AI in Legal Practice

A Manhattan federal judge has delivered a really important ruling on artificial intelligence and legal practice - can you claim legal privilege over AI generated documents? It’s a potential major blind spot for organisations - and a huge responsibility for in-house lawyers to explain the issue to their non-legal colleagues. On 10 February, U.S. District Judge Jed Rakoff ruled in USA v. Heppner that a criminal defendant could not claim attorney-client privilege over documents he had himself prepared using an AI service and then subsequently sent to his lawyers. Bradley Heppner, former chairman of GWG Holdings, faces fraud charges over an alleged $150 million scheme, with trial set for April. But the privilege ruling carries significance beyond any single case. The reasoning rests on a principle that long predates artificial intelligence. Privilege protects confidential communications between lawyer and client made for the purpose of legal advice. It does not automatically attach to materials a client creates independently simply because those materials are later forwarded to counsel. What matters is how the document came to exist, not its destination. What AI changes is the scale of the problem. Generative AI tools now allow any executive to produce polished case narratives, issue summaries, and chronologies that resemble legal work product, all without a lawyer’s involvement. The natural instinct is to assume that once these materials are emailed to counsel, they enter the protected sphere. Judge Rakoff’s ruling suggests otherwise - the court’s focus is on what the document is and how it came to exist, not on the fact that it was subsequently routed to a lawyer. This matters because AI is rapidly becoming the default tool through which businesspeople process complex situations. An executive facing a regulatory investigation who uses a chatbot to organise the facts and draft a summary for their lawyer may be creating discoverable material that sits entirely outside the privileged relationship. Judge Rakoff also noted that the AI-generated materials could prove “problematic” if used at trial. Even where privilege is not the issue, AI-authored documents create genuine evidential difficulties - questions of authorship, accuracy, hearsay characterisation, and the optics of presenting AI-mediated narratives as though they were direct recollection. If you want AI-assisted materials to have any chance of privilege protection, “Client-produced and then forwarded to counsel” is the weak fact pattern, and after this ruling, in the US at least, it may be no fact pattern at all.

Cutting through the AI noise - here are 5 use cases for using generative AI today in a law practice: 1) Having AI draft initial responses to standard discovery requests, pulling directly from client documents and past cases—turning 3 hours of document review into 20 minutes of attorney verification. 2) Using AI to analyze deposition transcripts and build detailed witness chronologies, flagging inconsistencies and potential credibility issues that could be crucial at trial. 3) Feeding settlement agreements from similar cases to AI to generate initial settlement terms, helping attorneys start negotiations with data-backed proposals rather than gut instinct. 4) Having AI review client intake forms and past matters to spot potential conflicts of interest—moving beyond simple name matching to identify subtle relationship patterns. 5) Using AI to draft routine motions and pleadings by learning from the firm's document history, maintaining consistent arguments while adapting to case-specific facts. The real value isn't replacing attorney judgment. It's eliminating the mechanical tasks that keep great lawyers from doing their best work. What specific AI applications are you seeing succeed (or fail) in your practice? #legaltech #innovation #law #business #learning

