Google on Tuesday signed a deal that will allow the U.S. Department of Defense to use its Gemini AI model for sensitive military operations, with conditions allowing for “legitimate government purposes.” Restrictions reportedly The provisions of the agreement, such as banning large-scale domestic surveillance and autonomous weapons without human supervision, are not contractually binding. And there are limits to Google’s ability to monitor or restrict how these systems are ultimately applied.
While the geopolitical and ethical implications of this deal will be discussed in detail, its more immediate relevance for corporate CIOs lies elsewhere. structure of master service agreement (MSA) reveals well-known pressure points. In other words, it is a contract that communicates intentions without coercion. Limited visibility into how the system will perform in production. And governance models are struggling to keep up with how AI is actually used.
None of these issues are unique to defense. Google’s relationship with the Department of Defense shows how quickly problems can surface when AI systems are deployed at scale.
A contract that does not restrict behavior
Enterprise AI contracts often include detailed language regarding permissible uses, data processing, and safeguards. On paper, these provisions may seem robust. In practice, it often functions as an expression of intent rather than a forced constraint.
Chris Hutchins, founder and CEO of Hutchins Data Strategy Consulting and strategic advisor to Reliath AI, said this disconnect is built into how organizations think about contracting with AI vendors in the first place.
“A contract is only as good as the control mechanisms that govern it,” he said. “The MSA is not a control mechanism. It is a snapshot of what the vendor said that day.”
In an environment where models are continually evolving, that snapshot quickly becomes outdated. Hutchins said companies often treat clauses around data use and model behavior as if they provide ongoing assurance, but traditional SaaS governance frameworks cannot simply be replaced with AI models.
“If you believe that the no training data clause is a control mechanism, you are mistaken,” he said.
This gap becomes even more pronounced when looking at how contracts handle downstream usage. Hutchins said many agreements contain exceptions that significantly weaken their protections. “You’d be surprised what ‘improvement, exploitation, safety and evaluation, research’ actually means,” he said, noting that these categories can create avenues for secondary uses of data that customers don’t expect.
“People who sign that clause without looking at the exceptions are signing a contract that is almost the opposite of what they have in mind,” he warned.
Simon Ratcliffe, Fractional CIO at Freeman Clarke, took a broader view of the issue. “The most important issue with AI governance is that companies are trying to apply static governance tools (contracts, policies, controls) to something that is dynamic in nature,” he said. “This is inconsistent with the potential for disaster.”
He spoke more directly about the limits of policy as a control mechanism. “At scale, pure control is a fiction,” Ratcliffe says. “While policies can define intent, boundaries, and outcomes, they cannot fully control behavior in distributed, API-driven, and often employee-driven deployment environments.”
The gray areas in these contracts are not simply a matter of poor drafting. These reflect the long-held assumption that contractual language can still meaningfully shape the behavior of systems that are continually updated, integrated, and reused. Google’s agreement with the Department of Defense reveals how limiting that premise is when applied at scale.
“A contract is determined by the control mechanisms that govern it.”
— Chris Hutchins, CEO of Hutchins Data Strategy Consulting
Observability gap in production
When intent is defined in a contract, enforcement depends on visibility. This is where many enterprise AI strategies start to break down.
largely Governance framework Established at the time of procurement or initial deployment. Risk assessments, usage policies, and approval processes are designed to shape how the system is used. But, as Ratcliffe said, “AI risks really manifest during production when you look at how the model behaves on real data, how the prompts evolve, and how the output is used downstream.”
The problem is that few organizations have the infrastructure to observe these dynamics in real time. “The biggest gap is runtime visibility,” Ratcliffe says. Although policies may prohibit sharing sensitive data with external models, “production systems pass metadata, logs, or user input that violates that principle.”
Hutchins described a similar disconnect between written policy and operational reality. “What policies you have and what you put out on slide decks is the policy intent,” he said. “The actual content in production is in a separate policy file.” Without sufficient oversight, organizations are effectively operating on assumptions rather than empirical evidence about how their AI systems will behave.
In highly controlled environments, such as sensitive networks, the problem is more extreme and therefore more pronounced. However, the underlying dynamics are consistent across corporate contexts. When AI systems are integrated into business processes, both vendors and customers can lose track of how the AI systems are being used.
“The chain of control is lost because the user copies the output to the next tool,” Hutchins said.
This raises real questions for CIOs. If governance relies on the ability to observe and intervene, what happens when that visibility is imperfect by design?
Really enhance AI contracts
When faced with increasingly inadequate contracts, the response is not to abandon the contract altogether, but to reconsider what is expected of it and how it is structured.
Ratcliffe argued that organizations need to move from what he called “service guarantees” to “results guarantees.” In practice, this means moving from general commitments to mechanisms that consider how models evolve over time.
This is an area that Hutchins flags as one that is currently under-addressed in the AI Agreement. “AI vendors reserve the right to replace models and change prompts and filters, which means implementations are subject to change without notice,” he said. “Changes can happen overnight, and new versions of AI can behave completely differently without any explanation.”
To address this, Ratcliffe recommends including model change notification clauses in contracts that define impact thresholds, along with version control guarantees and the ability to lock into specific model versions. This returns some control over the model application to the enterprise.
Data processing is another area where specificity is important. Ratcliffe said organizations need to define clear data boundaries, including zero retention options and compensation for misuse. Meanwhile, Hutchins pointed out that exceptions within data provisions need to be scrutinized. Data provisions often permit broad categories of secondary uses.
Observability needs to be addressed not only technically, but also contractually. Ratcliffe said companies should build in audit and observability rights, including access to logs, metrics and testing environments. Without these rights, it would be significantly more difficult to enforce governance policies.
Finally, both experts emphasized the importance of planning for exit or restructuring. full renegotiation. Ratcliffe emphasized the need for portability of prompts, workflows, and embedding, and Hutchins emphasized timing. “Renewal time is when you have the most options available,” he said. “Don’t wait for some kind of crisis to occur.”
From governance as policy to governance as system
The combined impact of these dynamics will change how we approach AI governance. Contracts, policies, and proactive controls are still necessary, but they are no longer sufficient.
Ratcliffe argues for a shift to runtime governance, where monitoring, evaluation, and intervention occur on an ongoing basis rather than on a temporary basis. He said organizations that are making progress are treating AI not as a capability but as a “face of operational risk.”
“We need to change our thought processes. Organizations that are still thinking in terms of a prohibition model or a strict approval model will either fail or push their use underground,” he warned.
This change comes at a cost. Hutchins did not shy away from the potential impact of a more tightly controlled AI deployment framework. That’s the tangible cost of equipping a small team to inventory, evaluate, and monitor governance and execution time. Delays in project approvals. Changes in how vendors sell AI-enhanced products.
Nevertheless, he clearly recommends action.
“The greatest cost will come from delaying this decision, because the alternative is an unreasonable system with opaque processes, class action lawsuits, and government investigations,” he said. “This decision is easy to calculate.”
