Eleonora Rosati, a Stockholm University intellectual-property professor and Bird & Bird lawyer, told EL PAÍS in June 2026 that artists, authors, performers, and other rights holders are already using copyright, trademarks, personality rights, and proposed AI rules to defend their work from generative-AI training and imitation. Her point lands because the AI copyright fight has moved beyond abstract internet scraping and into the operational plumbing of the software industry. For Windows users and IT departments, this is not just a culture-war dispute between artists and chatbots; it is a compliance problem arriving inside Copilot, cloud services, procurement contracts, and every internal AI pilot that depends on somebody else’s model.
The first phase of the generative-AI boom was sold as a technical miracle: feed enough text, code, images, audio, and video into a model, and it begins to produce plausible new work on demand. The second phase is proving less magical and more forensic. Courts, regulators, and rights holders now want to know what went into those systems, where it came from, whether it was copied lawfully, and whether the model’s output competes with the people whose work made it possible.
Rosati’s interview is striking because she refuses the comforting fiction that AI exists in a legal vacuum. Copyright, in her framing, remains preventative: if a company wants to reproduce protected works for training, it needs either permission or a valid exception. That sounds simple, but it cuts against years of Silicon Valley habit, where the open web was treated as an informal quarry for data extraction.
The stakes are larger than book royalties or celebrity likenesses. Generative AI is being embedded into the productivity stack that Windows professionals live in every day: Microsoft 365 Copilot, GitHub Copilot, Azure AI services, Windows Recall-style memory features, customer-service bots, code assistants, image generators, voice tools, and search summaries. Once AI becomes infrastructure, the provenance of training data becomes a supply-chain question.
That is where the debate turns from moral outrage to enterprise risk. A company that would never knowingly deploy pirated software may still buy access to an AI model whose training history is opaque. A government agency that requires strict licensing for fonts, stock photography, and code libraries may be far less certain about whether the model generating its reports, scripts, images, or translated documents was built on lawfully acquired material.
That distinction matters because copyright law is not primarily concerned with vibes. It asks whether protected acts occurred: copying, reproduction, distribution, adaptation, public performance, and so on. If a model-training pipeline downloads, stores, normalizes, tokenizes, and processes millions of copyrighted works, the legal question is not whether the model has “learned” like a person. It is whether the company made copies that only the rights holder had the right to authorize.
This is why the source of training material has become so important. In the U.S., the Anthropic litigation produced a mixed but industry-shaking signal: training on lawfully obtained books may be treated differently from training pipelines built on pirated libraries. The $1.5 billion settlement with authors over alleged use of pirated books became the kind of number that boards, insurers, and procurement teams understand instantly.
The industry would prefer a cleaner rule: training is fair use, or training is infringement. Instead, the emerging picture is messier. Courts may look at the purpose of the use, the source of the material, whether the company kept unauthorized copies, whether the output substitutes for the original market, and whether the developer can document its chain of custody.
For IT buyers, that messiness is the point. The most useful question is no longer “Is AI legal?” but “Can the vendor prove that this model, this dataset, and this output workflow are defensible under the rules that apply to us?”
Rosati’s warning is that transparency is not the same thing as permission. A model provider can disclose more information about its training sources and still face arguments over whether the underlying copying was lawful. Conversely, a company can claim to rely on text-and-data-mining exceptions while rights holders argue that those exceptions were never meant to cover every stage of commercial AI training.
Europe’s copyright framework contains text-and-data-mining exceptions, but those exceptions are bounded. Rosati emphasizes requirements such as lawful access and the distinction between research-oriented activity and broad commercial exploitation. That distinction could become a major fault line as model developers argue that modern AI training is merely a scaled-up version of analysis, while creators argue it is an unlicensed input into a competing product.
This is a particularly uncomfortable issue for multinational technology companies. The same model may be trained in one jurisdiction, fine-tuned in another, served from a cloud region in a third, and used by customers everywhere. A compliance posture that satisfies one country’s rules may not satisfy another’s, especially if the European market begins demanding more auditable training disclosures than the U.S. or U.K.
Microsoft sits directly in that crosswind. It is an investor, platform operator, cloud provider, AI vendor, and enterprise software incumbent. The company’s customers will not care which internal legal theory supports which feature if a regulator, author, publisher, or performer later challenges the legitimacy of an AI system used inside their workflows.
