ServicesProcessAboutCase StudiesFAQContact
faq

Attorney-Client Privilege and AI: What Every US and UK Law Firm Must Know

Quick Take / Direct Answer

Attorney-client privilege protects confidential communications between attorney and client. Disclosing privileged communications to a third party — including an AI vendor — without appropriate safeguards can waive privilege. Private AI deployment (where the AI system runs within the firm's own cloud environment, with no data transmitted to external providers) preserves privilege by keeping all processing within the firm's control. Shared-cloud AI tools require careful privilege analysis before use on privileged communications.

The Privilege Waiver Risk With Third-Party AI

Under US law, privilege is generally waived when privileged communications are voluntarily disclosed to a third party without a common-interest protection or other recognised exception. The question for AI tools: does submitting client documents to a third-party AI provider constitute a disclosure that waives privilege?

The answer depends on:

  1. Whether the AI vendor has executed a legal engagement agreement or equivalent that covers them within the scope of attorney representation (similar to expert witnesses and investigators)
  2. Whether the disclosure was "voluntary" in the relevant sense
  3. Whether the jurisdiction recognises the specific arrangement as privilege-preserving

UK law (Legal Professional Privilege): Similar principles apply. Disclosure to third parties may defeat privilege unless the third party is clearly within the "ring of confidentiality" of the legal matter.

The safe architecture: Private deployment, where all processing occurs within the firm's own environment, avoids the third-party disclosure question entirely. No data is transmitted externally, so no potential privilege waiver arises.

What to Do Before Deploying AI on Privileged Documents

  1. Have your professional responsibility counsel review the specific AI tool and its data handling architecture
  2. Confirm whether the jurisdiction has issued guidance on AI and privilege
  3. Require private deployment for matters where privilege is critical
  4. Document your privilege protection measures in your AI governance policy