Briefly

Law firms “need to prove authority” to gain AI approval

Legal NewsUnited Kingdom·Legal Futures·Briefly Analysis

Abstract

Groundbreaking research indicates that many law firms in Great Britain are failing to provide AI engines with the necessary signals to be recommended to potential clients. This deficiency highlights a critical gap in how legal practices are adapting to the digital era, where AI increasingly influences client acquisition and trust. The issue extends beyond mere marketing to encompass fundamental regulatory compliance, ethical obligations, and robust data governance. For law firms to establish and maintain 'digital authority' in an AI-driven landscape, they must proactively integrate AI usage with existing professional duties, particularly concerning competence, confidentiality, and client best interests, as mandated by regulatory bodies like the Solicitors Regulation Authority (SRA) and the Bar Standards Board (BSB). Failure to do so risks not only missed business opportunities but also significant regulatory and reputational repercussions.

Introduction

The rapid integration of artificial intelligence (AI) into various sectors is fundamentally reshaping how businesses operate and how consumers find services. For the legal profession in Great Britain, recent research suggests a significant challenge: many law firms are not effectively communicating their 'authority' to AI engines, thereby limiting their visibility and recommendation to prospective clients. This development underscores a crucial shift in the dynamics of client acquisition, where digital presence and AI-perceived trustworthiness are becoming as vital as traditional reputation.

This phenomenon extends beyond mere digital marketing strategies. It delves into the core of how law firms manage their operations, handle client data, and uphold professional standards in an increasingly automated world. The ability of AI to 'approve' or recommend a firm is intrinsically linked to the firm's demonstrable adherence to ethical guidelines, regulatory compliance, and transparent operational practices. As AI tools like ChatGPT, Claude, and Gemini become more sophisticated and pervasive, understanding and actively shaping how these systems perceive a firm's authority is no longer optional but a strategic imperative.

This article will explore the implications of this 'AI approval' deficit for legal practitioners in Great Britain. It will delve into the existing regulatory frameworks and professional duties that govern AI use in legal services, examining how firms can bridge this gap by embedding robust AI governance, ensuring data protection, and maintaining the highest standards of professional conduct. The central thesis is that for law firms to thrive in the AI era, they must proactively align their technological adoption with their ethical and regulatory obligations, thereby cultivating a verifiable digital authority that resonates with both human clients and intelligent systems.

Background

The regulatory landscape for legal services in England and Wales is primarily governed by the Legal Services Act 2007, which established the Legal Services Board (LSB) as the oversight regulator for approved regulators such as the Solicitors Regulation Authority (SRA) and the Bar Standards Board (BSB). These bodies are responsible for setting and enforcing professional standards, ensuring consumer protection, and promoting access to justice. While the UK government has largely adopted a principles-based, sector-specific approach to AI regulation rather than a single overarching AI law, existing legal frameworks, particularly those pertaining to data protection and professional conduct, apply directly to the use of AI in legal services. [cite: Legal Services Act 2007, c. 29; 15, 19, 26, 37]

Central to the professional obligations of solicitors and barristers are the SRA Principles and the BSB Handbook. These frameworks mandate duties such as acting in the best interests of each client, upholding the rule of law, acting with honesty and integrity, maintaining client confidentiality, and providing a competent standard of work and service. [cite: SRA Standards and Regulations 2019; Bar Standards Board Handbook; 5, 20, 23, 30, 35] The advent of AI introduces new complexities to these long-standing duties. For instance, the duty of competence now extends to understanding the capabilities and limitations of AI tools, while confidentiality requires stringent measures to protect client data processed by AI systems.

Furthermore, the use of AI in legal practice is significantly impacted by data protection legislation, notably the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These laws impose strict requirements on the processing of personal data, including the need for a lawful basis, explicit consent, transparency, and the implementation of Data Protection Impact Assessments (DPIAs) for high-risk processing activities. [cite: Data Protection Act 2018, c. 12; UK General Data Protection Regulation; 4, 15, 17, 36, 39, 41] The intersection of these professional and data protection obligations forms the bedrock upon which law firms must build their 'AI authority', ensuring that technological innovation does not compromise ethical standards or client trust.

