Your Lawyers Are Already Using AI. Does Your Firm Have a Policy?

Imagine a law firm a century ago discovering that some of its more industrious lawyers were using electric lights to work later into the evening. A cautious managing partner might have worried about fire risks, expense, distraction, or whether the younger lawyers were becoming a little too fond of this new technology.

But a stern memo banning electricity would have missed the point.

The serious question was not whether lawyers should be allowed to use electricity. The serious question was how the firm would use a powerful new tool safely, consistently, and productively.

A century later, law firms are facing a similar question about generative AI.

More than two out of three lawyers, 69%, report using generative AI in their work.¹ The number has more than doubled from the previous year. So your lawyers are almost certainly already using AI. And if they are not using it today, they probably will be soon.

The surprising part is not that lawyers are using AI. The surprising part is how often they are using it without a formal policy. Forty-three percent of respondents said their firm has no formal policy governing AI use.²

That is the uncomfortable combination: widespread use, uneven supervision, and no shared rules.

The danger is not that lawyers will use AI. The danger is that lawyers will use AI informally, inconsistently, and without a clear understanding of what the firm permits, prohibits, and requires.

That is why every law firm needs an AI policy. This document provides a starter AI Policy for Texas law firms.

The wrong policy: “No AI”

A century ago, no one could have predicted all the ways electricity would reshape law practice. Electric lights made it easier to work after dark. Telephones changed client communication. Computers, email, cloud storage, and video calls eventually changed nearly every part of modern legal work.

Electricity also created risks. It required wiring, safety rules, new habits, and new expectations. But a law firm that responded by banning electricity would not have been prudent. It would have been obsolete.

Generative AI is not electricity. The analogy only goes so far. But it raises the right question. When a powerful new technology enters law practice, the serious answer is usually not reflexive prohibition. The serious answer is governance.

It is tempting, in the face of a new technology, to simply ban it. But a blanket ban on AI may disserve clients if it prevents lawyers from using tools that can save time and money when used carefully. Texas Opinion 705 captures the point directly:

Rule 1.01 almost certainly does not require the use of generative AI for any particular purpose in the practice of law, especially at the present moment where the technology is still developing and the cost-benefit analysis remains somewhat unclear. Still, lawyers should not “unnecessarily retreat[] from the use of new technology that may save significant time and money for clients.”³

That is the right balance. Texas lawyers are not required to use every new AI tool that appears. But they also should not pretend that refusing to learn the technology is the same thing as protecting clients.

Imagine a law firm today refusing to communicate by email or phone. Or requiring every lawyer to draft documents on a mechanical typewriter instead of a computer. Clients would not view that as charming caution. They would view it as inefficiency.

The same principle applies to AI. Lawyers do not need to be early adopters of every tool. But they do need to understand the benefits and risks of relevant technology well enough to make competent decisions about when to use it, when to forbid it, and when to require safeguards. Lawyers have a duty of "technological competence" to "strive to become and remain proficient and competent in the practice of law, including the benefits and risks associated with relevant technology.”⁴

ABA Opinion 512 is very blunt:

It is conceivable that lawyers will eventually have to use [generative AI] to competently complete certain tasks.⁵

That is why “No AI” is the wrong policy. It sounds safe, but it avoids the harder question: how can the firm use AI in ways that protect clients, improve work product, and preserve professional judgment?

The wrong policy: “Use good judgment”

At the opposite extreme, a firm might tell lawyers to use generative AI as they see fit. Be careful. Use good judgment. Do not do anything foolish.

In other words: no policy at all.

That sounds flexible, but it is not governance. Given the current state of AI, it leaves too many important decisions to individual lawyers, legal assistants, and staff members who may be using different tools, different accounts, different settings, and different assumptions about what the technology is doing.

To return to the electricity analogy, this is like installing electric lights with exposed wiring and telling everyone to be careful. If the default setup creates a serious risk of electrocution, “use good judgment” is not enough. You need guardrails.

We've all read the headlines. In 2025, the New York Times reported on a lawyer who filed a motion in a Texas bankruptcy court that cited a 1985 case called Brasher v. Stewart.⁶ Unfortunately, the case did not exist. An AI hallucinated the citation and the judge blasted the lawyer and referred him to the Texas bar disciplinary committee. This case is hardly unique. There are databases full of AI hallucinations in law such as the (appropriately named) Damien Charlotin database.⁷

Hallucinations are not the only danger. Texas Opinion 705 is direct about the confidentiality risk:

Some of the greatest risks posed by the unthinking use of generative AI relate to confidentiality of client information.⁸

That sentence should get the attention of any managing partner.

