TL;DR
| AI ethics rules for lawyers are moving from general guidance to practical expectations. California law firms should not wait for final rule changes before creating clear policies for AI use, client confidentiality, staff supervision, and human verification.

 

Image SEO Sentences:

“”

“Professional Computer Concepts helps Bay Area law firms prepare for AI ethics rules for lawyers with practical technology controls.”

“Clear AI ethics rules for lawyers can reduce confidentiality risk, improve staff supervision, and support responsible AI use.”

 

Artificial intelligence is quickly becoming part of legal work. Lawyers and staff may use AI to summarize documents, draft language, organize facts, review large amounts of information, or speed up research. These tools can be useful, but they also create risk when firms do not define how AI should be used.

The State Bar of California is now moving toward clearer AI-related ethics rules for lawyers. In 2026, the State Bar sought public comment on proposed amendments to the California Rules of Professional Conduct related to artificial intelligence. The proposed changes address several core lawyer duties, including competence, client communication, confidentiality, candor toward tribunals, supervision of lawyers, and supervision of nonlawyer assistants.

For California law firms, the message is clear. AI is not just a productivity tool. It is now a professional responsibility issue.

What Are AI Ethics Rules for Lawyers?

AI ethics rules for lawyers are professional conduct rules, guidance, or proposed amendments that explain how attorneys should use artificial intelligence while still meeting their duties to clients, courts, and the legal system.

These rules do not usually say that lawyers cannot use AI. Instead, they focus on how AI must be supervised. Lawyers remain responsible for the quality, accuracy, confidentiality, and judgment behind their work, even when AI helps produce it.

That distinction matters. AI can support legal work, but it does not replace legal judgment. A lawyer cannot treat an AI-generated answer as reliable just because it sounds polished. A law firm cannot assume that staff are using AI safely just because no one has complained. And a supervising attorney cannot ignore how associates, paralegals, or outside vendors are using AI in client matters.

What Is California Proposing?

The State Bar of California’s proposal does not create one standalone “AI rule.” Instead, it proposes changes across existing professional duties. That is an important signal.

California appears to be treating AI as part of the lawyer’s existing obligations, not as a completely separate technology issue. The proposed amendments touch core areas of legal practice, including competence, communication, confidentiality, candor, and supervision.

One of the most important concepts is verification. When lawyers use technology, including AI, they must independently review, verify, and exercise professional judgment regarding output used in client representation. That is practical, direct, and hard to ignore.

In plain English, AI can help prepare work, but the lawyer still owns the work.

Why Should Law Firms Act Before the Rules Are Final?

Law firms should not wait because the risk already exists.

Even without final AI ethics rule amendments, lawyers already have duties related to competence, confidentiality, communication, candor, and supervision. AI does not erase those duties. It makes them easier to violate accidentally.

A staff member may paste client information into a public AI tool to save time. An associate may rely on an AI-generated case summary without checking the source. A partner may assume that a legal research platform is accurate because it is marketed for lawyers. A firm may adopt an AI-enabled vendor without reviewing how data is stored or used.

None of these examples require bad intent. That is the point. Most AI risk inside a law firm will come from convenience, pressure, and unclear expectations.

Did You Know?

Reuters reported in January 2026 that the California Senate passed SB 574, a bill that would require lawyers to verify the accuracy of AI-generated materials used in court filings, including case citations.

That bill is separate from the State Bar’s proposed ethics amendments, but together they show the same direction of travel. California is moving toward stronger expectations around AI verification, confidentiality, and accountability in legal work.

Law firms should read that as a warning. Waiting for a final rule, final bill, or disciplinary case is not a strategy. It is a delay.

The Biggest Risk Is Not AI. It Is Unsupervised AI.

The real issue for many law firms is not whether AI is allowed. The issue is whether anyone knows how AI is being used.

This is where shadow AI becomes a problem. Shadow AI happens when employees use AI tools without approval, oversight, or documentation. In a law firm, this could involve public chatbots, browser extensions, note-taking tools, document summarizers, legal research tools, or AI features built into everyday platforms.

The firm may not know what client data was entered, whether prompts are retained, whether outputs are reused to train models, or whether the result was verified before being used. That creates confidentiality risk, accuracy risk, and supervision risk.

