Key Takeaways
- •An AI beta tester agreement does the job no general NDA does. It ties confidentiality, feedback assignment, data-and-training rights, an as-is warranty disclaimer, and a liability cap into one document built for software that is admittedly unfinished.
- •Confidentiality alone is thin protection. After Van Buren v. United States (2021), a Computer Fraud and Abuse Act claim needs language that expressly restricts access to your systems and data, not just a promise of secrecy.
- •Voluntary disclosure can destroy trade secret status. In Trinidad v. OpenAI (2026) a court dismissed DTSA claims because the plaintiff handed proprietary frameworks to an AI tool with no confidentiality safeguard in place.
- •The FTC has made beta status itself an enforcement issue. Operation AI Comply, the DoNotPay settlement ($193,000), and the Rytr order all turned on overstated capability and inadequate testing of features marketed before they were ready.
- •Data-use consent has to be specific. FTC guidance from January and February 2024 treats broad, buried, or retroactive consent to AI training as potentially unfair or deceptive under Section 5 of the FTC Act.
- •California's TFAIA and Texas's RAIGA both took effect January 1, 2026, adding frontier-model transparency duties and civil penalties up to $1,000,000 per violation in California.
Reviewed for accuracy by the document.com legal team. Educational information, not legal advice.
What Is AI Beta Tester / Evaluation Agreement?
An AI beta tester agreement is the contract a developer signs with each tester before giving them access to a pre-release or evaluation version of an AI product, and it sets the rules for confidentiality, feedback, data use, warranties, and liability. People also call it an AI evaluation agreement, a trusted-tester agreement, or a preview-product terms document. Whatever the label, it answers the questions that get litigated later: what the tester may see, what they may repeat, who owns the bug reports and suggestions they send back, whether their prompts can be fed into model training, and what happens when the product breaks in production it was never meant for.
Strip away the AI framing and you have a hybrid: one section reads like a non-disclosure agreement, another like a software license with a heavy as-is disclaimer, and the data clauses do the work of a data processing arrangement, because modern AI testing involves prompts, outputs, and sometimes the tester's own confidential material flowing into a model. A plain NDA covers neither the data-use nor the data-processing piece. That gap is exactly why the major labs stopped relying on standalone NDAs for beta access and built dedicated beta or evaluation terms instead.
The agreement is asymmetric by design, and you should understand that going in. The developer wants secrecy, a free hand with feedback, broad data rights, and almost no liability for a product it is openly calling unfinished. The tester wants to keep their own confidential inputs protected, to know whether their data trains the model, and to avoid signing away rights to anything valuable they create. A well-drafted version makes those trade-offs explicit instead of hiding them in a layered terms-of-service stack.
Why This Matters Now
The reason this document matters more in 2026 than it did even two years ago is that the legal environment around AI testing went from theoretical to enforced. The FTC ran Operation AI Comply across 2024 through 2026, a sweep aimed squarely at companies that overstated what their AI could do or shipped it without adequate testing. DoNotPay paid $193,000 and had to notify customers about the limits of its 'robot lawyer.' Cleo AI paid $17 million. The IntelliVision facial-recognition order, finalized in January 2025, hit a company for not testing its software across demographic subgroups. If you market a beta as more capable than it is, the agreement you handed testers will not save you, but a careful one at least documents that you disclosed its limits.
California's Transparency in Frontier Artificial Intelligence Act and Texas's Responsible Artificial Intelligence Governance Act both took effect on the same hard date, January 1, 2026. The California statute requires developers of frontier models to publish how they manage safety risks and to report safety incidents, with civil penalties up to $1,000,000 per violation enforced by the Attorney General. Beta and evaluation programs are often where frontier models first meet outside users, so the testing phase is now squarely inside the compliance perimeter.
Courts have started applying trade secret law to AI tools as well. In West Technology Group v. Sundstrom (Nebraska, 2024) a court found misappropriation where an employee ran confidential meetings through an unauthorized transcription AI. In Trinidad v. OpenAI (2026) the trade secret claim failed because the plaintiff had voluntarily fed proprietary frameworks into ChatGPT without any confidentiality safeguard. Both cases point at the same lesson for a beta program. The moment your confidential product detail moves through a third-party AI tool without a contract restricting that, your protection can evaporate.
