Ethics & Risk

    Attorney-Client Privilege and AI: What Lawyers Must Know

    JE
    Judicio Editorial TeamLegal Technology Experts
    Mar 3, 2026Updated Apr 4, 202610 min read
    Attorney-client privilege and AI: protecting client confidences when using AI legal tools

    TL;DR: Attorney-client privilege and the broader duty of confidentiality are related but distinct, and AI tools implicate both. Used carefully, routing client material through a vendor that does not train on your data and controls access does not waive privilege. The risk lives in the details - training on inputs, sub-processors, and who can see your files. This guide explains the reasonable-efforts standard and the diligence questions to ask before you upload.

    Few questions make lawyers more nervous about AI than this one: if I paste a client's contract or facts into an AI tool, have I just handed privileged information to a third party? It is the right instinct and the wrong framing. The real analysis turns on two separate duties - the evidentiary privilege that protects confidential lawyer-client communications from compelled disclosure, and the far broader ethical duty of confidentiality under the rules of professional conduct. Understanding how each applies to AI is the difference between using these tools defensibly and avoiding them out of vague fear.

    What is the difference between privilege and the duty of confidentiality?

    Attorney-client privilege is a rule of evidence. It protects confidential communications between a lawyer and client made for the purpose of seeking or giving legal advice, and it shields those communications from compelled disclosure in litigation. It is narrow, it can be waived, and it belongs to the client. The duty of confidentiality is much broader. Under the American Bar Association's Model Rule 1.6, a lawyer must not reveal information relating to the representation of a client - whatever its source - unless the client gives informed consent or an exception applies. That duty covers everything you learn about a matter, not just privileged communications, and it applies all the time, not only in court.

    The distinction matters for AI because the two duties fail in different ways. You can breach confidentiality without waiving privilege, and you can waive privilege over material that was never especially sensitive. When you evaluate an AI tool, you are really asking two questions at once: could using this tool be treated as a disclosure that waives privilege, and does using it satisfy my ongoing duty to protect client information? The good news is that, handled properly, the answer to the first is almost always no, and the second is a matter of diligence you already know how to perform. The ABA's Model Rules of Professional Conduct frame both duties.

    Does sending client data to an AI vendor waive privilege?

    Privilege is waived when a confidential communication is disclosed to a third party in a way that is inconsistent with maintaining its secrecy. The fear is that an AI vendor is exactly such a third party. But courts and bar authorities have long recognised that sharing privileged material with agents who assist the lawyer - copy services, e-discovery vendors, interpreters, outside printers, cloud storage providers - does not waive privilege when the disclosure is reasonably necessary to the representation and made under an expectation of confidentiality. A well-governed AI vendor sits comfortably in that established category of confidential service providers.

    The third-party disclosure question

    The waiver question is not whether a third party touched the data, but whether the disclosure was consistent with keeping the communication confidential. Using a vendor under a contract that forbids training on your data, limits access, and keeps the material secure looks like every other confidential-agent relationship lawyers already rely on. Pasting a client's facts into a free, public chatbot whose terms let the provider read and reuse inputs is the opposite - that can look like a voluntary disclosure to the world, and it is the scenario that should worry you. The control you exercise over the tool is what keeps you on the safe side of the line.

    Why confidentiality is the bigger exposure

    Even where privilege stays intact, the duty of confidentiality is the one you are more likely to strain. Rule 1.6 protects all information relating to the representation, so a tool that logs your prompts, trains on your uploads, or exposes files to staff can breach confidentiality even if no privileged communication is ever compelled in court. In practice, this is the duty to design around. If a vendor's practices satisfy Rule 1.6 - no training, controlled access, secure hosting - the narrower privilege question usually takes care of itself. Our guide to legal AI data security and confidentiality goes deeper on the controls that matter.

    What does the reasonable-efforts standard require?

    Confidentiality is not an absolute guarantee against every conceivable breach; it is a duty to make reasonable efforts. Model Rule 1.6(c) requires a lawyer to make reasonable efforts to prevent the inadvertent or unauthorised disclosure of, or access to, client information. The comments list factors: the sensitivity of the information, the likelihood of disclosure absent safeguards, the cost and difficulty of additional safeguards, and whether they would impede the representation. The duty of competence under Model Rule 1.1 now expressly includes understanding the benefits and risks of relevant technology, so AI literacy is itself part of the standard.

    What reasonable efforts demand scales with the stakes. Routine, low-sensitivity material needs less; a matter involving trade secrets, a high-profile client, or sensitive personal data needs more. The standard does not require you to become a security engineer. It requires you to ask sensible questions, choose vendors whose practices fit the sensitivity of the work, and document that you did so. A lawyer who picks a tool that does not train on client data, hosts it securely, and controls access has taken reasonable efforts; one who pastes confidential facts into whatever free tool is open in the browser has not.

    Which AI practices actually threaten client confidences?

    Not every AI tool carries the same risk. The exposures that matter are specific and identifiable, and each has a straightforward mitigation. The table below maps the practices that actually threaten client confidences to what you can do about them.

    Risky practiceWhy it threatens confidentialityMitigation
    Vendor trains models on your inputsYour client's text can resurface in another user's output and leaves your controlChoose a vendor that contractually does not train on customer data
    Undisclosed sub-processorsData flows to fourth parties you never vettedRequire a current sub-processor list and notice of changes
    Broad internal accessStaff or contractors can read matter files at willInsist on role-based, least-privilege access controls
    Unclear retention and deletionOld client data lingers and widens the breach surfaceGet documented retention and deletion terms
    Consumer or free tiersInputs may be logged or used to improve the serviceUse enterprise terms that disclaim training and logging
    No audit trailYou cannot prove who accessed what if challengedRequire a full audit trail of access and actions

    The common thread is control and visibility. A vendor that trains on your inputs, hides its sub-processors, or cannot tell you who accessed a file is asking you to take confidentiality on faith. A vendor that disclaims training, documents its data flows, and gives you an audit trail lets you verify rather than trust - which is exactly what the reasonable-efforts standard rewards.

