SRA ComplianceAI Policy

SRA Guidance on AI: What UK Solicitors Need to Know (2026)

The SRA has issued guidance on AI in legal practice. This article explains what it means for your firm, what is permitted, and how to stay compliant.

23 May 20267 min readWritford Team

Artificial intelligence is reshaping how solicitors research, draft, and manage client work. But with new technology comes a clear professional responsibility question: what does the Solicitors Regulation Authority actually say about using AI in practice?

This guide breaks down the SRA's current position, the specific obligations it creates for solicitors, and the practical steps firms can take to remain compliant in 2026.

What the SRA Has Said About AI

The SRA has not banned AI tools. Instead, it has consistently framed AI as a technology that solicitors may use, provided they apply the same professional standards they would to any other work product.

In guidance published and updated through 2024 and 2025, the SRA made its core position clear: solicitors are personally responsible for every piece of work they produce, regardless of whether AI was involved in creating it. Using an AI tool does not transfer or dilute professional responsibility.

The SRA has specifically referenced three categories of risk it expects firms to manage:

  1. Accuracy risk, AI systems can generate plausible-sounding but factually incorrect information, including fabricated case citations.
  2. Confidentiality risk, sending client data to third-party AI systems may constitute a breach of client confidentiality if the firm has not taken appropriate steps.
  3. Competence risk, using AI without understanding its limitations may fall below the standard of competence the SRA Codes of Conduct require.

The Core SRA Code Obligations That Apply

You do not need new rules to regulate AI use. The existing SRA Standards and Regulations already apply. The key provisions are:

Competence (Paragraph 3.2, Code of Conduct for Solicitors)

You must only act within your areas of competence. This extends to the tools you use. The SRA expects solicitors who use AI to understand how the tool works well enough to review its output critically, including recognising when it may be wrong.

In practice, this means:

  • Reading and verifying AI-generated research before advising a client
  • Understanding the difference between AI tools that retrieve live legal sources and those that generate plausible text from training data
  • Not submitting AI-drafted documents to court or clients without substantive review

Confidentiality (Paragraph 6.3, Code of Conduct for Solicitors)

Client information is confidential. Before sending any client data to an AI platform, your firm must have assessed whether doing so is lawful and consistent with your client care obligations.

Relevant questions include:

  • Does the AI provider process data within the UK or EEA?
  • Does the provider use your inputs to train its models?
  • Have you disclosed your use of AI in your client care letter or terms of engagement?

Honesty and Transparency (Paragraph 1.4, Code of Conduct for Solicitors)

The SRA expects solicitors to be honest with clients. If AI is being used to conduct research or produce drafts, the guidance suggests firms should consider whether clients would expect to know this, and in many cases, disclose it.

Accuracy: The Fabricated Citations Problem

One of the most significant practical risks with AI in legal practice is hallucination, the tendency of large language models to produce confident, well-formatted citations to cases, statutes, or guidance that simply do not exist.

Multiple UK and international courts have already dealt with solicitors who submitted AI-generated skeleton arguments containing fabricated case references. The consequences range from wasted costs orders to regulatory referrals.

The SRA's position is unambiguous: verifying citations is the solicitor's responsibility. Blame cannot be transferred to the AI tool.

Minimum verification steps for any AI-assisted legal research:

  1. Check every case citation against a verified database (Westlaw, LexisNexis, or BAILII for free access)
  2. Check every statute reference against legislation.gov.uk
  3. Check any regulatory guidance references against sra.org.uk directly
  4. Record what you checked and when

Tools that retrieve live UK legal sources, rather than generating text from training data, substantially reduce (though do not eliminate) this risk. Writford's Search and Extended Thinking modes pull from live UK legal sources and attach paragraph-level citations to every answer, so the solicitor can go directly to the source rather than trusting the AI's characterisation of it.

