+    description: Additional Training Data types apply
+    section: AI Training
+  - name: model_training_none
+    type: boolean
+    description: No model training permitted
+    section: AI Training
+  - name: model_training_customer_only
+    type: boolean
+    description: Model training solely for Customer benefit
+    section: AI Training
+  - name: training_data_aggregated
+    type: boolean
+    description: Training Data must be aggregated
+    section: AI Training
+  - name: training_data_deidentified
+    type: boolean
+    description: Training Data must be de-identified
+    section: AI Training
+  - name: training_data_best_effort_deidentify
+    type: boolean
+    description: Provider will use commercially reasonable efforts to de-identify Training Data
+    section: AI Training
+  - name: training_requirements_additional
+    type: boolean
+    description: Additional Training Data requirements apply
+    section: AI Training
+  - name: no_customer_identification
+    type: boolean
+    description: Neither Input nor Output may identify Customer
+    section: AI Output
+  - name: improvements_for_customer_only
+    type: boolean
+    description: Improvements from Customer data solely for Customer benefit
+    section: AI Output
+  - name: output_restrictions_additional
+    type: boolean
+    description: Additional output restrictions apply
+    section: AI Output
+  - name: ai_provider_covered_claims
+    type: boolean
+    description: Provider AI-specific Covered Claims apply
+    section: AI Liability
+  - name: provider_covered_claims_detail
+    type: string
+    description: Detail of Provider Covered Claims describing Output IP infringement provisions
+    section: AI Liability
+  - name: provider_covered_claims_exclusions
+    type: string
+    description: Provider Covered Claims indemnity exclusions (e.g. combined use, Input, breach, modifications)
+    section: AI Liability
+  - name: customer_covered_claims_detail
+    type: string
+    description: Detail of Customer Covered Claims describing IP infringement and usage violation provisions
+    section: AI Liability
+  - name: ai_customer_covered_claims
+    type: boolean
+    description: Customer AI-specific Covered Claims apply
+    section: AI Liability
 required_fields: []

package/content/templates/common-paper-ai-addendum-in-app/replacements.json

@@ -0,0 +1,5 @@
+{
+  "[ that the Output\u2014when generated and used by Customer according to the terms of the Agreement and the AI Addendum\u2014violates, misappropriates, or otherwise infringes upon the intellectual property or other proprietary rights of another person or entity. ": "{provider_covered_claims_detail}",
+  "Without limiting the indemnity exclusions in the Agreement, Provider's obligations as an Indemnifying Party will not apply to Provider Covered Claims that result from: (a) use of Output in combination with data, software, hardware, equipment, technology, or other products or services not provided by Provider; (b) Input; (c) Customer's use of the AI Services in breach of the Agreement or the AI Addendum; (d) modifications to the Output that were not made by Provider; (e) Output that Customer knew or should have known might violate, misappropriate, or otherwise infringe upon another's intellectual property or other proprietary rights; or (f) a claim that use of Output infringes another's trademark or related rights. ]": "{provider_covered_claims_exclusions}",
+  "[ that (1) the Input\u2014when used by Provider according to the terms of the Agreement and the AI Addendum\u2014violates, misappropriates, or otherwise infringes upon the intellectual property or other proprietary rights of another person or entity; or (2) results from Customer's use of the AI Services in violation of the applicable restrictions in the Agreement or the AI Addendum. ]": "{customer_covered_claims_detail}"
+}