The FTC now polices data-use consent directly. Its January 2024 statement told AI companies to honor the privacy and confidentiality promises they make, and its February 2024 guidance warned that quietly expanding data use for training, or changing terms retroactively, can be unfair or deceptive under Section 5. The CCPA amendments effective January 1, 2026 add opt-out rights for automated decisionmaking technology and pre-use notice duties. If your beta agreement buries training consent in boilerplate, the document itself can become evidence of a deceptive practice.
The Legal Backbone
Defend Trade Secrets Act, 18 U.S.C. § 1836
The DTSA gives you a federal civil claim, on top of state law, when someone misappropriates a trade secret. It reaches conduct abroad if an act in furtherance of the misappropriation happens in the United States, which the Seventh Circuit confirmed in the Hytera litigation where the court later added $70 million in royalties on a contempt finding. If you ever have to sue over a leak, the numbers can run large: in Computer Sciences Corp. v. Tata Consultancy Services (Fifth Circuit, 2025) a jury awarded $56 million in compensatory damages plus exemplary damages of up to twice that for willful and malicious conduct. For a beta program, the DTSA only helps if the tested information actually qualifies as a trade secret, and that requires you to take reasonable measures to keep it secret. Your beta agreement is one of those measures. Hand the model to testers with no confidentiality terms and you have arguably failed the reasonable-measures test before any breach occurs.
Uniform Trade Secrets Act (state law)
Some version of the UTSA is law in 48 states plus D.C., Puerto Rico, and the Virgin Islands. It defines what counts as a trade secret, and it preempts most state-law claims that are really just trade secret claims dressed up as something else. Contract claims escape that preemption. So if a tester leaks your pre-release feature, you may have both a trade secret claim and a separate breach-of-contract claim under the beta agreement, and the contract claim survives even where the trade secret theory gets preempted or fails. That is one practical reason the agreement carries weight independent of trade secret status: it gives you a second, contract-based path to a remedy.
Computer Fraud and Abuse Act, 18 U.S.C. § 1030
The CFAA punishes unauthorized access to a protected computer, and it gives a civil remedy too. Its appeal in a beta context is that it does not require you to prove reasonable secrecy measures the way trade secret law does; it requires unauthorized access. After Van Buren v. United States, 141 S. Ct. 1648 (2021), accessing information you were allowed to reach but using it for a forbidden purpose is not 'exceeding authorized access.' The Supreme Court read the statute narrowly. The drafting consequence is concrete: a confidentiality clause that only says 'keep it secret' will not create CFAA liability when a tester misuses data they could legitimately see. To get CFAA traction you need language that expressly restricts access, defining which systems, environments, and data the tester is and is not authorized to enter.
FTC Act, 15 U.S.C. § 45(a)
Section 5 bans unfair or deceptive acts or practices, and it has become the FTC's main lever against AI. The agency used it in the DoNotPay matter, where it alleged the company never tested whether its tool matched a human lawyer before marketing it that way, and in the Rytr order (reopened December 2025) over an AI assistant generating fabricated reviews. The January 2024 policy statement and the February 2024 blog guidance apply Section 5 to data practices: promising confidentiality and then training on the data, or expanding data use without clear consent, is the kind of broken promise the FTC treats as deceptive. For your beta program this carries two obligations. Disclose beta status and product limits honestly, and do not collect or train on tester data beyond what you clearly disclosed and the tester clearly agreed to.
California TFAIA and Texas RAIGA (effective January 1, 2026)
California's Transparency in Frontier Artificial Intelligence Act (from SB 53) makes developers of frontier models publish how they manage catastrophic safety risks and report safety incidents, with penalties up to $1,000,000 per violation. Texas's Responsible Artificial Intelligence Governance Act applies to developers and deployers doing business in Texas or serving Texans and prohibits certain restricted uses. Separately, California's SB 942 and AB 2013 require disclosure of training-data sources and watermarking of AI-generated content, and a federal district court upheld those transparency rules against a trade secret defense in litigation involving X.AI. A bipartisan coalition of 36 state attorneys general signed a November 25, 2025 letter opposing federal preemption of these laws, so the state-by-state patchwork is not going away soon. If your beta exposes a frontier model to outside testers, the agreement should reference your safety disclosures and not contradict them.