For years, the AI industry benefited from scale opacity. Datasets were so large, models so complex, and training pipelines so distributed that no ordinary creator could know whether their work had been copied. The burden of proof sat heavily on the author, illustrator, musician, or voice actor. Rosati notes that France is considering a presumption-of-use approach that would shift some of that burden onto AI developers.
That would be a profound change. Copyright enforcement has traditionally required the rights holder to show that their work was used and that protected rights were infringed. If lawmakers presume that certain content was used for AI training unless the developer proves otherwise, the economics of litigation change immediately.
Developers would then need records not merely for internal engineering hygiene but for courtroom survival. Dataset manifests, licensing records, crawl logs, deletion policies, opt-out handling, and vendor attestations would become the AI equivalent of software bills of materials. The companies with clean rooms, licensed corpora, and credible audit trails would have an advantage over those that scraped first and asked questions later.
This is where the WindowsForum audience should pay attention. The SBOM revolution in cybersecurity began as a niche concern about dependency visibility and became a procurement expectation. AI training provenance could follow a similar path, especially in regulated industries that already treat data lineage as a serious control.
Copyright is an awkward tool for that problem. A song recording, script, performance, or audiobook may be protected, but the sound of a voice may also implicate trademarks, rights of publicity, performers’ rights, privacy law, data-protection law, unfair competition, and image rights. Rosati’s point is that artists are assembling legal shields from whatever regimes are available because no single doctrine neatly covers synthetic identity.
That matters for enterprise AI, too. The deepfake problem is not confined to celebrities. Synthetic voices can be used in social-engineering attacks, fake executive approvals, fraudulent help-desk calls, fabricated training videos, or phishing campaigns that sound like a trusted colleague. For IT departments, AI voice imitation is therefore both an intellectual-property issue and a security issue.
Denmark’s proposed response, aimed at giving people stronger rights over digital imitations of their face, voice, and body, points toward a broader legislative trend. Lawmakers are beginning to understand that generative AI can collapse the distance between creative copying and identity theft. A cloned voice is not just content; it can be a credential in human form.
Windows administrators have already spent years hardening endpoints, enforcing MFA, and training users not to trust suspicious links. The AI era adds a more unsettling lesson: do not automatically trust familiar voices, polished documents, or plausible videos either. Authenticity will need technical controls, legal remedies, and cultural skepticism working together.
The copyright controversy makes that harder. Microsoft can provide indemnities, compliance documentation, admin controls, commercial data protections, and tenant-bound privacy assurances. But the broader market still has unresolved questions about the training data behind frontier models and the legal theories that justify their construction.
For customers, the immediate risk is less likely to be a copyright lawsuit over a single AI-generated paragraph and more likely to be governance drift. Employees may paste licensed reports into public AI tools, generate marketing imagery that resembles protected work, use synthetic voices without consent, or rely on AI-generated code whose provenance is unclear. The organization then inherits a pile of small, hard-to-audit decisions made in the name of productivity.
This is why AI policy cannot live only in the legal department. It needs to intersect with endpoint management, data-loss prevention, identity governance, procurement, records retention, and security awareness. In a Windows environment, that means practical controls: which AI tools are allowed, which data classifications can be used with them, which plugins are permitted, which logs are retained, and who reviews high-risk outputs before publication.
The more AI is integrated into the operating environment, the less useful it becomes to treat it as an optional web service. Copilot in Microsoft 365, AI features in Edge, cloud-based model APIs, and third-party assistants all sit close to corporate data. Their legal and operational risks travel with that proximity.
That is a harder challenge than many AI companies admit. Early datasets were often assembled during a period of permissive internet culture and limited scrutiny. The web was scraped at massive scale, deduplicated, filtered, and mixed with other sources. Documentation that seemed unnecessary during a research sprint may become essential in litigation years later.
The AI industry is therefore moving from a “move fast” culture to a records-management culture. That shift is painful but predictable. The same thing happened with cybersecurity, privacy, export controls, and open-source software. Once a technology becomes critical infrastructure, the paperwork stops being optional.
