Do I Need Client Consent to Use AI Billing Software? State-by-State Guide

Quick Answer: Whether you need client consent to use AI legal tools depends on your state and deployment model. Cloud-based AI tools typically require disclosure (IL, NY) or explicit consent (TX, CA) because they transmit privileged data to third parties. Local AI processing significantly reduces disclosure obligations across all jurisdictions.

The Short Answer

It depends on your jurisdiction—and on how your AI tool handles client data.

If your AI billing software transmits privileged communications to third-party cloud servers, most state ethics rules suggest you should disclose this to clients. Some states may require explicit consent.

If your AI tool processes data locally and never transmits to third parties, disclosure obligations are significantly reduced.

The ABA Framework

ABA Formal Opinion 512 (2024) provides the baseline framework:

"All lawyers should read and understand the Terms of Use, privacy policy, and related contractual terms and policies of any GAI tool they use."

The opinion emphasizes that attorneys must:

1. Understand the technology they're using
2. Assess confidentiality risks based on how data is handled
3. Obtain informed consent when confidentiality cannot be fully protected
4. Supervise AI outputs for accuracy

While Opinion 512 doesn't mandate blanket consent for all AI use, it makes clear that informed consent may be required depending on how the tool handles client data.

State-by-State Analysis

Illinois

Governing Rule: ARDC Rule 1.6(a)

Key Guidance:
Illinois requires attorneys to maintain client confidentiality and make "reasonable efforts" to prevent unauthorized disclosure.

ISBA Opinion 16-06 addressed cloud computing and established that attorneys may use cloud services if they:
- Conduct due diligence on the provider
- Ensure adequate security measures
- Consider whether client data will be accessible to third parties

Consent Requirement:
Not explicitly required for all cloud tools, but recommended when:
- Data is processed by third-party AI providers
- Matter involves heightened confidentiality needs
- Client has expressed privacy concerns

Recommended Disclosure:

"Our firm uses AI-assisted billing software to improve efficiency. Client communications may be processed on secure third-party servers. We have reviewed the provider's security practices and believe they meet professional standards."

California

Governing Rule: Rule 1.6(c)

Key Guidance:
California requires "reasonable efforts" to prevent unauthorized access to client information. The state has historically been privacy-forward.

State Bar Formal Opinion 2010-179 addressed cloud computing and emphasized the need to understand how providers handle data.

Consent Requirement:
California's informed consent standard (Rule 1.0.1) requires disclosure of "material information" that a reasonable client would want to know.

For cloud-based AI tools, this likely includes:
- That AI processes client communications
- That data may be transmitted to third parties
- General description of security measures

Recommended Disclosure:

"We use artificial intelligence tools for time tracking and billing. These tools process email communications on external servers. While we've selected providers with strong security practices, we want to ensure you're aware of this technology use. Please let us know if you have concerns."

New York

Governing Rule: Rule 1.6(a)

Key Guidance:
New York requires attorneys to exercise "reasonable care" to prevent disclosure of confidential information.

NYSBA Ethics Opinions 842 (2010) and 1020 (2014) addressed cloud computing and established that attorneys must:
- Ensure the provider has adequate security
- Verify that data access is appropriately limited
- Consider the sensitivity of the stored data

Consent Requirement:
New York hasn't explicitly required consent for cloud AI tools, but the "reasonable care" standard suggests disclosure is prudent when:
- AI processes privileged communications
- Third-party infrastructure is involved
- Data leaves the attorney's direct control

Recommended Disclosure:
Add a technology disclosure clause to engagement letters covering AI and cloud tool usage.

Texas

Governing Rule: Rule 1.05

Key Guidance:
Texas Rule 1.05 has traditionally been interpreted as requiring client consent for disclosure of confidential information to third parties, unless an exception applies.

Consent Requirement:
Texas may have the strictest requirement among major states. Because transmitting data to a cloud AI provider could constitute "disclosure" under Rule 1.05, explicit consent may be required.

Texas Ethics Opinion 680 (2018) addressed cloud computing and suggested that while cloud storage is permissible, attorneys should consider client-specific consent when handling particularly sensitive matters.

Recommended Disclosure:

"Our firm uses AI-powered billing software that processes attorney-client communications on third-party servers to automate time tracking. By signing this engagement letter, you consent to this processing. If you prefer that your communications not be processed by AI tools, please notify us and we will make alternative arrangements."

Florida

Governing Rule: Rule 4-1.6

Key Guidance:
Florida requires attorneys to make "reasonable efforts" to prevent disclosure of confidential information.

Florida Ethics Opinion 12-3 addressed cloud computing and established that attorneys may use cloud services with appropriate safeguards.

Consent Requirement:
Florida doesn't explicitly require consent for cloud tools, but disclosure is recommended as a best practice.

Recommended Disclosure:
Include technology use in engagement letter; specific consent not required but prudent for sensitive matters.

When Consent Is Definitely Required

Regardless of jurisdiction, you should obtain explicit client consent when:

1. The Matter Involves Extraordinary Sensitivity

• Trade secrets
• Criminal defense (especially death penalty cases)
• National security matters
• Celebrity/high-profile clients

2. The Client Has Expressed Privacy Concerns

If a client asks about your technology practices, treat that as a signal to provide full disclosure and obtain consent.

3. The AI Tool's Terms Create Unusual Risks

If your vendor's ToS includes:
- Rights to use data for model training
- Broad access permissions for employees
- Unclear data retention policies
- Processing in foreign jurisdictions

...you should disclose this to clients.

4. Opposing Counsel Could Exploit It

In contentious litigation, opposing counsel may try to argue privilege waiver based on your technology stack. Documented client consent strengthens your position.

When Consent May Not Be Required

With local AI processing (where data never leaves your infrastructure), consent requirements are significantly reduced because:

• No transmission to third parties
• No cloud server access
• No subpoena exposure to vendors
• Data stays under your direct control

This doesn't mean you shouldn't disclose AI use—transparency is generally good practice. But the legal obligation for consent is much weaker when no third-party disclosure occurs.

Sample Engagement Letter Language

For Cloud-Based AI Tools

Technology Disclosure and Consent

Our firm uses artificial intelligence software to assist with time tracking, billing, and other administrative functions. This software may process information related to your matter, including email communications, on third-party cloud servers operated by our software providers.

We have evaluated our providers' security practices and believe they meet professional standards for data protection. However, we want to ensure you understand that your information may be transmitted outside our firm's direct control.

By signing this engagement letter, you acknowledge this disclosure and consent to our use of these tools in connection with your representation. If you have concerns about this technology use or prefer that we use alternative methods, please notify us immediately.

For Local AI Tools (IntelliBill)

Technology Disclosure

Our firm uses AI-assisted billing software to improve efficiency. We have specifically selected tools that process all data locally on our firm's own infrastructure. Your communications and case information are never transmitted to third-party cloud servers or AI providers.

The Bottom Line

When in doubt, disclose. It's easier to include a paragraph in your engagement letter than to defend against a malpractice claim or ethics complaint.

Download the Complete Guide

This article covers the basics, but there's much more to understand about AI billing and privilege risk.

Our free guide includes:
- Detailed privilege waiver analysis
- Complete engagement letter templates
- Vendor comparison chart
- Self-assessment worksheet

[Download: The Hidden Privilege Risk in AI Billing Software →]

This article is for informational purposes only and does not constitute legal advice. State ethics rules evolve, and interpretations vary. Consult your state bar ethics hotline for current guidance specific to your jurisdiction.

ATTORNEY ADVERTISING

Comments

No comments yet. Be the first to comment!