10 min read July 17, 2026
Skip to content

AI Data Settlements: How Will Courts Know Who to Pay?

✓ Editorially reviewed by Ryan Gaughan on July 18, 2026

The Payment Problem Nobody Is Talking About

Litigation against AI companies is accelerating. Writers, visual artists, software developers, and journalists have filed suit against OpenAI, Anthropic, Stability AI, and others, asserting that large language models and image generators were trained on copyrighted or otherwise protected material without consent or compensation. The legal theories vary. The outcomes remain uncertain. But a structural question sits underneath all of it that almost nobody in the policy conversation has addressed directly.

If the plaintiffs win, or if companies settle to avoid prolonged litigation, how do courts or administrators actually identify who gets paid?

This is not a hypothetical problem. It is an engineering and administrative problem that will determine whether any legal victory translates into actual compensation for actual people. And right now, the infrastructure to solve it does not exist at scale.

How Class Action Settlements Actually Work

Class action mechanics in the United States require a defined class. A group of identifiable people who share a common legal injury. In data-related class actions, identifying that class has historically meant proving that a specific dataset was breached, leaked, or misused, and then matching individuals to records in that dataset.

The Equifax breach settlement offers a useful reference point. A defined dataset existed. Equifax knew which Social Security numbers were exposed. Matching claimants to the breach record was technically feasible, even if the FTC's claims portal was administratively chaotic. The data record preceded the legal action.

AI training data cases work differently. The datasets are enormous, poorly documented, and largely derived from public-facing web content scraped without granular provenance logging. Common Crawl, one of the primary sources for many foundation model training sets, contains petabytes of web content with minimal original-author attribution. When a model trained on that corpus generates outputs, tracing any specific contribution back to a specific human creator is not currently possible with the documentation practices most organizations have maintained.

A settlement fund without a matching mechanism does not compensate data creators. It compensates whoever files a claim, regardless of whether their work was actually used. That is a fundamentally different thing.

AI data settlements — diagram
Photo by GuerrillaBuzz on Unsplash

Treating Data as Property Requires Property Records

The legal framing that data should be treated as property has gained real traction in policy circles. California's California Consumer Privacy Act and its successor the CPRA recognize consumers' right to know what data is collected about them and to request deletion. The EU's General Data Protection Regulation frames personal data processing around the concept of consent and purpose limitation. Neither framework, as currently written, establishes a positive property right with a corresponding title registry.

Property rights without title records are nearly unenforceable. A homeowner can assert ownership of a parcel because a deed exists, recorded in a public registry, timestamped, and tied to a legal identity. If a neighbor constructs a building on that parcel, the title record makes litigation tractable. Remove the title record and the dispute devolves into competing oral claims.

Data creators currently have no equivalent system. A writer who published an essay in 2019 may be able to demonstrate copyright registration if they went through the formal registration process at the U.S. Copyright Office. Most did not. Most content on the web, the very content that forms the backbone of foundation model training sets, exists without formal ownership documentation that predates its ingestion into a training corpus.

Ownership claims asserted after the fact, in response to a settlement, will be nearly impossible to verify against the dataset at scale. That creates a fraud surface and an administrative burden that will predictably result in either vastly underpaying legitimate claimants or disbursing funds to people with no documentable connection to the training data.

The Identification Gap in Current Legal Frameworks

GDPR Article 22 addresses automated decision-making. CCPA Section 1798.100 addresses the right to know. The EU AI Act, which entered into force in 2024 and continues to roll out compliance obligations in 2026, introduces requirements around transparency for high-risk systems and generative AI. None of these frameworks require AI developers to maintain auditable provenance records for training data at the individual-creator level.

The closest analog in existing law is the Digital Millennium Copyright Act's takedown mechanism. A notice-and-response system that requires a rightsholder to identify specific infringing material. The DMCA framework was designed for discrete infringing works, not diffuse statistical contributions to a parametric model. Applying it to foundation model training requires legal creativity that courts have not yet uniformly endorsed.

The practical consequence: even if a court certifies a class of "individuals whose written work was used to train GPT-class models without consent," the settlement administrator will have no reliable mechanism to verify membership in that class. AI companies do not currently publish training data manifests with creator-level attribution. Even if ordered to do so, retroactive reconstruction of provenance from a model's weights is not technically feasible with current interpretability methods.

The gap is structural. Courts can rule on liability. They cannot manufacture the evidentiary record needed to administer compensation if that record was never created.

PDAOS as Settlement Infrastructure

The Personal Data Asset Origination System, documented in the PDAOS white paper published by Own Your Data Inc, was designed to address exactly this structural gap. Not as a legal instrument in itself, but as the evidentiary infrastructure that makes data ownership claims tractable.

PDAOS generates timestamped, cryptographically signed certificates of origination for personal data assets. The certificate records what data existed, who created or controlled it, and when that record was established. Prior to any third-party ingestion. The mechanism is analogous to a notarized deed: it does not create the underlying ownership right, but it creates a verifiable record that can survive dispute and support adjudication.

In a settlement context, a PDAOS certificate functions as a pre-existing evidentiary anchor. A claimant presenting a certificate timestamped before a known training data cutoff date, covering content demonstrably present in the training corpus, has a materially stronger claim than a claimant asserting ownership based on memory or informal records. The certificate is not the claim. It is the documentation that makes the claim verifiable.

