AI & Data Portability

AI is making personal data access both more valuable — and more complicated.

Artificial intelligence systems thrive on personal data. The richer and more complete the data, the more capable the AI — and the more it shapes our choices, health decisions, financial access, and personal relationships. AI enables unprecedented personalization and efficiency, but these advantages come with risks: concentration, as data silos of compelling AI uses become a valuable and powerful tool; and trust, as AI can create or magnify conditions that are risky for users.

What should users be able to take with them when they switch or use multiple AI services — and who decides?

What happens when a single platform controls the personal data that powers your most important AI uses?

How can we ensure that AI portability works safely — without creating new vectors for data theft or impersonation?

The opportunity

Data portability unlocks AI's potential — for users, not just platforms

When people can move their data freely and safely between AI services, AI can serve their needs more completely. If one platform provides better health insights and another better financial guidance, portability creates a market where the best AI wins for users — where competition drives improvement and users are empowered by choice, not locked into whatever platform got there first. Good data portability practices mean AI can be personalized without being a trap.

The risk

Without open standards, AI accelerates data concentration

AI systems without data portability risk data hoarding for profit: if one platform has exclusive access to rich personal data, it becomes nearly impossible for competitors to offer comparable services. The AI that knows the most about a user becomes the AI the user can't leave — the platform controlling it gains outsized power to influence the most important parts of users' lives. This is the version of AI we are working to prevent.

Case examples

What data access for AI looks like in practice

These scenarios illustrate both the personal-level value of data access for AI, and the harm that can arise with insufficient or untrusted data portability.

User benefit

A patient gets a complete picture

When a patient shares health records with an AI health advisor, the AI can spot patterns across years of records, medications, and lab results. But if the data lives in only one app, switching services or seeking a second opinion means starting over. Portability means health insights can travel with the patient.

Lock-in risk

A platform bets on lock-in

A user who has spent years training a personalized AI assistant — adjusting its tone, building a rich conversation history, teaching it their preferences — may find all of that data is trapped. Even if a new alternative exists, the switching cost is their entire AI relationship history.

User benefit

A student verifies their content

A student who used an AI tutoring service has detailed records of what help was offered, what they wrote, and how their understanding developed. Without portability, that proof of authentic learning is inaccessible — or controlled entirely by a platform that could disappear or change its policies.

Security challenge

An agent requests data — but who's asking?

As AI agents begin to act on users' behalf — booking appointments, managing finances, accessing health records — they send data to and request data from many services. Without a framework for trust, the risks of spoofing, manipulation, and unauthorized access grow substantially.

DTI's Position

Our guiding principles for AI and data access

The single most important thing we can do for the future of AI — so it serves us rather than the other way around — is to protect human control over the personal data that powers these systems. These principles define what that looks like in practice.

Freedom of movement means that people will select services that meet their needs, which in turn creates incentives for businesses to design services in such a way that people both feel, and are, in control.

Chris Riley, DTI — Tech Policy Press, August 2025

📄 Read the full article on Tech Policy Press →

Image: Tech Policy Press / Chris Riley, August 2025

01

The right to download and transfer

Users should be able, at their request, to download personal data from AI services, and to request the direct transfer of personal data between AI services. This data should be in a structured, machine-readable, well-documented format.
02

Portability scoped to personal data

User-directed portability should focus on personal data, and should not extend to training data, model weights, or other elements of AI services not specifically related to the user initiating data transfer; however, personal data used to customize the actions of the AI service should be included.
03

Open, interoperable technical standards

Data portability tools and interfaces should adhere to an open, interoperable technical specification to allow users to easily transfer personal data directly between AI services on a reciprocal basis.
04

Open processes, no restrictive terms

AI services, including generative services, AI agents, and tools, should communicate with other services through open protocols and should not impose unduly restrictive terms on data interfaces to ensure users have their choice of products or services.
05

Security vetting at every transfer

Where data is transferred directly between service providers at a user's request, all parties should employ reasonable, well-documented frameworks and practices for security vetting of the other party to the transfer, including organizational policies regarding data privacy, data security, end user transparency, and authentication.

From the blog

Recent AI writing

Featured

AI Mar 10, 2026 8 min read

A turning point for AI portability

The world of personal data in AI is changing as developer interest grows and portability falls short. Will collaboration or regulation come first?

Chris Riley

Read Full Article

All AI Articles

View all AI articles

Aug 26, 2025 6 min read

The path forward for AI personal data portability

Last week, DTI introduced principles for portability of personal data in AI. In this note I write to talk about...

Feb 11, 2025 7 min read

The future of AI hinges on data portability and APIs.

The Action Summit is over. It’s time to build – and open intersections offer the most upside.

Aug 26, 2024 4 min read

An inflection point for personal AI portability

DTI is excited to be working with Inflection to make personal AI portability a reality. Read more here.

Jun 4, 2024 6 min read

Digging in on personal AI portability

To prepare for a portable, personal AI future, it’s important to articulate what, exactly, should be ported.

Explore other topics Discover insights across trust, portability, governance, security and more.

#trust #portability #security View all AI articles

About our work

AI initiatives

Active

AI Conversation Schema

DTI has developed a specification for AI conversation data exports, enabling users to transfer their histories between AI chat services. The schema defines a structured, interoperable format covering messages, context, and metadata — making it possible to switch AI services without losing what you've built.

Learn more

Active

AI and the Trust Registry

DTI's Trust Registry work applies directly to AI portability: before an AI service receives sensitive personal data from another service, both parties can be vetted. We're working to extend our trust framework to the AI transfer context — defining what vetting looks like, what credentials matter, and how mutual assurance can be established at scale.

Learn more

FAQ

What this work is — and isn't

DTI works with technology companies, nonprofits, and policymakers to develop and advance data portability. Our AI work focuses specifically on the portability of personal data in AI contexts — not on AI regulation, model governance, or AI training practices more broadly.

Is this about giving users the ability to download or transfer their AI conversation data? Yes — that is exactly what we're working on. Users should be able to take their AI history with them.

Is this about using personal data to train AI models? No. Training data governance is a related but separate issue. Our work focuses on portability of personal data, not on what platforms can or cannot do with aggregated data.

Does this require open technical standards for AI data portability? Interoperability benefits greatly from the use of open, shared standards. We actively develop and advocate for such standards through our technical work. But portability begins with making data available and establishing trust.

Does this require AI services to support MCP or any specific protocol? No. We support open standards development but don't mandate any particular protocol. Our principles are protocol-agnostic.

How does good data portability infrastructure help make AI safer? When users can move data between services, platforms compete on quality rather than lock-in. This structural accountability improves safety incentives across the ecosystem.

Is DTI advocating for any specific AI portability legislation? No — we provide technical expertise and policy analysis to inform legislation, but do not advocate for specific bills. We engage with legislators across jurisdictions to ensure portability is understood correctly.