AI Use Policy — [Firm Name]
Version [1.0] · Effective [date] · Owner [name / role] · Next review [date]
This policy governs how everyone doing work for [Firm Name] may use generative-AI tools. It exists to let us use AI's benefits while protecting client confidentiality, privilege, competence, and our duty of candour. It is not a technical manual; it is the set of rules we all follow.
1. Scope
This policy applies to all partners, lawyers, staff, and contractors, and to any AI tool used for firm or client work — firm-provided or personal, on any device.
2. Approved tools
- Only tools on the firm's Approved AI Tools list may be used for firm or client work. Current list: [link / appendix].
- Each tool is cleared for a specific data tier (see §3). Do not use a tool beyond its cleared tier.
- To request a new tool, submit [request process] to [approver]. Do not adopt unapproved tools for client work.
3. What data may and may not go in
- Never enter client-confidential or privileged information into a tool not approved for the confidential/privileged tier.
- Data tiers: [Public] · [Internal] · [Confidential / client] · [Privileged], and the tools cleared for each.
- When in doubt, treat information as confidential and ask [approver].
4. Client confidentiality & consent
Before using AI on a matter, check the engagement terms and any outside-counsel guidelines for AI restrictions or consent/notice requirements. Honour client-specific rules. [Firm default position on client notice.]
5. Privilege & ethical walls
AI tools must respect existing access controls and ethical walls. No tool may retrieve or surface matter content a user could not otherwise access. Conflicts screens apply to AI exactly as they apply to people.
6. Accuracy & verification
- Treat every AI output as an unverified draft. A lawyer is responsible for the final work product.
- No AI-assisted work is filed or sent to a client or court until a lawyer has verified every citation, quotation, and factual assertion against a primary source.
7. Supervision & competence
Complete the firm's AI training before using AI on client work. A supervising lawyer remains accountable for AI-assisted work by others, to the same standard as any delegated task.
8. Disclosure
Follow any court, tribunal, or regulator requirement to disclose AI use, and any client requirement. Maintained list of applicable requirements: [link]. Default to transparency where rules are silent: [firm position].
9. Data handling, retention & logging
- Approved confidential-tier tools must contractually exclude training on firm/client data.
- Prompts and outputs are retained per [retention rule] and stored in [location].
- AI use on client matters is logged so it can be reviewed: [how].
10. Ownership, review & incidents
- This policy is owned by [name / role] and reviewed at least twice a year, and whenever a major tool or rule changes.
- Report a suspected AI incident (a wrong output that went out, a data-handling mistake) immediately and without blame to [contact].
Not legal advice. This template is practical governance guidance from Agentic Intelligence, a technology implementation firm — not a law firm, and not legal advice. Adapt it to your tools, systems, practice areas, and the conduct rules of your jurisdiction, with your own professional-responsibility counsel, before adopting it.