The SRA does not prescribe a specific format, but every UK law firm using AI tools needs a written policy. Without one, you have no documented basis for supervision, no consistent controls, and no evidence of competence if a complaint or audit arises.
This page gives you a complete, free AI policy template you can adopt today. It is aligned with the SRA's current guidance on AI and professional obligations.
How to use this template
- Copy the template section below in full.
- Replace every
[FIRM NAME],[DATE], and[ROLE]placeholder with your firm's details. - Review the Approved Tools section: add tools you actually use, remove those you don't.
- Get sign-off from your COLP or managing partner.
- Store it in your document management system and link to it from your staff handbook.
Review the policy at least annually, or whenever you adopt a new AI tool.
Free AI Policy Template for UK Law Firms
[FIRM NAME], Artificial Intelligence (AI) Policy
Version: 1.0
Effective date: [DATE]
Owner: [COLP / Managing Partner / Head of IT]
Next review: [DATE + 12 months]
1. Purpose
This policy sets out [FIRM NAME]'s approach to the use of artificial intelligence tools in legal practice. It applies to all fee earners, paralegals, support staff, and contractors who use AI tools in connection with client work or firm administration.
The purpose of this policy is to ensure that:
- AI tools are used in a manner consistent with our obligations under the SRA Standards and Regulations
- Client confidentiality and data protection obligations are met at all times
- Professional responsibility for all work product remains with the supervising solicitor
- AI use is transparent, documented, and verifiable
2. Scope
This policy applies to:
- All AI-assisted legal research tools
- AI drafting and document generation tools
- AI-powered document review tools
- AI tools used for time recording, billing, or matter management
- Any general-purpose AI assistant (including but not limited to: ChatGPT, Claude, Copilot, Gemini) used in connection with client work
This policy does not apply to standard software features such as spell-check, autocorrect, or basic grammar tools.
3. Approved Tools
The following AI tools are approved for use at [FIRM NAME] as of the effective date of this policy:
| Tool | Approved use | Data classification | |---|---|---| | [Tool name] | [e.g. Legal research, drafting] | [e.g. Non-confidential only / Client data permitted] | | [Tool name] | [e.g. Document review] | [e.g. Client data permitted with consent] |
Any tool not listed above requires written approval from [COLP / Head of IT] before use on client matters. Staff must submit an [AI Tool Approval Request] before using an unlisted tool.
4. Prohibited Uses
The following uses of AI are prohibited without explicit written approval:
- Submitting identifiable client data to a public AI tool that uses inputs for model training
- Using AI-generated content in a court document or formal submission without independent verification
- Allowing AI to generate a final client-facing letter, advice, or contract without solicitor review and sign-off
- Using AI tools on matters subject to a court order, confidentiality undertaking, or data processing restriction that excludes third-party tools
5. Verification Requirements
All AI-generated output must be verified by a qualified fee earner before reliance.
Verification means:
- For legal research: every statute citation must be checked against legislation.gov.uk to confirm it is in force; every case citation must resolve to a real judgment on BAILII or an equivalent verified source
- For AI-drafted documents: a qualified solicitor must read the full draft, confirm it reflects the client's instructions, and is legally accurate before sending
- For AI-generated advice: the supervising solicitor must satisfy themselves the advice is correct as a matter of law and appropriate for the specific client
Verification is not optional. The supervising solicitor is personally responsible for every piece of work product, regardless of how it was generated.
How Writford fits this policy
Writford was designed to be an approved tool under a policy of this shape. Every chat answer in Search and Extended Thinking carries a clickable, paragraph-level citation back to legislation.gov.uk, BAILII or SRA guidance, so the verification step in Section 5 takes seconds instead of minutes. Every AI-drafted document is watermarked "DRAFT, For Solicitor Review Only" before export, making Section 4 ("no final client-facing output without solicitor review") a built-in workflow rather than a manual checklist. Client data stays in the AWS UK region, never trains the model, and our Data Processing Addendum is published, so the COLP can drop Writford into Section 3 of the template without a procurement cycle.
