Approved tools and the firm-owned-infrastructure decision

Name the tools lawyers and staff may use, and require that approved tools run in a tenant-isolated environment that does not train on inputs and does not retain them beyond the matter. Consumer accounts are not on the list.

Confidentiality and client-data handling (Rule 1.6)

State what may and may not be entered into an approved tool, and require the firm to hold the vendor's data-handling attestation in writing before a tool is approved.

Verification before reliance (Rule 1.1, Comment 8)

No AI output is used, filed, or sent without a responsible attorney's review. Cite-checking and source-verification are named steps, not assumptions.

Client disclosure and consent (Rule 1.4 and the engagement letter)

Set when the firm informs the client and when AI use on client confidences requires specific consent — boilerplate consent is insufficient under Opinion 512.

Supervision and named accountability (Rules 5.1 and 5.3)

Name a responsible attorney for the firm's AI use and a review chain for AI-assisted work product.

Permitted, review-required, and prohibited uses

The tiered reliance standard below — the section the generic templates collapse into a single allowed/not-allowed line.

Training, review cadence, and ownership

Name who owns the policy, how often it is reviewed, and the training every authorized user completes before they touch an approved tool. The tiered reliance standard most templates skip The section that does the real work is the one that draws the boundary between what AI may do on its own and what a lawyer must touch before the output moves. A flat "approved for legal research" line does not draw it. Three tiers do. Green — proceed. Low-risk uses on approved tools that produce no client-facing work product on their own: internal research starting points, summarizing public filings, reformatting, first-pass issue spotting. The lawyer uses the output as input to their own work. Yellow — review before reliance. Uses that feed client work product: first drafts of motions or contract language, research synthesis that enters a deliverable, deposition-preparation summaries. A named attorney verifies the output — citations, facts, reasoning — before it is used, filed, or sent. Red — prohibited without separate sign-off. Entering privileged or carved-out client information into a tool that is not approved or that trains on inputs; filing or sending AI output that no attorney has verified; using AI on a matter where the client has declined it. Red uses do not happen until the responsible attorney has signed off in writing. <PolicyClause title={"Sample tiered-reliance language for the policy"} context={"The operative section of a small-firm AI use policy. Adapt the bracketed fields to the firm's approved tools and practice areas. The ethics partner reviews and approves before adoption."} clause={"Permitted uses (proceed). Authorized users may use [approved tools] without additional\nreview for: internal research starting points, summaries of public documents, document\nformatting, and first-pass issue identification, provided no AI-generated text is delivered\nto a client or a tribunal without review under the next paragraph.\n\nReview-required uses (verify before reliance). Before any AI-assisted work product is used,\nfiled, or transmitted, a responsible attorney reviews it for accuracy of citations, facts,\nand reasoning, and records that the review occurred. This applies to first drafts, research\nsynthesis incorporated into deliverables, and matter-specific summaries.\n\nProhibited uses (separate sign-off required). Authorized users may not enter privileged or\nclient-confidential information into any tool not on the approved list or any tool that\ntrains on inputs; may not file or send AI-assisted work product that has not been reviewed\nunder the paragraph above; and may not use AI on a matter where the client has declined it.\n"} review_note={"Starting-point sample, not legal advice. The ethics partner adapts the tiers to the firm's tools and practice areas and approves before adoption."} /> Adapting the policy to a 5–30 attorney firm The policy is a template until someone makes three decisions a small firm cannot outsource. Who owns it: at a firm with no GC, the ethics partner owns the policy and the managing partner co-signs it, because Rule 5.1 puts the obligation on the partners. What is on the approved-tools list: this is the firm-owned-infrastructure decision, and it is where confidentiality is won or lost — an approved tool running in the firm's own tenant with no training on inputs satisfies Rule 1.6 in a way a personal ChatGPT account never will. How it gets adopted across uneven fluency: the partner who has read Opinion 512 and the associate who has used AI every day for a year are starting from different places, and the policy has to be legible to both. The adoption mechanic that works at small-firm scale is a single ratification sitting. The ethics partner drafts the policy against the firm's actual tool inventory, the partners review the approved-tools list and the tier boundaries in one meeting, and the policy is signed and circulated. The work that follows is training and the first review cycle, not another draft. <ProcessSteps steps={[{"title": "Inventory the AI tools already in use", "body": "Including the unsanctioned ones — the consumer accounts associates are already using. The list is usually longer than the managing partner expects, and it is the starting point for the approved-tools section."}, {"title": "Make the approved-tools decision", "body": "Decide which tools run in the firm's own tenant with no training on inputs and confirm each vendor's data-handling attestation in writing. Only approved tools touch client confidences."}, {"title": "Draft the seven sections and the three tiers", "body": "The ethics partner drafts against the firm's actual inventory and practice areas, naming the Model Rule behind each section."}, {"title": "Ratify in one partners sitting", "body": "Review the approved-tools list and the tier boundaries, sign, and circulate. One meeting, not a standing committee."