Solicitor Faces Probe After Putting Client Documents Into ChatGPT

The legal profession has rapidly embraced artificial intelligence to streamline research, drafting, and client communication. Tools like ChatGPT promise speed and cost savings, but they operate by transmitting inputs to public servers, effectively placing confidential client information in the open internet. When a solicitor at TMF Immigration Lawyers fed client emails and Home Office decisions into ChatGPT, the Upper Tribunal deemed it a clear breach of client confidentiality and a waiver of legal privilege, prompting immediate regulatory scrutiny.

Regulators responded swiftly. The Solicitors Regulation Authority, the Immigration Advice Authority, and the Information Commissioner’s Office now expect firms to self‑report any AI‑related data breaches and to adopt robust governance frameworks. Guidance emphasizes using closed‑source, enterprise‑grade AI solutions—such as Microsoft Copilot—that keep data within secure, private environments. Law firms are urged to implement clear policies, conduct risk assessments, and train staff on the distinction between public‑domain AI and vetted, on‑premise tools to avoid future violations.

Beyond compliance, the cases reveal a broader industry challenge: ensuring AI‑generated outputs are accurate and ethically sound. The tribunal’s concern over fabricated case citations illustrates how unchecked AI can mislead courts, waste judicial resources, and erode public confidence. Effective supervision, mandatory verification of AI‑drafted documents, and continuous professional development are essential to harness AI’s benefits without compromising legal standards. As AI becomes entrenched in legal workflows, firms that embed rigorous oversight will safeguard both client interests and the integrity of the justice system.