The SRA permits UK solicitors to use AI tools and has not banned them, but you stay personally responsible for every piece of work, must verify AI outputs, protect client confidentiality, and make clear to clients where they interface with AI. Its February 2026 compliance tips restate existing Standards and Regulations rather than adding new rules.
Artificial intelligence is reshaping how solicitors research, draft, and manage client work. But with new technology comes a clear professional responsibility question: what does the Solicitors Regulation Authority actually say about using AI in practice?
This guide breaks down the SRA's current position, the specific obligations it creates for solicitors, and the practical steps firms can take to remain compliant in 2026.
Latest: the SRA's February 2026 position on AI
The SRA's most current guidance is its Compliance tips for solicitors regarding the use of AI and technology, last updated 9 February 2026. It does not introduce new rules. It restates how the existing Standards and Regulations apply to AI and sets out what the regulator expects firms to have in place.
The headline expectation is transparency. The guidance states that "it should always be made clear to clients where they are interfacing with AI." Beyond that, the SRA expects firms to keep current and former client information confidential and secure, and it expects the Compliance Officer for Legal Practice (COLP) to be responsible for regulatory compliance when new technology is introduced.
The SRA frames AI governance as a risk-management exercise built on five things:
- Leadership and oversight of how AI is used
- Risk and impact assessments, before and during use
- Documented policies and procedures
- Training and awareness for the people using the tools
- Monitoring and evaluation to catch unintended consequences
It also asks firms to consider whether risk factors that can exploit consumer vulnerability have been identified and addressed, and points to the ICO's guidance on AI and data protection and the NCSC's cyber security materials as companion resources.
The practical takeaway has not changed since the SRA first addressed AI: the regulator permits it, regulates by outcome rather than prescription, and holds the solicitor accountable for the result.
What the SRA Has Said About AI
The SRA has not banned AI tools. Instead, it has consistently framed AI as a technology that solicitors may use, provided they apply the same professional standards they would to any other work product.
The SRA's Risk Outlook report on the use of AI in the legal market, first published on 20 November 2023 and now read alongside the February 2026 compliance tips above, makes the core position clear: solicitors are personally responsible for every piece of work they produce, regardless of whether AI was involved in creating it. Using an AI tool does not transfer or dilute professional responsibility.
The Risk Outlook groups AI risks under headings including bias, errors, scale, confidentiality and privacy, accountability, regulatory divergence, and crime. For most firms, the practical risks reduce to three themes:
- Accuracy and bias, AI systems can generate plausible-sounding but factually incorrect information (including fabricated case citations) and can amplify bias present in their training data.
- Client confidentiality, sending client information to third-party AI systems may constitute a breach of confidentiality if the firm has not taken appropriate steps to assess and contract with the provider.
- Accountability, solicitors remain accountable to clients for the services provided, whether or not external AI is used. Separately, under the Authorisation of Firms Rules the firm's Compliance Officer for Legal Practice (COLP) has a general duty to take reasonable steps to ensure compliance with the SRA's regulatory arrangements, which extends to any new technology the firm adopts.
The Core SRA Code Obligations That Apply
You do not need new rules to regulate AI use. The existing SRA Standards and Regulations already apply. The key provisions are:
Competence (Paragraphs 3.2 and 3.3, Code of Conduct for Solicitors)
Paragraph 3.2 requires you to ensure the service you provide is competent and timely; paragraph 3.3 requires you to maintain your competence and keep your professional knowledge and skills up to date. Together, these extend to the tools you use. The SRA expects solicitors who use AI to understand how the tool works well enough to review its output critically, including recognising when it may be wrong.
In practice, this means:
- Reading and verifying AI-generated research before advising a client
- Understanding the difference between AI tools that retrieve live legal sources and those that generate plausible text from training data
- Not submitting AI-drafted documents to court or clients without substantive review
Confidentiality (Paragraph 6.3, Code of Conduct for Solicitors)
Client information is confidential. Before sending any client data to an AI platform, your firm must have assessed whether doing so is lawful and consistent with your client care obligations.
Relevant questions include:
- Does the AI provider process data within the UK or EEA, or is there an appropriate transfer mechanism in place (UK adequacy regulations, Standard Contractual Clauses, or a recognised exception)?
- Does the provider use your inputs to train its models?
- Have you disclosed your use of AI in your client care letter or terms of engagement?
Not misleading the client (Paragraph 1.4, Code of Conduct for Solicitors)
Paragraph 1.4 prohibits you from misleading clients, the court or others, by act or omission. Read with SRA Principles 4 (honesty) and 5 (integrity), it underpins the question of whether AI use must be disclosed. The SRA's guidance states it should always be clear to clients where they are interfacing with AI, and its Risk Outlook says firms should consider telling clients when AI is used on their case and how it operates. Whether and how to address this, for example in a client care letter or terms of engagement, is a decision for the firm based on the circumstances.
Accuracy: The Fabricated Citations Problem
One of the most significant practical risks with AI in legal practice is hallucination, the tendency of large language models to produce confident, well-formatted citations to cases, statutes, or guidance that simply do not exist.
