FAQs About Responsible Use of AI in Legal Practice

As lawyers continue to give AI tools a greater role in their work for clients, law firms and legal departments must navigate new risks around data privacy, confidentiality, and professional responsibility. The frequently asked questions below highlight key areas of concern and best practices for responsible use in AI.

Q: Is there an accepted framework for the responsible use of AI?

Responsible AI use is a multi-dimensional governance challenge, and best practices are still emerging. Comprehensive governance programs encompass at least six pillars:

• Ethics and professional responsibility — aligning AI use with the ABA model rules and other ethical guidelines
• Legal compliance — ensuring that AI use complies with the regulatory patchwork, which is still very much in flux 
• Data governance — monitoring the collecting, storage, use, and protection of data involved in AI use
• Bias and fairness — ensuring that AI use doesn’t perpetuate or amplify discrimination
• Transparency and explainability — creating practices for explaining to a client or regulator how an AI tool reached its output
• Organizational governance — establishing internal policies, training, accountability structures, and ongoing monitoring of AI use
• Environmental, Social, and Governance (ESG) — aligning AI use with ESG commitments and organizational values that touch on the environmental and social implications of this technology.

• Every organization needs a policy governing the acceptable use of AI, and that policy requires frequent updates as the technology evolves.

Q: How concerned should lawyers be about hallucinations?”

Hallucinations continue to be a key area of concern. A 2024 peer-reviewed study conducted by the Stanford Institute for Human-Centered Artificial Intelligence (HAI) found that purpose-built legal AI tools from Lexis Nexis and Westlaw hallucinated more than 17% of the time. That means one in six queries to a premium legal research tool returns inaccurate information. To compound this phenomenon, 2025 research in the Harvard Data Science Review shows that the overall accuracy for the second answer AI models provide is often worse than for the first answer, and that those models have a tendency to overstate confidence in these answers. Obviously, this can cause serious problems for anyone relying on these outputs.

Damien Charlotin, who maintains the most comprehensive global database of AI hallucination cases in court filings, has now cataloged over 1,350 cases worldwide. Over 800 of those are in the United States alone. In 2025, federal courts addressed 367 cases with AI-induced fabrications. In just Q1 of 2026, over 220 more cases hit federal dockets.

None of this means lawyers should not use AI tools in appropriate ways to make their work more efficient. But it’s clear that hallucinations are likely; therefore, verification must always be part of the process of using an AI tool. 

Q: What are the confidentiality risks of these tools?

When you load client data into a free, public AI tool, you may be handing that data to the tool’s developer. Many free tools explicitly state in their terms of service that they draw on user inputs to train the AI models. In addition to being an ethics problem, sharing client data with these tools can destroy attorney-client privilege, violate confidentiality obligations, and potentially trigger data breach notification requirements. Risks associated with confidentiality apply to anyone in a firm or organization who handles sensitive client information, not just lawyers.

1. ABA Model Rule 1.6 has always required lawyers to make “reasonable efforts” to prevent unauthorized disclosure of client information, so the rule is not new. But the presence of AI means it applies in new contexts. In addition to the classic worry about someone leaving a sensitive file on a ›, lawyers must now understand and monitor where data goes when it enters an AI system.
2. AI confidentiality risks show up in at least three places:
3. Ingestion of training data: Many AI tools, especially free ones, use inputs or prompts to retrain or improve their models. For example, if a lawyer inputs a client’s sensitive financial information, estate plan details, or family dynamics, that material could become part of the model’s training data and potentially be accessible in some form to other users or to the developer. That’s a confidentiality breach and potential privilege waiver.
4. Data storage and access: Before signing up with an AI vendor, a firm or organization must get answers to questions similar to what they would ask a cloud storage provider. Where is the data stored? Who at the vendor has access? Is it segregated from other clients’ data? What other security measures are in place to protect that data?
5. Inadvertent disclosure through output: AI can sometimes surface information from its training data in responses to other users. If a client’s data was ingested, it could theoretically appear in someone else’s output. Again, this is a confidentiality and potentially a privilege issue.

Q: Is there a difference between free and enterprise tools in terms of risks and best practices?

The distinction between enterprise-licensed AI tools and free public tools matters. According to the technology adage, when something is free, you (and your data) are the product. The terms and conditions of publicly available AI tools create serious risks around violations of professional responsibilities, including attorney-client privilege and confidentiality obligations.

While enterprise AI tools typically have more safeguards in place, an enterprise license does not automatically eliminate risk. The contract with an AI vendor must include appropriate provisions to address data segregation, confidentiality commitments, transparency about how data is used, audit rights, and clear data retention and deletion policies, and those provisions should be carefully reviewed by a privacy or technology lawyer to surface any issues.

Q: Given the dynamic state of the regulatory landscape, how should businesses design their governance programs?

The regulatory landscape governing AI has grown significantly more complex in the past year, with laws addressing three general categories: algorithmic discrimination in high-stakes decisions, automated decision-making transparency and consumer rights, and sector-specific AI use in employment, healthcare, insurance, financial services, and other areas. It’s also true that some of these laws are currently being challenged in court. At the same time, the federal posture on regulation of AI tools is continuing to evolve.

• Regardless of what happens with individual laws, proposed regulations have set the “standard of care” and created frameworks for what reasonable AI governance can look like. Some of these laws draw on existing industry standards such as the NIST AI Risk Management Framework or the ISO 42001 standards. Wise organizations that use proposed regulations as a voluntary and proactive starting place for creating their own AI governance programs can address risk now, and they will be in a stronger position when the regulatory landscape becomes more coherent and comprehensive.

For a comprehensive look at how firms are and should be training associates in the ethical use of AI tools, click here.

Facing questions around your organization’s acceptable-use policy, professional responsibility requirements, data security, or other issues related to AI tools? Reach out to Elizabeth (Lisa) Vandesteeg, Kathryn Nadro, or another member of LP’s AI and Technology Team.