Confidentiality: What You Must Check Before Using Any AI Tool

The SRA expects firms to carry out due diligence on any technology supplier that will receive client data. For AI tools specifically, the key questions are:

| Question | Why It Matters | |---|---| | Where is data processed and stored? | UK GDPR requires adequate protection for personal data | | Does the provider train models on your data? | If yes, client information may be incorporated into future model outputs | | Is there a Data Processing Agreement (DPA) in place? | Required under UK GDPR Article 28 for processors | | What is the provider's breach notification timeline? | Must be compatible with your own ICO reporting obligations | | Does the provider have ISO 27001 or equivalent certification? | Evidence of systematic information security management |

Writford processes all data within the EU/UK and never uses client content to train AI models. A full Data Processing Addendum is available to all subscribing firms.

Billing Transparency: Can You Charge for AI-Assisted Work?

This is an area where the SRA has been deliberately quiet, but the Solicitors Act 1974 and existing costs rules still apply. The key principle is that you cannot charge a client for time that was not actually spent.

If an AI tool that previously took a junior fee-earner four hours now takes thirty minutes, you cannot bill four hours. Doing so would expose you to a complaint under the SRA's transparency rules and potentially a finding of overcharging.

Best practice is to:

  • Record the actual time spent, including time reviewing and verifying AI output
  • Review your client care letters to ensure AI use is either disclosed or addressed
  • Consider whether a fixed or value-based fee is more appropriate for AI-assisted work than hourly billing

What a Compliant AI Policy Should Cover

The SRA does not prescribe a specific format for a firm AI policy, but enforcement actions have referenced the absence of any policy as an aggravating factor. A proportionate policy for a small to medium firm should cover:

  1. Approved tools, which AI products are permitted and for which tasks
  2. Verification obligations, what solicitors must check before relying on AI output
  3. Confidentiality controls, what categories of client data may or may not be sent to AI systems
  4. Billing guidance, how AI-assisted time should be recorded
  5. Record-keeping, how AI use should be documented in the matter file
  6. Training, what staff must understand before using approved AI tools

Practical Next Steps

  1. Read the SRA's lawtech guidance at sra.org.uk, it is updated periodically and worth bookmarking
  2. Audit your current AI tool usage, many fee-earners are already using AI tools informally
  3. Review your client care letters, consider adding a sentence on AI use
  4. Draft or update your firm AI policy, even a one-page document demonstrates governance
  5. Choose tools that make verification easy, any AI tool used for legal research should provide clickable, verifiable source citations

Staying compliant with SRA guidance on AI is not about avoiding AI. It is about using it with the same professional care you apply to every other aspect of your practice.

For a detailed look at how Writford approaches SRA-compliant AI research, see our Research feature overview and AI Policy.

Common questions

Does the SRA allow solicitors to use AI tools?
Yes. The SRA has not banned AI. Solicitors may use AI tools provided they maintain professional responsibility for every piece of work produced, verify AI outputs, and protect client confidentiality.
Who is responsible if AI gives wrong legal advice?
The solicitor is responsible, not the AI tool. The SRA is clear that using AI does not transfer or dilute professional responsibility. If AI produces incorrect research or a defective draft, the solicitor who relied on it without adequate verification is accountable.
Do I need to tell clients I used AI?
The SRA's guidance suggests firms should consider whether clients would expect to know AI was used, and in most cases disclose it. The safest approach is to include a sentence about AI use in your client care letter.
Can AI generate fabricated case citations?
Yes. General-purpose AI tools can produce plausible-looking citations to cases that do not exist. This is called hallucination. Tools that retrieve from live sources like BAILII substantially reduce this risk, but verification remains the solicitor's responsibility.
What should a firm AI policy cover?
A proportionate AI policy should cover: approved tools, verification obligations, confidentiality controls, billing guidance for AI-assisted time, record-keeping requirements, and minimum training for staff before using approved tools.

Try Writford free for 14 days

AI legal research, matter management, time recording, and billing — built for UK solicitors. No credit card required.

Start free trial

Further reading

Writford Team

The Writford editorial team writes practical guides on legal AI, SRA compliance, and practice management technology for UK law firms.

All articles