When does uploading privileged legal material to a public AI tool risk destroying confidentiality?

Why privileged material in public AI tools creates a confidentiality problem

Uploading privileged legal material to a public AI tool becomes risky when the information leaves the controlled lawyer-client environment. Legal professional privilege depends on confidentiality. If legal advice, draft pleadings, litigation strategy or dispute notes are copied into a tool whose provider can store, review, reuse or access the input, the organisation may struggle to show that confidentiality was preserved.

The safest working assumption is simple: treat public AI tools as external recipients. If you would not send the material to an unknown third party by email, do not paste it into a public AI prompt.

The safest approach is to keep privileged material out of public AI tools

For legal teams, regulated firms and professional services businesses, the practical answer is clear. Do not upload privileged or highly sensitive legal material to public AI tools unless the tool has been formally approved for that use, the terms protect confidentiality, and the legal team has confirmed the workflow.

This does not mean AI cannot support legal operations. It means the risk changes according to the tool, the data and the controls. A closed enterprise AI system with contractual confidentiality, no training on customer data, defined retention, access controls and deletion rights may be capable of supporting low-risk legal workflows. A public tool used on standard consumer terms is a different proposition.

Review AI confidentiality risk before teams upload sensitive data

Where privilege can be lost in practice

The highest-risk moments are usually ordinary workarounds rather than formal technology projects. Common examples include asking a public AI tool to summarise counsel's advice, sense-check a dispute email, rewrite a draft pleading, prepare meeting notes from a litigation call, or analyse a contract issue before lawyers are involved.

DWF's analysis is important because it separates two questions that are often blurred. First, communications with an AI tool are not communications with a lawyer. Second, even where privileged material already exists, sharing it with a third-party system can undermine the confidentiality needed to maintain privilege.

That risk is stronger where the provider's terms allow input storage, human review, model training, onward processing or broad internal access. It may also arise where AI outputs are circulated too widely inside the business, to insurers, advisers or other stakeholders without a clear legal purpose and access boundary.

What recent cases and guidance suggest

The English position is still developing, but the direction of travel is cautious. DWF points to UK v Secretary of State for the Home Department [2026] UKUT 81 (IAC), where the tribunal discussed the implications of legal advisers using open-source generative AI tools. The warning is that uploading confidential material into publicly available AI platforms may be treated as putting that information into the public domain, with confidentiality and privilege at risk.

The article also references US v Heppner, where communications with a publicly available AI tool were not protected by attorney-client privilege or work product protection. That decision does not decide English law, but the confidentiality principle behind it is familiar to English courts. The lesson for UK organisations is to avoid becoming the test case for a poor AI workflow.

Controls a firm should put in place before AI touches legal material

A sensible AI governance policy should make the boundary easy for staff to follow. Public AI tools should be prohibited for privileged, confidential client, dispute, employment, regulatory, investigation or settlement material. Approved tools should be listed by name and use case, with clear examples of what can and cannot be entered.

For enterprise AI tools, due diligence should cover data retention, model training, subprocessors, region of processing, access logs, deletion rights, security controls and whether prompts or outputs can be reviewed by the provider. The legal team should also decide when AI outputs stay within the privileged circle and when wider sharing would create waiver risk.

Build a practical AI governance policy for legal workflows

Training matters as much as tooling. Non-legal teams often handle disputes, complaints, investigations and contract negotiations before lawyers are involved. They need plain examples: do not paste legal advice into a public assistant; do not record privileged calls with unapproved AI notetakers; do not ask AI to assess liability using confidential facts; escalate early when legal risk appears.

A practical decision rule for legal and professional services teams

Before using AI on any legal material, ask five questions. Is the material privileged, confidential or dispute-related? Is the AI tool public, enterprise-approved or embedded in another platform? What do the terms say about storage, training, human review and deletion? Who will see the output? Has a lawyer confirmed that the workflow preserves confidentiality?

If the answers are unclear, stop and use a safer route. Redact, anonymise, summarise at a high level, or move the task into an approved environment with proper records. Keep an audit trail showing who approved the tool, what data category was used, what checks were applied and who reviewed the output.

Turn AI policy into approved workflows and audit records

FAQ

Can privileged legal advice be pasted into ChatGPT or another public AI tool?

It should not be pasted into a public AI tool unless the legal team has approved that exact tool and use case. Public terms, retention and reuse settings can make confidentiality difficult to prove.

Does using enterprise AI automatically preserve privilege?

No. Enterprise AI may reduce risk, but privilege still depends on legal purpose, confidentiality, access control, data handling and how outputs are shared.

What should an AI policy say about legal material?

It should ban public AI use for privileged or sensitive legal material, list approved tools, define escalation rules, set retention and access requirements, and require lawyer review for dispute or advice-related workflows.

Can non-lawyers use AI to analyse legal risk?

They should be careful. AI-generated legal analysis by non-lawyers may not be privileged, and it can create inaccurate or discoverable records. Legal teams should be involved early.

What evidence helps show confidentiality was protected?

Keep records of tool approval, contract terms, data categories, access permissions, retention settings, human review and output circulation. The record should show that privileged material stayed inside a controlled workflow.