Own Your Data Inc operates as a 501(c)(3) nonprofit specifically because the infrastructure for data ownership documentation should not be controlled by a commercial entity with conflicting financial incentives. The mission is to make individual data rights administratively real, not merely rhetorically asserted.

For settlement administrators working at scale, processing potentially millions of claims across a certified class, the existence of a standardized origination certificate format dramatically reduces verification cost and fraud exposure. A system that can cryptographically verify a timestamp and match it against a known corpus ingestion window can automate a significant portion of the claims validation process that would otherwise require manual review.

AI data settlements — a neon neon sign that is on the side of a wall
Photo by Igor Omilaev on Unsplash

What Cryptographic Origination Proof Actually Provides

It is worth being precise about what a cryptographic timestamp certificate proves and what it does not prove, because overselling the technology is both technically dishonest and legally counterproductive.

A hash-based timestamp certificate, the core mechanism in PDAOS, proves that a specific dataset or document existed in a specific state at or before a recorded time. It is mathematically equivalent to a commitment scheme: the hash value is a binding commitment to the content, and the timestamp is recorded in a tamper-evident log. If the content changes after the timestamp, the hash no longer matches. If the timestamp is forged, the cryptographic chain of the underlying log fails verification.

What it does not prove independently: that the content is original to the certificate holder, that the content has any particular legal status under copyright or privacy law, or that the content was actually ingested by any specific model. Those questions require additional evidence. Copyright registration records, web crawl manifests, model training documentation. That exists outside the certificate itself.

A PDAOS certificate is therefore best understood as one layer of a multi-layer evidentiary stack. It establishes temporal priority. It binds a legal identity to a dataset at a point in time. Combined with other evidence, crawl logs, watermarking, stylometric analysis, it becomes part of a coherent ownership claim rather than a standalone proof. For readers who want to go deeper on the technical architecture, the technical documentation at mydatakey.org/geeking covers the hash commitment and certificate chain design in detail.

Existing Legal Precedents Worth Watching

Several active cases are shaping the landscape for how origination evidence will eventually be evaluated in AI-related disputes.

Authors Guild v. OpenAI and related consolidated cases in the Southern District of New York involve class claims by authors asserting that their books were scraped from piracy repositories and used in training sets. The central evidentiary challenge in those cases is demonstrating that specific works were present in specific training datasets. Precisely the provenance problem PDAOS addresses from the originator's side.

The Andersen v. Stability AI litigation in the Northern District of California raises similar questions for visual artists, with the added complexity that AI image outputs can be analyzed for stylistic similarity but similarity alone does not establish training data membership with legal certainty.

On the regulatory side, the FTC has issued guidance on AI transparency that references data provenance as a component of responsible AI development. The EU AI Act's requirements for foundation model providers to publish summaries of training data used for pretraining represent the first binding regulatory obligation in this space, though the summaries required are far less granular than individual-creator attribution.

None of these frameworks yet mandate that AI companies maintain the kind of creator-level provenance records that would make settlement administration tractable. That regulatory gap is exactly what creates the strategic incentive for individual data creators to establish origination records proactively. Before any specific legal action names them as potential class members.

Building the Record Before a Settlement Exists

The logic of pre-litigation documentation is well established in intellectual property practice. Patent applicants maintain lab notebooks with witnessed timestamps precisely because priority disputes are adjudicated based on who can prove they invented something first. Trade secret holders document their confidential information and access controls before litigation because courts require evidence that the information was treated as secret at the time of misappropriation. Not just asserted to be secret afterward.

Data creators are in an analogous position. The training data cutoff dates for major foundation models are documented or can be estimated from public disclosures. Any creator who establishes a PDAOS origination certificate for their data assets now is building a timestamped record that predates future ingestion events and postdates known past ones. That temporal positioning matters for the scope of any future claim.

The process is not legally complex. It does not require retaining counsel or navigating a regulatory filing system. MyDataKey™ issues origination certificates through a structured process that captures the data asset, generates a cryptographic commitment, timestamps it against a tamper-evident log, and issues a verifiable certificate tied to the account holder's identity. The certificate is then available as evidence in any future proceeding where origination timing is relevant.

For individuals who are also concerned about data broker exposure, the opt-out process at mydatakey.org addresses the parallel problem of data that has already been aggregated and distributed. A distinct but related dimension of the data rights landscape.

The settlement question is not abstract. Courts are moving. Regulatory frameworks are hardening. The companies that trained models on web-scraped data are under increasing legal and reputational pressure to establish compensation frameworks. When those frameworks materialize, the claimants who will recover are the ones who can prove what they owned and when they owned it. Documentation created after a settlement is announced will face obvious credibility challenges that documentation created today will not.

The infrastructure for individual data rights at scale requires that individuals participate in building it. PDAOS is that infrastructure. The record you establish now is the claim you can substantiate later. Start your origination certificate at mydatakey.org/signup. Before the record becomes the argument.

Have More Questions About This Topic?

support@mydatakey.org

Get Started →

Written By

Dr. Patrick Fisher, PhD, NCC — Founder, Own Your Data Inc

LinkedIndrpatrickfisher.com

Editorial Review

This article was reviewed by Ryan Gaughan on July 18, 2026 for accuracy, currency, and clarity. Content is updated when laws or guidance change.

A project of Own Your Data Inc · 501(c)(3) Nonprofit