Confidentiality is among the oldest duties a solicitor owes, and it is the one most quietly at risk when AI enters the office. The danger is rarely dramatic. It is a fee earner pasting a client's email, a draft contract or a witness statement into a free chatbot to save twenty minutes.

Know where the words go

When you type into a tool, that text leaves your firm and reaches the provider. With consumer products the provider may store it and use it to train future models, which means client information can surface in ways no one intended. Business and enterprise tiers usually stand on different terms, where inputs are not used for training and data sits in a defined region. The gap between the free version and the paid one is often the gap between a breach and a safe workflow.

Choose tools that keep work inside the firm

For a regulated practice the questions are practical. Does the contract say client data will not train the provider's models? Where is the data processed and stored? Who within the provider can reach it, and under what controls? Is there a data processing agreement that meets the UK GDPR? A tool that cannot answer these plainly does not belong near a client matter.

Prove that you protected it

Confidentiality is also about showing that you took care. Keep a short record of which tools are approved, what staff may put into them, and the steps taken to keep privileged and personal material out of anything that has not been cleared. The data protection side of this sits in UK GDPR when client data meets AI.

Handled with that care, AI can speed up research and drafting without ever putting a client's confidence at risk.

The duty itself sits in the SRA Code of Conduct for Solicitors, and it reads exactly as strictly as you remember.

If you cannot say with confidence where a prompt goes after a fee earner presses enter, that is the first question we answer for firms: start with a conversation.