The profession is moving faster than the rules
Legal practitioners across Australia are adopting AI tools at pace — for legal research, document drafting, contract review, and client communication. The Australian Solicitors' Conduct Rules (ASCR) haven't been updated specifically for AI, but several existing obligations apply directly to how lawyers use these tools. Getting this wrong creates disciplinary risk, professional indemnity exposure, and the potential for serious client harm.
This guide doesn't provide legal advice — it translates the existing regulatory framework into practical steps for law firms using AI.
Competence (ASCR Rule 4)
Rule 4 requires solicitors to act with competence. Competence in the context of AI has two dimensions: competence in the use of the tool itself, and competence in reviewing the tool's output.
AI tools — including the most sophisticated large language models — hallucinate. They generate plausible-sounding but incorrect information, including fabricated case citations, misquoted statutes, and invented legal principles. Submitting AI-generated content to a court or relying on it in client advice without independent verification is a competence failure — regardless of whether it was generated by an AI tool or a junior solicitor.
In practice: establish a firm-wide requirement that all AI-generated legal content is verified against primary sources before use. This isn't different from supervision requirements for junior staff — it's the same standard applied to a different kind of output.
Supervision (ASCR Rule 37)
Rule 37 requires principals to ensure the work of their firm is properly supervised. AI tools are not supervised staff — they don't exercise judgment, and their outputs reflect statistical patterns rather than legal reasoning. A supervising principal cannot discharge their supervision obligations by reviewing AI output without understanding how that output was generated.
In practice: treat AI as a tool that assists supervised work, not as a substitute for it. The solicitor using the tool — and the principal supervising them — remains responsible for the work product.
Confidentiality (ASCR Rule 9)
Rule 9 imposes strict confidentiality obligations on solicitors in relation to client information. Entering client information into an AI tool raises significant confidentiality questions, particularly where:
- The tool is a consumer-tier product that may use inputs for training
- The vendor is overseas and not subject to a data processing agreement
- The tool's terms permit human review of inputs
In practice: only use AI tools for client work that meet enterprise standards — no training on your data, contractual confidentiality protections, and data processing agreements in place. Free-tier tools should not be used with client information.
Disclosure obligations
Whether solicitors are required to disclose AI use to clients is an evolving area. Some jurisdictions overseas have introduced explicit disclosure requirements. In Australia, while there is no current rule requiring disclosure, the duty of candour and the obligation to act in the client's best interests create a strong basis for disclosure where AI use is material to the work product — particularly where it affects cost, timing, or quality.
Many firms are proactively including AI use disclosures in their engagement letters and matter-specific communications. This is prudent practice that builds client trust and reduces the risk of a later dispute about undisclosed AI use.
Practical checklist for law firms:
✓ AI Acceptable Use Policy that covers approved tools and prohibited uses with client data
✓ Verification requirement for all AI-generated legal content
✓ Enterprise-tier AI tools only for client work, with DPAs in place
✓ Supervision framework that treats AI output like junior staff work product
✓ AI use disclosure in engagement letters or standard terms
Professional indemnity considerations
AI-related claims are emerging in professional indemnity contexts overseas, and Australian insurers are beginning to ask about AI use in policy renewals. Firms that cannot demonstrate governance arrangements around AI use may face coverage questions if an AI-related error leads to a claim.
Review your PI policy and speak to your broker about whether AI use is covered, whether any exclusions apply, and what governance documentation you should maintain.
Getting your house in order
The firms that will manage AI risk well are the ones that treat it like any other practice management issue: with clear policies, documented procedures, and accountability for compliance. That means an AI Acceptable Use Policy, an AI Register documenting approved tools, training for all staff who use AI, and a process for staying current as both the tools and the rules evolve.
Get your AI governance pack
A complete, tailored set of AI governance documents for your Australian business — ready in minutes.