Illinois Attorneys: AI Ethics Guidance You Need to Know (2025 Update)

Quick Answer: Illinois attorneys using AI tools must comply with ARDC Rule 1.6(e) ("reasonable efforts" to prevent unauthorized disclosure) and Rule 1.1 Comment 8 (technology competence). ISBA Opinion 23-02 requires understanding where AI processes data, assessing confidentiality risks, and obtaining informed consent when third-party cloud processing creates privilege exposure.

Introduction

If you're an Illinois attorney using AI tools—or considering them—here's what you need to know about your ethics obligations in 2025.

This guide synthesizes ARDC rules, ISBA ethics opinions, and ABA guidance to give you a practical compliance framework.

The Governing Rules

Illinois Rule 1.6: Confidentiality

The foundation of AI ethics compliance is Rule 1.6(a):

"A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent..."

And Rule 1.6(e):

"A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."

Key point: "Reasonable efforts" is the standard. What's reasonable evolves with technology.

Illinois Rule 1.1: Competence

Comment 8 to the ABA Model Rules (adopted by Illinois) requires:

"...keeping abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology..."

Key point: You can't claim ignorance about how your AI tools handle client data. You have an affirmative duty to understand.

ISBA Ethics Opinions on Technology

ISBA Opinion 16-06: Cloud Computing

This opinion addressed cloud services and established that Illinois attorneys may use cloud providers if they:

1. Conduct reasonable due diligence on the provider
2. Ensure the provider has adequate security measures
3. Consider whether client data will be accessible to third parties
4. Review and understand the provider's terms of service

Application to AI: Cloud-based AI billing tools are cloud services. The same due diligence requirements apply.

ISBA Opinion 23-02: Generative AI

This 2023 opinion specifically addressed generative AI tools:

"Lawyers who use generative AI must understand how the technology works sufficiently to competently use it and to assess its impact on their professional responsibilities."

Key requirements:
- Understand where data is processed
- Assess confidentiality implications
- Supervise AI output
- Don't delegate professional judgment to AI

ABA Opinion 512: The National Framework

While not binding in Illinois, ABA Formal Opinion 512 (2024) provides persuasive guidance that Illinois attorneys should consider:

"All lawyers should read and understand the Terms of Use, privacy policy, and related contractual terms and policies of any GAI tool they use."

The opinion emphasizes:

1. Due diligence on AI vendors is mandatory
2. Confidentiality assessment must consider where data goes
3. Informed consent may be required for certain uses
4. Supervision of AI outputs is the attorney's responsibility

Practical Compliance Checklist

Based on Illinois rules and ISBA/ABA guidance, here's what Illinois attorneys should do:

Before Adopting an AI Tool

[ ] Read the Terms of Service
Not the marketing page—the actual ToS. Understand data retention, third-party sharing, and processing locations.

[ ] Review the Privacy Policy
Where is data stored? Who can access it? Is it used for model training?

[ ] Request a Data Processing Agreement
For enterprise tools, this should specify data handling, security measures, and liability allocation.

[ ] Map the Data Flow
Where does client data go? Which third parties (OpenAI, Azure, etc.) touch the data?

[ ] Assess Third-Party Providers
If the vendor uses sub-processors, understand who they are and what access they have.

Before Using AI on Client Matters

[ ] Evaluate Matter Sensitivity
High-stakes litigation, family law, criminal defense—these may require heightened protections.

[ ] Consider Client Disclosure
For cloud-based AI, disclosure in engagement letters is prudent. For sensitive matters, explicit consent may be appropriate.

[ ] Document Your Assessment
If challenged, you'll need to show you made reasonable efforts. Keep records.

Ongoing Compliance

[ ] Monitor ToS Changes
Vendors update terms. Set calendar reminders to review quarterly.

[ ] Supervise AI Output
Don't submit AI-generated content without attorney review.

[ ] Update Engagement Letters
As your tech stack changes, update disclosures.

Client Disclosure Language

For Illinois attorneys using cloud-based AI tools, consider adding this to engagement letters:

Technology Disclosure

Our firm uses artificial intelligence software to assist with [time tracking and billing / legal research / document review]. This software may process information related to your representation on third-party cloud servers.

We have evaluated our technology providers and believe their security practices meet professional standards. However, we want to ensure you understand that information may be processed outside our direct infrastructure.

If you have concerns about this technology use or would prefer alternative methods, please notify us.

For local/on-premise AI:

Technology Disclosure

Our firm uses AI-assisted tools for [time tracking and billing]. These tools process all data locally on our firm's own systems. Your information is not transmitted to third-party cloud servers.

The Privilege Question

Illinois follows traditional privilege doctrine. The key question for AI tools:

Does transmitting client communications to a third-party AI provider constitute disclosure that could waive privilege?

The answer isn't settled, but the risk exists. Under the third-party disclosure doctrine, voluntary transmission to an outside party may waive privilege even if the recipient promises confidentiality.

Risk factors that increase privilege exposure:
- Data processed on third-party cloud servers
- Multiple sub-processors in the chain (vendor → OpenAI → Azure)
- Processing in foreign jurisdictions
- Opposing counsel actively seeking privilege waiver arguments

Factors that reduce exposure:
- Local AI processing (no third-party transmission)
- Documented client consent
- Kovel-type "necessary agent" arguments (though these have limits)

ARDC Disciplinary Considerations

The ARDC hasn't yet disciplined an attorney specifically for AI-related confidentiality breaches. But the framework exists:

Rule 1.6 violations could arise from:
- Using AI tools without understanding data flows
- Failing to make reasonable security assessments
- Disclosing confidential information without consent

Rule 1.1 violations could arise from:
- Technology incompetence (not understanding how AI works)
- Failing to supervise AI output
- Submitting hallucinated content to courts

Rule 5.3 violations could arise from:
- Failing to supervise AI as a "nonlawyer assistant"
- Not establishing policies for AI use in the firm

The ARDC is likely watching for a test case. Don't be it.

The Safe Harbor: Local AI

For Illinois attorneys who want to eliminate cloud AI risk entirely:

Local AI processing means the AI runs on your device or your firm's server. Client data never leaves your infrastructure.

This approach:
- Eliminates third-party disclosure
- Removes subpoena exposure to vendors
- Satisfies "reasonable efforts" without ongoing vendor monitoring
- Simplifies disclosure requirements

IntelliBill offers local deployment specifically for attorneys who want this level of protection.

Key Takeaways for Illinois Attorneys

1. You have a duty to understand your AI tools. "I didn't know" isn't a defense.

2. Cloud AI requires due diligence. Read ToS, map data flows, assess privilege risk.

3. Disclosure is prudent. Update engagement letters to cover AI use.

4. Sensitive matters need extra care. Family law, criminal defense, high-stakes litigation may require explicit consent or local processing.

5. Local AI eliminates third-party risk. If you want to avoid the cloud AI analysis entirely, tools exist.

Further Resources

For a comprehensive analysis of AI billing software and privilege risk—including Illinois-specific compliance guidance:

[Download: The Hidden Privilege Risk in AI Billing Software →]

The guide includes:
- Illinois Rule 1.6 analysis
- ISBA opinion summary
- Engagement letter templates
- Vendor comparison charts

This article is for informational purposes only and does not constitute legal advice. For jurisdiction-specific guidance, contact the ISBA Ethics Hotline or ARDC.

ATTORNEY ADVERTISING

Comments

No comments yet. Be the first to comment!