Most solicitors using AI tools for client work haven't checked whether they're legally allowed to. That's not a criticism, the market moved faster than the compliance guidance, but it's a gap worth closing, because the obligations are real and they're not complicated once you know what to look for.
The core issue is straightforward: when you send client data to an AI tool, that tool is a data processor under UK GDPR. You're the data controller. That relationship requires a written contract, a Data Processing Agreement, before any data is processed. Without one, you're in breach, regardless of how good the tool is.
The three things to check before using any AI tool with client data
1. Is there a Data Processing Agreement?
A DPA specifies what data is processed, for what purpose, under what security measures, and what the provider can and cannot do with the data. If the provider doesn't offer a DPA, some consumer AI tools don't, the tool can't lawfully be used with client personal data. Full stop.
When you find the DPA, read the section on training. Many AI providers reserve the right to use customer inputs to improve their models. If client data is used to train a model, it may shape future outputs accessible to other users. That's both a GDPR issue and a professional confidentiality issue. The DPA should explicitly say the provider does not train on customer data.
2. Where is the data processed?
UK GDPR restricts transfers of personal data outside the UK unless adequate protections are in place. If the AI tool processes data in the US, that transfer needs to be covered by an International Data Transfer Agreement (IDTA) or equivalent mechanism.
"Our servers are in the UK" and "we process data in the UK" are different statements. Ask specifically where data is processed during inference, that's when the AI actually runs, not just where it's stored.
3. Are sub-processors disclosed?
An AI tool is rarely a single system. Behind the user interface there are typically cloud infrastructure providers and AI model providers, each of which may process your data. These are sub-processors, and they need to be bound by data protection obligations equivalent to the main DPA.
Your privacy notice should identify the AI tools you use as sub-processors. Your client care letter should mention that AI tools are used in your work. Clients have a right to know, and being upfront about it is both good practice and good client communication.
The training point deserves more attention
The training risk is the one that catches people off guard. It feels abstract, "the AI might learn from your data", but the mechanism is real.
If a client's confidential information is used to train a model, the firm has breached client confidentiality. It doesn't matter that no human at the AI company reads the document. The information has been processed for a purpose (model training) that the client didn't consent to and that the firm didn't disclose.
For legal data specifically, which routinely contains commercially sensitive information, personal details, and legally privileged content, training on customer inputs is a risk that should simply be eliminated. The DPA should say it doesn't happen. If the provider won't commit to that in writing, use a different tool.
Special category data
Health information, data about criminal offences, and a few other categories are "special category data" under UK GDPR and require additional safeguards. A lot of legal work touches special category data: personal injury claims, clinical negligence, employment matters involving disability, family law.
For this data, you need either explicit consent from the client for the specific processing (using their data with an AI tool), or another Schedule 1 condition under the Data Protection Act 2018. In practice, building an explicit disclosure into your client care letter for AI tool usage is the cleanest way to cover this.
It's worth reviewing your client care letter template now rather than managing this matter by matter.
Writford's DPA is available before you sign up, covers the points above, and confirms we don't train on customer data. Data is processed in the EU and UK. The sub-processors list names every provider in the chain.