package/content/templates/common-paper-ai-addendum-in-app/selections.json

@@ -0,0 +1,62 @@
+{
+  "groups": [
+    {
+      "id": "training_data_types",
+      "type": "checkbox",
+      "options": [
+        { "marker": "None", "trigger": { "field": "training_data_none" } },
+        { "marker": "Usage Data", "trigger": { "field": "training_data_usage" } },
+        { "marker": "Feedback", "trigger": { "field": "training_data_feedback" } },
+        { "marker": "Input", "trigger": { "field": "training_data_input" } },
+        { "marker": "Output", "trigger": { "field": "training_data_output" } },
+        { "marker": "User prompts, excluding other components of Input", "trigger": { "field": "training_data_prompts" } },
+        { "marker": "Customer Content", "trigger": { "field": "training_data_customer_content" } },
+        { "marker": "{additional_terms}", "trigger": { "field": "training_data_additional" } }
+      ]
+    },
+    {
+      "id": "model_training_scope",
+      "type": "radio",
+      "options": [
+        { "marker": "None", "trigger": { "field": "model_training_none", "equals": true } },
+        { "marker": "Train the Model(s) in the AI Services solely for Customer\u2019s benefit", "trigger": { "field": "model_training_customer_only", "equals": true } },
+        { "marker": "Train the Model(s) in the AI Services", "trigger": "default" }
+      ]
+    },
+    {
+      "id": "training_data_requirements",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Training Data must be aggregated", "trigger": { "field": "training_data_aggregated" } },
+        { "marker": "Training Data must be de-identified", "trigger": { "field": "training_data_deidentified" } },
+        { "marker": "Provider will use commercially reasonable efforts consistent with industry standard technology to de-identify", "trigger": { "field": "training_data_best_effort_deidentify" } },
+        { "marker": "{additional_terms}", "trigger": { "field": "training_requirements_additional" } }
+      ]
+    },
+    {
+      "id": "output_restrictions",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Neither Input nor Output may identify Customer", "trigger": { "field": "no_customer_identification" } },
+        { "marker": "Improvements based on Customer's Input, Output, or Training Data will be solely for Customer's benefit", "trigger": { "field": "improvements_for_customer_only" } },
+        { "marker": "{additional_terms}", "trigger": { "field": "output_restrictions_additional" } }
+      ]
+    },
+    {
+      "id": "ai_covered_claims",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Provider Covered Claims include any action", "trigger": { "field": "ai_provider_covered_claims" } },
+        { "marker": "Customer Covered Claims include any action", "trigger": { "field": "ai_customer_covered_claims" } }
+      ]
+    },
+    {
+      "id": "ai_acceptable_use_policy",
+      "type": "checkbox",
+      "standalone": true,
+      "options": [
+        { "marker": "Use of the AI Services is subject to the Acceptable Use Policy", "trigger": { "field": "ai_policy_reference" } }
+      ]
+    }
+  ]
+}

package/content/templates/common-paper-amendment/README.md

@@ -21,6 +21,24 @@ An amendment template for modifying existing agreements, based on [Common Paper'
 | `amendment_topic` | string | yes | Topic or variable being changed |
 | `amendment_details` | string | yes | Details about what is being changed |
 
+
+### Signature Block
+
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `party_1_signatory_type` | enum (`entity` / `individual`) | no | Whether the first party signatory is an entity or individual (default: `entity`) |
+| `party_1_signatory_name` | string | no | Full legal name of the first party's signatory |
+| `party_1_signatory_title` | string | no | Title/role of the first party's signatory (entity only) |
+| `party_1_signatory_company` | string | no | Company name for the first party signatory (entity only) |
+| `party_1_signatory_email` | string | no | Notice email address for the first party |
+| `party_2_signatory_type` | enum (`entity` / `individual`) | no | Whether the second party signatory is an entity or individual (default: `entity`) |
+| `party_2_signatory_name` | string | no | Full legal name of the second party's signatory |
+| `party_2_signatory_title` | string | no | Title/role of the second party's signatory (entity only) |
+| `party_2_signatory_company` | string | no | Company name for the second party signatory (entity only) |
+| `party_2_signatory_email` | string | no | Notice email address for the second party |
+
+> **Note:** `*_title` and `*_company` are only rendered when the corresponding `*_type` is `entity` (default). When set to `individual`, those cells are left blank even if values are provided.
+
 ## Attribution
 
 Based on the Common Paper Amendment, available at https://commonpaper.com.

package/content/templates/common-paper-amendment/metadata.yaml

@@ -42,6 +42,54 @@ fields:
     type: string
     description: Details about what is being changed
     section: Terms
+  - name: party_1_signatory_type
+    type: enum
+    description: Whether the first party signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: party_1_signatory_name
+    type: string
+    description: Full legal name of the first party's signatory
+    section: Signature Block
+  - name: party_1_signatory_title
+    type: string
+    description: Title/role of the first party's signatory (entity only)
+    section: Signature Block
+  - name: party_1_signatory_company
+    type: string
+    description: Company name for the first party signatory (entity only)
+    section: Signature Block
+  - name: party_1_signatory_email
+    type: string
+    description: Notice email address for the first party
+    section: Signature Block
+  - name: party_2_signatory_type
+    type: enum
+    description: Whether the second party signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: party_2_signatory_name
+    type: string
+    description: Full legal name of the second party's signatory
+    section: Signature Block
+  - name: party_2_signatory_title
+    type: string
+    description: Title/role of the second party's signatory (entity only)
+    section: Signature Block
+  - name: party_2_signatory_company
+    type: string
+    description: Company name for the second party signatory (entity only)
+    section: Signature Block
+  - name: party_2_signatory_email
+    type: string
+    description: Notice email address for the second party
+    section: Signature Block
 required_fields:
   - company_name
   - party_1

