Artificial intelligence and law is a useful phrase only if it is treated as a map, not a label. It includes older machine-learning systems used to classify legal materials, generative systems that draft and summarize text, retrieval systems that try to ground answers in legal sources, and newer agentic systems that can plan or execute multi-step tasks. It also includes the rules that govern lawyers who use those systems, the courts that receive the work product, the clients whose information may be exposed, and the staff members who often discover the mistake after the output has already moved downstream.
That breadth is not academic tidiness. A lawyer using AI for research faces a different risk profile from a litigation team using technology-assisted review, a compliance officer monitoring regulatory changes, or a solo practitioner asking a public chatbot to rework a client memo. The same professional-responsibility duties still travel with the work: competence, confidentiality, communication, reasonable fees, and supervision. The vocabulary matters because the duty does not disappear when the tool is described in vague technological shorthand.

A working definition
For legal professionals, artificial intelligence and law means the use, regulation, and professional supervision of AI systems in legal work. The term reaches both sides of the relationship: AI used inside legal practice, and law used to regulate AI systems. It is not limited to courtroom filings, legal research, or software procurement. It covers legal information retrieval, document review, contract analysis, drafting, compliance monitoring, risk scoring, litigation support, client communication, data governance, and the legal duties that attach to each of those activities.
Harry Surden’s overview remains useful because it resists the fantasy that legal AI must mimic a lawyer’s full reasoning process. Much of the technology works by detecting patterns in data and making predictions or classifications within bounded tasks, rather than by “understanding” law in the professional sense in which lawyers use that word.[1] That distinction should stay visible when a vendor says a product can analyze a contract, answer a research question, or identify responsive documents. The claim may be meaningful. It is not, by itself, a claim that the system can assume legal judgment.
Common legal AI glossaries now separate terms such as machine learning, natural language processing, generative AI, large language models, and retrieval-augmented generation because those terms describe different functions and failure modes.[2] The definitions are not a substitute for legal authority, but they give legal teams enough shared language to ask better questions: What data is the system using? Does it retrieve source material or generate from model weights alone? Does it retain prompts? Can it cite authority? Who checks the citation?
The main AI architectures legal teams are actually discussing
The legal market often talks as if AI arrived with consumer chatbots. It did not. Predictive machine learning has been present in legal workflows for years, especially in e-discovery, where systems classify documents, prioritize review, and assist with finding responsive or privileged material. The post-2022 change was not the invention of all legal AI; it was the arrival of broadly accessible generative AI tools that made drafting, summarization, question answering, and research-style interaction feel immediate to ordinary users.
| Architecture | What it does in legal work | Practical risk to watch |
|---|---|---|
| Predictive machine learning | Classifies, ranks, clusters, or predicts from patterns in data, often in review-heavy workflows. | Training data, validation, sampling, bias, and defensibility of the review process. |
| Generative AI | Produces new text such as summaries, drafts, questions, chronologies, or explanations. | Hallucinated authorities, overconfident language, confidentiality exposure, and unreviewed legal conclusions. |
| Retrieval-augmented generation | Combines generated answers with retrieved source materials so the output can be grounded in documents or legal authorities. | Incomplete retrieval, weak source ranking, misleading citations, and user failure to inspect the source. |
| Agentic AI | Attempts to plan or carry out multi-step tasks with limited user intervention. | Delegation without supervision, unclear authority to act, poor audit trails, and premature reliance. |
Retrieval-augmented generation deserves special attention in legal settings because professional legal work usually depends on source-grounded answers. A system that retrieves statutes, cases, contracts, policies, or discovery documents before generating a response is easier to supervise than a system that simply produces fluent text. Easier does not mean safe. If the retrieval step misses the controlling authority, pulls the wrong version of a document, or presents a cited passage without context, the user still bears the burden of verification.