What a strong AI beta tester agreement actually contains
Start with scope and the testing environment, because the CFAA cases turn on it. Name the specific product, version, or build the tester may access, and state plainly that access is limited to a non-production, evaluation environment unless you grant broader use in writing. Google's preview terms take exactly this posture: trusted testers may use the product solely in a non-production setting absent express written permission. Defining authorized access this precisely is what gives you a Computer Fraud and Abuse Act claim with teeth after Van Buren, where a vague duty of confidence would leave you with nothing under that statute.
Confidentiality comes next, and it should be mutual if the tester is feeding you anything of their own. A one-way clause that protects only the developer is common (OpenAI's standard terms lean that way) but it leaves the tester exposed, and a sophisticated tester will notice. Meta's beta terms set a workable bar: hold confidential information in strict confidence using at least the same care you use for your own, and never less than reasonable care, with public statements requiring prior written approval. Build in the obvious carve-outs for information that is already public, independently developed, or lawfully obtained from a third party, and a carve-out for disclosure compelled by law with notice to the other side where allowed.
The feedback and intellectual property section is where money quietly changes hands. Most major-lab beta terms require the tester to assign all right, title, and interest in their feedback to the developer, without compensation, and Meta's terms do exactly that. That is aggressive but standard, and as a developer you want it, because you do not want a tester later claiming a royalty on a feature their bug report inspired. As a tester, read it before you submit anything you would hate to give away. Separately, address ownership of AI outputs the tester generates. OpenAI assigns output rights to the user; Google lets the user keep their content but reserves the right to generate similar content for others; Meta retains more. Pick a position and state it, and add a clause on emergent or unexpected outputs, the hallucinations and novel generations that current terms usually leave ambiguous.
Data and training rights deserve their own clean section, separate from confidentiality, because regulators now read them separately. Spell out whether prompts, outputs, and uploaded materials are used to train or improve the model, and make the consent specific rather than a buried catch-all. The FTC's February 2024 guidance is blunt that broad, general-purpose consent will not do when a reasonable person would not expect their data to feed AI training. The market has converged on opt-in or opt-out controls: OpenAI does not train on Enterprise, Business, Edu, or similar tier data by default; Google distinguishes free services (may train) from paid (will not); Anthropic offers a Development Partner Mode the customer opts into. State your default and your mechanism, and state your retention and deletion policy honestly, including the awkward truth that data already absorbed into a trained model is hard to fully remove.
Then the warranty disclaimer and liability cap, which are the heart of any beta document. The product is unfinished and you say so: provide it as-is and as-available, disclaim the implied warranties (merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, course of dealing), and state expressly that beta features may change materially or disappear without notice and are not suitable for production reliance. Cap liability. Meta caps beta liability at $100; Anthropic at the greater-of-nothing posture, capping at the lesser of $1,000 or fees paid in the prior twelve months; most exclude consequential damages like lost profits and business interruption entirely. Anthropic also makes a point worth copying: no indemnification for beta services, and no responsibility for a customer's reliance on them.
Close with indemnification, term, and termination, plus the regulatory and compliance hooks. Indemnification in beta agreements is usually asymmetric, with the tester indemnifying the developer for claims arising from the tester's use, distribution, or publication of outputs, while the developer indemnifies for little or nothing. If you are the tester and the model produces a defamatory or infringing output, you may be left holding the defense, so negotiate at least a narrow IP indemnity if you can. On term, follow Meta's clean structure: testing runs until you end it, make the product public, or discontinue it, with either side able to terminate on 30 days' notice without cause or immediately for cause. Add a survival clause so confidentiality, feedback assignment, and data obligations live past termination. Reference your safety and transparency disclosures so the agreement does not contradict what TFAIA, RAIGA, or the CCPA's automated-decisionmaking notice rules require you to tell people.
When You Need This
You are a developer giving outside users access to a pre-release, preview, or evaluation build of an AI product and you need confidentiality, feedback rights, and an as-is disclaimer in one document.
Your beta program exposes a frontier or high-capability model to testers and you need the agreement to line up with TFAIA, RAIGA, or your own published safety disclosures.
Testers will submit their own prompts, documents, or proprietary material, and you need a clear, specific consent for whether that data trains or improves your model.
