OrdoLux

07 May 2026 · Ethics

What Regulators Are Saying About Legal AI (and What It Means Day to Day)

Photo: Ethics and legal AI for UK solicitors – What Regulators Are Saying About Legal AI (and What It Means Day to Day).

A plain-English summary of recent regulator commentary on AI, and how to translate it into policies and workflows.

Partners and COLPs are understandably wary of legal AI hype. One of the most common questions we hear is:

“What are regulators actually saying about AI — and what does that mean for how we work day to day?”

You do not need to read every speech and consultation response to get the gist. Across regulators, a few themes repeat:

  • lawyers remain responsible for the work;
  • transparency and supervision matter more than novelty; and
  • basic duties (confidentiality, competence, integrity) do not disappear just because AI is involved.

This article offers a plain‑English take on what regulators are saying about legal AI, and how to turn that into practical habits inside a UK firm.

1. No regulator is giving you a “free pass” because AI is new

Across professional and data regulators, the message is strikingly consistent:

  • core duties still apply — competence, confidentiality, acting in clients’ best interests;
  • using AI does not dilute personal or firm‑level responsibility;
  • blaming “the system” will not wash if something goes wrong.

In practice, that means:

  • you must understand, at a basic level, how tools are used in your firm;
  • you must keep human oversight in place for advice, submissions and key decisions;
  • you should be able to explain and, if necessary, justify your approach to regulators and clients.

“We didn’t really think about it” is not an acceptable position.

2. Competence now includes understanding AI‑assisted workflows

Regulators increasingly treat technology as part of competence. For AI, that does not mean every lawyer needs to be a data scientist. It does mean:

  • supervising partners should understand where and how AI features are used on matters;
  • people who rely on AI outputs should know its limits (hallucinations, stale training, bias risks);
  • firms should offer training that is practical and context‑specific, not just a one‑off lecture.

A reasonable standard is that any lawyer who uses AI in their work could answer questions like:

  • “What is this tool good at? What is it bad at?”
  • “What checks do you perform before relying on its output?”
  • “Where is this work recorded on the file?”

If the answers are “I don’t really know” and “nowhere”, you have a competence gap.

3. Confidentiality and data protection are non‑negotiable

Regulators are particularly sensitive to two points:

  • confidentiality and privilege — sending client material to unapproved systems;
  • data protection — using cloud AI services without understanding data flows, retention or training.

Practical implications include:

  • using only tools vetted by IT, risk and data protection functions;
  • minimising data sent to external services (for example, summarising internally first, then using AI to refine your own wording);
  • understanding whether prompts and outputs are stored and whether they are used for training general models.

Your case management and DMS setup should support this by:

  • making it easy to use AI inside governed systems rather than via copy‑paste into public websites;
  • recording where AI has been used on a matter.

4. Supervision duties do not go away

Supervisors remain responsible for the work of their teams, whether AI was involved or not. Regulators expect:

  • clear lines of responsibility for files;
  • supervision processes that take account of new tools;
  • records of what supervision occurred.

With AI in the picture, this typically means:

  • supervisors should be able to see which notes, drafts or time entries were AI‑assisted;
  • firms should avoid a culture where juniors feel they can hide behind “the system wrote it”;
  • serious errors in AI output should be treated as learning opportunities — prompts and policies updated, not just individuals blamed.

Case management systems that log AI usage at matter level can make it much easier to show that supervision is real, not theoretical.

5. Candour with the court and third parties

Several regulators and courts have highlighted concerns about AI‑generated content in submissions and evidence, particularly:

  • fabricated case citations;
  • inaccurate factual summaries;
  • over‑reliance on unverified outputs.

Day‑to‑day safeguards include:

  • confirming that any authorities cited have been checked in the usual way;
  • verifying factual statements against primary documents, not just AI summaries;
  • avoiding language that suggests the court should trust the tool rather than the lawyer.

In high‑stakes work, some firms choose to record internally that no AI was used on key submissions, simply to reduce any future arguments about process.

6. Explaining AI use to clients

Regulators expect lawyers to act in clients’ best interests, communicate effectively and avoid misleading them. In an AI context, this suggests that firms should:

  • avoid hiding AI use if it materially affects the service;
  • be ready to explain, in plain terms, where AI is used and how it is supervised;
  • align their explanations with privacy notices and panel terms.

For many firms, that means a simple, consistent message, along the lines of:

  • “We use AI‑based tools to help summarise and organise information or draft first‑pass documents, but a solicitor always checks and finalises anything we send or rely on.”

The important part is that this message should be true in practice, not just marketing.

7. Documentation and auditability

Regulators and insurers alike value a good audit trail. In AI terms, you should aim to be able to answer questions later such as:

  • “Did you use AI on this matter? If so, where, and how was it supervised?”
  • “What tools did you use at that time, under what terms?”
  • “How did you ensure confidentiality and data protection?”

This favours:

  • matter‑level logging of AI activity;
  • central registers of AI‑enabled tools and their data positions;
  • periodic reviews of how AI is used in practice, not just in policy.

Where OrdoLux fits

OrdoLux is being designed to help firms show regulators and clients that AI use is controlled, supervised and documented:

  • AI features live inside the case management system, not on consumer sites;
  • prompts and outputs are tied to matters and logged for supervision and audit;
  • workflows focus on assistance — summaries, chronologies, time capture, task extraction — with lawyers clearly responsible for decisions and advice.

The idea is that when regulators say, “Core duties still apply,” you can point to concrete practices in OrdoLux that uphold those duties rather than relying on good intentions alone.

This article is general information for practitioners — not regulatory advice and not a comprehensive summary of any particular regulator’s guidance.

Looking for legal case management software?

OrdoLux is legal case management software for UK solicitors, designed to make matter management, documents, time recording and AI assistance feel like one joined‑up system. Learn more on the OrdoLux website.

Further reading

← Back to the blog

Explore related guides