There is no SRA AI rulebook. There doesn't need to be.
AI already sits inside the SRA Code of Conduct for Firms — governance, competence, confidentiality, supervision. This is the hub for the people the SRA holds accountable for it: your COLP and your COFA. See which rules apply, what the SRA can ask, and how to prove your AI use is governed.
- A specialist agent for each kind of legal work, from research to disputes.
- Finished work product. Research memos, redlines, diligence grids, not chat replies.
- Checked, sourced and signed before it ever reaches a client.
The Code Already Applies
The SRA rules that already cover AI.
There's no separate SRA AI rulebook — AI sits squarely inside the Code of Conduct for Firms your COLP is already responsible for. These are the obligations that matter most the moment your firm adopts AI.
Rule 2.1 — Effective governance
Firms must have effective governance structures, arrangements, systems and controls. Adopting AI without documented policy, assigned ownership and active oversight leaves this rule unmet.
Rule 2.2 — Compliance records
Firms must keep records that demonstrate compliance. For AI that means audit trails, verification logs and evidence that outputs were supervised — not a policy that sits in a drawer.
Rule 2.5 — Risk management
AI must sit in the firm's risk register. Hallucination, data leakage, bias and unsupervised use are AI-specific risks the firm must identify, assess and manage.
Rule 4.3 — Competence of managers and employees
Staff using AI must be able to evaluate what it produces. The SRA expects ongoing competence, not just access to a tool.
Rules 6.3–6.5 — Confidentiality
Client confidentiality is absolute. Feeding client-identifying information into a tool that trains on inputs or stores data outside the firm's control puts these rules at risk.
Who's Responsible
The two officers the SRA holds accountable
Every SRA-regulated firm names a COLP and a COFA on its authorisation. They are the individuals a regulator turns to when it asks whether the firm's AI use is governed.
The COLP
Compliance Officer for Legal PracticeThe named individual the SRA holds accountable for the firm's compliance with its authorisation and the SRA's regulatory arrangements. When a firm adopts AI, the COLP owns the question the regulator now asks: is this use supervised, recorded and defensible?
Ensure the firm meets its SRA authorisation and Code of Conduct obligations
Record any failure to comply, and report material breaches to the SRA
Own AI governance: policy, oversight and the evidence an inspection would need
The COFA
Compliance Officer for Finance and AdministrationAccountable for the firm's compliance with the SRA Accounts Rules — the handling of client money. AI reaches the COFA's remit wherever tools touch billing, client-account reconciliation or financial data.
Ensure compliance with the SRA Accounts Rules and safe handling of client money
Keep records of, and report, material breaches of the Accounts Rules
Govern AI that processes financial or client-account data
Where the two roles overlap
Both are named on the firm's SRA authorisation and must be approved as fit and proper.
Both must record breaches and report serious ones to the SRA as soon as reasonably practicable.
Neither role is a formality — the December 2025 thematic review found only one COLP, of those reviewed, who could describe all their obligations.
Under Inspection
What the SRA can ask for.
If the SRA turns its attention to your firm's AI use, these are the questions it can put to you — and the evidence it expects behind each answer.
Which AI tools your firm uses
A live inventory of the AI systems in the firm, who uses them, and for what kind of legal work.
Who is supervising AI output
Evidence that a qualified person reviewed AI-assisted work before it reached a client or a court — the supervision chain, on the record.
How AI risk is managed
Your AI entries in the risk register, the controls in place, and how verification failures are caught and resolved.
The records to prove it
Under section 44B of the Solicitors Act 1974 the SRA can require the firm to produce documents. For AI-assisted work, that means an audit trail you can hand over on demand.
The SRA is already asking
SRA Code of Conduct for Firms
Rules 2.1 (governance), 2.2 (compliance records), 2.5 (risk management), 4.2 (competent service), 4.3 (staff competence) and 6.3–6.5 (confidentiality) all apply to AI use today. There is nothing to wait for.
SRA Compliance Officers Thematic Review
The SRA visited 25 firms and interviewed 36 individuals. Only one COLP could describe all their regulatory obligations; only around 10% of firms had a formal AI policy.
SRA GenAI good-practice guidance
The SRA has signalled further guidance on generative AI use for regulated firms — formalising the governance expectations already implicit in the Code.
EU AI Act high-risk obligations
UK firms whose AI output is used by clients in the EU are in scope. Legal AI is high-risk (Annex III); those obligations apply from 2 December 2027 under the Digital Omnibus, with transparency duties from August 2026.
Further Reading
The SRA, COLP and COFA library
Eight in-depth guides on SRA compliance for AI, the COLP and COFA roles, and what an inspection actually asks for.
The founder
Built by someone who had to stand behind the system.
LegalAI Space is the work of a founder who spent a decade shipping infrastructure that enterprises had to trust — now turned on the part of legal AI that matters most: governance.
She started LegalAI Space because legal AI had inherited the speed of enterprise infrastructure and none of its accountability.
Daman spent a decade building cloud and AI infrastructure for large enterprises at Microsoft and HPE. The question there was never only “does it run?” but “can you stand behind it?”
Firms were being asked to trust output they could not trace. Her focus is the layer that closes the gap: the rules, the verification, and the record that let a partner sign off with confidence.
Engineering, BITS Pilani · Executive product management, IIM Lucknow
SRA, COLP and COFA questions
How verification, governance, and the agents work inside an SRA-regulated firm.
Still have questions? Talk to the founderProve your AI is governed — before the SRA asks.
Join the UK firms putting SRA-native AI governance in place, with the audit trail a COLP can hand over on demand.
- 01
LegalAI Space is a technology platform. We are not a law firm, we are not regulated by the SRA, and we do not provide legal, regulatory or compliance advice.
- 02
References to the SRA Code of Conduct for Firms and the SRA Authorisation of Firms and Accounts Rules (SRA Standards and Regulations, effective 25 November 2019) are for information only. Rule numbers cited (2.1, 2.2, 2.5, 4.2, 4.3, 6.3–6.5) refer to the SRA Code of Conduct for Firms. Firms should verify current requirements directly with the SRA.
- 03
The description of the COLP and COFA roles is a general summary of the SRA's requirements and is not a substitute for the SRA's own rules or professional advice.
- 04
Statistics cited: '96% of UK firms use AI' — Clio UK Legal Trends Survey 2024; '10% have formal AI policies' — Thomson Reuters, Generative AI in Professional Services 2024; 'only one COLP could describe all obligations' — SRA Compliance Officers Thematic Review, December 2025 (25 firms, 36 individuals interviewed; general regulatory obligations, not AI-specific).
- 05
Reference to section 44B of the Solicitors Act 1974 describes the SRA's power to require production of documents and is provided for information only.
- 06
References to BAILII (bailii.org) and legislation.gov.uk are to publicly available legal information services. LegalAI Space is not affiliated with either service.
- 07
Product features described on this page represent planned or in-development capabilities. Final functionality may vary.