package/content/templates/common-paper-business-associate-agreement/README.md

@@ -20,9 +20,28 @@ A HIPAA business associate agreement based on [Common Paper's](https://commonpap
 | `aggregation_restrictions` | string | no | Specific aggregation restrictions |
 | `offshoring_restrictions` | string | no | Specific offshoring rights or restrictions |
 | `breach_notification_unit` | string | no | Unit for breach notification period |
-| `fill_in_value` | string | no | General fill-in value |
+| `breach_notification_number` | string | no | Numeric value for the breach notification period (e.g. 5) |
+| `other_changes` | string | no | Prose describing other changes to BAA Standard Terms |
 | `custom_effective_date` | string | no | Custom effective date |
 
+
+### Signature Block
+
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `provider_signatory_type` | enum (`entity` / `individual`) | no | Whether the Provider signatory is an entity or individual (default: `entity`) |
+| `provider_signatory_name` | string | no | Full legal name of the Provider's signatory |
+| `provider_signatory_title` | string | no | Title/role of the Provider's signatory (entity only) |
+| `provider_signatory_company` | string | no | Company name for the Provider signatory (entity only) |
+| `provider_signatory_email` | string | no | Notice email address for the Provider |
+| `company_signatory_type` | enum (`entity` / `individual`) | no | Whether the Company signatory is an entity or individual (default: `entity`) |
+| `company_signatory_name` | string | no | Full legal name of the Company's signatory |
+| `company_signatory_title` | string | no | Title/role of the Company's signatory (entity only) |
+| `company_signatory_company` | string | no | Company name for the Company signatory (entity only) |
+| `company_signatory_email` | string | no | Notice email address for the Company |
+
+> **Note:** `*_title` and `*_company` are only rendered when the corresponding `*_type` is `entity` (default). When set to `individual`, those cells are left blank even if values are provided.
+
 ## Attribution
 
 Based on the Common Paper Business Associate Agreement, available at https://commonpaper.com.

package/content/templates/common-paper-business-associate-agreement/metadata.yaml

@@ -42,14 +42,122 @@ fields:
     type: string
     description: Unit for breach notification period
     section: Terms
-  - name: fill_in_value
+  - name: breach_notification_number
     type: string
-    description: General fill-in value
+    description: Numeric value for the breach notification period (e.g. 5)
+    section: Terms
+  - name: other_changes
+    type: string
+    description: Prose describing other changes to BAA Standard Terms
     section: Terms
   - name: custom_effective_date
     type: string
-    description: Custom effective date
+    description: Custom effective date (if not date of last signature)
+    section: Terms
+  - name: maintains_designated_record_set
+    type: boolean
+    description: Whether Provider maintains PHI in a Designated Record Set
     section: Terms
+  - name: no_subcontracting
+    type: boolean
+    description: Provider will not subcontract
+    section: Subcontracting
+  - name: subcontracting_with_conditions
+    type: boolean
+    description: Provider will not subcontract unless conditions are met
+    section: Subcontracting
+  - name: subcontract_notice_required
+    type: boolean
+    description: Notice must be provided to Company before subcontracting
+    section: Subcontracting
+  - name: subcontract_permission_required
+    type: boolean
+    description: Company explicit permission required for subcontracting
+    section: Subcontracting
+  - name: no_offshoring
+    type: boolean
+    description: Offshoring of PHI and/or Services is not permitted
+    section: Subcontracting
+  - name: offshoring_with_conditions
+    type: boolean
+    description: Offshoring not permitted unless conditions met
+    section: Subcontracting
+  - name: no_deidentification
+    type: boolean
+    description: Provider will not de-identify PHI
+    section: De-identification
+  - name: deidentification_with_conditions
+    type: boolean
+    description: Provider will not de-identify PHI unless conditions met
+    section: De-identification
+  - name: deidentification_purpose
+    type: string
+    description: Specific purpose(s) for which Provider may de-identify PHI (e.g. generating data analytics)
+    section: De-identification
+  - name: deidentify_for_purpose
+    type: boolean
+    description: De-identification for specific purposes only
+    section: De-identification
+  - name: deidentify_additional_requirements
+    type: boolean
+    description: Additional requirements for de-identifying PHI
+    section: De-identification
+  - name: no_aggregation
+    type: boolean
+    description: Provider will not aggregate PHI
+    section: De-identification
+  - name: aggregation_with_conditions
+    type: boolean
+    description: Provider will not aggregate PHI unless conditions met
+    section: De-identification
+  - name: provider_signatory_type
+    type: enum
+    description: Whether the Provider signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: provider_signatory_name
+    type: string
+    description: Full legal name of the Provider's signatory
+    section: Signature Block
+  - name: provider_signatory_title
+    type: string
+    description: Title/role of the Provider's signatory (entity only)
+    section: Signature Block
+  - name: provider_signatory_company
+    type: string
+    description: Company name for the Provider signatory (entity only)
+    section: Signature Block
+  - name: provider_signatory_email
+    type: string
+    description: Notice email address for the Provider
+    section: Signature Block
+  - name: company_signatory_type
+    type: enum
+    description: Whether the Company signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: company_signatory_name
+    type: string
+    description: Full legal name of the Company's signatory
+    section: Signature Block
+  - name: company_signatory_title
+    type: string
+    description: Title/role of the Company's signatory (entity only)
+    section: Signature Block
+  - name: company_signatory_company
+    type: string
+    description: Company name for the Company signatory (entity only)
+    section: Signature Block
+  - name: company_signatory_email
+    type: string
+    description: Notice email address for the Company
+    section: Signature Block
 required_fields:
   - company_name
   - party_role

