All posts
ChatGPT6 min read

Can Lawyers Use ChatGPT? What the Rules Actually Say

Yes — but with hard limits the courts have already drawn. A High Court has ruled ChatGPT isn't capable of reliable legal research, and the Law Society says never feed it confidential client data. Here's the line between competent use and a regulatory breach.

By Daman Kaur

A trainee needs a quick summary of a 40-page lease by end of day. ChatGPT is right there, it's free, and it'll answer in seconds. So they paste the lease in and ask. Somewhere in that thirty-second decision, three separate professional obligations just got tested — and depending on what was in the lease, one of them may have broken.

This is the most common AI question in law firms right now, and it gets answered badly at both extremes. "AI is banned" is wrong and unenforceable — people use it anyway, just invisibly. "It's just a tool, use it however" is worse, because the courts and the regulator have already been specific about where the lines are.

So here's the accurate version: yes, lawyers can use ChatGPT — within limits that are now well-defined, and that a lot of firms are quietly crossing every day.

Yes — but "use ChatGPT" hides three different questions

The reason the question causes confusion is that "using ChatGPT for legal work" bundles three activities that carry completely different risk:

  • Drafting and ideation — outlining an argument, rephrasing a paragraph, generating a first draft to react to. Lowest risk, provided no confidential data goes in and the output is checked.
  • Legal research — asking it what the law is, or for authorities. High risk, and the subject of an explicit court ruling below.
  • Processing client material — pasting in a contract, a witness statement, a data-room document. The confidentiality question, and where the sharpest breach sits.

Lumping these together is why firms land on a blanket yes or a blanket no. Neither is right. The professional answer is different for each.

Where the court drew the line on research

On legal research specifically, this is no longer a matter of opinion. In Ayinde v London Borough of Haringey and Al-Haroun v Qatar National Bank (Divisional Court, 6 June 2025), the court stated directly that freely available generative AI tools "are not capable of conducting reliable legal research."

It went further, and this is the part every fee-earner should internalise: lawyers using such tools have a "professional duty… to check the accuracy of such research by reference to authoritative sources" — and it named them, including the Government's legislation database and the National Archives' record of court judgments.

The consequences in that case weren't theoretical. Fabricated citations — five in one matter, eighteen in the other — led to wasted-costs orders and referrals to the SRA and the Bar Standards Board. And it's not isolated: a public database of AI-hallucinated content reaching courts already runs to hundreds of decisions involving practising lawyers, and it grows every week.

Practical rule: ChatGPT can help you draft an argument. It cannot be your source for what the law is. If it gives you an authority, that authority does not exist until you've confirmed it in a real database — every time, no exceptions.

Where the line sits on confidentiality

The research limit is about accuracy. The confidentiality limit is about what you put in, and it's governed by SRA Code of Conduct for Firms paragraph 6.3 — the duty to keep client information confidential.

The Law Society's guidance is unambiguous: do not put confidential data into free, public generative AI tools where you have no operational relationship with the vendor beyond simply using it. A free ChatGPT account is exactly that relationship. What you paste in may be retained, may be used to train the model, and is out of your control the moment you hit enter.

That's why the trainee-and-the-lease example is a genuine breach risk, not a hypothetical. The task is fine. The tool is fine. The client data going into a public tool is the problem. We unpack this fully in is ChatGPT confidential for lawyers?

A safe-use matrix you can actually give your team

Most firms need something a fee-earner can hold in their head. This is the version I'd hand out:

TaskFree public ChatGPTAcceptable with governance
Rephrasing your own non-confidential textFineFine
Brainstorming arguments (no client facts)FineFine
Summarising a public documentFineFine
Summarising a client's documentNo — confidentialityYes, in a governed/contained tool
"What's the law on X?" / finding authoritiesNo — unreliable, unverifiedOnly with independent citation verification
Drafting on real matter factsNo — confidentialityYes, in a governed tool with human review

The right-hand column is the point. Almost everything a lawyer actually wants AI for is fine — if it runs in a tool where client data is contained and where citations are checked against source. The problem was never AI. It's ungoverned AI.

What competent use looks like, by role

  • If you're a fee-earner: treat free ChatGPT as a writing aid for non-confidential text only. The moment a client's facts or documents are involved, switch to whatever contained tool your firm has approved — and never file an authority you haven't personally confirmed exists.
  • If you're a supervisor or partner: your juniors are the ones most likely to trust fluent output they can't yet evaluate. Competence and supervision duties (Code paras 4.3–4.4) mean you're accountable for what they file. Assume ChatGPT is in use and build the check into your review, rather than pretending a ban is holding.
  • If you're the COLP: a blanket prohibition you can't enforce is worse than a clear, governed permission you can. The defensible position is an approved tool plus a record of what was checked — not a policy asking people to be careful. We set out that responsibility in full in COLP responsibilities for AI.

The reframe: don't ban the tool, contain it

The firms handling this well aren't the ones with the strictest ChatGPT ban. They're the ones who accepted that people will use AI, and moved the usage somewhere they can govern it — a tool where client data stays contained, where research is verified against primary sources before it reaches a draft, and where every step leaves a record.

That's the difference between "we told people not to" and "we can prove what happened." Only one of those is an answer when a client, an insurer, or the SRA asks.

FAQ

Can lawyers use ChatGPT for legal work? Yes, for non-confidential drafting and ideation with the output checked. No, for legal research relied on without verification, and no for anything involving confidential client data in the free public tool — that risks breaching the duty of confidentiality.

Is it against SRA rules to use ChatGPT? Using it isn't inherently a breach. But relying on unverified output can breach competence (Code 3.2–3.3) and the duty not to mislead the court (1.4), and putting client data into a public tool can breach confidentiality (6.3).

Did a court really say ChatGPT can't do legal research? Yes. In Ayinde/Al-Haroun [2025] EWHC 1383 (Admin), the Divisional Court held that freely available generative AI tools are not capable of reliable legal research and that lawyers must verify AI output against authoritative sources.

What's a safe way for lawyers to use AI? Use a tool where client data is contained rather than a free public one, verify every cited authority against a real legal database, keep a human review step before anything leaves the firm, and record what was checked.

Can I paste a client contract into ChatGPT to summarise it? Not into the free public version — that risks breaching confidentiality. Use a contained tool your firm controls and has approved for client data.


LegalAI Space lets your team get the benefit of AI without the confidentiality and hallucination risk: client data stays contained, every citation is verified against source, and every step is recorded. Book a 30-minute call with Daman to see it on a real matter.

Related reading