}, {"title": "Train before authorizing, then review on a cadence", "body": "Every authorized user completes tool-specific training and signs an acknowledgment the firm retains. Set the review cadence — quarterly is defensible — so the policy keeps pace with the tools."}]} /> <InlineForward asset_path={"phase-7/one_pager_law_ethics_diagnostic.md"} asset_label={"the Ethics-Alignment Diagnostic one-pager"} context_sentence={"If you want the version of this policy your managing partner can hand to the malpractice carrier alongside the engagement-letter pack and the supervision protocol, the Ethics-Alignment Diagnostic one-pager (phase-7/one_pager_law_ethics_diagnostic.md) builds all three to the standard the carrier reads at renewal."} /> What the rules actually require Opinion 512 is the architecture, and two state authorities tighten it for firms with exposure in those jurisdictions. Florida bars input of confidential information to a third-party AI tool that trains on inputs without the client's informed consent (Florida Bar Ethics Opinion 24-1, January 2024), which is why the approved-tools section requires tenant isolation and no training on inputs by default. California's position on fees, the most influential in the country, is that a lawyer may not bill for time AI saved but may bill for time spent reviewing AI-assisted work product (California State Bar Practical Guidance, November 2023), which is why the verification step and the firm's time-entry discipline belong in the same policy. <RegulatorReference issuing_body={"The Florida Bar"} document_type={"Ethics Opinion"} identifier={"Florida Bar Ethics Opinion 24-1"} date={"January 2024"} title={"Generative Artificial Intelligence and Lawyer Professional Conduct"} key_excerpt={"A lawyer must obtain the affected client's informed consent prior to utilizing a third-party generative AI program if the utilization would involve the disclosure of any confidential information."} relevance={"Florida's standard is stricter than Opinion 512 on one point: it bars input of confidential information to AI tools that train on inputs. The approved-tools section of the policy carries tenant isolation and no-training-on-inputs by default, which satisfies Florida 24-1 and Opinion 512's Rule 1.6 standard in one artifact."} url={"https://www.floridabar.org/etopinions/"} />A firm that builds the approved-tools list to the stricter standard satisfies Opinion 512, Florida 24-1, and the California guidance with one policy rather than three. <EvidenceCard tier={"tier_1"} claim={"ABA Formal Opinion 512 reads six Model Rules onto generative AI use, including the Rule 5.1 and 5.3 supervision duties and the Rule 1.6 requirement that consent for AI use of client confidences be specific rather than boilerplate."} source={"ABA Formal Opinion 512, July 29, 2024 — Generative Artificial Intelligence Tools"} source_url={"https://www.americanbar.org/groups/professional_responsibility/publications/ethics_opinions/"} relevance={"A law firm AI policy that names the Model Rule behind each section is one the ethics partner can map to the Opinion and sign. A generic template that lists rules without the mapping is the one that sits unsigned for fourteen months."} /> What to do next A small firm can move from no policy to a signed one in two weeks. Week one: the ethics partner inventories the tools in use, makes the approved-tools decision, and drafts the seven sections and the three tiers against the firm's real practice. Week two: the partners ratify the policy in one sitting, training is scheduled for every authorized user, and the quarterly review cadence is set on the calendar. The firm that completes this has the artifact the carrier asks for, the rule a new associate is handed on day one, and the supervision posture Rules 5.1 and 5.3 require. For most firms the step that converts a first draft into a signable policy is an outside read of the approved-tools section and the tier boundaries, confirming the data-handling language is accurate against the vendors' attestations and the tiers hold against Opinion 512, Florida 24-1, and the California guidance. That review is part of the Ethics-Alignment Diagnostic (`phase-7/one_pager_law_ethics_diagnostic.md`), with the companion `phase-7/aba_opinion_512_alignment.md` brief the ethics partner reads first. <DecisionCTA headline={"Start with the Ethics-Alignment Diagnostic"} body={"Four to eight weeks. Fixed fee, $25K–$60K. You leave with the AI use policy, the engagement-letter language pack, the supervision protocol, and the malpractice-carrier governance summary. The AI use policy and supervision protocol are available for your ethics partner's review before you sign."} primary_action={{"label": "Book a 90-minute working session", "url": "/diagnostic/book"}} secondary_action={{"label": "Read the ethics diagnostic one-pager", "url": "/wedges/ethics-diagnostic"}} /> <RelatedArticles articles={[{"slug": "/insights/aba-opinion-512-in-practice/", "title": "ABA Formal Opinion 512 in practice: the midsize-firm playbook", "cluster": "L1"}, {"slug": "/insights/what-opinion-512-requires/", "title": "What ABA Opinion 512 actually requires of a midsize firm", "cluster": "L1.1"}, {"slug": "/insights/engagement-letter-language-ai/", "title": "Engagement-letter language for AI use: samples with commentary", "cluster": "L1.3"}, {"slug": "/insights/litigation-drafting-verification/", "title": "Litigation drafting with AI: verification for standing orders", "cluster": "L2.1"}]} /> <SourceFooter sources={[{"citation": "ABA Formal Opinion 512, July 29, 2024 — Generative Artificial Intelligence Tools", "url": "https://www.americanbar.org/groups/professional_responsibility/publications/ethics_opinions/"}, {"citation": "ABA Model Rules of Professional Conduct 1.1, 1.4, 1.6, 5.1, 5.3", "url": "https://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/"}, {"citation": "Florida Bar Ethics Opinion 24-1, January 2024", "url": "https://www.floridabar.org/etopinions/"}, {"citation": "California State Bar, Practical Guidance for the Use of Generative Artificial Intelligence in the Practice of Law, November 2023", "url": "https://www.calbar.ca.gov/"}, {"citation": "Mata v. Avianca, Inc., 22-cv-1461 (S.D.N.Y. June 22, 2023), Opinion and Order on Sanctions (Judge P. Kevin Castel)", "url": "https://storage.courtlistener.com/recap/gov.uscourts.nysd.575368/gov.uscourts.nysd.575368.54.0_4.pdf"}]} />