The consumer-versus-enterprise distinction belongs in this same conversation. A public chatbot, an enterprise workspace, and a legal research platform may all present a familiar prompt box. They may differ sharply in data retention, training on user inputs, administrative controls, security certifications, logging, and contractual commitments. For lawyers, those differences are not procurement trivia. They affect confidentiality analysis, supervision, and whether the tool is fit for a given client matter.
Adoption has moved faster than governance
The adoption figures are high enough to make denial unhelpful, but they should not be blended into one easy headline. The 8am 2026 Legal Industry Report says 69% of legal professionals use generative AI for work, based on a survey of about 1,300 respondents, with a methodology that appears weighted toward solo and small-firm users from the public summary available.[3] Clio’s 2025 Legal Trends Report reports that 79% use AI tools in some capacity, a broader framing from a different survey population and question design.[4] Both figures point in the same direction. They do not measure exactly the same behavior.
The governance numbers are more troubling than the adoption numbers are impressive. The same 8am public report summary states that only 9% of firms have an enforced written AI policy and that 54% provide no AI training.[3] That is the uncomfortable center of the current legal AI market: AI is ordinary enough to be used in daily work, yet still treated as unusual enough that many organizations have not built ordinary controls around it.

That gap is where many real problems begin. A lawyer may assume a firm has approved a tool because colleagues are using it. A paralegal may assume an attorney reviewed generated work because the attorney forwarded it. A risk officer may draft a policy that says “do not enter confidential information” without identifying which tools retain prompts or which matters require client consent. A court may receive a filing after each person in the chain assumed someone else had checked the authorities.
Governance does not need to begin with a hundred-page manual. It does need to answer basic working questions before a tool becomes routine: which AI systems are approved, what data may be entered, which tasks require human review, when clients must be told, how outputs are saved, who trains staff, and how the organization handles a suspected error. Without those answers, “AI use” becomes an informal practice carried on through habits, rumors, and screenshots.
Where AI appears in legal workflows
Legal AI use cases are easier to evaluate by function than by product category. The same interface may support research, drafting, summarization, and intake. The relevant question is not whether the tool is “AI-powered.” It is what legal step the tool touches and what consequence follows if that step is wrong.
| Workflow function | Typical AI role | Review focus |
|---|---|---|
| Legal research and citation verification | Searches, summarizes, suggests authorities, or answers legal questions. | Confirm controlling law, citation accuracy, jurisdiction, date, procedural posture, and quoted language. |
| E-discovery and document review | Ranks, clusters, classifies, deduplicates, or identifies potentially responsive material. | Validate sampling, privilege protection, reviewer instructions, audit trails, and defensibility. |
| Contract analysis | Extracts clauses, flags deviations, compares versions, and summarizes obligations. | Check defined terms, governing documents, exceptions, business context, and false negatives. |
| Drafting and editing | Produces first drafts, redlines, summaries, correspondence, or issue lists. | Review legal accuracy, client facts, tone, privilege, confidentiality, and unauthorized additions. |
| Compliance monitoring | Tracks regulatory updates, compares policies, and alerts teams to changes. | Confirm source coverage, effective dates, jurisdictional scope, and escalation rules. |
| Litigation support | Builds timelines, organizes facts, extracts testimony, prepares outlines, or summarizes records. | Verify record citations, evidentiary limits, protective orders, and whether generated themes fit the actual record. |
Research and drafting receive the most public attention because the errors are visible and sometimes embarrassing. Document review and contract analysis can be less dramatic but more operationally consequential. A missed privileged document, an incorrectly extracted termination right, or an unchecked regulatory alert may not look like an AI headline. It can still create client harm, fee disputes, waiver fights, or remediation costs.
The safest evaluation begins at the task boundary. If the system is being used to organize material, the main question may be whether the process is reliable and reviewable. If it is being used to state law, the question shifts to authority, currency, and citation. If it is being used to communicate with a client, the lawyer must consider whether the client understands the role of the tool and whether the communication remains professionally adequate.
