
AI and trade secrets: the blurred line between machine learning and know-how extraction
Models like Gemini train on massive datasets. How can internal know-how be protected when employees use these tools?
Trade secret protection under Directive 2016/943 assumes reasonable measures to preserve confidentiality. Mass employee use of generative AI tools — often outside sanctioned channels — mechanically erodes those measures and weakens legal protection in the event of leakage.
The risk is not only that public
The risk is not only that public models train on submitted prompts. It also lies in the reconstruction of know-how by cross-referencing, even when data is anonymised. A prompt detailing a proprietary method, individually innocuous, contributes to an exploitable footprint.
The risk is not only that public models train on submitted prompts.
Businesses must formalise a usage policy specifying
Businesses must formalise a usage policy specifying categories of data forbidden in prompts, deploy managed or sovereign instances for sensitive use cases, and train teams. Future litigation will turn less on classic theft than on proving reasonable measures.
Key takeaways
- 01Mass employee use of generative AI tools — often outside sanctioned channels — mechanically erodes those measures and weakens legal protection in the event of leakage.
- 02A prompt detailing a proprietary method, individually innocuous, contributes to an exploitable footprint.
- 03Future litigation will turn less on classic theft than on proving reasonable measures.
Published on
13 May 2026
Section
IP
Rackham Limited
Take this further
A confidential conversation with the Rackham team to translate these questions into your organisation.
Start the conversation →Related articles
Continue reading →
Law & AI
Google's agentic AI and legal liability: who bears the risk when the agent gets it wrong?
Google's new AI agents (I/O 2026) act without direct human supervision. What liability chain applies to the business that deploys them?

Compliance
AI Overviews in Europe: compliance, IP and the risk of misinformation
As Google's AI summaries roll out in France, what obligations apply to businesses embedding these tools in their processes?

Data & AI
Gemini Omni and sensitive data governance: when multimodal AI crosses boundaries
Gemini's ability to process text, image, audio and video in a single flow raises questions of data classification and protection.