# [FIRM NAME] Generative AI Use Policy

Version 1.0 | Adopted [DATE] | Policy owner: [MANAGING PARTNER / COO]

> Template provided free by the Legal AI Compliance Tracker (legalaicompliance.help), maintained by MHSB Solutions.
> This is a starting point, not legal advice. Have a licensed attorney in your jurisdiction review and adapt it
> before adoption. It reflects the duties common to ABA Formal Opinion 512 and the state instruments tracked at
> legalaicompliance.help as of June 2026; your state may impose stricter requirements (for example, West Virginia
> requires informed client consent confirmed in writing).

## 1. Purpose and scope

This policy governs all use of generative artificial intelligence tools in connection with firm business by
attorneys, staff, contractors, and vendors. It exists to capture AI's efficiency gains while protecting client
confidentiality, work product quality, and the firm's professional responsibility obligations.

"Generative AI" means any tool that produces text, summaries, drafts, translations, transcriptions, images, or
analysis from prompts or source material, whether standalone (general-purpose chatbots) or embedded in practice
tools (research platforms, drafting assistants, meeting transcription).

## 2. Approved tools

Only tools on the firm's Approved AI Tools list may be used for firm business. The list records, for each tool:

- Tool name, vendor, and plan/tier (consumer vs. enterprise terms differ materially)
- Whether inputs are used for model training, and how to verify that setting
- Data retention period and deletion controls
- Security posture (encryption, access controls, vendor certifications)
- Approved use cases and prohibited use cases
- Date last reviewed and reviewer

Requests to add a tool go to [POLICY OWNER]. No client or matter information may be entered into any tool not on
the list. Personal accounts on consumer AI tools may never be used for firm business.

## 3. Confidentiality rules

1. Do not enter client-identifying or matter-identifying information into any AI tool unless the tool is on the
   Approved list for that purpose and its current terms prevent training on inputs and provide adequate security.
2. Anonymize inputs wherever the task allows. Removing names is not always enough; combinations of facts can identify
   a client.
3. Client consent: where required by the engagement letter, by the sensitivity of the information, or by your
   jurisdiction's rules, obtain the client's informed consent before using AI on their matter. [CUSTOMIZE: in
   West Virginia, consent must be informed and confirmed in writing.]
4. Treat AI chat histories as records: they may contain confidential information and may be discoverable. Disable
   history where the tool allows; preserve interactions that belong in the client file.

## 4. Verification rules (non-negotiable)

1. Every AI output used in firm work is a draft. A human with knowledge of the matter reviews it before it is used,
   sent, or filed.
2. Every citation, quotation, and statement of law in AI-assisted work is independently verified in a traditional
   research database before filing. Asking the same AI to confirm itself is not verification.
3. Anything filed with a court complies with that court's standing orders and local rules on AI, which the filing
   attorney checks for each judge and forum. The signing attorney certifies the filing's accuracy regardless of what
   produced the first draft.

## 5. Billing rules

1. Bill only time actually spent: prompting, reviewing, correcting, and verifying. Never bill the time AI saved.
2. Time spent learning AI tools for general competence is firm overhead, not billable, absent a specific client
   agreement.
3. AI tool costs are passed through to clients only where the engagement letter permits it, the cost is reasonable
   and matter-specific, and the client agreed in advance in writing.

## 6. Supervision and training

1. [POLICY OWNER] maintains this policy, the Approved list, and a training log.
2. Every attorney and staff member completes AI training before first use and annually thereafter, covering this
   policy, confidentiality risks, hallucination risks, and verification workflow.
3. Supervising attorneys are responsible for AI use by those they supervise, including nonlawyer staff and vendors,
   to the same standard as any other delegated work.
4. Violations are reported to [POLICY OWNER]; material violations involving client information are handled under the
   firm's incident response procedure, including any notification obligations.

## 7. Client communication

1. The firm discloses its AI practices in engagement letters: [CHOOSE: general disclosure language / matter-by-matter
   consent / client opt-out].
2. If a client asks whether AI was used on their matter, answer accurately.
3. AI-facing client tools (intake chatbots) must identify themselves as automated and not as a lawyer.

## 8. Prohibited uses

- Entering privileged or confidential information into unapproved tools
- Filing or sending any AI output without human review and citation verification
- Using AI to generate evidence, declarations of fact, or testimony
- Representing AI output as the work of a specific person who did not review it
- Using AI tools for surveillance of opposing parties or jurors beyond what the rules permit

## 9. Records and review

This policy is reviewed [QUARTERLY/SEMI-ANNUALLY] against current bar guidance, with changes logged below. The
current version of every instrument this policy relies on is tracked at legalaicompliance.help.

| Version | Date | Change | Approved by |
|---|---|---|---|
| 1.0 | [DATE] | Initial adoption | [NAME] |

## Acknowledgment

I have read and understood the [FIRM NAME] Generative AI Use Policy and agree to follow it.

Name: ____________________ Signature: ____________________ Date: ____________