OpenAI has released an updated Services Agreement
Effective Date: May 31, 2025
Quote from blog:
This OpenAI Services Agreement only applies to use of OpenAI’s APIs, ChatGPT Enterprise, ChatGPT Team, and other services for businesses and developers, and does not apply to OpenAI services used by consumers or individuals.
Review the updated terms:
PDF version:
Previous business terms:
The big language change here is some “order form” for a service term period needing an agreement. The services policy does not appear to distinguish between API and business ChatGPT, so you basically have no idea what you are agreeing to or will have to then submit to after the period of continued usage make you in agreement with these terms.
It has grown with a huge list of definitions.
A quick thing I note (without paying an analysis lawyer as much as the party did to write this unilateral force): OpenAI is no longer bound to remove your data if they decide to classify it as “abusive”, (not that you have any transparency about your data anyway).
| Area | Old Terms (Business Terms) | New Terms (Services Agreement) | Change Description & Implications |
|---|---|---|---|
| Agreement Structure | Standalone document incorporating other policies by reference. | Consolidated agreement directly including Service-Specific Terms, Sharing & Publication Policy, and Usage Policies. | More comprehensive single agreement. Easier to understand all applicable terms in one place. This consolidation reflects a move towards greater transparency, but also places the onus on the user to be aware of a larger body of stipulations. |
| Definitions | Definitions scattered throughout the document. | Dedicated “Definitions” section. | Key terms like “Input,” “Output,” “Customer Content,” and “Restricted Party List” are clearly defined. Reduces ambiguity and potential disputes. This seemingly minor change is crucial. Vague terms are a lawyer’s playground; clear definitions empower users to understand their rights and obligations, while simultaneously limiting OpenAI’s wiggle room. |
| End Users | Terms regarding End Users less specific. | More explicit terms; End User Accounts are for single users only; customers responsible for End User activities; requirements to obtain necessary consents from End Users. | Clarifies responsibilities for multi-user accounts. Ensures compliance and accountability for end-user actions. Requires obtaining consent which may involve implementing new consent mechanisms. If you’re running a business leveraging OpenAI, you’re now explicitly responsible for your employees’ actions. This has implications for training, monitoring, and potential liability. |
| Restrictions | General restrictions on service use. | Adds prohibitions against interfering with the Services (e.g., circumventing rate limits) and violating Usage Limits. | Prevents abuse and maintains service quality. Users must adhere to specific usage limits and avoid actions that could disrupt the service. Consider this the “don’t be a jerk” clause, but with legal teeth. OpenAI is cracking down onresource hogs and those attempting to game the system. |
| Customer Content | OpenAI will only use Customer Content as necessary to provide you with the Services, comply with applicable law, and enforce OpenAI Policies. We will not use Customer Content to develop or improve the Services. | OpenAI will only use it as necessary to provide services, comply with the law, enforce policies, and prevent abuse. Explicit agreement is needed to use Customer Content for service improvement. | Reinforces data privacy. Requires explicit consent for using Customer Content for service improvements, enhancing user control. This is a win for privacy advocates. OpenAI can’t simply vacuum up your data to improve their models without your express permission. However, the devil is in the details – carefully consider what you’re agreeing to. |
| Security | General statements about security measures. | Emphasizes compliance with defined “Security Measures” (link provided) and provides for Audit Reports to be shared with customers upon request. | Increases transparency and security assurances. Users can request audit reports to verify security compliance. This is about accountability. OpenAI is signaling a commitment to security best practices and providing users with a mechanism to verify their claims. |
| Privacy | References Enterprise privacy commitments. | Explicitly incorporates the Data Processing Addendum (DPA) for Personal Data processing and reiterates HIPAA compliance requirements. | Ensures compliance with data protection laws. DPA provides specific terms for processing personal data. If you’re handling sensitive data, particularly health information, this is critical. Failure to comply with HIPAA can result in catastrophic fines. |
| Payment | General payment terms. | Clarifies payment terms, including those related to resellers, taxes, and Service Credits. Specifies that price changes on the Pricing Page are effective 14 days after posting. | Provides greater transparency and predictability in billing. Users have advance notice of price changes. No more surprise bills. OpenAI is providing a clearer framework for understanding costs, but it’s still your responsibility to monitor your usage and budget accordingly. |
| Confidentiality | General confidentiality obligations. | More detailed terms around confidentiality, including permitted disclosures and remedies for breaches. | Protects sensitive information with clearer guidelines. Users have a better understanding of what constitutes a breach and available remedies. This is about protecting your intellectual property and trade secrets. Understand the exceptions and ensure your internal policies align with OpenAI’s terms. |
| Suspension | General right to suspend access. | Outlines specific conditions under which OpenAI may suspend End User Accounts or Services, including Security Emergencies and violations of the agreement. | Helps users understand potential service disruptions. Provides more clarity around the circumstances that could lead to suspension. Know what triggers the kill switch. This isn’t about arbitrary censorship; it’s about protecting the integrity of the platform and preventing malicious use. |
| Geographical Limitations | No specific geographical limitations mentioned. | Introduces geographical limitations on service use, restricting access to Supported Countries and Territories. | Users must ensure they access services from supported regions. Violating this may lead to account suspension. This reflects the complex geopolitical landscape and regulatory hurdles. If you’re operating globally, ensure your users are accessing the service from approved locations. |
| Updates | General statement about updates to the Business Terms. | Clarifies how updates to the agreement and policies will be communicated and when they take effect. | Users are informed about changes and their effective dates. Provides a process for users who disagree with updates. Change is the only constant. OpenAI is reserving the right to evolve its terms, and you’re expected to keep up. Regularly review the updates and be prepared to adapt. |
| Conflicting Terms | Not addressed. | Establishes an order of precedence for conflicting terms within the agreement documents. | Clarifies which document prevails in case of inconsistencies. Order of precedence: (a) Order Form; (b) Service-Specific Terms; (c) Agreement; and (d) OpenAI Policies. This is about legal clarity. In the event of a dispute, this clause dictates which document takes precedence, providing a clear hierarchy for interpretation. |
| Trade Controls | You may not use the Services in or for the benefit of, or export or re-export into any U.S. embargoed countries or to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals, any other restricted party lists (existing now or in the future) identified by the Office of Foreign Asset Control, or the U.S. Department of Commerce Denied Persons List or Entity List, or any other restricted party lists (collectively, “Restricted Party Lists”). | Customer is solely responsible for ensuring that its use of the Services complies with applicable trade laws, including sanctions and export control laws. Customer’s Input may not include material or information that requires a government license for release or export. Customer may not use the Services in or for the benefit of, or export or re-export the Services to, any U.S. embargoed countries or to anyone on a Restricted Party List. | Reinforces the customer’s responsibility to comply with trade laws and export controls, including restrictions related to embargoed countries and restricted party lists. This is non-negotiable. OpenAI is offloading the responsibility for compliance with international trade laws onto the user. Ignorance is not a defense. Ensure you have systems in place to screen users and content for compliance. |