Artificial intelligence is a powerful technology that law firms are using to enhance productivity and profitability, while also making workloads more manageable for lawyers and their staff.

To properly take advantage of these benefits, however, firms need to know how to ensure that their use of AI remains in compliance with their ethical obligations.

This post takes a brief look at identifying what law firms need to protect against, and more importantly, outlines the key areas that they need to understand to maintain their ethics and compliance obligations.

What are the risks of using AI in legal practice?

If members of your law firm are using AI in any capacity, it’s important to take the time to understand the risks that AI poses, and how to set up the proper guardrails that ensure your firm is meeting its ethical and compliance responsibilities on an organizational level.

When it comes to the risks of using AI in a law firm, two key concerns should be top of mind:

1. Hallucinations: In recent years, several high-profile cases have made headlines where lawyers faced sanctions for submitting AI-generated briefs containing fabricated case citations. One of the disadvantages to using AI solutions that haven’t been designed for legal practice is that they haven’t been trained on legal databases, and they lack verification workflows for lawyers to confirm their research.
2. Data privacy and security. While not explicit, many of the most popular general-purpose AI solutions like ChatGPT, Gemini, and Claude will use user data that’s been shared with them to train their models and, in some cases, that data may be viewable by their staff. This is especially a risk with the free versions of these softwares. For more on this, California’s Senate recently passed legislation addressing these concerns with respect to professional obligations for confidentiality, competence, accuracy, and fairness.

While these are the core concerns that you’ll want to protect against, you’ll also want to review them against the rules that govern professional legal practice in your state.

Understand your ethical obligations in accordance with ABA Model Rules

In July 2024, the ABA issued its first formal guidance on generative AI: Formal Opinion 512. This landmark opinion makes clear that while AI technology is new, the ethical framework governing its use is not.

Several Model Rules are particularly relevant to AI use:

• Model Rule 1.1: Competence requires understanding “the benefits and risks associated with relevant technology,” including legal AI.
• Model Rule 1.6: Confidentiality obligates lawyers to protect client information. When using AI, this means understanding how the tool handles, stores, and potentially trains on your clients’ data.
• Model Rule 1.5: Fees requires reasonable fees. Because AI can dramatically reduce time required for tasks, firms must adjust billing accordingly.
• Model Rule 3.3: Candor Toward the Tribunal prohibits citing nonexistent legal authority, like an AI “hallucination.”
• Model Rules 5.1 and 5.3: Supervision require establishing measures ensuring firm-wide compliance, including AI policies, training, and monitoring.
• Model Rule 7.1: Advertising prohibits false or misleading communications, including claims about AI’s capabilities.

Effectively, no new rules are needed to govern the use of AI in your law firm; the existing Model Rules are robust enough to address any challenges posed by the technology.

State-specific requirements

While the ABA Model Rules provide a framework, your state bar’s rules govern your practice. The landscape of state-specific AI guidance is evolving rapidly with significant variation. Many states have issued their own guidance, including California and Florida.

If your state bar hasn’t issued AI-specific guidance, the existing rules still apply without AI-specific interpretation. Check your state bar’s website, ethics committee opinions, and recent CLEs. Many state bars have formed AI task forces publishing interim recommendations.

If licensed and practicing in multiple states, make sure to comply with each jurisdiction’s rules. The safest approach is following the most stringent requirements among states where you practice.

Pre-adoption: building your foundation for ethical AI use

The integration of artificial intelligence into your practice requires more than a simple policy; it demands a dedicated commitment to competence and due diligence that begins before you even select a tool. As the ABA’s guidance makes clear, a lawyer is not required to become an AI expert, but they must establish a secure and competent operating environment from the start.

To move past the risks and confidently leverage AI’s benefits, your firm must establish comprehensive safeguards across all phases of adoption. This involves not only thorough pre-adoption vendor due diligence but also strict protocols for protecting client confidentiality, which we cover, and more, in the sections below.

Why Legal-Specific AI Matters for Law Firms

As part of building your foundation for ethical AI use, you should also know the distinction between general-purpose AI and platforms built specifically for legal work, as this is one of the most critical considerations for law firms.