Professional responsibility is the binding layer for U.S. lawyers
In the United States, no single federal AI statute currently supplies the main day-to-day rulebook for lawyers using AI. For lawyers, the binding layer is still professional responsibility. ABA Formal Opinion 512, issued in 2024, explains how generative AI use intersects with existing duties under the Model Rules, including competence, communication, confidentiality, fees, and supervision.[5] The opinion did not create a separate AI ethics universe. It placed AI inside the ordinary duties lawyers already have.
Competence
Competence requires more than knowing that a tool exists. A lawyer must understand enough about the relevant technology to use it reasonably for the task at hand, or must associate with someone who does. That does not mean every lawyer must become a machine-learning engineer. It does mean a lawyer using a generative system for research should understand that the system can produce false authorities, omit controlling law, or blur the difference between a quotation and a paraphrase.
Confidentiality
Confidentiality analysis turns on the tool’s data practices and the information entered into it. A prompt containing client facts, litigation strategy, personal information, draft settlement language, or confidential business terms is not harmless merely because it appears in a chat window. Lawyers need to know whether the provider stores prompts, trains on inputs, permits human review, supports enterprise restrictions, or offers contractual protections appropriate to the matter.
Communication and consent
Client communication is not required for every trivial technology choice. Lawyers do not usually seek client approval before using ordinary word-processing features. But AI use can become material when it affects the method of representation, the handling of confidential information, the cost of the work, or the client’s informed choices. ABA Formal Opinion 512 treats disclosure and informed consent as context-dependent rather than automatic in every instance.[5]
Fees
Fees require a plain accounting discipline. If AI reduces the time needed for a task, the billing treatment should not pretend the work took longer than it did. If a firm charges for AI-related expenses, the charge must be reasonable and consistent with the applicable fee rules and engagement terms. The professional issue is not whether AI makes work cheaper in every matter. It is whether the lawyer’s billing reflects the work actually performed, the value delivered, and the agreement with the client.
Supervision
Supervision is where many AI policies become real or fail. Lawyers must supervise subordinate lawyers, nonlawyer staff, and outside service providers. An AI vendor is not a licensed colleague who can absorb professional responsibility. Nor is a generated answer self-verifying because it arrives in polished prose. Someone must decide who may use the tool, for which tasks, under what review standard, and with what documentation.
State guidance adds another layer. A 2026 summary from GC AI states that 47 states had issued AI ethics guidance by February 2026.[6] That kind of coverage suggests that AI competence is no longer a boutique concern limited to large firms with innovation committees. Still, state materials vary in form and authority, and a lawyer should treat the controlling jurisdiction’s rules and opinions as the operative source rather than relying on national summaries alone.
Regulation is layered, not centralized
The regulatory picture is easier to understand if it is not forced into one hierarchy. The EU AI Act is a statutory AI regulation. U.S. professional-responsibility rules govern lawyers. State bar opinions interpret those duties. Courts may impose filing certifications or standing orders. Contractual obligations, privacy laws, protective orders, and client guidelines may add further restrictions in a particular matter.
The EU AI Act is described by the European Parliament as the first comprehensive regulation on artificial intelligence, and its obligations phase in across a 2025 to 2027 period.[7] Its relevance is not limited to European law firms, because the Act has extraterritorial features and may affect providers or deployers connected to the EU market. That does not make it the everyday ethics code for a U.S. litigator filing in state court. It does mean cross-border firms and legal departments cannot treat AI governance as a purely local IT policy.
Court rules and judicial orders sit in a different category. Some courts require disclosure or certification when generative AI is used in filings; others do not. The practical mistake is to treat the absence of a local AI certification rule as permission to skip verification. Filing obligations under ordinary procedural rules, candor duties, and sanctions authority still apply.
For a legal team, the resulting checklist is jurisdictional before it is technological: identify the governing professional rules, any state ethics opinions, client instructions, protective orders, privacy or data-transfer constraints, court-specific AI orders, and statutory AI obligations that may apply to the system or the matter. Only then does product configuration become meaningful.
