AI and Client Confidentiality: A Practical Guide for UK Lawyers

How Solicitors and Barristers Can Use General AI Models Without Breaching Their Duties

July 8, 2026

General AI models are materially useful for the everyday work of a legal practice: reviewing documents, summarising long bundles, and helping with a first draft. For solos and small firms without a research department, that productivity is especially hard to ignore. But, the moment you paste client material into a cloud AI tool such as ChatGPT, Claude, Gemini or Copilot, you engage your duty of confidentiality, the UK GDPR, and potentially legal professional privilege (LPP).

There is a straightforward way to keep the benefit without the exposure: anonymise agreements, documents, transcriptions and any text before using them with any AI model.

AI and Client Confidentiality for UK Lawyers
CamoText performs this fully offline, locally on your device — no cloud, no API calls, no internet. It automatically detects 25+ data types, then lets you review, revert false positives, or anonymise anything it missed with a click. The anonymised output can then be used with any AI model for analysis, summarisation or drafting help, and the original terms can be reinserted locally afterwards using a key that never leaves your device. The human stays in the loop throughout.

This article centres on the regulation of solicitors and barristers in England & Wales (SRA, Bar Council), with the UK GDPR applying UK-wide; solicitors in Scotland face parallel duties under the Law Society of Scotland. Nothing here is legal advice.

Why This Matters Now for Small Firms

Large firms are increasingly deploying private or in-house models behind their own security perimeter. Solo practitioners and small firms, by contrast, mostly reach for the public tools: exactly where the confidentiality risk concentrates. The convenient option is the exposed one.

The courts are already watching how AI is used. In Ayinde v London Borough of Haringey and Al-Haroun v Qatar National Bank [2025] EWHC 1383 (Admin), the Divisional Court dealt with fake, AI-generated case citations, resulting in wasted costs orders and referrals to the regulators.1 That case is about verification — the well-publicised hallucination risk. This article is about the quieter and arguably larger risk: not what the model gives back, but what you feed in.

Your Professional Obligations

Solicitors — the SRA Codes

Under paragraph 6.3 of the Solicitors Regulation Authority (SRA) Code of Conduct for Solicitors, RELs and RFLs, you must keep the affairs of current and former clients confidential unless disclosure is required or permitted by law, or the client consents.2 This duty cannot be outsourced to an AI vendor's terms of service. If confidential material leaves your control, a privacy policy is not a defence.

The competence and supervision duties (paragraph 3.2 onwards) apply just as firmly to AI-assisted work: the solicitor remains responsible for the output. The SRA's "Risk Outlook: the use of artificial intelligence in the legal market" and its compliance tips for solicitors flag confidentiality, accuracy, and transparency with clients as the recurring concerns.34

The Law Society of England and Wales is more direct still. Its "Generative AI — the essentials" guidance advises that with free or public generative AI, where you have no operational relationship with the vendor, you should not put any confidential data into the tool.5

Barristers — Bar Council guidance

The Bar Council's guidance, "Considerations when using ChatGPT and generative AI software based on large language models" (updated 2025), identifies hallucination and the risk of confidential data entering a provider's training pipeline as key risks. Barristers must exercise vigilance before sharing privileged or confidential information with any large language model system.6

Legal professional privilege

Privilege depends on confidentiality being maintained. Disclosing privileged material to a third-party AI service therefore raises the question of whether that confidentiality (and with it the privilege) has been compromised. The prudent course is to avoid feeding identifiable privileged material into external systems at all. Anonymised text that no longer identifies the client or the matter substantially mitigates this exposure. This is a risk to manage carefully rather than a settled question of waiver, so the sensible instinct is caution.

The judiciary's view

The institutional baseline is telling: the Courts and Tribunals Judiciary's refreshed AI guidance (October 2025) instructs judges themselves not to enter private or confidential information into public AI tools.7 If that is the standard expected of the bench, it is a useful signal of the standard practitioners should hold themselves to.

UK GDPR and the ICO

Client documents almost always contain personal data, so putting them into a cloud LLM is "processing" that requires a lawful basis, data minimisation, and, for many providers, international transfer safeguards. Small firms are data controllers regardless of size; there is no exemption for being a sole practitioner.8

The Information Commissioner's Office (ICO) finalised its anonymisation and pseudonymisation guidance in March 2025. The headline point matters here: truly anonymised data falls outside the UK GDPR entirely, whereas pseudonymised data does not. Whether data is genuinely anonymous is judged against the "motivated intruder" test — could a reasonably determined person re-identify individuals from it?9

The practical consequence is simple: removing or irreversibly obscuring personal data before it reaches an AI service is the strongest position available to you, because it cuts the problem off at source. For a deeper treatment of the regime, see our full UK GDPR and AI compliance guide.