You are launching a trusted-tester or research-preview program and want to define a non-production environment and authorized access precisely enough to support a CFAA claim if someone oversteps.
You are the tester or evaluating organization and want to know, before you sign, who owns your feedback, whether your inputs train the model, and what you are giving up on liability.
You are replacing a plain NDA you have been using for beta access and realize it covers none of the data-use, feedback-assignment, or warranty-disclaimer issues that actually arise in AI testing.
You need to document that you disclosed beta status and product limitations to testers, given the FTC's enforcement posture under Operation AI Comply against overstated AI capabilities.
How to Fill Out AI Beta Tester / Evaluation Agreement
1. Identify the parties and the exact product under test
Name the developer and the tester in full legal form, individual or entity, with notice addresses. Then pin down precisely what is being tested: the named product, the specific version, build, or release channel, and the date access begins. Vague language like 'the platform' invites disputes about what was covered. If the tester is an organization, name the permitted individual users or limit access to employees with a need to know, and require those individuals to be bound by the same terms.
2. Define the testing environment and authorized access
State that access is limited to a non-production evaluation environment and for evaluation purposes only, unless you grant broader rights in writing. List what the tester may access and, just as important, what they may not: production systems, other customers' data, source code, model weights, internal tooling. This is the language that makes a Computer Fraud and Abuse Act claim viable after Van Buren, so be explicit. Restricting access, rather than only imposing a duty of secrecy, is what the statute responds to.
3. Set the confidentiality terms and carve-outs
Decide whether confidentiality runs one way or both ways; make it mutual if the tester submits their own confidential material. Define confidential information to include the product, its features, performance, the tester's feedback, and anything marked or reasonably understood to be confidential. Set the standard of care at no less than reasonable care, following the Meta model. Add the standard carve-outs (publicly known, independently developed, lawfully received from a third party, or compelled by law with notice) and a clause requiring written approval before any public statement about the beta.
4. Assign feedback and allocate output ownership
State who owns feedback. Most developers take an assignment of all right, title, and interest in tester feedback without compensation; if you are the tester, confirm you are comfortable giving that away before submitting anything valuable. Separately, allocate ownership of AI outputs the tester generates during testing, and decide your position on emergent or unexpected outputs that current major-lab terms leave ambiguous. Write that allocation down rather than leaving it to be inferred.
5. Write a specific data-use and training clause
In its own section, state plainly whether prompts, outputs, and uploaded materials are used to train or improve the model. Make the consent specific and affirmative, not a buried general grant, because the FTC's February 2024 guidance treats broad catch-all consent as insufficient for AI training. Choose and disclose your default (train, do not train, opt-in, or opt-out) and the mechanism to change it. Add a retention-and-deletion clause that is honest about what you can and cannot remove once data has entered a trained model.
6. Add the as-is warranty disclaimer and liability cap
Provide the beta product as-is and as-available. Disclaim the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and course of dealing. State that beta features may change materially or be withdrawn without notice and are not suitable for production reliance. Cap liability at a fixed amount or at fees paid (the market runs from $100 to $1,000 or fees in the prior twelve months) and exclude consequential, indirect, and special damages, including lost profits and business interruption.
7. Handle indemnification, term, termination, and survival
Set the indemnities. Developers commonly require the tester to indemnify for claims arising from the tester's use, distribution, or publication of outputs; testers should push for at least a narrow IP indemnity from the developer. Define the term (testing runs until you end it, publish the product, or discontinue it) and allow either party to terminate on 30 days' notice without cause or immediately for cause. Add a survival clause so confidentiality, feedback assignment, data obligations, disclaimers, and liability limits continue after the agreement ends.
8. Bolt on the compliance hooks and have a lawyer confirm current law
Reference your safety and transparency disclosures so the agreement is consistent with the California TFAIA, the Texas RAIGA, and the CCPA's automated-decisionmaking notice and opt-out rules where they apply. Confirm you are not making capability claims the product cannot meet, given the FTC's Operation AI Comply posture. Then have counsel in the governing-law state review the final document, because AI statutes and enforcement guidance are changing quickly and the version that is correct today may need revision within months.
