AI is changing legal practice faster than almost any other technology in recent memory. What began as a curiosity has quickly become a practical tool that lawyers are using to draft documents, review contracts, conduct legal research, summarise evidence and automate routine work. As the technology becomes more adept, the conversation is no longer about whether law firms should use AI, but how they can do so safely, ethically and in line with their professional obligations.
That shift is bringing a host of new questions. Which AI tools are appropriate for legal work? Can lawyers rely on AI-generated research? How should firms manage confidentiality and privilege? Who is responsible when AI hallucinates? And as clients increasingly expect firms to embrace AI, could failing to use it where appropriate eventually become a professional risk?
These are exactly the issues we explored during our Legal AI webinar. Before the session, and throughout the live event, participants submitted thoughtful and practical questions reflecting the challenges law firms are facing as AI moves from experimentation into everyday legal practice.
The questions reveal a profession at a turning point. Firms are balancing the opportunities AI presents with the very real risks around accuracy, confidentiality, regulation and professional responsibility. At the same time, courts, regulators and clients are beginning to set new expectations for how AI should, and should not, be used.
The FAQs that follow bring together the questions we received before and during the webinar, along with our answers. Whether you’re just beginning your firm’s AI journey or looking to strengthen your existing approach, we hope these responses help you navigate the opportunities and risks of legal AI with greater confidence.
1. How can firms train senior lawyers to use AI effectively, while ensuring junior lawyers remain cautious, independent and inquisitive?
The key is to train both groups differently. Senior lawyers need to understand what AI can and cannot do, so they can supervise its use properly. Junior lawyers need to be trained not to treat AI output as authority.
For senior lawyers, the focus should be on oversight, risk spotting and approval. They do not need to become prompt engineering experts, but they do need to understand the main risks, like hallucinated law, confidentiality breaches, weak reasoning, over-confident drafting and poor source verification.
For junior lawyers, the message should be that AI is a tool, not a shortcut around legal analysis. They should be encouraged to ask questions like, Where has this come from? Is the law real? Is the reasoning sound? Does this apply to our client’s facts? What has the AI missed?
A good training programme should include practical examples, not just policy slides. Show people a realistic AI-generated answer with subtle errors, then ask them to identify what is wrong. That is much more effective than simply telling people to “check the output.”
2. What are the key opportunities and challenges of AI for law firms?
The main opportunity is efficiency. AI can help with first drafts, summaries, research preparation, document review, internal knowledge searches, client updates and administrative tasks. Used carefully, it can save time and help lawyers focus on higher-value judgement, strategy and client advice.
The challenge is that AI can make poor work look polished. A badly reasoned answer can sound confident. A fake case citation can look plausible. A generic client note can appear professional while missing the key legal issue.
The real question is not whether law firms should use AI. Most already are, formally or informally. The question is whether use is controlled, supervised and properly understood. Firms that ban AI entirely may push usage underground. Firms that allow it without guardrails create regulatory, confidentiality and quality risks.
3. Could UK courts hold law firms liable for AI mistakes, as in the recent Google Munich case?
Potentially, yes, although the legal route would be different.
The Munich case concerned Google’s AI Overviews. A German court reportedly held Google liable for false AI-generated summaries, treating the AI output as Google’s own content rather than merely a neutral search result. The court also rejected the idea that a disclaimer telling users to verify AI output was enough to avoid responsibility. For UK law firms, the more relevant point is professional responsibility. If a solicitor uses AI to produce work, the firm and the responsible lawyer remain accountable for the final output. The SRA’s position is that firms may use technology, including AI, but this remains subject to the SRA Principles and Standards, and firms must understand the legal and regulatory framework around its use.
So, a UK court would not need to say “the AI is liable.” It could focus on the solicitor’s duties like supervision, confidentiality, accuracy, duties to the court and duties to the client. If AI-generated work is filed, relied on or sent to a client without proper checking, the problem is not that AI made a mistake. The problem is that the firm allowed the mistake to pass through its professional controls.
4. Are lawyers now expected to carry out compliance-related tasks, such as AI risk assessments, or is this simply part of modern legal work?
It is increasingly part of modern legal work, especially where lawyers are using technology that affects client data, legal advice, court submissions or regulated activity.
That does not mean every lawyer needs to become a compliance specialist. But lawyers do need to understand the risks attached to the tools they use. For AI, that means knowing whether a tool is approved, what data can be entered, whether outputs must be checked, who signs off use in client matters and when a higher-risk use needs escalation.