The Practical Answer: Anonymise Before AI, Locally

There is a trap worth naming. Using a cloud redaction or anonymisation service does not solve the problem — it just moves the exposure one step earlier. The data still leaves your device and lands on someone else's server. To gain anything, the anonymisation itself has to happen locally.

That is CamoText's model, stated plainly:

  • Fully offline. CamoText uses bundled local models and runs with no cloud, no APIs, and no internet access. Nothing leaves the device. Unless you save keys or outputs locally, session data is wiped from memory when you close the app.
  • User-controlled. Settings files can be applied firm-wide or per matter. The Priorities feature anonymises verbatim terms with custom placeholders (for example CLIENT or COUNTERPARTY), you can review findings by category, and revert any false positive.
  • Human in the loop. Review the output in a separate window and highlight-to-anonymise anything the automated detection missed. Automated detection is never perfect and confidentiality is subjective to facts and circumstances: the lawyer signs off.
  • Reversible locally. Save a key on your device to reinsert the original terms into the AI's output later (the De-Anonymise / Reinsert Terms feature). The key never goes anywhere.
  • Metadata handled. Original files are left untouched, and saved outputs have metadata (author names, revision history, tracked changes) wiped by default. Word document metadata is a classic law-firm leak, so this matters.
Human in the loop: No automated detection is perfect, and confidentiality is subjective. Review the anonymised output before it is used with any AI tool, and verify the AI's output before it reaches a client or court.

It also helps to tell the AI what the placeholders mean, so the analysis stays useful:

Example prompt inclusion The document below has been anonymised. Placeholders stand in for real parties: any "CLIENT" tag is our client, whose interests you should prioritise, and "COUNTERPARTY" is the opposing party. Treat the tags consistently throughout. If it is unclear who a party is, ask before proceeding.

A Worked Example: A Small-Firm Workflow

Say you need a quick risk review of a commercial lease or a settlement agreement:

  1. Load the agreement into CamoText. Auto-detection masks names, addresses, amounts, and references.
  2. Review by category. Revert anything that would distort the AI's analysis (for instance, keep dates if the timeline matters), and highlight-anonymise anything sensitive the models missed.
  3. Copy the anonymised plaintext into ChatGPT, Claude or your model of choice and ask for the summary, risk review, or draft you need. Plaintext is also lighter and cheaper for the AI to process.
  4. Take the AI's output, reinsert the original terms locally with your saved key, and, critically, verify everything yourself before it goes to a client or court, mindful of Ayinde.1

That is the whole workflow. It is deliberately simple, and it keeps you exactly where the regulators expect you to be: in control. For more detail, see our how-to on anonymising documents for AI analysis, and, for agentic tools, using Claude Cowork with anonymisation.

Dictation and Transcription: The Overlooked Channel

Documents are not the only way client information reaches the cloud. Cloud dictation and meeting-transcription tools send client conversations, attendance notes and recordings to third-party servers. Recordings are especially data-rich.

We have a fully offline, local desktop app for this issue as well: CamoVoice. You can voice type/dictate into any text field (email, word processor, chat, etc.), transcribe client meetings, or process recorded audio and video files entirely on-device.10 Transcribe (video or audio) with CamoVoice first, then anonymise the transcript in CamoText before any AI use.

A Checklist for Solo and Small Firms

  • Adopt a written AI-use policy, even a one-pager; the Law Society guidance offers a useful starting checklist.5
  • Never paste identifiable client material into a public AI tool.
  • Anonymise locally before AI use, and keep the human review step.
  • Keep the authoritative document separate, and verify all AI output before any external use.
  • Record what you did; saved settings files double as evidence of a consistent process.
  • Tell clients where AI materially shapes the work, in line with SRA expectations on transparency.4

Conclusion

AI is a legitimate productivity tool for small practices, and the profession's own regulators accept that it is here to stay. The duties have not changed: confidentiality, competence, supervision, and the protection of privilege are exactly what they always were. What has changed is the channel: a new and very easy way for client information to leave your control.

The answer that satisfies both the professional codes and the UK GDPR is the same one: anonymise before AI, do it locally, and keep a human in the loop. CamoText supports and strengthens that position with a demonstrable privacy layer at the outset, but it does not discharge your professional duties. Responsibility stays with you, and whether any given output is truly "anonymous" remains context-specific. Used well, it keeps you where the regulators expect you to be: in control. To go further, read our UK GDPR and AI compliance guide, our how-to on anonymising documents for AI analysis, and our solutions for law firms, or send us an email.


Endnotes