AI governance for law firms and legal teams.

Professional conduct rules

Obligations of competence, confidentiality, and supervision apply to AI-assisted work product. A practitioner who cannot identify AI hallucinations in research they submit is not meeting their competence obligation.

Legal professional privilege

Entering privileged client information into third-party AI tools may waive privilege, depending on the tool architecture, terms of service, and jurisdiction. Governance must classify what information may enter which tools.

EU AI Act

AI systems used to assist courts and judicial authorities in applying law are classified as high-risk. AI used for legal research and drafting by private practitioners sits in limited-risk territory but still carries transparency obligations.

Anti-money laundering AI

AI used in AML screening and transaction monitoring in legal and financial contexts requires the same governance rigour as financial services — with additional professional conduct dimensions.

AI hallucination and false citations

Multiple practitioners have faced sanctions for filing court documents citing AI-generated cases that do not exist. The AI tools produced complete, correctly formatted citations to non-existent judgments with apparent confidence. This is a documented, recurring failure requiring mandatory verification protocols.

Privilege waiver through AI tools

Consumer AI tools that transmit inputs to third-party servers, retain inputs for training, or store data without adequate protection create genuine privilege waiver risk. Governance requires data classification before any client matter information enters an AI system.

Inadequate supervision of AI work product

A junior practitioner using AI to draft documents and a senior partner approving without substantive review is not adequate supervision. Governance must specify who has the expertise to review what categories of AI-assisted work.

Client disclosure gaps

Many jurisdictions are moving toward mandatory disclosure of AI use in certain contexts. Governance must establish a disclosure policy before it becomes mandatory — not in response to a regulator inquiry.

Do you have a written policy that specifies which AI tools may be used for client matter work, and what client information may be entered into them?

Has your firm assessed the privilege implications of the AI tools it uses — specifically, which tools process inputs on third-party servers or retain inputs for training?

What is your mandatory verification protocol for AI-generated case citations, statutory references, and regulatory guidance before they are used in any work product?

Who in your firm has the substantive expertise and defined responsibility to review AI-assisted work product before it reaches clients or courts?

Does your AI use policy address disclosure obligations — when use of AI must or should be disclosed to clients, courts, and regulators?

How are you monitoring regulatory developments in your jurisdiction on AI disclosure and competence requirements?