Legal information, not legal advice · Every entry verified to its primary source · Independent of any bar association
The Legal AI Compliance Register

legalaicompliance.help · est. 2026 · honest labels, primary sources, public changelog

AI Tool Risk Tiers: Consumer vs. Enterprise vs. Legal-Specific

Last updated June 10, 2026 · First published June 10, 2026 · By MHSB Solutions (Research desk) · How this site is sourced

AI tools sort into four risk tiers for legal work, defined by data handling rather than capability. Tier 1, consumer chatbots that may train on inputs: never for confidential client information without informed consent. Tier 2, enterprise deployments with training disabled and contractual protections: usable for client work with documented diligence. Tier 3, AI embedded in established legal platforms inside an existing vendor agreement: routine use, no disclosure needed per NYC Bar 2024-5. Tier 4, legal-specific tools: judged by the same data questions as Tier 2 plus output-quality diligence. The tier is set by the subscription terms, not the product name.

Quick answer

  1. Risk is set by data handling, not model quality.
  2. Tier 1 consumer: may train on inputs; no client confidences without consent.
  3. Tier 2 enterprise: training off + contract; usable with documented diligence.
  4. Tier 3 embedded platform AI: routine use within vetted vendor relationship.
  5. Tier 4 legal-specific: Tier 2 questions plus output-quality vetting.
  6. Same product name can sit in different tiers; the tier is the subscription.

Why “which AI is safe” is the wrong question

Lawyers keep asking for a list of safe products, and the instruments keep answering with a method instead, because the method is the only thing that stays true. The same model can be reached through a free consumer account that may train on your prompts or through an enterprise contract that forbids it; the product name tells you nothing about which one your associate is typing into. So the unit of classification is the subscription: its training behavior, retention, access controls, and contractual commitments. Four tiers cover the field.

Tier 1: consumer tools

Free and personal-tier chatbots whose terms permit training on inputs or human review of conversations. Capability is irrelevant here; the data path is the problem. Under every authority’s confidentiality analysis, and Oregon’s open-model rule most explicitly, confidential client information does not enter Tier 1 without informed consent, and under West Virginia’s standard that consent is written. What Tier 1 is legitimately for: public-information work. Drafting from already-public filings, summarizing published opinions, brainstorming non-matter content, learning the technology itself. A firm policy that bans Tier 1 outright usually drives usage underground onto personal devices; the better rule is scoping it to public inputs and saying so plainly.

Tier 2: enterprise deployments

The same general-purpose models behind contractual protections: training on inputs disabled, defined retention with deletion controls, access restrictions, security commitments in writing. This is Oregon’s closed model, usable for client work with reasonable diligence on the vendor’s commitments, which means someone read the terms and recorded the answers. Tier 2 is where most serious firm adoption should land, and its compliance artifact is the approved-tools register entry: tier-determining terms, the date verified, and who verified them. D.C.’s Opinion 388 supplies the questions; the register is your evidence the questions were asked before, not after, an incident.

Tier 3: embedded platform AI

AI features inside platforms the firm already vetted and contracts with: the research platforms, the document management system, the practice management suite. NYC Bar Opinion 2024-5 carved this tier deliberately, exempting routine embedded AI from client disclosure, and the logic extends to vetting: the vendor relationship, confidentiality terms, and data location were diligenced when the firm signed; the residual question is whether the new AI features inherit those terms or introduce new data flows (some vendors route AI features through new subprocessors, which is a term change worth catching). Tier 3’s trap is complacency about outputs: embedded AI hallucinates too, and the verification duty applies with full force regardless of how reputable the host platform is.

Vertical tools built for legal work: research assistants, contract analysis, deposition summarization, intake automation, meeting transcription. The branding suggests safety; the analysis is unchanged. A legal-specific tool earns Tier 2 treatment via its data terms or it is Tier 1 with a law-themed interface. Mississippi’s Practical Guide, the most thorough official survey of the category, pointedly endorses nothing and routes ethics back to the same duties. Tier 4 adds one genuine extra: output-quality diligence (what sources does the research tool actually search, how does the summarizer handle privileged passages), and one genuinely sharp case: AI meeting tools that listen to client conversations, for which NYC Bar Opinion 2025-6 requires informed client consent, vendor vetting, and transcript accuracy checks.

Using the tiers

Assign every tool in the building a tier in the approved-tools register, including the ones staff adopted without asking; the inventory step in the small-firm starter usually surfaces a Tier 1 transcription bot someone loves. Scope permitted inputs per tier (public information for Tier 1; client work with diligence for Tiers 2 through 4; client conversations only with consent). Re-tier on every terms change, because tiers are facts about contracts, and contracts move. And keep the one rule that ignores tiers entirely: every output gets verified before it becomes work product, because the sanctions caselaw does not ask what tier the fabricated citation came from.

Frequently asked questions

Is ChatGPT safe for legal work?

Wrong unit of analysis. A free consumer ChatGPT account that may train on inputs sits in Tier 1: fine for public-information tasks, not for client confidences absent informed consent. An enterprise deployment of the same underlying model with training disabled and contractual data protections sits in Tier 2 and can be used for client work with documented diligence. Oregon's open-versus-closed model distinction in Opinion 2025-205 draws exactly this line.

Do Westlaw and Lexis AI features need the same vetting?

They need recorded vetting, but they sit in Tier 3: AI embedded in an established platform inside an existing vendor agreement your firm already negotiated. NYC Bar Opinion 2024-5 exempts routine embedded AI from client disclosure. The residual diligence is confirming the AI features inherit your existing agreement's confidentiality terms, then treating outputs with the same verification duty as any other tier.

Are legal-specific AI tools automatically safer?

No. A legal vertical tool earns Tier 2 treatment the same way a general enterprise tool does: by its actual data terms. Mississippi's Practical Guide surveys legal AI tools by category while expressly declining to endorse any, and its ethics section defers to the same duties. Legal branding changes the marketing, not the Rule 1.6 analysis.

Who in a firm should assign the tiers?

The policy owner under your firm AI policy, recording each tool's tier, tier-determining terms, and review date in the approved-tools register. Tier assignments are supervision artifacts under Rules 5.1 and 5.3; unwritten tiers are opinions, not controls.

Primary sources cited

Related guides

About the editor: MHSB Solutions, Research desk. MHSB Solutions is not a law firm. Everything on this site is legal information keyed to primary sources, not legal advice.

For licensed attorneys and firm operators. This site is legal information, not legal advice, and no attorney-client relationship is formed by using it. Rules change; verify against the primary sources linked on every page and consult a licensed attorney in your jurisdiction before acting.