In practice, compliance should not sit in a separate box. It should be built into matter opening, client confidentiality procedures, supervision, document review, IT procurement and training. AI governance works best when it is treated as part of quality control and professional standards, not as a standalone paperwork exercise.
5. What impact is AI likely to have on legal practice?
AI is likely to change the way legal work is produced, reviewed and priced. It will not remove the need for legal judgement, but it will change how much time is spent on first drafts, research preparation, summarisation and routine document tasks.
The biggest shift may be in expectations. Clients may increasingly ask why certain tasks take as long as they used to. Junior lawyers may use AI as a normal part of their workflow. Firms may need to rethink training, supervision and billing models.
But AI will not remove accountability. Legal work still needs human judgement, professional scepticism and contextual understanding. The firms that benefit most will be those that use AI to improve speed and consistency while strengthening review and supervision.
6. What is the most useful way for beginners to use AI, and what are the key security issues?
Beginners should start with low-risk, non-confidential tasks. Good examples include summarising public information, creating a first draft of a client-neutral update, brainstorming questions for a meeting, simplifying complex wording or turning rough notes into a clearer structure.
They should avoid putting confidential client information, privileged material, personal data or commercially sensitive information into public AI tools unless the firm has specifically approved that use.
The safest starting point is to use AI for structure and drafting support, not for final legal conclusions. Anything client-specific, confidential or legally sensitive should go through approved tools and proper review.
7. How should firms think about pricing work that involves AI?
Firms should be careful not to treat AI simply as a way to preserve old pricing while reducing internal time. Clients will expect transparency and value.
The right approach depends on the work. For fixed-fee matters, AI may help firms deliver more efficiently while maintaining quality. For hourly billing, firms need to think carefully about what time is properly chargeable, especially if AI materially reduces the time needed for a task.
The broader point is that clients pay for judgement, risk management, advice and outcome, not just production time. AI may reduce the time spent generating a first draft, but it does not remove the need for legal review, strategic thinking, client-specific tailoring and accountability.
Firms should make sure their billing practices remain fair and consistent with client terms.
8. What is one piece of advice for small firms that cannot afford extensive compliance training?
Start with a simple, practical AI policy and short role-based guidance. A small firm does not need a 40-page AI governance framework on day one. It does need clear rules on what staff can and cannot do. These include things like don’t enter confidential client information into unapproved AI tools, don’t rely on AI for legal research without checking primary sources and don’t file or send AI-generated work without human review. Also, record when AI is used on client matters and escalate unusual or high-risk uses before proceeding.
Small firms should also use short scenario-based training. A 30-minute session built around realistic examples can be more useful than a long theoretical course. The aim is to make people pause before using AI in risky ways.
9. What should practical AI policies, controls and approval processes include?
A practical AI policy should be clear enough for people to follow in the moment. It should not just say “use AI responsibly.” At a minimum, it should cover approved and prohibited AI tools, what data can and cannot be entered, which tasks AI can be used for, which tasks require approval, how outputs must be checked and who is responsible for the final sign-off. Also consider how AI use should be recorded and what to do if something goes wrong.
The approval process should be risk-based. Low-risk uses, such as drafting a generic internal summary, may only need basic guidance. Higher-risk uses, such as client advice, litigation documents, contract analysis, personal data processing or confidential matter work, should require stronger controls.
A good model is to classify AI use into green, amber and red categories. Green uses are generally allowed. Amber uses need review or conditions. Red uses are prohibited unless specifically approved.
10. What are other law firms doing to identify and manage AI risk?
Many firms are moving towards controlled adoption rather than outright bans. Common steps include creating AI usage policies, approving specific tools, blocking or discouraging public AI tools for client confidential work, setting up AI working groups, training staff and introducing review requirements.
Some firms are also creating internal AI registers, where teams record which tools are being used, for what purpose, with what data and under whose approval. Others are building AI into existing risk processes, such as matter risk assessments, vendor due diligence, information security reviews and supervision procedures.
The more mature firms tend to focus less on abstract AI ethics and more on practical controls like confidentiality, verification, supervision, audit trails, client terms, data protection and quality assurance.
11. What are the main risks of using AI in legal matters, particularly in litigation and advice?
The main risks are accuracy, confidentiality, privilege, supervision and over-reliance.
In litigation, the most obvious risk is fabricated or inaccurate legal material. AI can invent cases, misstate authorities, misunderstand procedural rules or produce confident but flawed arguments. Courts are particularly unlikely to be sympathetic where lawyers file material that has not been properly checked.
