Legal information, not legal advice · Every entry verified to its primary source · Independent of any bar association
The Legal AI Compliance Register

legalaicompliance.help · est. 2026 · honest labels, primary sources, public changelog

Telling Clients About AI Use: A Decision Guide

Last updated June 10, 2026 · First published June 10, 2026 · By MHSB Solutions (Research desk) · How this site is sourced

There is no universal duty to tell clients you use AI. The duty turns on two triggers that every authority recognizes: whether confidential client information will be exposed to the tool, and whether the client would reasonably want to know (they asked, the engagement says so, or AI use is material to the representation). Routine embedded AI, like the assistants inside mainstream research platforms, generally requires no disclosure (NYC Bar 2024-5). Feeding client data to an open model requires informed consent in a growing number of states, and West Virginia requires that consent in writing.

Quick answer

  1. No universal client-disclosure duty exists.
  2. Trigger 1: confidential client info will be exposed to the tool.
  3. Trigger 2: the client asked, agreed otherwise, or AI use is material.
  4. Routine embedded AI (research platforms): no disclosure needed (NYC 2024-5).
  5. Open-model inputs: informed consent (OR); in writing (WV).
  6. Solve it once with engagement-letter language, not matter-by-matter improvisation.

Why this question has no one-line answer

Client disclosure is where the AI ethics instruments genuinely diverge, because two different rules are in play and jurisdictions weight them differently. Rule 1.6 (confidentiality) generates a consent duty when client information will be exposed to a tool. Rule 1.4 (communication) generates a disclosure duty when AI use is something this client, in this representation, would reasonably want to know. A jurisdiction emphasizing the first produces consent rules tied to data exposure; one emphasizing the second produces facts-and-circumstances tests; several explicitly find no per se duty at all.

The spectrum, mapped

At the no-per-se-duty end, New Jersey’s Supreme Court guidelines state there is no blanket duty to tell clients about AI use, with disclosure required if the client asks or cannot make informed decisions about the representation without knowing. Virginia’s State Bar guidance takes the same position absent agreement or elevated risk, and Michigan’s FAQs find no general duty absent rule triggers. Kentucky’s E-457 is nearby with a useful operational test: routine AI research needs no disclosure, but disclosure is required when work is outsourced, the client is charged for AI, or court rules require it.

The middle is exposure-triggered consent. ABA Formal Opinion 512 requires informed client consent before inputting information relating to the representation into a tool that may expose it. Florida’s 24-1 recommends informed consent before confidential information goes to third-party AI. Arizona’s guidance requires disclosing client-facing chatbots while finding no duty to flag every internal AI use.

Then the strict end. Oregon’s 2025-205 conditions open-model use on informed consent categorically, with case-specific factors governing broader disclosure. West Virginia’s LEO 24-01 stands alone: client consent to generative AI use that is informed and confirmed in writing. And the newest instrument, NYC Bar Opinion 2025-6, adds a context-specific consent rule everyone should treat as national best practice: informed client consent before AI tools record or transcribe client conversations.

NYC Bar Opinion 2024-5 supplies the exemption that keeps all of this workable: routine embedded AI (autocomplete, the AI inside established research platforms) requires no disclosure. Without that line, every Westlaw query would trigger a client conversation; with it, the disclosure analysis targets the genuinely novel exposure, which is client data leaving the firm’s vetted perimeter.

The decision sequence

For any contemplated AI use on a matter, four questions in order. Is the tool routine and embedded within an already-vetted vendor relationship? If yes, use it; no disclosure obligation arises under any instrument. Will information relating to the representation enter the tool? If yes, apply your jurisdiction’s consent threshold from the spectrum above, remembering anonymization’s limits. Is the AI use material to this representation for any other reason: the client asked, the engagement letter speaks to it, the work is substantially AI-produced, or the client is being charged for the tool? If yes, disclose under Rule 1.4 regardless of confidentiality analysis. And in West Virginia, or for any matter you want defensible under the strictest standard: get it in writing.

Solve it in the engagement letter

Matter-by-matter improvisation is how firms end up inconsistent, and inconsistency is what looks bad in hindsight. The administrable answer is standing engagement-letter language: the firm uses AI tools under a written governance policy; tools are vetted and client information is not used to train them; all output is reviewed by the responsible lawyer; clients may discuss or restrict this at any time; matter-specific consent will be sought before sensitive information enters any external tool. That language satisfies the communication duty for routine use, pre-positions the consent conversation for sensitive use, and turns your firm AI policy into something a client can actually read. Section 7 of the free template carries the corresponding policy text with the jurisdiction-specific consent posture left as the one deliberate blank.

Frequently asked questions

Do I have to tell my client I used ChatGPT on their matter?

Not categorically. If no confidential information went in and AI use is not material to the representation, no authority requires disclosure; New Jersey's guidelines and Virginia's guidance say so expressly. If their information went into the tool, the analysis changes: the ABA requires informed consent where exposure risk exists, Oregon requires it for open models, and West Virginia requires it in writing. And if the client asks, answer accurately, always.

Does using Westlaw's or Lexis's AI features require client disclosure?

No, under NYC Bar Formal Opinion 2024-5, which expressly exempts routine embedded AI such as autocomplete and the AI features of established research platforms from disclosure. The line is between embedded tools operating inside a vendor relationship the firm already vetted, and open tools where client data leaves that perimeter.

What should engagement-letter AI language say?

Three elements: a plain statement that the firm uses AI tools under a governance policy (categories, not product names), the protections applied (vetted tools, no training on client data, human review of all output), and an invitation to discuss or adjust. Matter-specific consent is then reserved for sensitive inputs. Kentucky's E-457 adds a billing trigger: disclose when the client is charged for AI.

Can a client forbid me from using AI?

Yes. Clients can restrict the means of representation by agreement, and an engagement letter is where that restriction would live. A blanket client prohibition is also worth a conversation: scoped correctly (no client data in open models, human verification of everything) AI use is often in the client's interest on both speed and cost, and several authorities note efficiency gains flow to hourly clients.

Primary sources cited

Related guides

About the editor: MHSB Solutions, Research desk. MHSB Solutions is not a law firm. Everything on this site is legal information keyed to primary sources, not legal advice.

For licensed attorneys and firm operators. This site is legal information, not legal advice, and no attorney-client relationship is formed by using it. Rules change; verify against the primary sources linked on every page and consult a licensed attorney in your jurisdiction before acting.