• General-purpose AI tools are typically trained on vast, public internet sources, often lacking the necessary security guardrails for handling sensitive client data. Most aren’t able to stay up to date on the latest developments in the law.
• Legal-specific AI platforms, by contrast, are engineered with legal practice requirements in mind. They are trained on comprehensive legal databases, and designed with features like zero-data retention agreements and verified citations to minimize hallucinations and protect client confidentiality. This specialized engineering is essential for upholding your ethical obligations.

Protecting client confidentiality

Client confidentiality is the non-negotiable bedrock of the attorney-client relationship. While AI solutions are necessary for modern practice, they do not provide data privacy guarantees by default. Introducing AI creates a potential new risk that requires reasonable steps to prevent unauthorized disclosure, and it is vital that firms conduct due diligence to ensure proper protections are in place.

One of the most critical safeguards is the zero data retention agreement. These contractual provisions ensure that when you input information into an AI platform, that data is processed but not stored, retained, or used to train models after processing is complete. Without such agreements, a client’s sensitive information could be retained indefinitely or incorporated into training data, potentially surfacing in responses for other users.

Firms should also look for platforms maintaining SOC 2 Type II certification and ISO 27001 compliance, as these are verifiable proof that vendors meet the highest security standards; platforms lacking these should be viewed with extreme caution for any use involving confidential information.

Regarding client consent, most state ethics opinions conclude explicit permission isn’t required if the lawyer is otherwise complying with confidentiality obligations. However, West Virginia’s guidance is an outlier, suggesting obtaining client permission before using AI tools. Even where not legally required, many lawyers inform clients about AI use as part of transparent communication.

Verification is non-negotiable

Perhaps no aspect of AI ethics has received more attention than “hallucinations,” or instances where AI generates convincing but false information. For lawyers, this is an ethics issue striking at the heart of competence and candor toward tribunals.

When you submit AI-generated work to a court or rely on it for client advice, you’re vouching for its accuracy. Model Rule 3.3 requires avoiding false statements and prohibits citing nonexistent authority. If you file a brief with AI-generated cases you haven’t verified, you’re potentially violating one of the profession’s most sacred duties. Courts have imposed sanctions ranging from monetary fines to mandatory education.

Verification is not optional for legal professionals when consulting AI in their legal work. Law firms should be explicit in setting the standard within their organizations that any AI-generated work must be reviewed for accuracy. At a minimum, this should include steps to:

• Verify all citations
• Check factual assertions
• Assess legal reasoning for soundness
• Review for potential bias
• Proofread thoroughly

The work to check and verify your AI outputs takes time, but that time is part of competent representation.

Billing and fee considerations

The intersection of AI and billing presents challenging ethics questions for lawyers, primarily governed by Model Rule 1.5’s requirement that fees be “reasonable.” According to ABA Formal Opinion 512, if AI reduces the time required for a task, that efficiency must be explicitly reflected in the client’s bill. For instance, if an AI-assisted task takes 30 minutes instead of three hours manually, the firm must bill only for the 30 minutes actually spent, as charging for time that was not spent is non-billable.

Furthermore, two categories of work are clearly non-billable:

• Time spent learning new AI platforms, which is part of the lawyer’s competence obligation
• The time AI saved you

You must always bill clients based on the time your work actually takes.

While AI efficiency may strain traditional hourly billing, law firms can still maintain and grow revenues, often by increasing the firm’s overall capacity to serve more clients, shifting the focus to maximizing clients served rather than hours billed.

This tension between the use of AI and the billable hour has also encouraged law firms to use more alternative fee arrangements like flat fees, subscriptions, or value-based pricing. Regardless of the fee structure, transparency is essential. When AI is part of your practice, clients deserve to understand how it affects costs, whether through explicit communication or by including the cost of the technology as a component of firm overhead.

Communication and marketing

Transparency with AI extends to broader communication with clients and the public, as governed by Model Rules 1.4 and 7.1.

Transparency with clients

Regarding clients, Model Rule 1.4 requires keeping them reasonably informed. When AI significantly affects service delivery, lawyers should be especially transparent, particularly when clients inquire about methods, when AI involves sharing confidential information with third parties, or when AI significantly affects the scope, cost, or timeline of a matter.

