Solicitors

Artificial intelligence and legal professional privilege

Calum MacLean 23 June 2026

An emerging professional risk for law firms

Why this matters now

Generative artificial intelligence (AI) tools are rapidly becoming embedded in legal practice. Solicitors are using AI for research, drafting, providing summaries of important documents, comparison of expert reports and workflow efficiency.

However, recent judicial commentary has highlighted a significant and often overlooked consequence of this trend: the potential loss of legal professional privilege.

For law firms, this strikes at the heart of client protection. For insurers and brokers, it represents a developing professional risk with implications for professional indemnity exposure.

Why AI use creates unique privilege risks

AI tools raise privilege concerns for several interconnected reasons:

AI systems are not lawyers: communications and information shared with, and documents produced by an AI tool are not, in themselves, lawyer–client communications.
Terms of use: many public AI platforms operate under terms that allow data to be stored, processed, or reused – in essence making the information ‘in the public domain’.
Confidentiality breaches: sharing client data with such systems may therefore be treated as disclosure to a third party, breaching confidentiality obligations.
Privilege cannot be reasserted: even where AI output is later reviewed and re-presented by a solicitor, privilege cannot be retrospectively “created” if it was lost at the point of disclosure.

Recent case law and professional commentary suggest that courts, when assessing whether confidentiality has been maintained, and privilege applies, will closely examine how a particular AI tool operates. The includes its data‑handling and training arrangements. Research commissioned by Access Legal revealed that 59% of solicitors surveyed admitted to using unapproved free versions of AI tools such as Chat GPT for client work – so this remains a live issue, as well as being a potentially reportable regulatory breach.

The core legal issue: confidentiality

Legal professional privilege relies fundamentally on confidentiality. If confidentiality is lost, privilege cannot arise or will be waived.

In the Munir case (UK v Secretary of State for the Home Department (AI hallucinations; supervision; Hamid) [2026] UKUT 81 (IAC)) an Upper Tribunal expressly warned that a solicitor uploading confidential materials into open source AI systems (such as publicly available generative AI tools) risks undermining confidentiality and legal professional privilege. While the tribunal did not determine privilege on the facts, its comments provide a clear indication of likely judicial thinking going forward.

There have also been cases decided in the US in which privilege was found to have been lost because of the use of AI.

Of course, it isn’t only solicitors’ use of AI at issue. Clients’ use of AI to process data and generate documents has also been held to be likely to lead to loss of privilege in some instances (for example the Heppner case, in the USA), where documents were uploaded to open AI by a client in order to analyze his defence. This was a loss of confidentiality and any argument for privilege was held to be defeated as a result. The terms and conditions of the AI tool used in that case explicitly provided that data on both users' "inputs" and the provider’s "outputs" was collected and used to train the model. Moreover, the AI provider reserved the right to disclose such data to third parties including governmental regulatory authorities).

Open‑source vs closed AI systems

An important (and increasingly recognised) distinction can be made between:

Open‑source / public AI tools
These pose the highest risk. Uploading client documents, advice, or litigation strategy is likely to be treated as confidentiality - destroying disclosure.
Closed or enterprise AI systems
These typically offer stronger data controls and reduced external exposure. However, the privilege position is not settled, and the use of such systems still requires careful governance, supervision and compliance with professional obligations.

In short, a reduced risk by using closed systems does not mean no risk.

The broader perspective for law firms (and insurers)

From a professional indemnity perspective, inappropriate AI use may result in:

loss of privilege in litigation or regulatory proceedings
unintended disclosure obligation
adverse procedural and cost consequences
increased regulatory scrutiny for inadequate supervision or controls
potential negligence or disciplinary complaints.

AI governance is therefore no longer a purely operational issue for law firms. It is becoming a material professional risk, relevant to underwriting, renewals, and risk management discussions.

Chris Savvas of Euclid Financial & Professional Risks commented

“What matters most to insurers is not simply whether firms use open or closed tools, but whether insureds can demonstrate clear, enforced governance around their use, such as via: policies, training, supervision and audit trail. Where such controls are absent, the potential loss of privilege can broaden both the regulatory and litigation risk. As a result, AI oversight is swiftly becoming a core underwriting consideration, and firms that treat it as a controlled, evidenced part of their risk framework - rather than an informal productivity tool - will be viewed more favorably”.

Managing the risk: key controls

Protecting privilege in the age of AI requires deliberate control, clear frameworks, and consistent oversight. All law firms should be implementing the following controls:

Have policies and procedures in place addressing AI usage, with clear parameters around what systems are acceptable for what purpose.
Prohibit the input of client‑confidential or privileged material into public AI tools.
Ensure the selection process of any software tools includes rigorous criteria regarding privacy, data use and ownership.
Set clear internal policies distinguishing permissible research use from substantive legal work.
Provide appropriate training for staff prior to authorising AI use, on the risks associated with AI, internal use policies, and appropriate ‘prompt engineering’ (ensuring that AI tools are used in as ‘risk aware’ a way as possible).
Maintain oversight of AI use, and supervision and sign-off on AI outputs, to ensure quality standards are met, and that usage complies with professional and regulatory duties.
Ensure ongoing review as case law and regulatory guidance evolves.
Inform clients clearly about the risks of their own misuse of AI in relation to legal matters, including the potential loss of privilege and its implications.

AI preparedness self-audit

For law firms, insurers and brokers alike, AI governance is fast becoming a core professional risk issue - one that requires active management rather than reactive response.

Take our quick self-audit assessment to gauge how effectively your firm addresses AI risks.

	Yes	No
Do you have a clear, up-to-date AI policy that addresses who is able to use what AI tools, and for what purposes?
Do you provide training for staff on AI risks and how to use it appropriately?
Are all staff made aware of the disciplinary and regulatory consequences of inappropriate use of AI?
Do you monitor and review AI use across the firm, including logins and use-cases to ensure compliance with policies and procedures?
Do you have an auditable process for selecting software tools, which includes assessment of data security, privacy, data ownership?
Are you in a position to explain and evidence your appropriate and safeguarded use of AI to your insurer and your regulator, if required?