This paper explores the role of contracts in shaping the governance of AI across the private and public sectors. It investigates, in particular, how contractual agreements between the providers and deployers of AI systems influence the level of transparency of automated decision-making and the allocation of risks and liability between the parties. It is argued that these contracts establish a regulatory framework that operates alongside, or even in the shadow of, existing legislation, potentially undermining the effectiveness of access to information rights under the GDPR and the AI Act.