Who Owns the Model? IP Custody and the Hidden Risk in Enterprise AI Builds

When an enterprise invests six or seven figures to build a custom Artificial Intelligence automation system, the executive sponsor usually assumes a basic business truth: “Since we paid for it, we own the intellectual property.”

In traditional software development, this assumption is protected by standard "Work Made for Hire" clauses. You pay an agency to write code, the agency delivers the codebase, and your legal department registers the copyright.

But in the complex architecture of enterprise AI, this model breaks down.

Most enterprises do not realize how little of "their" custom AI system they actually own after a vendor build. Between proprietary base model licensing, custom model weights, vector databases, and vendor-hosted execution platforms, corporate buyers are quietly walking into a massive legal and financial trap: vendor lock-in disguised as custom innovation.

For Chief Legal Officers (CLOs), procurement departments, and Chief Technology Officers (CTOs) at regulated mid-market enterprises, understanding the boundaries of AI IP custody is no longer a secondary detail. It is the ultimate legal battlefield.

The AI IP Anatomy: What are you actually buying?

To understand where the risk lives, you must dissect a custom enterprise AI system into its four distinct layers of intellectual property:

1. The Base Model (The Foundation)

Bespoke systems do not train base models from scratch. They build on top of open foundation models (such as LLaMA or Mistral) or use proprietary APIs (such as OpenAI or Anthropic). You do not, and will never, own this foundation. You hold a standard developer license.

2. The Training and Fine-Tuning Data (Your Inputs)

This is your proprietary goldmine: customer records, internal schemas, processing logs, and transactional databases. Under any defensible contract, you retain 100% ownership of this data. However, if this data is processed on a vendor-hosted SaaS cloud, custody is split, creating massive compliance exposure under global privacy laws.

3. The Model Weights (The Cognitive Engine)

When a vendor fine-tunes a base model on your data, it adjusts the millions of numerical parameters that define how the model reasons. These parameters are called model weights. The weights are the intelligence of the system. If you possess the weights, you can run the model on any cloud, in any country, indefinitely, without paying the vendor another dollar. If the vendor retains the weights and serves them through their own hosted API, they own the cognitive engine. You are locked into their licensing fee forever.

4. The Orchestration Code and Heuristics (The Downstream Logic)

This is the custom TypeScript, Python, and SQL code that manages the agents, routes data, enforces security perimeters, and connects models to your internal databases. If this code is proprietary to the vendor, you cannot modify, audit, or migrate the system without their engineers.

The Hidden Trap: "Service Agreement" Slavery

Many mid-market AI consulting agencies and SaaS platforms structure their builds as "Service Agreements." They build a "custom" solution for your firm, but host the model weights and orchestration pipelines on their own secure clouds.

This structure creates three massive corporate risks:

Valuation Degradation: Because you do not own the model weights or the custom orchestration code, the AI system is not a proprietary asset that adds value to your corporate balance sheet. It is simply a recurring operating expense (OpEx).
Strategic Dependency: If the vendor raises their licensing rates by 40%, goes out of business, or suffers a security breach, your core operations halt. You cannot migrate the system to your own secure cloud because you do not possess the weights or code.
GRC Audit Failure: Under Chapter III of the EU AI Act and ISO 42001 standards, regulated firms must prove absolute custody, trace data lineage, and demonstrate control over high-risk AI operations. If your model weights and enclaves sit on a vendor's black-box server, you cannot satisfy a strict compliance audit.

The Non-Negotiable Standard: Full Client IP Custody

To protect your enterprise, procurement and legal teams must enforce a strict standard for every AI development build: Full Client IP Custody.

This means that upon project completion, the vendor must deliver a complete, sovereign operational package to your secure corporate infrastructure:

Sovereign Weights: Delivery of the compiled, fine-tuned model weight files (e.g., standard .safetensors or GGUF formats) directly to your secure cloud storage (such as AWS S3 or Cloudflare R2).
Open Orchestration: Ownership of the full orchestration codebase, written in open, standard languages, without dependency on proprietary vendor libraries.
Sovereign Enclaves: The entire system must run inside your secure cloud perimeter (zero-trust virtual private clouds), ensuring that your proprietary training data never exits your custody.

If a vendor refuses to deliver the model weights or demands exclusive hosting rights, walk away. You are not buying an asset; you are renting a lock.

Complete IP Custody with Golonex

At Golonex, we operate under a simple, non-negotiable delivery model: what we build for you belongs to you.

Through our AI Solutions Lab, we design and deploy bespoke domain models, custom RAG networks, and secure multi-agent workflows directly within your secure cloud perimeter.

Upon completion, we hand over complete client IP custody—delivering the fine-tuned model weights, the complete orchestration codebase, and the secure runtime sandboxes directly to your corporate vault. No vendor lock-in, no hidden licensing fees, and no split data custody—giving your enterprise a highly valuable, audit-ready proprietary asset that drives operational scale.

To learn how to secure full IP custody of your enterprise AI builds, visit golonex.ai or contact our legal-technical team.