    What should you ask an AI vendor before you upload?

    Before client data goes anywhere near a new tool, run it through a short due-diligence checklist. These are the questions that separate a confidential service provider from a confidentiality risk, and they are the same questions a careful firm asks of any outside vendor. For a fuller programme, see our note on building AI governance for law firms.

    Question to askWhy it matters
    Do you train models on our uploads or prompts?Training on inputs is the clearest confidentiality risk; a clean no is the baseline
    Where is our data hosted, and in which regions?Hosting and location affect security posture and any cross-border obligations
    Who are your sub-processors, and how are we notified of changes?Undisclosed fourth parties extend the chain of custody beyond your control
    How is internal access controlled?Role-based, least-privilege access limits who can ever see client files
    What is your retention and deletion policy?You need to know data can be purged when a matter ends
    Is there a full audit trail?An audit trail lets you demonstrate reasonable efforts if challenged
    Will you sign a confidentiality agreement or DPA?Written terms turn verbal assurances into enforceable commitments

    You do not need flawless answers to every question, but you do need answers. A vendor that cannot or will not tell you whether it trains on your data, who its sub-processors are, or how access is controlled has answered the most important question by its silence. Keep the responses on file; if your handling is ever questioned, that record is the evidence of reasonable efforts.

    How does Judicio protect privilege and confidentiality?

    Judicio is built so that the confidentiality answers are short and verifiable. It does not train on your data. It is hosted on Google Cloud Platform. Access is governed by role-based permissions, and every action is recorded in a full audit trail, so you can show who did what with a file. One upload into the File Library feeds every tool - Document Review, Legal Research, the Review Matrix, and the rest - so client material does not have to be scattered across several services to get the work done.

    Those properties line up with the reasonable-efforts standard and with the duty of confidentiality under Rule 1.6. No training means your client's text never becomes someone else's output. Role-based access plus an audit trail means you can demonstrate control rather than assert it. None of this removes your judgment - the platform assumes you remain responsible for the matter - but it gives you the documented, controllable foundation the rules expect. For how this connects to wider obligations, see our overview of AI regulatory compliance under GDPR and HIPAA.

    What does a privilege-safe AI workflow look like?

    Pulling it together, a privilege-safe workflow is mostly habit. Choose an approved tool that does not train on your data before any client material is involved. Match the tool to the sensitivity of the matter, and for the most sensitive work, consider client consent or de-identifying facts where practical. Keep client data inside vetted, access-controlled systems rather than public chatbots. And document your diligence so reasonable efforts are provable, not just performed. Whether AI use is ethical in the first place is a related question we take up in our look at AI ethics under the ABA rules.

    Handled this way, AI is not a privilege problem; it is a confidential service like any other, used under controls you can defend. The lawyers who get into trouble are not the ones who used AI - they are the ones who used the wrong tool, without diligence, on sensitive material. Get the tool and the diligence right, and the duty largely takes care of itself.

    You can evaluate Judicio on your own terms with a 7-day free trial - 500 credits, no credit card required - and review the security and data-handling terms before any sensitive matter touches the platform. For a walkthrough of how it fits your confidentiality obligations, contact us.

    Judicio provides legal technology tools, not legal advice. Verify every output and apply your own professional judgment before relying on it.

    Frequently Asked Questions

    Generally no, if you use it like any other confidential service provider. Privilege is waived by disclosure that is inconsistent with confidentiality, not by every third party touching the data. A vendor under contract that does not train on your inputs, controls access, and keeps data secure fits the established category of confidential agents. Pasting privileged material into a public, free chatbot whose terms allow reuse is the risky scenario to avoid.

    Privilege is a narrow rule of evidence that shields confidential lawyer-client communications from compelled disclosure and can be waived. The duty of confidentiality under ABA Model Rule 1.6 is far broader: it covers all information relating to the representation, applies at all times, and is the duty AI tools are most likely to strain. Satisfy confidentiality and the narrower privilege question usually takes care of itself.

    Model Rule 1.6(c) requires reasonable efforts to prevent unauthorised disclosure of or access to client information, scaled to the sensitivity of the matter. In practice that means asking vendors the right questions, choosing tools whose data practices fit the work, and documenting your diligence. It does not demand perfect security, but it does demand a deliberate, defensible choice rather than pasting confidential facts into whatever tool is open.

    Ask whether they train models on your uploads or prompts, where data is hosted, who their sub-processors are and how you are notified of changes, how internal access is controlled, what the retention and deletion policy is, whether there is a full audit trail, and whether they will sign a confidentiality agreement or data processing agreement. Keep the answers on file as evidence of reasonable efforts.

    Judicio does not train on your data, hosts on Google Cloud Platform, and provides role-based access with a full audit trail, so you can control and demonstrate who accessed each file. One upload feeds every tool, keeping client material inside a single vetted, access-controlled workspace. These properties support the reasonable-efforts standard, though you remain responsible for the matter and outputs are not legal advice.

    TopicsEthics & RiskConfidentialityLegal TechnologyAI EthicsRisk Management

    Ready to Transform Your Legal Workflow?

    Try Judicio free for 7 days — no credit card required.

    Start Free Trial

    Related Articles

    Get started

    Bring cited AI to your practice

    Run your first review free in minutes — or book a demo and see Judicio on your own matters.

    Free trial · No credit card required