Analysis

The notion of law firms needing to 'prove authority' to AI engines is a contemporary articulation of existing professional duties in a digital context. AI systems, when recommending services, implicitly assess factors that mirror regulatory expectations: reliability, trustworthiness, and adherence to best practices. This translates directly into a firm's demonstrable compliance with the SRA Principles and the BSB Handbook. For example, the duty to act with honesty and integrity (SRA Principle 4; BSB Core Duty 3) and to provide a competent standard of work (SRA Code of Conduct, paragraph 3.2; BSB Core Duty 7) are paramount. [cite: SRA Standards and Regulations 2019; Bar Standards Board Handbook; 5, 23, 34]

Regulatory bodies have been clear that existing duties apply fully to AI use. The SRA, in its guidance, stresses that the client's best interests must remain central to decisions about technology, requiring appropriate governance, systems, and controls. Similarly, the BSB's guidance, effective from May 2026, supports AI adoption where it benefits practice management or client experience, but unequivocally states that barristers cannot offload judgment or responsibility to AI. This means human oversight and verification of AI-generated outputs are non-negotiable. The case of *R (Ayinde) v London Borough of Haringey* [2025] EWHC 1383 (Admin) starkly illustrated the consequences of failing to verify AI outputs, where a barrister faced potential contempt proceedings for citing non-existent cases generated by AI. [cite: R (Ayinde) v London Borough of Haringey [2025] EWHC 1383 (Admin); 7, 11, 29, 34]

Client confidentiality (SRA Code of Conduct, paragraph 6.3; BSB Core Duty 6) and the protection of attorney-client privilege are critical considerations. Law firms must exercise extreme caution when inputting confidential client information into AI systems, particularly public-facing generative AI tools, which may use such data for training, thereby breaching confidentiality. Due diligence on AI vendors is therefore essential, requiring firms to scrutinise data processing agreements, security measures, and data retention policies. The UK GDPR and Data Protection Act 2018 mandate a lawful basis for processing personal data, and Data Protection Impact Assessments (DPIAs) are often necessary when implementing AI systems that involve personal data. [cite: Data Protection Act 2018, c. 12; UK General Data Protection Regulation; 4, 36, 39, 41]

The Law Society of England and Wales and the Law Society of Scotland have also issued comprehensive guidance, highlighting risks such as AI 'hallucinations', embedded biases, and the need for human verification. The UK government's 'AI Growth Labs' initiative aims to provide secure environments for testing AI software in legal services, fostering innovation while navigating regulatory complexities. Ultimately, for law firms to gain 'AI approval' and be recommended, they must demonstrate a holistic commitment to ethical AI governance, transparent practices, and rigorous compliance, building a digital reputation that aligns with their professional obligations.

Conclusion

The imperative for law firms to 'prove authority' to AI engines is a clear signal that the digital transformation of legal services demands a proactive and integrated approach to technology governance. It is no longer sufficient for firms to merely adopt AI tools; they must demonstrate, through their policies, procedures, and adherence to professional standards, that their use of AI is responsible, ethical, and client-centric. This involves a continuous commitment to human oversight, meticulous verification of AI outputs, and robust data protection practices.

Practitioners must recognise that every interaction with an AI system, particularly those involving client data, carries regulatory and ethical implications. Firms should invest in comprehensive training for all staff on AI ethics and data security, implement clear internal policies for AI usage, and conduct thorough due diligence on all AI vendors. The evolving regulatory landscape, marked by guidance from the SRA, BSB, and Law Society, underscores that existing professional duties are fully applicable to the digital realm. By embedding these principles into their AI strategies, law firms can not only mitigate risks but also build a strong, verifiable digital authority that enhances their reputation and secures their position in the future of legal service delivery.

Citations

  1. 1.Bar Standards Board Handbook
  2. 2.Data Protection Act 2018, c. 12
  3. 3.Legal Services Act 2007, c. 29
  4. 4.R (Ayinde) v London Borough of Haringey [2025] EWHC 1383 (Admin)
  5. 5.SRA Standards and Regulations 2019
  6. 6.UK General Data Protection Regulation
AI Business Impact

How does this affect your business?

Get an AI analysis of this article grounded in your jurisdictions, practice areas, and any policy documents you've uploaded to Wansom.