Article · L1.2

The law firm AI policy a small firm can sign

For: Managing partner at a 14-attorney firm By: The Engagement Principal Updated: June 20, 2026

The law firm AI policy a small firm can actually sign

The seven sections a defensible policy must cover, the tiered reliance standard the free templates omit, and the Model Rule behind each requirement.

The managing partner at a 14-attorney firm has three associates using three different AI tools, no written rule governing any of them, and a malpractice renewal questionnaire on her desk asking whether the firm has an AI use policy. The honest answer is no, which costs her a discount on the premium; the answer that overstates what the firm has in place is the kind of misstatement a carrier voids coverage over. This piece gives her the seven sections a defensible law firm AI policy must cover, the tiered reliance standard most free templates leave out, and the ethics rule behind each requirement.

A law firm AI policy is a written, firm-adopted rule governing how lawyers and staff use generative AI on client work. To be defensible it must name approved tools, protect client confidentiality, require verification before reliance, address client disclosure, assign supervision, set permitted and prohibited uses, and fix ownership and review — the duties ABA Formal Opinion 512 (July 29, 2024) reads into the Model Rules.

Why a small firm needs a written law firm AI policy even with no GC

The objection at a small firm is always the same: we are 14 lawyers, we do not have a general counsel or a CISO, and a policy feels like big-firm overhead. The supervision duty does not scale with headcount. Model Rule 5.1 makes partners responsible for measures giving reasonable assurance that every lawyer conforms to the Rules, and Model Rule 5.3 extends that responsibility to nonlawyer assistance — which Opinion 512 reads to include generative AI tools. A 14-attorney firm carries the same Rule 5.1 and 5.3 obligations as a 400-attorney firm. The difference is that the large firm has a committee to absorb the work and the small firm has a managing partner who already does three jobs.