Key Terms Defined
- Beta / preview product
- A pre-release version of software made available to testers before general release. In these agreements it is provided as-is, may change materially or be withdrawn without notice, and is not intended for production reliance. Google's terms label this status 'pre-GA' and treat it as experimental.
- Feedback assignment
- A clause transferring all right, title, and interest in a tester's feedback, bug reports, and suggestions to the developer, usually without compensation. Meta and other major labs use it so a tester cannot later claim ownership of, or payment for, a feature their input helped shape.
- As-is / as-available disclaimer
- A statement that the product is provided in its current state with no guarantee of operation, accuracy, or availability, and with implied warranties (merchantability, fitness for a particular purpose, non-infringement) expressly disclaimed. It is the standard warranty posture for beta software and AI evaluation services.
- Data training rights
- The terms governing whether a tester's prompts, outputs, and uploaded materials are used to train or improve the AI model. Approaches vary: OpenAI does not train on enterprise-tier data by default, Google distinguishes free from paid services, and Anthropic offers an opt-in Development Partner Mode.
- Exceeding authorized access
- A Computer Fraud and Abuse Act concept narrowed by Van Buren v. United States (2021). Using information you were allowed to reach for a forbidden purpose does not qualify; only accessing areas or data you were never authorized to enter does. This is why beta agreements must restrict access, not merely impose confidentiality.
- Trade secret misappropriation
- The unauthorized acquisition, disclosure, or use of information that derives value from being secret and is subject to reasonable secrecy measures, actionable under the federal DTSA and state UTSA. Voluntary disclosure without confidentiality safeguards, as in Trinidad v. OpenAI, can forfeit trade secret status entirely.
Related Documents
AI beta tester agreement vs. non-disclosure agreement
An NDA keeps information secret and nothing more. A beta tester agreement keeps information secret and also governs testing scope, feedback ownership, data-and-training rights, the as-is warranty disclaimer, the liability cap, and termination. For AI testing those extra provisions are why the document exists, because an NDA says nothing about whether your prompts train the model or who owns the feedback you submit. The major labs moved away from standalone NDAs for beta access precisely because of this gap. Use an NDA in addition only when you need heightened confidentiality layered on top of the beta terms.
AI beta tester agreement vs. end-user license agreement (EULA)
A EULA governs the licensed use of a finished, generally available product, with warranties, support, and use restrictions calibrated to a shipping release. A beta tester agreement governs a pre-release build that the developer is openly calling unfinished, so its warranty posture is far more protective of the developer (strict as-is, low liability cap, features may vanish) and it adds testing-specific machinery a EULA lacks: feedback assignment, a defined non-production environment, and a fixed term tied to the program rather than perpetual license. If the product is still in evaluation, the beta agreement is the operative document; once it ships for general availability, the EULA takes over.
AI beta tester agreement vs. data processing agreement (DPA)
A DPA is the document that satisfies privacy-law obligations under the GDPR and CCPA when one party processes personal data on another's behalf, setting the purposes, security measures, sub-processor rules, and deletion duties. A beta tester agreement is broader and different in purpose: it covers confidentiality, feedback, warranties, and liability, and it includes a data-use clause but is not itself a complete privacy-compliance instrument. When testers submit personal data, you typically need both, with the DPA handling the regulated data-processing specifics and the beta agreement handling the testing relationship. They should reference each other and not conflict.
Legal Authorities & Sources
This page is grounded in primary law. The statutes and official resources below are the authorities behind the guidance above. Verify the current text of any statute before relying on it.
- 18 U.S.C. § 1030 (Computer Fraud and Abuse Act), Cornell Legal Information Institute
- FTC: AI Companies, Uphold Your Privacy and Confidentiality Commitments (January 2024)
- FTC: Quietly Changing Your Terms of Service Could Be Unfair or Deceptive (February 2024)
- FTC: Crackdown on Deceptive AI Claims and Schemes (Operation AI Comply, September 2024)
- OpenAI Service Terms
- Anthropic Service-Specific Terms
- Google Cloud Generative AI Preview Products Terms
- Meta Beta Product Testing Terms
- California TFAIA (SB 53) Analysis, WilmerHale
Frequently Asked Questions
Create your AI Beta Tester / Evaluation Agreement in minutes.
Answer a few questions and download a clear, attorney-drafted document that cites the controlling law and is ready to sign.