A practical solution for client disclosure is to address AI in engagement letters by including a clause, such as:

“Our firm uses artificial intelligence tools to enhance efficiency and accuracy. These tools are used under attorney supervision, and all AI-generated work is reviewed and verified by our attorneys. We select AI platforms maintaining appropriate security measures and do not retain client data.”

This provides upfront disclosure, invites questions, and establishes that AI use is supervised and verified.

Marketing and advertising

For marketing and advertising, Model Rule 7.1 prohibits false or misleading communications. When promoting AI capabilities, all claims must be accurate. Do not claim AI makes your work error-free or that it replaces legal judgment. Instead, explain that you use advanced technology to enhance efficiency and improve research quality.

If using AI-powered chatbots for intake, clear disclosure is essential to ensure prospective clients understand they are communicating with AI, not a lawyer. Florida’s Ethics Opinion 24-1 specifically addresses this, emphasizing that lawyers remain responsible for any misleading information provided by chatbots.

Supervision and firm governance

Model Rules 5.1 and 5.3 make clear that firm leadership bears responsibility for ensuring everyone uses AI ethically and competently. Partners and managerial lawyers must establish firm-wide compliance measures, including establishing clear policies that, at minimum, cover the following:

• Approved tools, appropriate tasks they can be used for, and security requirements
• Training on practical use and ethical obligations
• Oversight mechanisms and responsibilities to ensure AI compliance

As AI evolves and ethics guidance develops, training must keep pace, covering how approved tools work, ethical obligations with real-world examples, verification protocols, red flags triggering additional scrutiny, and who to contact with questions.

Supervisory lawyers must make reasonable efforts to ensure supervised lawyers and non-lawyers comply with firm rules. This includes reviewing AI-involved work, providing feedback on misuse or over-reliance, and creating environments where questions are encouraged. Additionally, subordinate lawyers remain responsible for ethics compliance regardless of their firm’s policies or supervisor directions.

It’s important to note that ABA Formal Opinion 512 clarifies that guidance on third-party service providers applies to AI vendors, meaning firms must conduct the same due diligence on AI platforms as any other vendor handling client information.

Making compliance ongoing

Ethics compliance is an ongoing commitment that must evolve as technology and guidance develop. To maintain this commitment, firms should schedule recurring reviews to assess whether platforms and vendors meet their standards, whether new ethics guidance has been issued, whether the firm’s AI policy needs updating, and whether training remains current.

The legal profession’s understanding of AI ethics is evolving rapidly; ABA Formal Opinion 512 explicitly notes additional guidance will likely be necessary. Therefore, it’s important to stay current by subscribing to ethics updates from your state bar, following legal technology publications, attending AI-focused CLEs, and participating in bar technology committees when possible.

Furthermore, keep thorough documentation of compliance efforts like due diligence on vendors before adoption, training provided, policies and revision history, incidents and how they were addressed, and client communications about AI use. This demonstrates good faith, creates institutional knowledge surviving personnel turnover, and provides a foundation for continuous improvement.

Finally, have a plan for responding if AI generates errors, vendors experience breaches, clients object to AI use, courts challenge AI-assisted work, or employees violate policies. Identify who needs notification, how to assess severity, when client notification is required, and when to consult professional liability insurance or your state’s ethics board.

Building a culture of ethical AI use

AI is transforming legal practice in ways that seemed impossible just years ago. Research that once took days can now be completed in minutes, and AI-assisted document analysis will surface insights human reviewers might miss. But while technology changes fast, ethical obligations of competence, confidentiality, candor, supervision, and reasonable fees remain the same.

Vincent by Clio was designed with these principles in mind. From SOC 2 Type II certification and ISO 27001 compliance to zero data retention agreements and verified citations linked to authoritative sources, Vincent helps your firm leverage AI’s power while maintaining the ethical standards your clients and the profession demand.

Ready to see how AI and ethics work together? Request your personalized demo of Vincent by Clio and discover how the right legal AI platform supports both your productivity and your professional responsibilities.

Back to top See all articles