Using a consumer tool like ChatGPT, a lawyer may be one bad setting away from exposing confidential client information to future AI models or allowing one client’s facts to bleed into another client’s workspace. These consumer tools were not designed to protect confidentiality by default.

That is exactly why “use good judgment” is not enough. A lawyer cannot exercise good judgment about a tool the firm has not evaluated, a setting the lawyer has not checked, or a confidentiality risk the lawyer does not understand.

A law firm AI policy should not merely say, “Be careful.” It should answer the questions lawyers are already facing: Which tools may I use? What information may I enter? What outputs must I verify? When must I disclose AI use? And who approves exceptions?

That is the difference between trusting lawyers and abandoning them to guesswork.

Texas Generative AI Starter Policy

The starter policy described in this section is designed for Texas law firms that want to use generative AI without relying on vague instructions like “use good judgment.” It gives firms a practical starting point for deciding which AI tools may be used, how client information should be protected, when human review is required, and how AI use should be supervised.

The policy is based primarily on Texas Ethics Opinion 705, which applies existing Texas professional-responsibility duties to generative AI in legal practice. It is also informed by the State Bar of Texas’s sample AI acceptable-use policy for law firms. Opinion 705 supplies the ethical foundation. The State Bar sample policy supplies a practical starting point for turning those duties into day-to-day firm rules.

This is not a one-size-fits-all document. Each firm should revise the policy to reflect its practice areas, approved tools, client data, court obligations, billing arrangements, and risk tolerance.

The next section, Law Firm Generative AI Policy, provides a short version of the policy that can be shared with lawyers, staff, contractors, and other members of the firm. It is intentionally concise and does not include commentary or justification. You can download a PDF version by scrolling to the end of this article.

The Commentary section explains the reasoning behind each provision, including their grounding in Texas Opinion 705.

Starter Generative AI Policy for Texas Law Firms

Scope. This policy applies to any AI tool or AI feature used for Firm work, including tools built into research, drafting, email, document, browser, intake, and practice-management software.

Approved Tools. Do not use ChatGPT, Claude, Gemini, Microsoft Copilot Chat, Perplexity, or similar general-purpose AI tools for Firm work. Use only AI tools approved by the Firm for the specific task. Client or matter information must not be entered into any AI tool unless the Firm has approved the tool for that specific use. Approved tools must be designed to protect client confidentiality, keep client matters separate, restrict access to authorized users, and preserve lawyer review.

Lawyer Review. AI output is a draft, not authority. The responsible lawyer must verify all citations, quotations, facts, calculations, and legal conclusions before any AI-assisted content is sent, shared, filed, or relied on. Every AI-assisted client document, filing, and external legal communication must have a responsible lawyer.

Client Disclosure and Consent. As a Firm practice, the Firm will disclose its use of generative AI to clients and obtain client consent before using generative AI in a client matter. Consent may be obtained in the engagement agreement or through matter-specific written consent. The disclosure should explain, in plain language, how generative AI may be used, that client or matter information will be entered only into approved tools, what safeguards the Firm uses to protect confidentiality, and that a lawyer remains responsible for the final work product.

Court Disclosure and Certification. Before filing any AI-assisted document, the responsible lawyer must check all applicable court rules, local rules, standing orders, judge-specific procedures, agency rules, and forum requirements. The responsible lawyer must make any required AI disclosure and file any required certification concerning AI use, lawyer review, or verification of citations, quotations, legal analysis, factual assertions, and record references. If disclosure or certification is not required, the lawyer must not include one unless the lawyer determines that doing so is appropriate under the circumstances and consistent with the client’s interests.

Billing. Bill only for time actually spent using, reviewing, correcting, or verifying AI-assisted work. Do not bill for time saved by AI. Do not bill a client to learn a Firm AI tool. Treat general AI subscriptions as Firm overhead unless the client has agreed otherwise and the expense is actually incurred for the matter.

Training and Incidents. No one may use AI for Firm work until trained, and training must be refreshed at least annually. Report any unauthorized use, suspected confidentiality breach, security incident, or AI-generated false authority immediately, especially if the false authority was used, shared, filed, or nearly used without correction.

Firm Administration. The Firm will maintain the approved-tools list, including approved uses for each tool. The Firm may update this policy and the approved-tools list as technology, ethics rules, court requirements, and Firm needs change.

Commentary

A policy is only useful if people understand the judgment behind it. The starter policy above is built around a simple idea: do not leave AI risk to individual guesswork. The guidelines draw primarily from Texas Opinion 705, with additional support from ABA Opinion 512, court disclosure rules, sanctions cases, and the technical realities of generative AI. What follows is the thinking behind each rule.

