INTRODUCTION
Artificial Intelligence has rapidly transitioned the legal profession everywhere, thereby offering law professionals with powerful tools for research, contract review, and document analysis. However, this technological revolution has created a troubling paradox: the very tools that lawyers use to enhance efficiency simultaneously breach the duty of client confidentiality that forms the foundation of legal practice. This article aims to examines how the use of AI in legal practice gives rise to an inherent conflict between technological advancement and preservation of attorney-client privilege.
Attorney-client privilege, applicable across countries, ensures that communications between lawyers and clients remain confidential. The law relating to this privilege in India can be seen in Section 126 of the Indian Evidence Act, 1872 [Bharatiya Sakshya Adhiniyam, 2023(BSA), Sec. 132]. It places a legal obligation on advocates to ensure the confidentiality of any matter related to their clients.
Similar provisions have been made internationally in laws such as the American Bar Association’s Model Rule 1.6. However, there is an irony here. When attorneys enter client information into the system, especially in a cloud-based generative AI system, for clarity or context checking purposes, this very privacy of attorney-client privilege is compromised.
HOW AI SYSTEMS PLAY WITH CONFIDENTIALITY
Generative AI tools that include large language models like ChatGPT, operate by processing user inputs through cloud-based servers. When lawyers put in confidential client information, case details, or privileged documents into these platforms, several risks form.
Firstly, AI tools often store user input for training purposes. A 2023 study examining AI ethics in legal practice found that privacy and confidentiality risks are paramount because AI tools often store user input to form a feedback loop thus making it risky to enter sensitive or confidential information into such models. This storage can lead to unauthorized access or misuse of legally protected data.
Secondly, the third-party nature of AI service providers creates a privilege waiver risk. Under both Indian and global law principles, sharing confidential communications with third parties destroys attorney-client privilege. The International Bar Association noted in 2025 that the act of sharing information to a third party is enough to destroy this privilege, unless the communication falls within the dominant purpose exception. When AI systems are hosted by external third-party companies, then the question rises that whether or not the input of data constitutes a third-party disclosure.
Thirdly, the matter of inter-border data flow is another issue that accentuates the issue. This is because most AI models function in jurisdictions other than India. In the Indian context, with the new law governing data processing known as the Digital Personal Data Protection Act 2023, the AI models working with contract data have to conform to inter-border restrictions.
THE INDIAN LEGAL FRAMEWORK
The legal provisions in India that regulate AI application in the practice of law have significant deficiencies. Specifically, the Bar Council of India (BCI) Rules that obligate lawyers to maintain competence and confidentiality and fail to mention anything specific about using artificial intelligence in such practice. Additionally, the Advocates Act, 1961, and BCI Rules lay down the principles of ethics, which include confidentiality among others, but there is still no legislation regulating AI use in India.
According to Section 126 of the Indian Evidence Act, 1872, an advocate shall not reveal communications made during professional employment without express consent from the client. While the use of AI in the process by lawyers (inputs and outputs) remains vague at present and has not been tested in courts, the liability issue related to the confidentiality of such interactions also remains unclear. DPDP Act 2023 imposes additional requirements for Data Fiduciaries who process personal data – The act needs them to ensure the compliance of the following requirements:
- * lawful processing,
- * express consent,
- * purpose limitation, and
- * fiduciary obligations.
These conditions apply to AI applications, processing contract information and involve cross-border limitation and documentation of consent in writing. Failure to comply may lead to regulatory action or liability.
GLOBAL JUDICIAL PRECEDENTS ON AI & CONFIDENTIALITY
The Mata v. Avianca Case: Sanctions for AI Misuse
Although Mata v. Avianca, Inc., 678 F. Supp. 3d 443 (S.D.N.Y. 2023) is mainly related to fictitious citations, this precedent case set important principles concerning the utilization of AI technologies in law practice. Namely, the plaintiff’s legal representatives utilized ChatGPT for creating a legal document with fictitious case citations. In turn, Judge P. Kevin Castel ruled to dismiss this claim and issue a $5,000 fine, finding that the attorneys acted in bad faith according to Federal Rule of Civil Procedure Rule 11.
This case demonstrates the courts’ willingness to sanction attorneys for improper AI use. Judge Castel noted that the attorney admitted that he had never previously used ChatGPT and was thus unaware of the potential it bore for inaccuracie. This precedent establishes that lawyers cannot claim ignorance of AI limitations as a defense in court of law and competence obligations extend to understanding AI capabilities and risks.
