Authorized Intelligence: Defining AI’s Role in the Law Office

As part of LMICK’s continued AI series, this month LMICK discusses “Authorized Use Policies” (“AUP”) for using AI within your office, and why they are important to have and implement. An AUP for AI in a law firm setting provides crucial structure and risk management parameters. As Lawyers Mutual has discussed in earlier LMICK Minute Issues, law partners and supervising attorneys are responsible for the conduct of the law firm’s employees and subordinates. They are also charged with ensuring that the Rules of Professional Conduct are adhered to by everyone. See SCR 3.130 (5.1), (5.2), and (5.3). These supervisory duties extend to AI and how your firms integrate and use this technology within your firms.

Some of the key benefits of an AI AUP are:

  1. Risk Mitigation and Compliance
    1. Protects confidentiality: Prevents unauthorized disclosure of client data to AI tools.
    2. Regulatory Compliance: Ensures adherence to ABA and KBA Model Rules, data privacy laws (HIPAA, etc.)
    3. Limits malpractice risks: Reduces the chances of inaccurate or AI-generated errors influencing legal advice or filings.
  2. Clear Guidelines for Usage
    1. Clarifies who can use AI, for what purposes, and how.
    2. Sets boundaries (e.g., drafting memos vs. analyzing confidential case files).
    3. Avoids unauthorized or rogue use of generative AI tools.
  3. Preserves Ethical Obligations
    1. Reinforces duties of competence (SCR 3.130 (1.1)), confidentiality (6), and supervision under professional conduct rules (5.1), (5.2), and (5.3).
    2. Encourages proper human review and oversight of AI-generated content.
  4. Supports Efficiency with Accountability
    1. Encourages smart use of AI (e.g., automating document review, legal research) while ensuring lawyers remain accountable.
    2. Balances innovation with quality control.
  5. Training and Awareness
    1. Helps staff and attorneys understand what AI can and can’t do.
    2. Encourages continuous learning and promotes a responsible AI culture in the firm.

For your reference, here is a sample AUP (generated with the assistance of ChatGPT) for AI usage in a law firm setting. It is tailored to address ethical, professional, and practical concerns relevant to attorneys, staff, and legal support personnel:

[Law Firm Name]
Acceptable Use Policy for Artificial Intelligence (AI)
Effective Date: [Insert Date]
Last Updated: [Insert Date]

  1. Purpose
    The purpose of this policy is to establish guidelines for the responsible, ethical, and secure use of Artificial Intelligence (AI) technologies at [Law Firm Name]. This policy ensures that AI tools are used in a manner that upholds our firm’s professional standards, client confidentiality, and applicable legal and ethical obligations.
  2. Scope
    This policy applies to all attorneys, staff, contractors, interns, and other authorized users who access or use AI tools, whether developed internally or provided by third parties, in the course of work at [Law Firm Name].
  3. Permissible Uses of AI
    AI may be used to support the following tasks, provided all ethical and security standards are maintained:
    • Legal research assistance
    • Drafting standard or preliminary legal documents
    • Summarizing case law, contracts, or deposition transcripts
    • Organizing and managing data
    • Automating administrative or operational processes
    • Enhancing client service tools (e.g., chatbots, scheduling assistants)
  4. Prohibited Uses of AI
    The following uses of AI are strictly prohibited:
    • Relying solely on AI for legal advice or final legal opinions
    • Inputting confidential or privileged information into non-secure or public AI systems
    • Using AI to impersonate clients, attorneys, or other individuals
    • Employing AI to conduct surveillance, harassment, or discrimination
    • Using AI to create or spread misinformation or deceptive content
    • Violating any laws, court rules, or ethical obligations, including those related to client confidentiality, advertising, or the unauthorized practice of law
  5. Confidentiality & Data Security
    • AI tools must be vetted and approved by the firm’s IT and compliance teams before use.
    • Users must not input client names, case numbers, or other sensitive identifying information into public or unsecured AI tools.
    • Only firm-approved AI platforms with sufficient data protection and compliance assurances (e.g., GDPR, HIPAA, ABA guidelines) may be used for client work.
  6. Human Oversight
    • All work product generated or assisted by AI must be reviewed, verified, and approved by a licensed attorney before being shared with clients, courts, or third parties.
    • Users are responsible for understanding the limitations, potential biases, and accuracy risks of the AI tools they use.
  7. Training and Compliance
    • All users must complete annual training on responsible AI use, confidentiality obligations, and cybersecurity awareness.
    • Violations of this policy may result in disciplinary action, including termination or revocation of system access.
  8. Reporting Misuse
    If you suspect or become aware of AI misuse, data breaches, or ethical violations, promptly report the incident to the Managing Partner or the firm's Compliance Officer.
  9. Policy Review
    This policy will be reviewed annually and updated as necessary to reflect technological developments, regulatory changes, and industry best practices.

As mentioned above, this sample AUP was generated with the assistance of ChatGPT. This sample may be used in your own firm, or you may wish to revise it, with or without the assistance of AI, to fit your office’s current or expected integration of AI into your daily practice.