For developers and sysadmins, this creates a divide between hobbyist experimentation and production deployment. A local model downloaded for weekend tinkering is one thing. A model embedded into a customer-support workflow, HR process, document-review pipeline, or regulated decision system is another. The latter needs traceability, vendor commitments, review processes, and a way to shut down risky behavior when the legal environment changes.
The companies that win enterprise trust will be the ones that can answer boring questions well. What data was used? Was it licensed? Were opt-outs honored? Can copyrighted or personal data be removed? Are outputs logged? What indemnity exists? What happens if a court narrows an exception the model relied on?
That shift will not be limited to celebrities. Journalists, programmers, designers, podcasters, teachers, consultants, and corporate trainers all produce material that can be scraped, cloned, summarized, or imitated. The creator economy is discovering what software developers learned from package hijacking and code scraping: if your work is publicly accessible and useful, automated systems will find it.
The law is trying to catch up, but Rosati is right to warn against technology-specific legislation that becomes obsolete too quickly. A statute written only for today’s diffusion models or large language models may miss tomorrow’s architectures. The better path is likely a combination of flexible rights, clearer evidentiary rules, transparency duties, and market pressure for licensed data.
Still, the transition will be uneven. Well-known artists can hire lawyers, register marks, negotiate licenses, and sue. Independent creators may have rights in theory but little practical enforcement power. If lawmakers want AI markets to function without turning culture into unpaid feedstock, they will need mechanisms that scale beyond celebrity litigation.
Collective licensing, rights registries, dataset audits, opt-out standards, and statutory presumptions may all become part of that machinery. None is simple. But the alternative is a permanent imbalance in which AI developers monetize ambiguity faster than creators can litigate it.
Rosati’s intervention is useful because it cuts through both extremes. She does not claim that AI is lawless theft by definition, nor does she accept the idea that new technology dissolves existing rights. Her argument is more durable: copyright and related rights still matter, exceptions must be interpreted carefully, and transparency will determine whether rights can be enforced at all.
For Microsoft’s ecosystem, that means AI will mature less like a feature update and more like a compliance regime. Copilot, Azure AI, Windows-integrated assistants, and third-party models will live or die in enterprise settings by trust, documentation, and control. The model that produces the cleverest answer may not be the model a regulated business can safely deploy.
The industry’s early bargain was speed in exchange for uncertainty. Creators supplied the raw material, often unknowingly; developers supplied the scale; users supplied the enthusiasm. That bargain is now being renegotiated by courts, lawmakers, and customers who want to know whether the miracle was built on permission, piracy, or something still legally unresolved. The future of AI on Windows and everywhere else will not be decided only by benchmark scores, but by whether the systems can prove they deserve to be trusted.
The Copyright Fight Has Reached the Platform Layer
The first phase of the generative-AI boom was sold as a technical miracle: feed enough text, code, images, audio, and video into a model, and it begins to produce plausible new work on demand. The second phase is proving less magical and more forensic. Courts, regulators, and rights holders now want to know what went into those systems, where it came from, whether it was copied lawfully, and whether the model’s output competes with the people whose work made it possible.Rosati’s interview is striking because she refuses the comforting fiction that AI exists in a legal vacuum. Copyright, in her framing, remains preventative: if a company wants to reproduce protected works for training, it needs either permission or a valid exception. That sounds simple, but it cuts against years of Silicon Valley habit, where the open web was treated as an informal quarry for data extraction.
The stakes are larger than book royalties or celebrity likenesses. Generative AI is being embedded into the productivity stack that Windows professionals live in every day: Microsoft 365 Copilot, GitHub Copilot, Azure AI services, Windows Recall-style memory features, customer-service bots, code assistants, image generators, voice tools, and search summaries. Once AI becomes infrastructure, the provenance of training data becomes a supply-chain question.
That is where the debate turns from moral outrage to enterprise risk. A company that would never knowingly deploy pirated software may still buy access to an AI model whose training history is opaque. A government agency that requires strict licensing for fonts, stock photography, and code libraries may be far less certain about whether the model generating its reports, scripts, images, or translated documents was built on lawfully acquired material.