𝟐𝟎 𝐄𝐧𝐭𝐞𝐫𝐩𝐫𝐢𝐬𝐞 𝐀𝐈 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐑𝐞𝐪𝐮𝐢𝐫𝐞𝐦𝐞𝐧𝐭𝐬 𝐁𝐞𝐟𝐨𝐫𝐞 𝐘𝐨𝐮 𝐃𝐞𝐩𝐥𝐨𝐲 𝐀𝐈 Most AI Failures in enterprises are not Technical. They are Compliance Failures. Before deploying AI into Production,  Here are the 20 Non-Negotiables: 1. Appoint AI Accountability Leader   Assign a senior executive responsible for AI compliance, oversight, and reporting. 2. Establish Cross-Functional AI Board   Include legal, security, HR, data, and business teams for governance and approvals. 3. Define Legal AI Role   Clarify provider versus deployer obligations and compliance responsibilities. 4. Maintain Technical Documentation   Document architecture, data sources, performance metrics, and intended use limitations. 5. Disclose AI Usage Transparently   Notify users about AI interactions and synthetic content usage. 6. Publish Model Transparency Reports   Document purpose, performance across demographics, limits, and out-of-scope scenarios. 7. Implement Logging and Audits   Track inputs, outputs, versions, and decisions for investigations and traceability. 8. Ensure Decision Explainability   Provide meaningful explanations and enable human review of high-impact decisions. 9. Create Comprehensive AI Inventory   Document all AI systems, APIs, models, and embedded SaaS tools. 10. Develop AI Acceptable Use Policy   Define permitted uses, prohibited activities, and approved data types. 11. Classify AI Risk Levels   Categorize systems into prohibited, high, limited, or minimal risk tiers. 12. Conduct Formal Risk Assessments   Identify harms, discrimination risks, and safety issues before deployment. 13. Test for Bias Regularly   Evaluate outputs across protected groups and document mitigation steps. 14. Review Third-Party AI Risk   Assess vendor compliance, contracts, liabilities, and regulatory responsibilities. 15. Govern Training Data Legality   Track licenses, avoid unauthorized scraping, and respect copyrights. 16. Perform Required DPIAs   Assess high-risk personal data processing under GDPR and similar regulations. 17. Confirm Lawful Data Basis   Verify consent, contractual necessity, or legitimate interest before processing data. 18. Apply Data Minimization Rules   Limit data usage and enforce strict retention schedules. 19. Secure AI Infrastructure Assets   Protect pipelines, weights, APIs, and model endpoints with strong controls. 20. Support Data Subject Rights   Enable access, correction, deletion, restriction, and automated decision opt-outs. The real shift in enterprise AI is this. From model performance to governance readiness. From proof of concept to regulatory durability. If your AI cannot pass audit, it cannot scale. Compliance is not friction. It is infrastructure. PS: If you found this valuable, join my weekly newsletter where I document the real-world journey of AI transformation. ✉️ Free subscription: https://lnkd.in/exc4upeq #EnterpriseAI #AIGovernance #ResponsibleAI

AI isn’t replacing you. It’s sitting next to you. At Copenhagen Legal Tech’s First Tuesday, Werner Valeur shared so many great insights, but this one stuck with me: 🤖 Technology is your new colleague. I’d take it a step further: 🤖 AI is your new colleague. It’s not just another tech tool. Treat AI like a new coworker. Like any good colleague, AI requires context and interaction to deliver real value. The better you communicate with your new coworker - the better the results. The more you work together, the more you learn about their strengths and weaknesses. Laura Frederick helped further refine and visualize this concept yesterday while we were chatting about challenges of AI adoption in contracting. Use AI like you would when we worked in offices, and would drop by one of your office besties to run an idea by them, get a different opinion, refine argument or get a gut check. Here are some ways that you can use AI right now across all genAI chat tools like ChatGPT, Copilot, Claude, Gemini, Perplexity and legal specific AI tools like Wordsmith. How AI Can Assist Legal Professionals Right Now: 🧠 Brainstorming & Idea Generation - Generate new ideas and explore different perspectives. - Provide counterarguments to strengthen legal reasoning. - Get suggestions for alternative approaches to problems. 🤝 Negotiation & Scenario Testing - Play out different negotiation scenarios and refine your position. - Run hypotheticals or play devil’s advocate to stress-test legal arguments. 📑 Document & File Management - Spot differences between contract versions or precedent documents. - Organize messy notes into structured documents. - Structure messy drafts, clean up formatting, and standardize layouts. - Easily convert between file formats while maintaining all the information. 📝 Summarization & Transcription - Quickly extract key points from lengthy agreements or case law. - Transcribe and/or summarize meeting transcripts or notes to capture key takeaways and action items. 👀 Clarity & Refinement - Test writing for clarity and readability. - Ask AI to simplify or refine complex legal language. - Make writing more concise by cutting unnecessary details. - Turn text into bullet points, a table, or image (tip: Claude is better at making slide images). ⚠️ Risk & Consistency Checks - Highlight potential red flags in agreements. - Check for inconsistencies in responses or across multiple documents. - Ensure legal solutions align with specific legal rules, frameworks, or precedents. - Identify assumptions made in legal arguments. - Validate responses against the latest case law or regulatory updates. - Stress-test whether legal advice holds under different conditions. 🗣️ Client & Internal Communication - Tailor responses based on tone and audience. - Provide second opinions or alternative views on legal arguments or advice. - Prepare clear, concise explanations for clients or stakeholders. - My favorite: check for typos!