In advice work, the risk is more subtle. AI may produce a plausible answer that misses the client’s factual context, the commercial objective, jurisdictional nuance or recent legal developments. It may also give a generic answer where the client needs tailored judgement.
The safest approach is to treat AI output as a draft or prompt for further analysis, not as legal advice. The lawyer must verify the law, test the reasoning and apply professional judgement.
12. How can senior lawyers provide effective supervision if they are less involved in using AI day to day?
Senior lawyers do not need to use AI more than juniors, but they do need to understand enough to supervise its use.
Effective supervision means setting clear expectations before work begins. Juniors should know whether AI may be used, what it may be used for, what must be checked and what must be disclosed internally. Seniors should also ask direct questions, such as was AI used in preparing this? What tool was used? What information was entered? Have the authorities been checked? What primary sources support this? What assumptions has the output made?
Supervision should focus on process as well as final output. If seniors only review polished drafts, they may miss the fact that the work was built on a flawed AI-generated foundation.
13. How can we assess the risk of using LLMs that process data outside the EU?
Start by identifying whether personal data is being transferred outside the UK or EEA, where it is going, who receives it and what legal safeguards apply. Under GDPR, personal data transfers outside the EEA are restricted unless the relevant transfer requirements are met.. The ICO also published updated guidance on international transfers in January 2026. For an LLM, the assessment should cover more than geography. You should ask things like what data will users enter? Is the data personal, confidential, privileged or client-sensitive? Where is the data processed and stored? Are prompts and outputs retained? Are there sub-processors? What contractual safeguards are in place? Are there appropriate transfer mechanisms? Can the firm configure retention, training and access settings?
For high-risk legal work, firms should prefer approved enterprise tools with clear contractual protections, data residency options, no training on customer data by default and strong access controls.
14. How should firms address lack of supervision and management around AI use?
Firms should make AI supervision visible and specific. A general statement that “all work must be supervised” is not enough.
There should be clear ownership. Someone should be responsible for AI governance at firm level, and matter supervisors should be responsible for AI use within their matters. Staff should know who to ask before using AI in a new or uncertain way.
Firms should also build AI into existing management processes. For example, file reviews can include a question about AI use. Matter opening can flag whether AI tools may be used. Training records can show who has been trained. Approved tool lists can be updated as risks change.
The aim is not to create bureaucracy for its own sake. The aim is to make sure AI use is known, controlled and reviewed, rather than hidden or improvised.
15. How can firms manage over-reliance on AI and the risk of poor-quality or hallucinated content?
The best control is verification. AI-generated legal content should be checked against primary sources, client instructions, matter documents and current law. The more important the output, the more rigorous the check should be.
Firms should also train staff to recognise that fluency is not accuracy. AI often sounds most convincing when it is wrong. That is why users should be required to verify citations, quotations, case summaries, statutory references, dates, calculations and legal conclusions.
Another useful control is to require users to keep AI in its proper role. AI can help draft, summarise and structure. It should not be treated as the final decision-maker. For legal advice, litigation documents and client-facing work, a qualified human should remain responsible for the final position.
16. What are the confidentiality issues when using AI?
The main confidentiality issue is that users may put client information into tools without understanding where that information goes or how it may be used.
This can create risks around client confidentiality, legal professional privilege, data protection, commercial sensitivity and contractual obligations. Even where the AI provider does not train on the data, prompts and outputs may still be stored, reviewed, logged or accessible to administrators depending on the tool’s settings.
Firms should have clear rules on what information can be entered into which tools. Public AI tools should not be used for confidential client material unless the firm has specifically assessed and approved that use.
A good rule is, if you would not put the information into an external website without approval, do not put it into an AI tool without approval.
17. How can firms prevent poor-quality AI-assisted work?
Poor-quality AI work is usually a management problem, not just a technology problem.
Firms should set minimum standards for AI-assisted work. For instance, no unchecked legal citations, no unverified case summaries, no client-facing advice without human review, no confidential information in unapproved tools and no use of AI where the lawyer does not understand the underlying issue.
Training should also focus on judgement. Staff need to know when AI is useful, when it is risky and when it is inappropriate. A junior lawyer who uses AI to produce a first draft but then checks, challenges and improves it may be using AI well. A lawyer who accepts a polished answer without understanding it is creating risk.
The best firms will not simply ask whether AI was used. They will ask whether it was used well.
Missed our webinar? It's on demand: Legal AI – Managing the risks of AI use in law firms
Watch it here →