UK courts have already dealt with multiple practitioners who submitted AI-generated work containing fabricated case references. In Ayinde v Haringey LBC and Al-Haroun v Qatar National Bank (judgment handed down by the Divisional Court on 6 June 2025), Dame Victoria Sharp P held that "a language model such as ChatGPT is not capable of conducting reliable legal research" and warned that lawyers who rely on such tools without verification face severe penalties, up to and including contempt of court. A wasted costs order followed in July 2025 in Ndaryiyumvire v Birmingham City University, where two fictitious AI-generated cases appeared in an application; the court held the failure was "in substance a failure of management" at the firm rather than the named solicitor's individual conduct. And in 2026 Bournemouth Family Court ordered an unregistered (non-practising) barrister, acting as a lay advocate, to be named publicly after she presented a skeleton argument citing four cases that did not exist. The consequences range from wasted costs orders to regulatory referrals.
The SRA's position is unambiguous: verifying citations is the solicitor's responsibility. Blame cannot be transferred to the AI tool.
Minimum verification steps for any AI-assisted legal research:
- Check every case citation against a verified database (Westlaw, LexisNexis, or BAILII for free access)
- Check every statute reference against legislation.gov.uk
- Check any regulatory guidance references against sra.org.uk directly
- Record what you checked and when
Tools that retrieve live UK legal sources, rather than generating text from training data, substantially reduce (though do not eliminate) this risk.
How Writford addresses this
Writford was built specifically to substantially reduce the hallucination risk in AI legal research. Every Search and Extended Thinking query is grounded in live retrieval from legislation.gov.uk, BAILII, SRA guidance and a UK-government allowlist. Every claim in the answer carries a clickable, paragraph-level citation back to the source document, so the solicitor verifies in one click rather than copying citations into Westlaw to check whether they exist. AI-generated drafts are watermarked "DRAFT, For Solicitor Review Only" before export, making the SRA's verification requirement an enforced workflow rather than a checklist item.
Confidentiality: What You Must Check Before Using Any AI Tool
The SRA expects firms to carry out due diligence on any technology supplier that will receive client data. For AI tools specifically, the key questions are:
| Question | Why It Matters |
|---|---|
| Where is data processed and stored? | UK GDPR requires adequate protection for personal data; transfers outside the UK are lawful only where covered by UK adequacy regulations, appropriate safeguards (such as Standard Contractual Clauses), or a recognised exception |
| Does the provider train models on your data? | If yes, client information may be incorporated into future model outputs |
| Is there a Data Processing Agreement (DPA) in place? | Required under UK GDPR Article 28 for processors |
| What is the provider's breach notification timeline? | Must be compatible with your own ICO reporting obligations |
| Does the provider have ISO 27001 or equivalent certification? | Evidence of systematic information security management |
Writford processes all data within the EU/UK and never uses client content to train AI models. A full Data Processing Addendum is available to all subscribing firms.
Billing Transparency: Can You Charge for AI-Assisted Work?
This is an area where the SRA AI guidance is silent, but the wider costs framework still applies. Under the Solicitors Act 1974 and the SRA Transparency Rules, firms must give clients proper costs information and ensure their charges are accurate and not misleading. AI-assisted work should be billed consistently with what the retainer and costs information promises, not according to what the task would have taken without AI.
If your standard hourly-billing approach no longer reflects the effort involved in AI-assisted tasks, that is a prompt to review how you record and communicate costs rather than a specific rule from the SRA's AI guidance.
Best practice is to:
- Record the actual time spent, including time reviewing and verifying AI output
- Ensure your client care letters and costs information remain accurate in light of how AI affects your working time
- Consider whether a fixed or value-based fee is more appropriate for AI-assisted work than hourly billing
What a Compliant AI Policy Should Cover
The SRA does not prescribe a specific format for a firm AI policy. But its enforcement strategy weighs aggravating and mitigating factors, and a documented governance approach is one of the clearest ways to evidence that a firm took reasonable steps. A proportionate policy for a small to medium firm should cover:
- Approved tools, which AI products are permitted and for which tasks
- Verification obligations, what solicitors must check before relying on AI output
- Confidentiality controls, what categories of client data may or may not be sent to AI systems
- Billing guidance, how AI-assisted time should be recorded
- Record-keeping, how AI use should be documented in the matter file
- Training, what staff must understand before using approved AI tools
Practical Next Steps
- Read the SRA's lawtech guidance at sra.org.uk, it is updated periodically and worth bookmarking
- Audit your current AI tool usage, many fee-earners are already using AI tools informally
- Review your client care letters, consider adding a sentence on AI use
- Draft or update your firm AI policy, even a one-page document demonstrates governance
- Choose tools that make verification easy, any AI tool used for legal research should provide clickable, verifiable source citations
Staying compliant with SRA guidance on AI is not about avoiding AI. It is about using it with the same professional care you apply to every other aspect of your practice.
For a detailed look at how Writford approaches SRA-compliant AI research, see our Research feature overview and AI Policy.