The moment your policy actually gets tested
A second-year associate is staring at 600 pages of deposition transcript at 9 p.m. There is a public chatbot open in the next tab. The firm's "AI policy" is a paragraph in the employee handbook that says "use approved tools responsibly." Nobody has defined "approved." Nobody has defined "responsibly." So the associate makes the call alone — and pastes in the transcript to get a summary by morning.
That is the scenario your policy has to win. Not a board-deck abstraction about "AI risk," but one tired person, one deadline, and one text box that does not know the difference between a blank contract template and a sealed settlement term sheet.
The broader adoption research is consistent on why this happens: the RSM middle-market AI survey, the San Francisco Fed small-business AI analysis, and the OECD SME AI adoption report all land on the same point — smaller organizations adopt AI faster than they build the controls to govern it. For a 15-attorney firm, that gap is not a productivity footnote. It is a confidentiality exposure with the partner's name on the engagement letter.
The thing that makes a law firm different from any other professional-services shop is that your duty of confidentiality is not a preference, and privilege does not survive your own carelessness. The policy has to be written around that fact, not bolted on after.
Sort by matter sensitivity, not by tool
Most firms write the policy backwards. They start with the tool — "is Copilot allowed, is ChatGPT allowed" — when the question that actually matters is: what is in the prompt? The same tool can be perfectly fine for one task and a confidentiality breach for the next. So sort the work, not the software.
Picture three buckets. The first holds the genuinely generic: a blank NDA template, a CLE outline, an internal "how do I file in this county" question, cleaning up the grammar in a marketing bio. No client facts, no matter context. Low friction, broad permission.
The second holds firm-confidential but not privileged: realization rates, a billing narrative that names no strategy, a redacted form. Approved tools only, with data-handling terms you have actually read.
The third — and this is the bucket the handbook paragraph never addresses — holds anything that touches a live matter: client facts, privileged drafts, discovery material, deposition transcripts, settlement strategy, opinion language headed to a client. This is where a pasted prompt can blow privilege or feed work product into a model you do not control. The default here is no public tool, full stop, and any approved use runs through a named reviewer.
This is where the broad security frameworks earn their place. The NIST AI Risk Management Framework gives you the discipline of mapping risk by use case rather than by vendor logo, and the CISA AI Data Security Best Practices guide forces the questions most firms skip — where do the prompts get logged, who can see the retrieval store, how long is anything retained. Vendor documentation like Microsoft 365 Copilot's privacy and data controls or OpenAI's enterprise privacy commitments tells you what a product technically does with data. It does not tell you whether this client's engagement terms, or this matter's protective order, permit the input. That judgment stays with a lawyer.
Name the reviewer, or the policy is decoration
The line that makes a law-firm AI policy real is the one most firms leave out: a name. Not "the firm reviews AI output" — a specific person who owns approved tools, the restricted-matter-data list, and the escalation path for the 9 p.m. judgment call. When an associate is unsure whether a transcript is fair game, they should know exactly who to message, and that person should answer the same night. A policy without that name is a wish.
Write four things down on one page. The approved tools and what each is cleared for. The matter-data categories that never enter a prompt without sign-off. The rule that any AI-touched text bound for a client, a filing, or a bill stays draft until a human lawyer owns it. And the escalation contact for the gray zone — because privilege calls live in the gray zone, and a clear "ask first" beats a clever "ask forgiveness" every time.
Then start where it is safe. Internal knowledge search across your own files, blank-form drafting, and administrative summaries are the workflows that build attorney trust without putting a matter at risk. Advice, discovery, negotiation, and anything client-facing stay behind the reviewer gate while the firm learns what good looks like.
If you want a structured way through this, run the SMB AI readiness assessment to pressure-test your data boundaries, then use the 90-day implementation plan to sequence training, tool approval, and a first supervised pilot — so the next time someone is staring at 600 pages at 9 p.m., the answer is already written down.
