Law firms are increasingly leveraging generative AI (‘Gen AI’) in their workflows to improve efficiency, manage risks, and enhance supervision. Whilst there can be significant benefits in using AI, it is crucial that firms have effective risk control mechanisms to ensure it is being used well and safely.
Insurers’ expectations for professional firms
To date, professional indemnity insurers have not had a knee-jerk negative reaction to the introduction of Gen AI into law firms. The response is likely to change where firms are found to have been using it in an unstructured, unregulated manner, without the necessary guard-rails in place.
Insurers expect firms to identify and understand the risks around AI and to put measures in place to mitigate potential claims.
Firms must take a risk-based approach with robust processes around the adoption and use of Gen-AI.
Risks include:
Regulatory issues
The regulatory situation regarding AI is still evolving. Firms with offices or clients in the EU must ensure compliance with the EU AI Act (which already imposes obligations on firms regarding general purpose AI models). The UK regulatory approach is different, meaning many firms may require meeting multiple evolving regulatory regimes.
Accuracy
The hallucinations of GenAI have become well publicised in recent months. The potential for inherent bias is less well understood. Different GenAI tools, working on different data sets and different algorithms can generate quite different results – particularly in the hands of a poorly trained operator.
Data protection
There are multiple potential uses of GenAI in legal practice where data protection issues are raised. Using an AI tool to undertake a comparison of travelling drafts of a contract, for example, could disclose client information, unless the GenAI tool in question is not secured properly, leading to a breach of client confidentiality. Intellectual property breaches are another risk issue – requiring careful controls on the use of data, and an understanding of the sources.
Cyber risks
While third-party use of GenAI can increase the risk of effective cyber-attacks (deep fakes and the like), a firm’s own use of AI can create another system vulnerability that can be exploited.
Introducing GenAI Safely
As with all businesses introducing GenAI tools, conveyancing firms should have a clear framework in place that informs their selection and use. Our top tips include:
- Establish clear policies and frameworks for the ethical use of AI technologies within the firm.
- Ensure your framework addresses regulatory compliance comprehensively (making reference to any applicable guidance).
- Document your third-party selection criteria used to assess the suitability of the GenAI tools you select.
- Implement clear policies and supporting procedures for the use and supervision of AI, even if your rule is that GenAI tools are not to be used in any capacity.
- Always ensure there is adequate oversight of GenAI outputs and monitor AI applications on an ongoing basis to ensure they perform as expected and identify potential risks or errors.
- Communicate openly with clients about the use of AI in legal services, including its role, limitations, and benefits.
- Disclose the extent of reliance on AI tools for decision-making and analysis to maintain trust and transparency.
- Provide clients with the opportunity to opt-out of AI-assisted services where feasible, ensuring informed consent.
- Implement clear disclaimers about AI limitations to manage expectations and avoid potential liability.
By integrating effective processes and controls into their operations and adhering to due diligence measures, firms can proactively mitigate risks, safeguard their reputation, and ensure compliance with legal and ethical standards. At the same time, these measures will enhance client confidence in the firms’ AI practices.