Approved Tools

Texas Opinion 705 gets straight to the point: “Some of the greatest risks posed by the unthinking use of generative AI relate to confidentiality of client information.”⁹

That is why the starter policy begins with a blunt rule: do not use general-purpose AI tools for firm work.

ChatGPT, Claude, Gemini, Microsoft Copilot Chat, and Perplexity are impressive tools. They are also general-purpose consumer tools. They were not built around the way law firms manage client matters. They do not, by default, enforce the rules a law firm needs: matter separation, approved access, confidentiality controls, lawyer review, and clear limits on what information may be entered.

The problem is not that lawyers want to chat with AI. Chat may be the right interface. The problem is that, without an approved firm tool, each lawyer is forced to improvise. One lawyer uses a personal ChatGPT account. Another uses a browser extension. A third turns on memory or project settings without understanding what they do. That is how client information starts moving through systems the firm has not approved, configured, or supervised.

That is exposed wiring.

The answer is not to avoid generative AI. The answer is to stop treating consumer chatbots as law firm infrastructure.

A law firm’s value is not generic. It lives in the firm’s workflows, templates, drafting conventions, client expectations, litigation strategy, risk tolerance, and accumulated judgment. A general-purpose chatbot does not know any of that. It gives every firm the same blank box.

That may be fine for brainstorming a vacation itinerary. It is not how a law firm should manage client work.

A better approach is to give lawyers a firm-controlled AI tool built around the way the firm actually practices law. It might look simple, even familiar: a box where the lawyer asks questions, uploads documents, and receives a draft response. But behind that simple interface, the tool can enforce the firm’s rules. It can keep matters separate. It can restrict access. It can remove unnecessary memory features. It can use the firm’s preferred templates. It can guide lawyers through the firm’s own workflows. It can remind the lawyer what must be verified before the output is used.

The point is not to make AI more complicated. The point is to make it less generic.

This is not a moonshot. A basic firm-controlled AI tool is often a straightforward programming project. The hard part is not making AI respond to a prompt. The hard part is deciding what the tool should know about your firm’s work: what documents matter, what steps lawyers follow, what outputs are useful, what information must be protected, and where lawyer judgment must enter the process.

The point is simple: lawyers should not have to become experts in AI account settings before they can use AI safely. A law firm should build the safe path, require lawyers to stay on it, and use that path to capture what makes the firm valuable: its workflows, judgment, templates, standards, and way of practicing law.

Lawyer Review

Generative AI does not sign pleadings. Lawyers do.

That is the first rule of AI-assisted legal work. A lawyer remains responsible for every document, argument, citation, factual assertion, and client communication that leaves the firm. If a brief contains a hallucinated case, the problem is not that the AI made something up. The problem is that a lawyer used it.

Texas Opinion 705 makes this explicit:

…lawyers cannot blindly rely upon or use answers given by generative AI tools. Lawyers who rely on generative AI for research, drafting, and communication risk many of the same perils as those who rely on inexperienced or overconfident nonlawyer assistants.¹⁰

That comparison is useful. Generative AI is like an eager junior assistant with no fear, no professional license, no memory of the last mistake, and a dangerous talent for sounding right. It can produce useful work. It can also produce nonsense in the tone of a federal judge.

That is what makes AI dangerous. Bad output does not always look bad. A hallucinated citation may be formatted correctly. A false procedural rule may sound plausible. A distorted summary may read smoothly. Generative AI does not always fail loudly. Sometimes it fails with confidence.

That is why lawyer review cannot be a quick glance before filing. The responsible lawyer must verify the parts that matter: citations, quotations, factual assertions, calculations, procedural rules, record references, and legal conclusions. AI output is a draft, not authority.

This is also another reason to avoid general-purpose AI tools for firm work. Consumer chatbots are built to provide quick answers. Law firm tools should be built to slow the lawyer down at the right moments. A good AI workflow should force verification where verification matters. It should make the lawyer check the citation, confirm the quotation, inspect the source document, and decide whether the draft is legally sound.

The goal is not just speed. Speed without verification is how a firm files a fake case with a real signature on it.

The goal is better work: faster first drafts, better organized facts, more consistent workflows, and a review process that keeps the lawyer where the lawyer belongs, in control of the final judgment.

Client Disclosure and Consent

The Client Disclosure and Consent guideline is intentionally framed as a firm best practice, not as a claim that Texas law requires disclosure and consent for every use of generative AI.

