What supervision record should lawyers keep when AI contributes to legal advice?

Why AI-assisted legal advice needs a supervision record

When a lawyer uses an AI system to help with research, drafting or analysis, the important question is not whether the tool wrote a useful paragraph. The question is whether the firm can show that the legal judgement, confidentiality controls and final advice remained under lawyer control.

DLA Piper's privilege analysis makes the point clearly: there is no standalone AI privilege. Legal advice generated by an AI system and given directly to a non-lawyer is not privileged simply because it sounds legal. Privilege depends on the existing legal framework, the role of the lawyer and whether confidentiality has been preserved.

The safest record shows direction, supervision and final judgement

A lawyer should keep a short matter-level record showing how AI contributed to the work, what was excluded from the prompt, which approved tool was used, who reviewed the output and what changed before the advice reached the client.

The record does not need to reproduce privileged content in a compliance spreadsheet. It should prove the operating model: the AI system acted as support under the lawyer's direction, much like a supervised assistant, and the lawyer remained responsible for the advice, risk judgement and client communication.

Check where AI use creates legal risk

What to capture without weakening confidentiality

Start with the matter reference, approved tool name, tool configuration, user, date, task type and whether client confidential or privileged material was excluded. If any client material was used, the record should state the lawful basis, client authority if required, confidentiality safeguards and why the tool was permitted for that data class.

Then capture the human review: the responsible lawyer, checks performed, legal sources verified, hallucination or citation issues corrected, and the final sign-off decision. For sensitive matters, add a note on why a public AI system was not used, or why a private, contracted tool was acceptable.

Public AI tools need a stricter default

The source article highlights the risk that putting privileged legal advice into public AI systems may result in loss of confidentiality and therefore loss of privilege. Until the courts test the boundaries, law firms should treat public tools as unsuitable for privileged or client confidential material unless a documented exception has been approved.

That means policies should distinguish between low-risk tasks, such as summarising public guidance, and high-risk tasks, such as drafting advice from client documents, witness evidence, transaction files or litigation strategy.

Set practical AI governance for legal teams

The minimum supervision checklist

• Tool approval: which AI system was used, whether it is public or contracted, and whether retention, training and access settings were checked.
• Prompt boundary: whether privileged, confidential or personal data was excluded, anonymised or authorised for use.
• Lawyer direction: the task given to the tool and the legal question the lawyer was testing.
• Output review: citations checked, legal analysis verified, errors corrected and unsupported points removed.
• Final accountability: named lawyer sign-off, client-impact assessment and any disclosure decision.

How firms can make the record usable

The record should live where the work happens: matter management, document management, workflow tools or an approved AI register. If lawyers have to fill out a long form after every prompt, the process will fail. A better approach is a short risk-tiered template that expands only for privileged, regulated or client-facing work.

For a legal team, this is as much a culture issue as a tooling issue. The aim is to make good supervision normal: approved tools, clear data boundaries, visible review steps and evidence that legal judgement was not outsourced to software.

Conclusion

AI can help lawyers work faster, but privilege and professional responsibility still depend on human control. The supervision record should show that the lawyer directed the tool, protected confidential material, verified the output and owned the final advice.

Build AI workflows with the right controls

FAQ

Does AI-generated legal advice have its own privilege?

No. The source article states that there is no standalone AI privilege. Existing privilege rules still matter, including the role of the lawyer and confidentiality of the communication.

Can lawyers use AI without losing privilege?

Potentially, but only with guardrails. The safer model is lawyer-directed use of approved tools, no unauthorised client confidential data in public systems, and a clear record of human review.

What is the most important thing to record?

Record who supervised the AI-assisted work, what data was allowed into the tool, what checks were performed and who signed off the final advice.

Should the record include the full prompt and output?

Not always. For privileged matters, avoid creating unnecessary disclosure risk. Keep enough metadata and review evidence to prove control without spreading sensitive content into another system.