The “Right to Read” Argument Is Running Out of Easy Analogies
AI developers and their defenders often reach for a familiar analogy: a human reads many books, learns patterns, and writes something new, so a machine should be allowed to do something similar. Rosati’s answer is that the analogy is incomplete. Human learning does not normally require industrial-scale acts of digital reproduction, whereas AI training does.That distinction matters because copyright law is not primarily concerned with vibes. It asks whether protected acts occurred: copying, reproduction, distribution, adaptation, public performance, and so on. If a model-training pipeline downloads, stores, normalizes, tokenizes, and processes millions of copyrighted works, the legal question is not whether the model has “learned” like a person. It is whether the company made copies that only the rights holder had the right to authorize.
This is why the source of training material has become so important. In the U.S., the Anthropic litigation produced a mixed but industry-shaking signal: training on lawfully obtained books may be treated differently from training pipelines built on pirated libraries. The $1.5 billion settlement with authors over alleged use of pirated books became the kind of number that boards, insurers, and procurement teams understand instantly.
The industry would prefer a cleaner rule: training is fair use, or training is infringement. Instead, the emerging picture is messier. Courts may look at the purpose of the use, the source of the material, whether the company kept unauthorized copies, whether the output substitutes for the original market, and whether the developer can document its chain of custody.
For IT buyers, that messiness is the point. The most useful question is no longer “Is AI legal?” but “Can the vendor prove that this model, this dataset, and this output workflow are defensible under the rules that apply to us?”
Europe Is Building a Transparency Regime Before It Has Settled the Copyright Theory
The European Union has tried to move faster than the courts by creating transparency obligations around general-purpose AI systems. The EU AI Act does not magically settle every copyright dispute, but it does push developers toward documentation: summaries of training content, policies for respecting copyright, and disclosures that may make it easier for rights holders to investigate whether their work was used.Rosati’s warning is that transparency is not the same thing as permission. A model provider can disclose more information about its training sources and still face arguments over whether the underlying copying was lawful. Conversely, a company can claim to rely on text-and-data-mining exceptions while rights holders argue that those exceptions were never meant to cover every stage of commercial AI training.
Europe’s copyright framework contains text-and-data-mining exceptions, but those exceptions are bounded. Rosati emphasizes requirements such as lawful access and the distinction between research-oriented activity and broad commercial exploitation. That distinction could become a major fault line as model developers argue that modern AI training is merely a scaled-up version of analysis, while creators argue it is an unlicensed input into a competing product.
This is a particularly uncomfortable issue for multinational technology companies. The same model may be trained in one jurisdiction, fine-tuned in another, served from a cloud region in a third, and used by customers everywhere. A compliance posture that satisfies one country’s rules may not satisfy another’s, especially if the European market begins demanding more auditable training disclosures than the U.S. or U.K.
Microsoft sits directly in that crosswind. It is an investor, platform operator, cloud provider, AI vendor, and enterprise software incumbent. The company’s customers will not care which internal legal theory supports which feature if a regulator, author, publisher, or performer later challenges the legitimacy of an AI system used inside their workflows.
Pirated Training Data Is Becoming AI’s Original Sin
The Anthropic settlement matters because it crystallized a dividing line that even many AI-friendly observers can understand: there is a difference between learning from lawfully obtained material and building a training corpus from shadow libraries. That distinction does not resolve the entire fair-use debate, but it makes piracy much harder to sanitize under the language of innovation.For years, the AI industry benefited from scale opacity. Datasets were so large, models so complex, and training pipelines so distributed that no ordinary creator could know whether their work had been copied. The burden of proof sat heavily on the author, illustrator, musician, or voice actor. Rosati notes that France is considering a presumption-of-use approach that would shift some of that burden onto AI developers.
That would be a profound change. Copyright enforcement has traditionally required the rights holder to show that their work was used and that protected rights were infringed. If lawmakers presume that certain content was used for AI training unless the developer proves otherwise, the economics of litigation change immediately.
Developers would then need records not merely for internal engineering hygiene but for courtroom survival. Dataset manifests, licensing records, crawl logs, deletion policies, opt-out handling, and vendor attestations would become the AI equivalent of software bills of materials. The companies with clean rooms, licensed corpora, and credible audit trails would have an advantage over those that scraped first and asked questions later.