Texas Opinion 705 does not impose a blanket rule requiring lawyers to disclose every use of generative AI or obtain client consent before every AI-assisted task. Its language is more cautious:

If a lawyer intends to use confidential information in conjunction with generative AI tools, the lawyer should consider informing clients about the associated risks and may need to secure client consent.¹¹

That is not the same as saying every AI use requires client consent. But it is also not a green light to stay silent.

For a law firm, the cleaner practice is to tell clients up front. Disclosure can usually be handled in the engagement agreement: the firm may use approved generative AI tools to assist with legal work, client information will be entered only into approved systems, lawyers remain responsible for the final work product, and the firm uses safeguards to protect confidentiality.

This approach avoids forcing lawyers to decide, matter by matter and prompt by prompt, whether a particular AI use has crossed the line into required disclosure. It also avoids the awkward conversation that begins, “We have been using AI on your matter and now need to discuss consent.”

ABA Opinion 512 is stricter on this point for self-learning generative AI tools:

Accordingly, because many of today’s self-learning GAI tools are designed so that their output could lead directly or indirectly to the disclosure of information relating to the representation of a client, a client’s informed consent is required prior to inputting information relating to the representation into such a tool.¹²

Texas lawyers may not treat ABA Opinion 512 as binding. But they should not ignore the practical lesson: if client information is going into a generative AI system, the client should understand the firm’s use of the technology and the safeguards around it.

The best policy is simple: tell clients before AI use becomes an issue. Get consent before it becomes a dispute.

Court Disclosure and Certification

The safest rule is simple: check the forum before filing.

The Northern District of Texas now has a specific local rule for generative AI.¹³ Local Rule 7.2(f) provides that a brief prepared using generative AI must say so on the first page under the heading “Use of Generative Artificial Intelligence.” If the presiding judge directs, the filing party must also identify the specific parts prepared using generative AI. The rule also has teeth: if a brief does not contain the required disclosure, the filing party certifies that no part of the brief was prepared using generative AI.

That is a disclosure rule. But some AI rules go further. They are certification rules.

A disclosure rule asks: Did you use generative AI?

A certification rule asks: If you used generative AI, did a human being check the work before it reached the court?

Judge Brantley Starr’s judge-specific certificate is a good example.¹⁴ The certificate requires counsel to certify either that no portion of any filing will be drafted by generative AI, or that any AI-drafted language, including quotations, citations, paraphrased assertions, and legal analysis, will be checked for accuracy using print reporters or traditional legal databases before submission to the court. The certificate also makes clear that the signing attorney remains responsible for the filing regardless of whether generative AI drafted any portion of it.

That is the real lesson. Courts are not merely worried that lawyers might use AI. Courts are worried that lawyers will use AI and then forget that a lawyer’s signature still means something.

So the firm policy should not say only, “disclose when required.” It should say: before filing, check whether the court, judge, agency, or forum requires an AI disclosure, an AI certification, or both.

The lawyer’s duty is not satisfied by saying, “The AI did it.” The court is not sanctioning the software. It is sanctioning the lawyer who filed the document.

Billing

This one is simple, at least in principle. If a lawyer bills by the hour and generative AI saves five hours, the lawyer cannot bill the client for the five hours that were not worked.

Texas Opinion 705 says it directly:

“A lawyer may not, however, charge hourly fees for the time that was ‘saved’ by using the generative AI program.”¹⁵

That sentence should end the debate. AI may make the lawyer faster. It does not create imaginary billable time.

But the issue is not only overbilling. Generative AI also creates new categories of real work: preparing the prompt, reviewing the output, correcting errors, checking citations, confirming facts, revising the draft, and deciding whether the final work product is good enough to use. That time may be billable if it is reasonable, necessary, and consistent with the fee agreement.

The policy therefore draws a clean line. Bill for the time actually spent using, reviewing, correcting, and verifying AI-assisted work. Do not bill for time saved by AI.

There is also a practical business lesson here. If generative AI makes some legal work dramatically faster, firms should not try to preserve the old economics by pretending the work took longer than it did. That is not an AI strategy. That is a billing problem waiting to become an ethics problem.

Firms may need to rethink pricing for some AI-assisted work. Flat fees, task-based fees, subscription arrangements, or value-based pricing may make more sense for work that can now be completed faster and more consistently. But whatever pricing model the firm chooses, the client should not be charged for fictional hours.

The safest rule is the simplest one: bill for real work, not vanished time.

Training and Incidents

A lawyer does not need to understand transformer architecture to use generative AI, any more than a driver needs to understand fuel injection to drive a car.

But the driver does need to know what the warning lights mean.