Recent Privilege Breach Rulings
February 2026 saw a case heard by a federal court judge in New York – United States v. Heppner – wherein the judge decided that documents created through public domain AI technologies do not come under attorney-client privilege or work product protections. This is especially important in view of the fact that this case clarifies the matter in respect of privilege.
The Connecticut federal courts have also addressed AI misuse. In 2025-2026, a Connecticut labour litigator was sanctioned for AI-generated errors in separate filings, with the judge noting the attorney’s vow to permanently cease using generative artificial intelligence tools weighed in his favor but did not prevent sanctions.
The American Bar Association’s Guidance
In July 2024, the American Bar Association came out with its very first formal opinion about how lawyers could employ generative artificial intelligence as Formal Opinion 512. According to this opinion, while utilizing this new technology, lawyers were expected to follow traditional ethical standards like keeping themselves competent, protecting their clients’ confidentiality, and always speaking the truth.
Some of the major points made in the Formal Opinion 512 are the need for lawyers to know the potential and limitations of Generative AI systems, the duty of preserving confidentiality of information provided by the client, the requirement of informing clients about the use of these systems, supervising the use of Generative AI systems by employees/agents, and charging fees for such services.
The opinion specifically warns that any input of client information into a public AI system may breach confidentiality obligations under ABA Model Rule 1.6. It advises lawyers not to use generative AI tools for confidential matters unless they understand how the tool handles and stores data.
The European Union’s Approach
The forthcoming European Union AI Act, which will be in effect starting September 2025, is one of the best sets of regulations for AI in the world. The seventh clause of this act mentions that companies involved in regulating AI must guarantee the confidentiality of IP, trade secrets, and confidential data.
Unlike the unregulated AI in India, the EU regulations provide an exhaustive list of risks associated with AI divided into four levels of risks, with more strict rules for high risks, particularly in law enforcement applications.
A COMPARATIVE ANALYSIS: INDIA VS. GLOBAL STANDARDS
Regulatory considerations indicate a considerable difference that India faces in relation to international regulations. While the US has ABA guidelines and precedent cases, and the European Union has detailed legislation, in India, there are no regulations for the use of AI in the legal profession and barely any strict precedents.
In India, there are no specific regulations for the use of AI in the legal profession, no AI privilege case law precedents, privacy provisions exist in BCI Rules and Evidence Act, section 126, data protection is covered in DPDP Act 2023, and cross-border data considerations are regulated under DPDP Act.
In the United States, there are state privacy laws and the ABA guidelines for AI usage, confidentiality is ensured through ABA Model Rule 1.6 and Formal Opinion 512, there is judicial precedent in Mata v. Avianca and Heppner, data protection involves state and federal privacy laws, and cross-border considerations involve privacy-related regulation.
The EU AI Act was passed in 2025 to provide full regulation of the issue at hand, EU AI Act Article 78 outlines the definition of confidentiality, the judicial precedence of the AI Act will be applied, data protection is ensured through the application of GDPR and AI Act, and the conditions regarding data sovereignty must be fulfilled.
It is clear from the above analysis that India does not conform to international practices when it comes to setting guidelines for law professionals dealing with AI technology.
PRACTICAL ISSUES FOR LAWYERS
- Vendor Risk Management
AI technology usage within law firms necessitates vendor risk management strategies. These should ensure that the vendors have robust encryption measures, high access controls, and data segregation techniques. The law firms need to perform independent vendor audits and specify data uses, localization, and regulations within their contractual terms.
- Client Disclosure and Consent
Client consent with information is critical to using any artificial intelligence software in a case. This entails making sure the client understands the workings of such tools and what they can do or fail to achieve, and who is still responsible for them, i.e., the lawyer himself.
- Technical Safeguards
Penetration tests, data flow diagrams, incident response procedures, and human-in-the-loop techniques should be applied by the company to guarantee confidentiality and compliance with the regulations.
THE KERALA HIGH COURT’S CAUTIOUS APPROACH
Kerala High Court has shown judicial prudence when considering the usage of AI in the process of making decisions. As a result, at the end of July 2025, it came up with certain guidelines which made it clear that any form of AI is not allowed to be used in decision-making and lawful reasoning in its district courts.
Considering a comparison and recommendations, it would be appropriate for India to establish some particular regulations in respect to legal technology usage. Specifically, it must provide explicit definition concerning AI use, liabilities, and security measures. Also, the Bar Council of India should add supplements related to AI competence, confidentiality, and human control.