What goes wrong when verification is treated as optional
The sanctions record has become the profession’s bluntest AI training material. In Mata v. Avianca, the court imposed a $5,000 sanction in 2023 after lawyers submitted nonexistent cases generated through AI-assisted research. Later reported sanctions include $31,000 in Lacey v. State Farm in 2025 and $110,000 in Couvrette v. Wisnovsky in 2025.[6] Those numbers should not be read as a neat mathematical trend line. They do show that courts are treating verification failures as professional failures, not as charming evidence that a new tool is still learning.
The Sullivan & Cromwell incident in the Prince Global Holdings Chapter 15 matter is harder to dismiss as a small-firm cautionary tale. In April 2026, hallucinated citations reached a court filing despite the firm’s AI training and warnings, according to the reported case summary.[6] The lesson is not that elite firms are careless or that AI should never be used. It is that policies, warnings, and brand reputation do not verify citations. A person, process, or validated system has to do that work before filing.
Citation checking is only the most visible form of verification. In contract work, verification may mean comparing the generated clause summary against the actual executed agreement. In discovery, it may mean validating a classifier through sampling and reviewer feedback. In compliance monitoring, it may mean confirming the effective date and jurisdictional scope of an alert. In client communications, it may mean checking that a summary has not converted uncertainty into advice.
A useful verification discipline is boring by design. It identifies which outputs require source review, preserves the source material used, records who reviewed the output, and prevents generated text from moving into court or client-facing work merely because it reads well. The more consequential the use, the less acceptable it is to rely on interface confidence as a proxy for accuracy.
The questions to ask before relying on a legal AI tool
A glossary article should not rank vendors or stand in for procurement review. Still, the basic questions are stable enough to belong here because they translate the larger ecosystem into working supervision.
- What task is the tool performing: classification, retrieval, summarization, drafting, analysis, prediction, or action?
- What sources does it use, and can the user inspect the sources behind an answer?
- What happens to prompts, uploaded documents, and generated outputs after use?
- Does the tool train on user inputs, permit provider review, or offer enterprise controls that change those defaults?
- Which professional rules, court orders, client requirements, or statutory obligations apply to this matter?
- Who reviews the output before it affects a client, court, counterparty, regulator, or billing entry?
These questions are deliberately plain. They are also the questions most likely to expose false agreement. A vendor may hear “secure” and mean encrypted transmission. A lawyer may mean no training on client data. A client may mean no use at all without written approval. A court may care less about the tool’s security architecture than about whether a cited case exists. The words are familiar; the meanings are not interchangeable.
A practical meaning for artificial intelligence and law
Artificial intelligence and law is the field formed when AI systems are used in legal work, governed by legal and professional rules, and judged by the consequences they create for clients, courts, lawyers, staff, and institutions. It includes the technology, but it is not reducible to the technology. It includes ethics, but it is not limited to ethics opinions. It includes regulation, but the controlling rule may come from a court order, a client guideline, a state bar opinion, a privacy obligation, or a professional duty that existed long before generative AI became common.
The most useful starting point is therefore modest: identify the AI architecture, identify the legal task, identify the governing obligations, and identify the verification point. Once those four pieces are visible, the conversation becomes less about whether AI is good or bad for law and more about whether a particular use is competent, confidential, supervised, and fit for the matter.
References
- Artificial Intelligence and Law: An Overview — Harry Surden, Georgia State University Law Review
- The AI Glossary for Legal Professionals — Thomson Reuters
- 2026 Legal Industry Report: Trends, Benchmarks & Insights — 8am
- Everything You Need to Know About AI in the Legal Industry — Clio
- ABA Issues First Ethics Guidance on a Lawyer's Use of AI Tools — ABA Formal Opinion 512, 2024
- AI Legal Ethics in 2026: 6 Cases, 4 Rules, 1 Policy Template — GC AI
- EU AI Act: First Regulation on Artificial Intelligence — European Parliament
Comments
Join the discussion with an anonymous comment.