Just co-led an AI training for 20 execs from one of the largest legal firms in the world These were the big moments we covered: 1. Every firm has three cohorts in an AI rollout: the frontrunners pulling ahead, the middle who'll follow if shown how, and the resisters who haven't touched their Copilot licence and have no plans to. Buying more licences doesn't close that gap. Targeted training and peer-to-peer enablement does. 2. You don't need to talk about Gen AI, LLMs or agents. You need to talk about the nine things lawyers already do: extract, label, compare, organise, find, summarise, draft, interrogate, translate. Every legal AI use case is a combination of these. Naming it that way strips the hype out of the conversation and gets you straight to the work. 3. A lot of firms skip straight to buying or building and end up with expensive shelfware. The sequence that works is Educate, then Discover, then Build. Educate so people can spot the right use cases. Discover with the practitioners closest to the work. Then build for the use case with the highest impact for the firm. 4. Before any use case gets investment, three questions have to be answered honestly. What problem are we solving? Can the technology solve it? And even if it can, will the lawyers use it? Skip any one of the three and the project dies on the way to production. 5. Build vs buy is the wrong question. There are three layers in any legal AI system: the core models, the software wrapper around them, and your firm-specific workflows, data and expertise. The software layer is commoditising every quarter. The value lives in layer three (your firm-specific data and workflows), and that's the one no vendor can sell you. 6. A law firm's AI budget shouldn't be a fraction of the IT budget. It should be a multiple of the HR budget. AI capability is a people investment: literacy, change management, workflow design, AI Champions inside each practice group. Underfund the people side and the tools sit unused. Best questions I've had in a training this year. Looking forward to seeing where this group takes it.

AI risk hides in contracts. (And you have more leverage than you think). A significant amount of AI risk is external. It's buried in vendor contracts and across the supply chain. And APRA's latest letter makes clear this is a significant governance gap in financial services. Our new article breaks down APRA's 30 April letter to industry and suggests 5 actions you can take now: (1) Audit your AI vendor register today.  Map every AI system in use (including those embedded in SaaS platforms). Compare against the foundation models and fourth-party providers that underpin them. If your team cannot answer that question, that gap is itself a finding. (2) Stress-test your contracts against APRA’s checklist.  Review AI vendor agreements. Specifically, look for: model update notification obligations, audit and inspection rights, incident notification timelines, data handling change triggers, and termination portability (APRA's checklist). Many standard vendor terms will not pass this review. You should be negotiating these with vendors before signing away on standard supplier terms and conditions. (3) Conduct a genuine concentration risk assessment.  For each CPS 230 'critical' AI provider, assess what a sudden loss of service, or a material change in model behaviour, would mean for your operations. Then assess whether your substitution or exit plan is actually executable in that scenario, not just documented. (4) Establish model change notification protocols with key vendors.  If a vendor can update the underlying model without triggering a formal notification... the change management and validation program is incomplete. This is particularly acute for insurers using AI in claims or underwriting decisions. (5) Document what you cannot see. Where upstream opacity is unavoidable, document how you've assessed the risk and why you've accepted it. APRA's proportionality principle cuts both ways. That means your risk management has to match the materiality of the use case. One of my biggest learnings talking to our team is this: most don't realise is that you can (and should) actually negotiate vendor terms across these issues. Link to the article below. MinterEllison Mark Teys Chelsea Gordon

U.S. District Judge Jed Rakoff of the Southern District of New York just issued a decision that make every executive rethink their AI policies - conversations with AI are not protected by attorney-client privilege. If an employee uses a public AI tool to analyze legal risk, draft strategy, or think through regulatory exposure, that exchange can be discoverable. AI platforms aren’t lawyers. And using a third-party system that retains or processes your data can undermine claims of confidentiality. This has real implications: • Prompts and outputs can become evidence. • Sensitive internal analysis may be logged outside your control. • Privilege can be weakened or waived unintentionally. The lesson isn’t “don’t use AI.” It’s that AI is now part of your data footprint — and your litigation surface area. If your company hasn’t clearly defined: • What tools are approved • What data can and cannot be entered • When legal supervision is required you're already at risk. This is why organizations are increasingly moving towards private LLMs, hosted on their own infra. AI governance isn’t optional anymore. It’s a legal risk management imperative.

