nerdster.ai
← All insights

Sector playbooks

SRA-compliant AI for law firms: what is allowed, what is not

The SRA hasn’t banned AI. It expects the same things it always has: confidentiality, competence and supervision. Here’s how to use AI in a firm without crossing any of them.

June 2026 · 6 min read

The short version

  • AI is allowed in SRA-regulated firms, confidentiality and competence are the conditions.
  • The risk is free tools that train on what you paste. Private, contracted tools remove it.
  • Fee-earners can safely use AI for first drafts and review; a solicitor still owns the output.

Most managing partners we meet are stuck between two fears: fee-earners quietly using consumer AI on client matters, or banning AI and watching the firm fall behind. Neither is necessary. The SRA’s position is workable once you separate the tool from the duty.

Is AI even allowed?

Yes. There’s no SRA rule against AI. What stays firmly in place is your duty of confidentiality under Code of Conduct Rule 6, your duty of competence, and proper supervision. AI can draft; a solicitor still owns the advice.

Where the real risk is

It isn’t “AI” in the abstract. It’s a fee-earner pasting a client’s confidential documents into a free tool that may use them to train future models. That single habit is the confidentiality breach most firms don’t know they’re running.

What’s safe, what’s not

  • Safe: approved, private tools that are contracted not to train on or retain your data, used for first drafts, summaries and document review, with a solicitor reviewing the output.
  • Not safe: free public tools for anything touching client data; treating AI output as final without review; “shadow” tools no one has approved.

For firms that can’t put client data in the cloud at all

A private, on-premise deployment (sometimes air-gapped) runs the same drafting and review workflows entirely inside your network, so client files never leave the building. That’s the route for the most confidentiality-sensitive matters.

Getting your firm there

Three steps: name the approved tools, write a one-page AI policy fee-earners will actually follow, and make sure your IT and engagement terms reflect it. It’s the same governance every regulated firm needs, applied to your matters.

We work directly in SRA contexts and build the workflows around how your fee-earners actually operate. Our 90-minute audit tells you, in plain English, which uses are worth it and how to keep the regulator comfortable. Book a call to talk it through.

Frequently asked

Are law firms allowed to use AI?

Yes. The SRA does not ban AI. Your existing duties apply: client confidentiality (Code of Conduct Rule 6), competence, and supervision. A qualified person remains responsible for the work.

Can we put client documents into ChatGPT?

Not into a public, free tool that may train on your data, that risks a confidentiality breach. Use a tool contracted not to train on or retain your data, or an on-premise / private deployment.

What is the safest way for fee-earners to use AI?

For first-pass drafting, summarising and document review, with a solicitor reviewing and approving the output, and only through approved, private tools listed in your AI policy.

Want this sorted, properly?

Our 90-minute audit leaves you with a one-page action list: three things AI should be doing, what it will cost and what it will save. Keep the report either way.

Book a call More insights