That is the point of AI training. The goal is not to turn lawyers into software engineers. The goal is to teach lawyers where generative AI is useful, where it is dangerous, and where it tends to fail with a straight face.

Generative AI is especially treacherous because its mistakes often arrive dressed as competence. A bad search result looks bad. A blank page looks blank. But a hallucinated case citation can look perfectly respectable. A false quote can sound like the language of a real opinion. A summary can be wrong in exactly the calm, fluent tone that makes a busy lawyer trust it.

Training should make lawyers slower at the right moments.

They should know not to paste client information into unapproved tools. They should know that “memory” and “project” settings matter. They should know that AI-generated citations must be checked against real legal databases. They should know that a confident answer is not the same thing as a verified answer. They should know that if they cannot explain how they verified the output, they are not ready to use it.

Annual refresher training is not bureaucratic decoration. The tools are changing too quickly. A safe setting today may move tomorrow. A feature that looks harmless may become a retention problem. A court that had no AI rule last year may have one now. In this area, stale knowledge becomes risk.

The incident-reporting rule matters for the same reason. If someone used an unapproved tool, exposed client information, relied on a fake citation, or nearly filed AI-generated nonsense, the firm needs to know. Not to stage a public hanging. To fix the system.

A near miss is not something to hide. It is the cheapest warning a firm will ever get.

That is why the policy requires immediate reporting of unauthorized use, suspected confidentiality breaches, security incidents, and AI-generated false authority, especially if the false authority was used, shared, filed, or nearly used without correction.

A firm that hides AI mistakes will repeat them. A firm that studies them will build better tools, better training, and better guardrails.

The point is simple: AI competence is not a certificate. It is a habit of supervised skepticism.

Conclusion

A good AI policy should not be a brake on innovation. It should help lawyers produce better work, faster, with fewer avoidable mistakes.

The real danger is not that lawyers will use AI. They already are. The danger is that they will use generic tools, on personal accounts, with unclear settings, no matter separation, uneven review, and no shared understanding of what the firm permits.

That is not a technology strategy. It is accumulating risk.

The better path is to build AI use around the firm’s own standards. The right tools should protect confidential information by default. They should keep matters separate. They should force verification where verification matters. They should make it easier for lawyers to follow the firm’s ethics, workflows, templates, and judgment.

Software is not just a tool. In a law firm, software becomes a way of practicing law.

That is why an AI policy matters. It tells lawyers not only what they may not do, but what kind of firm they are building: one that uses new technology carefully, competently, and in service of better client work.

The goal is not less AI. The goal is better AI, inside better workflows, under lawyer control.

Download Law Firm Generative AI Policy PDF

Footnotes

1. 8am, 2026 Legal Industry Report, at PDF p. 13 (2026) (registration required). ↩

2. 8am, 2026 Legal Industry Report, at PDF p. 24 (2026) (registration required). ↩

3. State Bar of Texas Professional Ethics Committee, Opinion No. 705, at 2 (Feb. 2025). ↩

4. State Bar of Texas Professional Ethics Committee, Opinion No. 705, at 2 (Feb. 2025). ↩

5. ABA Standing Committee on Ethics and Professional Responsibility, Formal Opinion 512, at PDF p. 5 (July 29, 2024). ↩

6. The New York Times, “Vigilante Lawyers Expose the Rising Tide of A.I. Slop in Court Filings” (Nov. 2025). ↩

7. Damien Charlotin, AI Hallucination Cases Database, DamienCharlotin.com. ↩

8. State Bar of Texas Professional Ethics Committee, Opinion No. 705, at 2 (Feb. 2025). ↩

9. State Bar of Texas Professional Ethics Committee, Opinion No. 705, at 2 (Feb. 2025). ↩

10. State Bar of Texas Professional Ethics Committee, Opinion No. 705, at 5 (Feb. 2025). ↩

11. State Bar of Texas Professional Ethics Committee, Opinion No. 705, at 4 (Feb. 2025). ↩

12. ABA Standing Committee on Ethics and Professional Responsibility, Formal Opinion 512, at PDF p. 7 (July 29, 2024). ↩

13. Northern District of Texas, Local Civil Rule 7.2(f), Disclosure of Use of Generative Artificial Intelligence (effective Sept. 2, 2025). ↩

14. Judge Brantley Starr, Certificate Regarding Judge-Specific Requirements, U.S. District Court for the Northern District of Texas, Dallas Division (requiring counsel to certify either that no portion of any filing will be drafted by generative AI or that AI-drafted language will be checked for accuracy before submission). ↩

15. State Bar of Texas Professional Ethics Committee, Opinion No. 705, at 5 (Feb. 2025). ↩