The written policy is how a small firm discharges the supervision duty without a committee. It is the artifact that turns “we are careful with AI” into something the ethics partner can point to, the carrier can read, and a new associate can be handed on day one. Without it, the firm’s AI practice lives in the heads of whoever happens to be using the tools, which is the posture a bar inquiry or a carrier’s claims adjuster treats as no posture at all.

Why the free templates don’t survive an ethics review

Search returns a dozen free templates, and most are some version of the same generic corporate AI policy with “law firm” in the title. Two failures recur. The first: the template lists rules without naming the Model Rule each one answers to, so the ethics partner cannot map it to Opinion 512 and will not sign it. The second: the template treats AI use as binary, allowed or not allowed, when the real governance question is which uses proceed unsupervised, which require a lawyer’s pass before the output goes anywhere, and which stay off-limits without separate sign-off.

The cost of the gap is not abstract. The sanctioned conduct in the cases firms now cite is unverified AI output reaching a tribunal, not AI use itself (Mata v. Avianca, S.D.N.Y., June 22, 2023, Case No. 22-cv-1461). A policy that says “lawyers may use approved AI tools” and stops there does nothing to prevent the failure that produces the sanction. The verification discipline is the part that protects the firm, and it is the part the generic templates state weakest.

What a law firm AI policy must cover

A defensible policy covers seven sections. Each answers to a specific duty, and the policy reads better when it says so.

Approved tools and the firm-owned-infrastructure decision. Name the tools lawyers and staff may use, and require that approved tools run in a tenant-isolated environment that does not train on inputs and does not retain them beyond the matter. Consumer accounts are not on the list.
Confidentiality and client-data handling (Rule 1.6). State what may and may not be entered into an approved tool, and require the firm to hold the vendor’s data-handling attestation in writing before a tool is approved.
Verification before reliance (Rule 1.1, Comment 8). No AI output is used, filed, or sent without a responsible attorney’s review. Cite-checking and source-verification are named steps, not assumptions.
Client disclosure and consent (Rule 1.4 and the engagement letter). Set when the firm informs the client and when AI use on client confidences requires specific consent — boilerplate consent is insufficient under Opinion 512.
Supervision and named accountability (Rules 5.1 and 5.3). Name a responsible attorney for the firm’s AI use and a review chain for AI-assisted work product.
Permitted, review-required, and prohibited uses. The tiered reliance standard below — the section the generic templates collapse into a single allowed/not-allowed line.
Training, review cadence, and ownership. Name who owns the policy, how often it is reviewed, and the training every authorized user completes before they touch an approved tool.

The tiered reliance standard most templates skip

The section that does the real work is the one that draws the boundary between what AI may do on its own and what a lawyer must touch before the output moves. A flat “approved for legal research” line does not draw it. Three tiers do.

Green — proceed. Low-risk uses on approved tools that produce no client-facing work product on their own: internal research starting points, summarizing public filings, reformatting, first-pass issue spotting. The lawyer uses the output as input to their own work.

Yellow — review before reliance. Uses that feed client work product: first drafts of motions or contract language, research synthesis that enters a deliverable, deposition-preparation summaries. A named attorney verifies the output — citations, facts, reasoning — before it is used, filed, or sent.

Red — prohibited without separate sign-off. Entering privileged or carved-out client information into a tool that is not approved or that trains on inputs; filing or sending AI output that no attorney has verified; using AI on a matter where the client has declined it. Red uses do not happen until the responsible attorney has signed off in writing.

Sample clause

Sample tiered-reliance language for the policy

The operative section of a small-firm AI use policy. Adapt the bracketed fields to the firm's approved tools and practice areas. The ethics partner reviews and approves before adoption.

Permitted uses (proceed). Authorized users may use [approved tools] without additional
review for: internal research starting points, summaries of public documents, document
formatting, and first-pass issue identification, provided no AI-generated text is delivered
to a client or a tribunal without review under the next paragraph.