If you use GenAI… I want to hold you… accountable. As AI becomes a key tool in legal practice, ensuring ethical use is critical. This condensed framework is based on ABA guidelines and other regulatory standards, balancing efficiency with accountability. 1. Competence Lawyers must understand AI’s capabilities and risks, such as inaccuracies or biases. Regular training is crucial for staying updated. 2. Confidentiality Client data must be protected when using AI tools. Anonymize sensitive data and ensure AI systems are secure. 3. Transparency Lawyers must inform clients about AI use, particularly when it impacts legal services or fees, fostering transparency and trust. 4. Verification of Outputs AI-generated outputs must be reviewed for accuracy to avoid errors like false citations, ensuring the integrity of legal work. 5. Reasonable Fees Fees must be reasonable and reflect the actual work performed. When using AI, this means that lawyers can charge for tasks like inputting data into AI tools and verifying the AI-generated results. However, lawyers should not bill clients for time saved due to AI’s efficiency, unless the client has specifically agreed to this arrangement in advance. This ensures transparency and fairness in billing practices. 6. Addressing Bias Firms should actively mitigate AI biases that could lead to unfair outcomes, particularly in sensitive legal areas . 7. Supervision Supervisory lawyers must ensure that AI use complies with ethical standards, implementing policies and training to manage AI responsibly.

You’re reviewing a contract. You pop open your favorite AI chat and type: “What’s a more aggressive indemnity clause here?” A few follow-ups, some back-and-forth, and you've got a solid draft. Fast-forward a few months. That contract is now in dispute. And guess what? Opposing counsel wants your AI chat history. Scary? It should be. In Tremblay v. OpenAI, a federal court confirmed what many feared: AI prompts and outputs can be discoverable. Courts are starting to treat AI transcripts just like emails or memos, i.e. business records subject to eDiscovery. And GenAI isn’t like traditional legal research tools Lexis or Westlaw. These chats often contain: - Client-specific facts - Draft language - Internal legal reasoning ...and are likely not formal work product Here’s what legal teams should do now: 1/ Create a GenAI retention policy, just like you have for emails 2/ Train staff to treat chats like email: intentional, professional, retrievable 3/ Avoid “scratchpad” use for sensitive or strategic work What do you folks think?

If you are an organisation using AI or you are an AI developer, the Australian privacy regulator has just published some vital information about AI and your privacy obligations. Here is a summary of the new guides for businesses published today by the Office of the Australian Information Commissioner which articulate how Australian privacy law applies to AI and set out the regulator’s expectations. The first guide is aimed to help businesses comply with their privacy obligations when using commercially available AI products and help them to select an appropriate product. The second provides privacy guidance to developers using personal information to train generative AI models. GUIDE ONE: Guidance on privacy and the use of commercially available AI products Top five takeaways * Privacy obligations will apply to any personal information input into an AI system, as well as the output data generated by AI (where it contains personal information).  * Businesses should update their privacy policies and notifications with clear and transparent information about their use of AI * If AI systems are used to generate or infer personal information, including images, this is a collection of personal information and must comply with APP 3 (which deals with collection of personal info). * If personal information is being input into an AI system, APP 6 requires entities to only use or disclose the information for the primary purpose for which it was collected. * As a matter of best practice, the OAIC recommends that organisations do not enter personal information, and particularly sensitive information, into publicly available generative AI tools. GUIDE 2: Guidance on privacy and developing and training generative AI models Top five takeaways * Developers must take reasonable steps to ensure accuracy in generative AI models. * Just because data is publicly available or otherwise accessible does not mean it can legally be used to train or fine-tune generative AI models or systems.. * Developers must take particular care with sensitive information, which generally requires consent to be collected. * Where developers are seeking to use personal information that they already hold for the purpose of training an AI model, and this was not a primary purpose of collection, they need to carefully consider their privacy obligations. * Where a developer cannot clearly establish that a secondary use for an AI-related purpose was within reasonable expectations and related to a primary purpose, to avoid regulatory risk they should seek consent for that use and/or offer individuals a meaningful and informed ability to opt-out of such a use. https://lnkd.in/gX_FrtS9