It is important that law firms mandate the disclosure of information by clients when there is an analysis of the contracts using AI, including the limitations of AI systems, assurances on human intervention, and consequences of data processing. There needs to be training mandated for legal professionals on AI systems, including its limitations, potential biases, the need for transparency, and appropriate use.
CONCLUSION
This is indeed a very serious paradox faced by legal practitioners when it comes to AI in terms of maintaining confidentiality and protecting clients’ privacy. On one hand, the requirement is to increase efficiency using new technologies; however, on the other hand, lawyers are ethically obliged to ensure that their clients’ confidentiality is protected. As evidenced by judicial rulings such as Mata v. Avianca and United States v. Heppner, courts are more than willing to punish those lawyers who use AI improperly or violate the attorney-client privilege by means of the technology used.
The Indian regulatory framework currently does not provide any solutions for this problem. Lack of specific regulation regarding use of AI along with ambiguity about whether AI destroys the attorney-client privilege puts lawyers at risk legally and ethically. The Bar Council of India should employ its authority under Section 49 of the Advocates Act, 1961.
The solution to this dilemma would depend entirely on moderation, which means using AI as a tool without removing the role of human judgment. The obligation of an effective ethical counselor will remain intact regardless of whether algorithms are incorporated into professional activity. Clients have the right to obtain a clear and unbiased presentation of AI use, data processing, and the presence of human monitoring.
The prospects for the development of legal practice should lie in the ability to ensure that AI technologies comply with the principles of justice and confidentiality, which constitute the core of the legal profession. Provided all is carried out correctly, India can reap the benefits of AI technology without damaging the quality of justice.
THIS ARTICLE IS WRITTEN BY JUHI PARMAR FROM ILS LAW COLLEGE
REFERENCES:
Swasthik BS Gowda, “The legality of legal AI: Indian perspectives on contract review automation,” International Journal of Law, Vol. 11, Issue 11, 2025, pp. 108-111.
Sherrard’s, “AI and the Law: global perspectives on regulation and the effect on the legal profession,” May 18, 2025.
Denitsa Mavrova Heinrich & Jennifer Cook, “AI-Ready Attorneys: Ethical Obligations and Privacy Considerations in the Age of Artificial Intelligence,” SSRN, August 31, 2023.
Bar Council of India, “Rules on Professional Standards,” available at barcouncilofindia.org.
Section 126, Indian Evidence Act, 1872.
Advocates Act, 1961 (Act 25 of 1961).
Digital Personal Data Protection Act, 2023 (No. 22 of 2023).
American Bar Association, “Formal Opinion 512: Generative Artificial Intelligence Tools,” July 29, 2024.
Mata v. Avianca, Inc., 678 F. Supp. 3d 443 (S.D.N.Y. 2023).
United States v. Heppner, No. 2:24-cr-00166 (E.D.N.Y. February 6, 2026).
International Bar Association, “Digital strangers in litigation: does sharing with AI breach privilege?,” October 28, 2025.
Times of India, “Kerala High Court’s New Guidelines to District Judiciary: ‘AI Tools Shall Not Be Used to…’,” July 20, 2025.
Denitsa Mavrova Heinrich, “Towards Responsible Use of Generative AI in Legal Practice: Time for Bar Council of India to Act,” LinkedIn, August 2, 2024.
U. Tandon & N.K. Gupta, “Informational Privacy in the Age of Artificial Intelligence: A Critical Analysis of India’s DPDP Act, 2023,” Legal Issues in the Digital Age, Vol. 6, Issue 2, 2025, pp. 87-117.
European Union, “AI Act Article 78: Confidentiality,” 2025.
Sara Merken, “Lawyers Using AI Must Heed Ethics Rules, ABA Says in First Formal Guidance,” Reuters, July 29, 2024.
Ayush Gupta, “Framework for Addressing Liability and Accountability Challenges Due to Artificial Intelligence Agents,” 5 Indian J. Integrated Research in Law 910 (2025).
Abhyuday, “AI and Indian Law: Navigating the Regulatory Grey Areas,” Legal Service India, June 27, 2025.
EY, “Decoding the Digital Personal Data Protection Act, 2023,” December 7, 2025.
Ropes & Gray, “Artificial Intelligence Court Order Tracker: Connecticut,” March 6, 2025