Read more in “Shadow AI Is Already in Your Business. Can You See It?

What Should a Law Firm AI Policy Cover?

A useful AI policy should be practical enough for attorneys and staff to follow. It should not be a dense technology document that no one reads.

The policy should identify approved AI tools and explain which tools are not allowed for client work. It should define what information may never be entered into public AI systems, including privileged information, confidential client data, personal identifying information, financial records, health information, sealed materials, and sensitive litigation documents.

It should also require verification. Any AI-assisted legal research, citation, quote, factual statement, or legal conclusion should be checked against a trusted source before it is used in client work or court filings.

The policy should explain when clients need to be informed about AI use. Not every internal AI use may require client communication, but firms should decide how they will handle situations where AI use affects legal strategy, cost, confidentiality, or the delivery of legal services.

Finally, the policy should address supervision. Associates, paralegals, assistants, outsourced vendors, and nonlawyer staff need clear rules. A supervising attorney should know when AI is being used and how the output is reviewed.

How Does This Connect to Cybersecurity?

AI ethics and cybersecurity now overlap.

A law firm can have strong legal talent and still create technology risk if confidential data is copied into unapproved AI tools. A firm can have cybersecurity software and still fail if permissions, sharing settings, browser extensions, or vendor tools are unmanaged.

For many firms, the first step is visibility. Leadership should know which tools are being used, which data those tools can access, and whether the firm has documented rules. Microsoft 365 permissions, endpoint controls, identity security, data loss prevention, and user training all matter more as AI tools become more connected to daily work.

This is not about turning lawyers into IT administrators. It is about making sure technology use supports professional obligations instead of quietly undermining them.

Read more in “How Law Firms Can Reduce IT Risk Without Slowing Down Their Practice.

Explore “Modern IT for Law Firms: Building a Smarter, Safer Practice.

Learn how Managed IT Services can support secure day-to-day operations.

Practical First Steps for California Law Firms

California law firms should begin with a short internal review. Ask attorneys and staff which AI tools they are already using. Include free tools, paid tools, browser extensions, legal research platforms, transcription tools, Microsoft 365 AI features, and vendor systems.

Next, classify the tools. Which are approved? Which are not approved? Which need further review? Which should be blocked or restricted?

Then document the rules. A short policy is better than a perfect policy that never gets finished. Start with approved tools, prohibited data, verification steps, client communication standards, and supervision expectations.

Finally, train the team. The training should be plain English. Employees need to understand that AI can hallucinate, that confidential information should not be entered into unapproved tools, and that lawyers remain responsible for the final work.

FAQ

Are California’s AI ethics rules for lawyers final?

The State Bar of California has proposed AI-related amendments and sought public comment. Proposed amendments are not the same as final binding rules, but they show the direction California is moving.

Can California lawyers use AI?

Yes. The issue is not whether lawyers can use AI. The issue is whether they use it responsibly, protect confidential information, verify output, supervise staff, and exercise professional judgment.

Does a lawyer have to verify AI-generated work?

Lawyers should verify AI-generated work before using it in client representation. The State Bar proposal emphasizes independent review, verification, and professional judgment when technology output is used in client work.

Can law firm staff use AI tools?

Staff may be able to use AI tools if the firm allows it, but use should be supervised. Nonlawyer staff need clear rules about client confidentiality, approved tools, verification, and escalation.

Should law firms ban public AI tools?

Not necessarily, but firms should restrict public AI tools for confidential or client-sensitive work unless the tool has been reviewed and approved. A blanket “do whatever saves time” approach is risky.

About Professional Computer Concepts

Professional Computer Concepts (PCC) is a trusted Managed IT and Cybersecurity provider serving the Bay Area for over 20 years. We help small and midsize businesses simplify their IT, strengthen security, and modernize operations. Explore our services:

Managed IT Services   |   Cybersecurity   |   Cloud Solutions

From PCC’s Desk

AI can make legal work faster, but speed does not remove responsibility. California law firms should treat AI use as part of their professional, operational, and security obligations.

If your firm is using AI or suspects employees are using it without clear rules, now is the right time to create a safer process. Let’s talk.