This is where the WindowsForum audience should pay attention. The SBOM revolution in cybersecurity began as a niche concern about dependency visibility and became a procurement expectation. AI training provenance could follow a similar path, especially in regulated industries that already treat data lineage as a serious control.
Voice Cloning Turns Copyright Into an Identity Problem
The interview’s most attention-grabbing line is about Taylor Swift reportedly registering her voice. Whether one looks at Swift, Matthew McConaughey, voice actors, audiobook narrators, or ordinary employees whose voices appear in training material, the underlying issue is the same: generative AI does not merely copy works. It can imitate people.Copyright is an awkward tool for that problem. A song recording, script, performance, or audiobook may be protected, but the sound of a voice may also implicate trademarks, rights of publicity, performers’ rights, privacy law, data-protection law, unfair competition, and image rights. Rosati’s point is that artists are assembling legal shields from whatever regimes are available because no single doctrine neatly covers synthetic identity.
That matters for enterprise AI, too. The deepfake problem is not confined to celebrities. Synthetic voices can be used in social-engineering attacks, fake executive approvals, fraudulent help-desk calls, fabricated training videos, or phishing campaigns that sound like a trusted colleague. For IT departments, AI voice imitation is therefore both an intellectual-property issue and a security issue.
Denmark’s proposed response, aimed at giving people stronger rights over digital imitations of their face, voice, and body, points toward a broader legislative trend. Lawmakers are beginning to understand that generative AI can collapse the distance between creative copying and identity theft. A cloned voice is not just content; it can be a credential in human form.
Windows administrators have already spent years hardening endpoints, enforcing MFA, and training users not to trust suspicious links. The AI era adds a more unsettling lesson: do not automatically trust familiar voices, polished documents, or plausible videos either. Authenticity will need technical controls, legal remedies, and cultural skepticism working together.
Microsoft’s Copilot Problem Is Also a Customer Problem
Microsoft has worked hard to present Copilot as an enterprise-grade layer for AI productivity rather than a toy chatbot bolted onto Office. That positioning is smart, but it also raises expectations. If AI is part of the productivity substrate, customers will expect the same contractual clarity they expect from Exchange, SharePoint, Teams, Windows, and Azure.The copyright controversy makes that harder. Microsoft can provide indemnities, compliance documentation, admin controls, commercial data protections, and tenant-bound privacy assurances. But the broader market still has unresolved questions about the training data behind frontier models and the legal theories that justify their construction.
For customers, the immediate risk is less likely to be a copyright lawsuit over a single AI-generated paragraph and more likely to be governance drift. Employees may paste licensed reports into public AI tools, generate marketing imagery that resembles protected work, use synthetic voices without consent, or rely on AI-generated code whose provenance is unclear. The organization then inherits a pile of small, hard-to-audit decisions made in the name of productivity.
This is why AI policy cannot live only in the legal department. It needs to intersect with endpoint management, data-loss prevention, identity governance, procurement, records retention, and security awareness. In a Windows environment, that means practical controls: which AI tools are allowed, which data classifications can be used with them, which plugins are permitted, which logs are retained, and who reviews high-risk outputs before publication.
The more AI is integrated into the operating environment, the less useful it becomes to treat it as an optional web service. Copilot in Microsoft 365, AI features in Edge, cloud-based model APIs, and third-party assistants all sit close to corporate data. Their legal and operational risks travel with that proximity.
The Next AI Compliance Fight Will Be About Proof
Rosati’s most consequential theme is transparency. Not transparency as a public-relations value, but transparency as evidence. If a model developer claims lawful access, compliance with opt-outs, respect for copyright reservations, or reliance on a statutory exception, it will eventually need to prove those claims.That is a harder challenge than many AI companies admit. Early datasets were often assembled during a period of permissive internet culture and limited scrutiny. The web was scraped at massive scale, deduplicated, filtered, and mixed with other sources. Documentation that seemed unnecessary during a research sprint may become essential in litigation years later.
The AI industry is therefore moving from a “move fast” culture to a records-management culture. That shift is painful but predictable. The same thing happened with cybersecurity, privacy, export controls, and open-source software. Once a technology becomes critical infrastructure, the paperwork stops being optional.
