Navigate ABA Model Rules 1.1, 1.4, 1.6, and 5.1/5.3 for AI use. Free compliance checklist for attorneys using generative AI tools.
The ABA Has Spoken: AI Competence Is Now Required
With the release of ABA Formal Opinion 512 and growing state bar guidance, the message is clear: attorneys who use AI must understand it. The days of “I didn’t know” are over.
This checklist breaks down the four ABA Model Rules most relevant to AI use in legal practice, with practical steps to ensure your firm stays compliant.
Rule 1.1: Competence
The Rule: “A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.”
Comment 8 adds that lawyers must “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.”
What This Means for AI
- You cannot ethically use tools you don’t understand
- Blindly trusting AI outputs is not competent representation
- Training on AI tools is now an ethical duty, not optional professional development
Compliance Checklist
- Complete AI fundamentals training for all attorneys
- Understand how your AI tools process data
- Know the limitations of AI-generated content (hallucinations, outdated law)
- Document your AI competency training
- Stay current on AI developments in legal practice
Rule 1.4: Communication
The Rule: “A lawyer shall… reasonably consult with the client about the means by which the client’s objectives are to be accomplished.”
What This Means for AI
Client disclosure requirements vary by jurisdiction, but transparency is the safest approach. Clients have a right to understand how their matters are being handled.
Compliance Checklist
- Review engagement letter language regarding technology use
- Develop standard AI disclosure language for client communications
- Know your jurisdiction’s specific disclosure requirements
- Discuss AI use when it significantly affects approach or billing
- Document client consent where required
Sample Engagement Letter Language
Technology and AI Use: Our firm utilizes technology tools, including artificial intelligence, to assist with legal research, document drafting, and case analysis. All AI-assisted work is reviewed and approved by licensed attorneys. Your confidential information is protected through enterprise AI systems that do not share or train on your data. Attorney judgment and supervision guide all work product.
Rule 1.6: Confidentiality
The Rule: “A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent.”
This is the big one. Every piece of client information—names, case facts, strategies, communications—is confidential. And that includes what you type into AI prompts.
The Problem with Public AI
When you use ChatGPT, Claude, or other public AI services:
- Data leaves your control - Information travels to third-party servers
- No BAA exists - These services don’t sign Business Associate Agreements
- Training risk - Your prompts may train future models
- No audit trail - You can’t document what data was processed
Compliance Checklist
- Inventory all AI tools currently in use at your firm
- Classify which tools have appropriate data protections
- Implement DLP rules blocking confidential data from public AI
- Deploy enterprise AI with proper agreements (BAA, DPA)
- Train staff on confidential data handling with AI
- Establish anonymization procedures for necessary public AI use
Warning Signs You’re at Risk
- Attorneys pasting client information into ChatGPT
- No firm policy on AI use
- Using consumer AI accounts for legal work
- No web filtering for AI services
- Staff unsure what AI tools are approved
Rules 5.1 and 5.3: Supervision
Rule 5.1: Partners must ensure the firm has measures giving “reasonable assurance that all lawyers in the firm conform to the Rules of Professional Conduct.”
Rule 5.3: Lawyers with supervisory authority over nonlawyers must ensure their conduct “is compatible with the professional obligations of the lawyer.”
AI as the “Nonlawyer” in the Room
While AI isn’t a person, the supervision principle applies directly:
- AI outputs require attorney supervision
- The attorney remains responsible for AI-generated work
- “The computer did it” is never a defense
- Human review is mandatory, not optional
Compliance Checklist
- Establish firm-wide AI use policies
- Require attorney review of all AI-generated content
- Implement verification workflows for citations and facts
- Train supervising attorneys on AI oversight responsibilities
- Document review processes for ethics compliance
The Human-in-the-Loop Mandate
Every AI output must pass through this review before use:
Factual Accuracy
- Are all facts verifiable from the record?
- Are dates, names, and numbers correct?
- Have you checked for hallucinated information?
Legal Accuracy
- Have you verified all case citations exist?
- Have you read the cited cases to confirm holdings?
- Is the law current (not overruled or superseded)?
- Is the law from the correct jurisdiction?
Quality
- Does this meet your professional standards?
- Would you sign this as your own work?
Real Consequences: What’s Already Happened
Mata v. Avianca (S.D.N.Y. 2023)
An attorney used ChatGPT for case research. The AI generated six fictitious case citations, complete with fabricated quotes and holdings. The brief was filed without verification. Result: $5,000 sanctions per attorney, national media coverage, and bar complaints.
In re Zachariah Crabill (Texas 2024)
Attorney drafted a motion using AI, failed to verify citations, and submitted fictional cases to the court. Result: Public reprimand, mandatory CLE on AI competence, and probation with practice monitoring.
These aren’t edge cases anymore—they’re the new normal for attorneys who skip verification.
Building a Compliant AI Practice
Firm AI Policy Essentials
Your written AI policy should cover:
- Approved Tools - Which AI systems are permitted
- Prohibited Uses - What is never allowed (client data in public AI)
- Review Requirements - Mandatory verification steps
- Supervision - Who oversees AI use
- Training - Required education for AI users
- Documentation - How to document AI use
- Billing - How to bill for AI-assisted work
- Updates - How policy will evolve
The Compliance Stack
A fully compliant AI implementation includes:
| Layer | Protection |
|---|---|
| Infrastructure | Private AI endpoints, no public exposure |
| Agreements | BAA/DPA with AI providers |
| Access Controls | MFA, role-based permissions |
| Data Protection | DLP, sensitivity labels, encryption |
| Audit | Complete logging of all AI interactions |
| Training | Role-appropriate education with documentation |
| Policy | Written SOPs and governance |
Your Next Step
AI compliance isn’t optional—it’s an ethical requirement. The firms that get this right will practice more efficiently while maintaining client trust. The firms that don’t will face sanctions, malpractice claims, and reputational damage.
Free ABA Compliance Assessment: Let us evaluate your firm’s current AI posture against ABA Model Rules requirements. We’ll identify gaps and provide a prioritized remediation roadmap.
Key Takeaways
- Rule 1.1 now requires AI competency as part of technology competence
- Rule 1.6 prohibits sending confidential data to public AI services
- Rules 5.1/5.3 mandate attorney supervision of all AI outputs
- Verification of AI-generated content is non-negotiable
- Written policies and training are essential for compliance
- Enterprise AI with proper safeguards enables compliant AI use
About the Author
Cloud Magic Technology Group is a leading IT services provider in the San Francisco Bay Area, helping companies modernize their technology infrastructure.