The tech industry is used to solving legal problems with patches, but this approach is bankrupt. In a recent paper (Position: No Retroactive Cure for Infringement during Training), researchers in cryptography and security argue that machine unlearning and inference-time guardrails do not nullify liability for the unlawful use of data during training. The legal compliance of generative AI depends on data lineage, not on what the chatbot outputs at the end.
As the study authors emphasize, unauthorized ingestion of content is a legally completed act at the moment of copying. Even if you install the strictest guardrails and prevent the model from quoting protected text, the model weights still operate as fixed copies that retain the expressive value of the original. For a court, this means the initial infringement remains. Attempts to sanitize the model after release will not protect against claims involving contracts, torts, or unfair competition.
The main risk for business here is economic. Licensing agreements and Terms of Service often bypass standard Fair Use defenses. Since the value of protected data is embedded in the weights, the legal system may apply mechanisms such as profit disgorgement or recovery for unjust enrichment. In practice, this means not just fines, but the risk of reaching the model itself by court order. The strategy of 'train first, clean later' is turning into a time bomb.
You must immediately shift focus from post-hoc sanitization to verifiable ex-ante process compliance. If you cannot prove the legality of the data before training, no amount of machine unlearning will prevent a court from addressing the model as a product derived from protected intellectual property.