6. Client Confidentiality
Before using any AI tool with client data, the fee earner must confirm:
- The tool is on the Approved Tools list for client data
- The tool's data processing agreement has been reviewed by [DATA PROTECTION OFFICER / COLP]
- The client has not restricted the use of third-party tools in their instructions or engagement letter
Where there is any doubt, use only tools listed as approved for non-confidential data, and substitute or redact identifying information before inputting.
Never input the following into any AI tool:
- Full names alongside case details that identify the client
- Financial information that could identify the client
- Medical or sensitive personal data
- Information covered by legal professional privilege unless the tool is explicitly approved for privileged data
7. Disclosure to Clients
[FIRM NAME] discloses AI use to clients in its standard client care letter. The disclosure reads:
"We may use AI-assisted tools to support legal research, document drafting, or matter administration. Any AI-generated work product is reviewed and approved by a qualified solicitor before being provided to you. We do not share your confidential information with public AI platforms without your consent."
If a client asks whether AI was used on their matter, staff must answer honestly and escalate to the supervising partner if the client raises concerns.
8. Billing and Time Recording
AI assistance does not reduce the billable value of work where the solicitor's professional judgment is the core deliverable. However:
- Time recorded must reflect actual time spent supervising, verifying, and approving AI output, not the wall-clock time the AI tool was running
- Firms must not double-charge clients for the same task by billing both AI tool cost and full manual time
- Any AI tool subscription costs passed to clients must be disclosed in the fee agreement
If in doubt, consult the supervising partner before recording time on an AI-assisted task.
9. Training Requirements
All staff using approved AI tools must complete:
- [FIRM NAME] AI induction (before first use)
- Annual AI competence refresher (every 12 months)
- Tool-specific training for any new approved tool before first use
Training records are maintained by [HR / L&D / COLP] and are available for inspection on request.
10. Incident Reporting
If an AI tool produces output that was relied upon and later found to be incorrect, or if client data was input into an unapproved tool, the incident must be reported to [COLP / Compliance Officer] within 24 hours.
The COLP will assess whether:
- The error constitutes a reportable breach to the SRA
- Client notification is required
- A UK GDPR breach notification must be made to the ICO
- The tool's approval status should be suspended pending review
11. Review and Governance
This policy is reviewed annually by [COLP / Managing Partner]. Reviews are triggered earlier by:
- Adoption of a new AI tool
- A material change to the SRA's AI guidance
- An AI-related incident or near-miss at the firm
- A relevant regulatory fine, judgment, or Law Society guidance update
All changes are version-controlled and communicated to staff within 10 working days.
12. Accountability
| Role | Responsibility | |---|---| | COLP | Policy ownership, incident escalation, regulatory notifications | | Supervising solicitor | Verification of AI output on client matters | | All staff | Compliance with approved tools list, incident reporting | | [Head of IT / DPO] | Tool assessment, data processing agreements |
End of template
What this template does and does not cover
This template covers the core controls the SRA expects from a firm using AI: professional responsibility, verification, confidentiality, billing, training, and incident reporting.
It does not cover:
- Sector-specific rules. Family law, criminal legal aid, immigration, and regulated financial advice have additional constraints. Review your practice area's specific guidance before finalising.
- Your existing data protection policy. This template should be read alongside your UK GDPR data protection policy, not as a replacement for it.
- Third-party client obligations. Some corporate clients, insurers, and legal aid contracts require their own AI controls. Check your panel or framework terms.
Keeping the policy current
AI regulation is moving quickly. The SRA has committed to updating its guidance as the technology develops. The easiest way to keep your policy current is to assign a named owner (usually the COLP) and set a calendar reminder for annual review.
If you want to manage, version-control, and store your firm's AI policy inside your document management system, alongside your client files, matter templates, and standard forms, that is exactly what Writford is built for.