package/content/templates/common-paper-business-associate-agreement/replacements.json

@@ -1,3 +1,4 @@
 {
-  "[ # ]": "{fill_in_value}"
+  "[ # ]": "{breach_notification_number}",
+  "[ insert specific purpose(s), such as \u201cgenerating data analytics for academic research\u201d ]": "{deidentification_purpose}"
 }

package/content/templates/common-paper-business-associate-agreement/selections.json

@@ -0,0 +1,38 @@
+{
+  "groups": [
+    {
+      "id": "designated_record_set",
+      "type": "radio",
+      "options": [
+        { "marker": "Provider maintains PHI in a Designated Record Set", "trigger": { "field": "maintains_designated_record_set", "equals": true } },
+        { "marker": "Provider does not maintain PHI in a Designated Record Set", "trigger": "default" }
+      ]
+    },
+    {
+      "id": "subcontracting_phi",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Provider will not subcontract.", "trigger": { "field": "no_subcontracting" } },
+        { "marker": "Provider will not subcontract unless:", "trigger": { "field": "subcontracting_with_conditions" } },
+        { "marker": "notice has been provided to Company", "trigger": { "field": "subcontract_notice_required" } },
+        { "marker": "with Company\u2019s explicit permission", "trigger": { "field": "subcontract_permission_required" } },
+        { "marker": "Offshoring of PHI and/or Services is not permitted.", "trigger": { "field": "no_offshoring" } },
+        { "marker": "Offshoring of PHI and/or Services not permitted unless", "trigger": { "field": "offshoring_with_conditions" } },
+        { "marker": "Provider will not de-identify PHI.", "trigger": { "field": "no_deidentification" } },
+        { "marker": "Provider will not de-identify PHI unless:", "trigger": { "field": "deidentification_with_conditions" } },
+        { "marker": "doing so for the specific purpose of", "trigger": { "field": "deidentify_for_purpose" } },
+        { "marker": "the following additional requirements for de-identifying PHI", "trigger": { "field": "deidentify_additional_requirements" } },
+        { "marker": "Provider will not aggregate PHI.", "trigger": { "field": "no_aggregation" } },
+        { "marker": "Provider will not aggregate PHI unless", "trigger": { "field": "aggregation_with_conditions" } }
+      ]
+    },
+    {
+      "id": "effective_date",
+      "type": "radio",
+      "options": [
+        { "marker": "Date of last signature on this Cover Page", "trigger": "default" },
+        { "marker": "{custom_effective_date}", "trigger": { "field": "custom_effective_date" } }
+      ]
+    }
+  ]
+}

package/content/templates/common-paper-cloud-service-agreement/README.md

@@ -26,6 +26,24 @@ A cloud service agreement based on [Common Paper's](https://commonpaper.com) sta
 | `jurisdiction` | string | yes | Courts with jurisdiction over disputes |
 | `provider_liability_cap` | string | no | Maximum liability cap for the provider |
 