For developers and sysadmins, this creates a divide between hobbyist experimentation and production deployment. A local model downloaded for weekend tinkering is one thing. A model embedded into a customer-support workflow, HR process, document-review pipeline, or regulated decision system is another. The latter needs traceability, vendor commitments, review processes, and a way to shut down risky behavior when the legal environment changes.
The companies that win enterprise trust will be the ones that can answer boring questions well. What data was used? Was it licensed? Were opt-outs honored? Can copyrighted or personal data be removed? Are outputs logged? What indemnity exists? What happens if a court narrows an exception the model relied on?
Creators Are Becoming Security-Conscious About Themselves
One of the more interesting consequences of the AI copyright fight is that artists are beginning to behave like security teams. They are inventorying assets, registering marks, monitoring misuse, asserting rights, and thinking adversarially. A voice, likeness, style, catalog, or archive is no longer just an artistic identity; it is an attack surface.That shift will not be limited to celebrities. Journalists, programmers, designers, podcasters, teachers, consultants, and corporate trainers all produce material that can be scraped, cloned, summarized, or imitated. The creator economy is discovering what software developers learned from package hijacking and code scraping: if your work is publicly accessible and useful, automated systems will find it.
The law is trying to catch up, but Rosati is right to warn against technology-specific legislation that becomes obsolete too quickly. A statute written only for today’s diffusion models or large language models may miss tomorrow’s architectures. The better path is likely a combination of flexible rights, clearer evidentiary rules, transparency duties, and market pressure for licensed data.
Still, the transition will be uneven. Well-known artists can hire lawyers, register marks, negotiate licenses, and sue. Independent creators may have rights in theory but little practical enforcement power. If lawmakers want AI markets to function without turning culture into unpaid feedstock, they will need mechanisms that scale beyond celebrity litigation.
Collective licensing, rights registries, dataset audits, opt-out standards, and statutory presumptions may all become part of that machinery. None is simple. But the alternative is a permanent imbalance in which AI developers monetize ambiguity faster than creators can litigate it.
The Windows Admin’s AI Checklist Is Starting to Look Like a Legal File
The practical lesson from Rosati’s interview is not that every organization should stop using AI. It is that AI adoption needs the same maturity that IT already applies to security, software licensing, and data protection. The novelty of the tool does not erase old obligations; it mostly rearranges where they appear.- Organizations should ask AI vendors for concrete documentation about training-data sources, licensing practices, opt-out handling, and indemnity before approving production use.
- Administrators should restrict unsanctioned AI tools that allow employees to paste confidential, copyrighted, customer, or regulated data into unmanaged systems.
- Legal and IT teams should treat synthetic voice, image, and video generation as identity-risk technologies, not merely creative features.
- Procurement teams should distinguish between consumer AI services, enterprise-protected AI services, and internally hosted models because the contractual and logging assumptions differ.
- Developers using AI-generated code should continue normal license, security, and quality review rather than assuming model output is automatically clean.
- Executives should expect AI regulation to diverge across jurisdictions, making documentation and auditability more valuable than one-size-fits-all legal assurances.
The Winners Will Be the Companies That Can Explain Their Models
The generative-AI industry has spent the past few years proving that models can produce useful output. The next few years will test whether the companies behind those models can explain themselves. Not in glossy demos, but in court filings, regulator inquiries, enterprise contracts, and creator negotiations.Rosati’s intervention is useful because it cuts through both extremes. She does not claim that AI is lawless theft by definition, nor does she accept the idea that new technology dissolves existing rights. Her argument is more durable: copyright and related rights still matter, exceptions must be interpreted carefully, and transparency will determine whether rights can be enforced at all.
For Microsoft’s ecosystem, that means AI will mature less like a feature update and more like a compliance regime. Copilot, Azure AI, Windows-integrated assistants, and third-party models will live or die in enterprise settings by trust, documentation, and control. The model that produces the cleverest answer may not be the model a regulated business can safely deploy.
The industry’s early bargain was speed in exchange for uncertainty. Creators supplied the raw material, often unknowingly; developers supplied the scale; users supplied the enthusiasm. That bargain is now being renegotiated by courts, lawmakers, and customers who want to know whether the miracle was built on permission, piracy, or something still legally unresolved. The future of AI on Windows and everywhere else will not be decided only by benchmark scores, but by whether the systems can prove they deserve to be trusted.