Review-required uses (verify before reliance). Before any AI-assisted work product is used,
filed, or transmitted, a responsible attorney reviews it for accuracy of citations, facts,
and reasoning, and records that the review occurred. This applies to first drafts, research
synthesis incorporated into deliverables, and matter-specific summaries.

Prohibited uses (separate sign-off required). Authorized users may not enter privileged or
client-confidential information into any tool not on the approved list or any tool that
trains on inputs; may not file or send AI-assisted work product that has not been reviewed
under the paragraph above; and may not use AI on a matter where the client has declined it.

Starting-point sample, not legal advice. The ethics partner adapts the tiers to the firm's tools and practice areas and approves before adoption.

Adapting the policy to a 5–30 attorney firm

The policy is a template until someone makes three decisions a small firm cannot outsource. Who owns it: at a firm with no GC, the ethics partner owns the policy and the managing partner co-signs it, because Rule 5.1 puts the obligation on the partners. What is on the approved-tools list: this is the firm-owned-infrastructure decision, and it is where confidentiality is won or lost — an approved tool running in the firm’s own tenant with no training on inputs satisfies Rule 1.6 in a way a personal ChatGPT account never will. How it gets adopted across uneven fluency: the partner who has read Opinion 512 and the associate who has used AI every day for a year are starting from different places, and the policy has to be legible to both.

The adoption mechanic that works at small-firm scale is a single ratification sitting. The ethics partner drafts the policy against the firm’s actual tool inventory, the partners review the approved-tools list and the tier boundaries in one meeting, and the policy is signed and circulated. The work that follows is training and the first review cycle, not another draft.

Inventory the AI tools already in use

Including the unsanctioned ones — the consumer accounts associates are already using. The list is usually longer than the managing partner expects, and it is the starting point for the approved-tools section.
Make the approved-tools decision

Decide which tools run in the firm's own tenant with no training on inputs and confirm each vendor's data-handling attestation in writing. Only approved tools touch client confidences.
Draft the seven sections and the three tiers

The ethics partner drafts against the firm's actual inventory and practice areas, naming the Model Rule behind each section.
Ratify in one partners sitting

Review the approved-tools list and the tier boundaries, sign, and circulate. One meeting, not a standing committee.
Train before authorizing, then review on a cadence

Every authorized user completes tool-specific training and signs an acknowledgment the firm retains. Set the review cadence — quarterly is defensible — so the policy keeps pace with the tools.

What the rules actually require

Opinion 512 is the architecture, and two state authorities tighten it for firms with exposure in those jurisdictions. Florida bars input of confidential information to a third-party AI tool that trains on inputs without the client’s informed consent (Florida Bar Ethics Opinion 24-1, January 2024), which is why the approved-tools section requires tenant isolation and no training on inputs by default. California’s position on fees, the most influential in the country, is that a lawyer may not bill for time AI saved but may bill for time spent reviewing AI-assisted work product (California State Bar Practical Guidance, November 2023), which is why the verification step and the firm’s time-entry discipline belong in the same policy.

A firm that builds the approved-tools list to the stricter standard satisfies Opinion 512, Florida 24-1, and the California guidance with one policy rather than three.

What to do next

A small firm can move from no policy to a signed one in two weeks. Week one: the ethics partner inventories the tools in use, makes the approved-tools decision, and drafts the seven sections and the three tiers against the firm’s real practice. Week two: the partners ratify the policy in one sitting, training is scheduled for every authorized user, and the quarterly review cadence is set on the calendar. The firm that completes this has the artifact the carrier asks for, the rule a new associate is handed on day one, and the supervision posture Rules 5.1 and 5.3 require.

For most firms the step that converts a first draft into a signable policy is an outside read of the approved-tools section and the tier boundaries, confirming the data-handling language is accurate against the vendors’ attestations and the tiers hold against Opinion 512, Florida 24-1, and the California guidance. That review is part of the Ethics-Alignment Diagnostic (phase-7/one_pager_law_ethics_diagnostic.md), with the companion phase-7/aba_opinion_512_alignment.md brief the ethics partner reads first.