Regulation of the Use of Generative Artificial Intelligence Tools in the Delivery of Legal Services: Verification and Accountability
Article
Regulation of the Use of Generative Artificial Intelligence Tools in the Delivery of Legal Services: Verification and Accountability
Article
Regulation of the Use of Generative Artificial Intelligence Tools in the Delivery of Legal Services: Verification and Accountability

Abstract

Use of generative artificial intelligence (“generative AI”) by those delivering legal services presents challenges including preservation of confidentiality, verification, and accountability. State-level and federal agency guidance in the United States often requires lawyers using generative AI to ensure that the way the platform, system, or tool is handling and transmitting their prompts and other inputs does not compromise the confidentiality of information gained during representation of a client. It is virtually impossible, however, for a lawyer to obtain the access to the technology provider’s proprietary information about the algorithms and operation of the LLMs that would be needed to comply with that level of diligence regarding the operation of the technology. Even guidance which requires only that lawyers take “reasonable steps” does not specify what attainable level of diligence in a lawyer’s investigation of a vendor’s cybersecurity practices, handling of user inputs, and data privacy commitments for the generative AI the lawyer is using will be regarded as sufficiently rigorous. In response to this issue, this Article explains why regulators are better positioned than lawyers to assess cybersecurity and to conduct investigations of the operations of generative AI products. Working with non-profit organizations or consultants with technical expertise, regulators can accomplish the desired level of assessment of the security of data input when generative AI is used in providing legal services. Additionally, this Article highlights how the current lack of a comprehensive set of federal regulatory requirements addressing the operation of generative AI contributes to the difficulty of performing adequate assessment of generative AI platforms, systems, and tools. Recognizing the limitations of the current guidance for attorneys practicing in the United States, this Article proposes a course of action addressing data confidentiality concerns while placing the burden of due diligence on those best positioned to adequately investigate—those who regulate the delivery of legal services.

Keywords

AIConfidentiality, LegalEthics, RegulationOfAI

Download

Download PDF
View PDF

Share

Authors

Carol A. Needham (Saint Louis University)

Download

Issue

Publication details

Pages 184-211

Dates

Accepted 2025-03-24
Published 2025-03-24

Licence

Creative Commons Attribution-NonCommercial-NoDerivs 4.0

File Checksums (MD5)

  • PDF: d6bdb1ae3c57d021d7512419adfd1322