+
+### Signature Block
+
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `provider_signatory_type` | enum (`entity` / `individual`) | no | Whether the Provider signatory is an entity or individual (default: `entity`) |
+| `provider_signatory_name` | string | no | Full legal name of the Provider's signatory |
+| `provider_signatory_title` | string | no | Title/role of the Provider's signatory (entity only) |
+| `provider_signatory_company` | string | no | Company name for the Provider signatory (entity only) |
+| `provider_signatory_email` | string | no | Notice email address for the Provider |
+| `customer_signatory_type` | enum (`entity` / `individual`) | no | Whether the Customer signatory is an entity or individual (default: `entity`) |
+| `customer_signatory_name` | string | no | Full legal name of the Customer's signatory |
+| `customer_signatory_title` | string | no | Title/role of the Customer's signatory (entity only) |
+| `customer_signatory_company` | string | no | Company name for the Customer signatory (entity only) |
+| `customer_signatory_email` | string | no | Notice email address for the Customer |
+
+> **Note:** `*_title` and `*_company` are only rendered when the corresponding `*_type` is `entity` (default). When set to `individual`, those cells are left blank even if values are provided.
+
 ## Attribution
 
 Based on the Common Paper Cloud Service Agreement, available at https://commonpaper.com.

package/content/templates/common-paper-cloud-service-agreement/metadata.yaml

@@ -342,6 +342,54 @@ fields:
     type: string
     description: '[Computed] General cap amount text, derived from cap type booleans and amounts'
     section: Liability
+  - name: provider_signatory_type
+    type: enum
+    description: Whether the Provider signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: provider_signatory_name
+    type: string
+    description: Full legal name of the Provider's signatory
+    section: Signature Block
+  - name: provider_signatory_title
+    type: string
+    description: Title/role of the Provider's signatory (entity only)
+    section: Signature Block
+  - name: provider_signatory_company
+    type: string
+    description: Company name for the Provider signatory (entity only)
+    section: Signature Block
+  - name: provider_signatory_email
+    type: string
+    description: Notice email address for the Provider
+    section: Signature Block
+  - name: customer_signatory_type
+    type: enum
+    description: Whether the Customer signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: customer_signatory_name
+    type: string
+    description: Full legal name of the Customer's signatory
+    section: Signature Block
+  - name: customer_signatory_title
+    type: string
+    description: Title/role of the Customer's signatory (entity only)
+    section: Signature Block
+  - name: customer_signatory_company
+    type: string
+    description: Company name for the Customer signatory (entity only)
+    section: Signature Block
+  - name: customer_signatory_email
+    type: string
+    description: Notice email address for the Customer
+    section: Signature Block
 required_fields:
   - provider_name
   - customer_name

package/content/templates/common-paper-csa-with-ai/README.md

@@ -43,6 +43,24 @@ A cloud service agreement with AI provisions based on [Common Paper's](https://c
 | `ai_policy_reference` | string | no | Reference to AI usage policy (URL or attached) |
 | `ai_additional_terms` | string | no | Additional AI-specific terms |
 
+
+### Signature Block
+
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `provider_signatory_type` | enum (`entity` / `individual`) | no | Whether the Provider signatory is an entity or individual (default: `entity`) |
+| `provider_signatory_name` | string | no | Full legal name of the Provider's signatory |
+| `provider_signatory_title` | string | no | Title/role of the Provider's signatory (entity only) |
+| `provider_signatory_company` | string | no | Company name for the Provider signatory (entity only) |
+| `provider_signatory_email` | string | no | Notice email address for the Provider |
+| `customer_signatory_type` | enum (`entity` / `individual`) | no | Whether the Customer signatory is an entity or individual (default: `entity`) |
+| `customer_signatory_name` | string | no | Full legal name of the Customer's signatory |
+| `customer_signatory_title` | string | no | Title/role of the Customer's signatory (entity only) |
+| `customer_signatory_company` | string | no | Company name for the Customer signatory (entity only) |
+| `customer_signatory_email` | string | no | Notice email address for the Customer |
+
+> **Note:** `*_title` and `*_company` are only rendered when the corresponding `*_type` is `entity` (default). When set to `individual`, those cells are left blank even if values are provided.
+
 ## Attribution
 
 Based on the Common Paper CSA With AI, available at https://commonpaper.com.