ABA Rule 1.6 and AI Tools: The Confidentiality Obligation Before You Upload Client Data

The discussion around AI in legal practice has concentrated heavily on citation accuracy — whether AI tools hallucinate cases, whether attorneys have verified their research before filing. That focus is warranted. But it has obscured a prior question that arises before any research is generated: what ethical obligations govern the act of submitting client information to an AI service in the first place?

The answer sits in ABA Model Rule 1.6, which has governed attorney confidentiality since long before generative AI existed, and in ABA Formal Opinion 512 (July 29, 2024), which applied that rule specifically to AI tools. The rule imposes an affirmative duty — not just a prohibition on intentional disclosure, but a requirement to take reasonable steps to prevent unauthorized access. That duty applies every time an attorney interacts with a commercial AI tool using client data.

Rule 1.6(a): The General Confidentiality Duty

ABA Model Rule 1.6(a) provides that a lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation, or the disclosure is permitted by the specific exceptions in Rule 1.6(b). The rule covers all information relating to the representation — not just attorney-client privileged communications, but any information that the attorney obtained because of the relationship.

When an attorney types a client's name, the facts of their dispute, the terms of a contract, or any identifying detail into an AI tool, and that tool transmits the data to a remote server operated by a third party, a potential Rule 1.6(a) issue arises. The question is whether that transmission constitutes unauthorized disclosure, or whether it falls within the implied authorization to use support services in carrying out the representation.

Courts and bar authorities have long recognized that attorneys may share client information with support staff, litigation consultants, and outside vendors when doing so is necessary to carry out the representation. The question for AI tools is whether using a commercial AI service falls within that implied-authorization analysis — and whether the specific practices of that service (data retention, use of inputs for model training, access by employees) are consistent with the confidentiality obligation.

Rule 1.6(c): The Reasonable Efforts Standard

ABA Model Rule 1.6(c) extends beyond prohibiting unauthorized disclosure. It imposes an affirmative obligation: a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. "Reasonable efforts" is a facts-and-circumstances standard, not a checklist. The ABA Comment to Rule 1.6 identifies factors relevant to that standard, including the sensitivity of the information, the likelihood of disclosure absent safeguards, the cost and difficulty of implementing safeguards, and the extent to which the safeguards adversely affect the lawyer's ability to represent clients effectively.

Applied to AI tools, Rule 1.6(c) requires attorneys to investigate the data practices of any AI service before using client data in that service. An attorney who uses a consumer-tier AI tool without reading the service's data retention and training policies has not made reasonable efforts to prevent unauthorized access — regardless of whether any breach actually occurs.

What ABA Formal Opinion 512 Adds

ABA Formal Opinion 512 (July 29, 2024), issued by the ABA Standing Committee on Ethics and Professional Responsibility, addressed the application of the Model Rules to generative AI tools. The opinion identifies Rule 1.6 as one of the core rules triggered by AI use, and specifies what compliance requires in practice.

The opinion establishes that before using an AI tool with client information, an attorney must review the service provider's policies regarding data retention, data training practices, data security, and whether the service may share inputs with third parties. The obligation is not satisfied by assuming the service is trustworthy. It requires actual review of the service's current terms and policies — and that review must be repeated when those terms change.

Three Questions to Ask Before Using Client Data in an AI Tool

The analysis under Rule 1.6 and ABA FO 512 converges on a concrete pre-use inquiry that should apply to every AI service an attorney considers using with client information. The inquiry involves three questions, and the answers should be documented.

First: Does the service retain user inputs after the session, and if so, for how long? Some services delete inputs at session end; others retain them indefinitely. Retention increases the risk of unauthorized access through data breach or government process directed at the service provider.

Second: Does the service use user inputs to train, fine-tune, or improve its models? Consumer-tier services often do; enterprise or API tiers frequently allow opt-out. Using a service that trains on client data without client consent may constitute a disclosure of that data to the model's future users in a diffuse but real sense — and almost certainly does not fall within the implied authorization to use support services.

Third: Who at the service provider has access to user inputs? A service whose employees can access prompts for quality assurance or safety review has a broader disclosure footprint than a service with strict access controls. Both may be permissible under Rule 1.6, but the attorney cannot assess this without reviewing the service's privacy and security documentation.

Client Consent and Engagement Agreement Language

Where the answers to these questions are unfavorable, the attorney has two paths: use a different AI service with better confidentiality properties, or obtain informed client consent to the specific data practices involved. ABA FO 512 notes that some engagement agreements now address AI use explicitly — identifying which tools the firm uses, what data practices those tools employ, and what categories of client information may or may not be submitted to external AI services.

This approach has the advantage of being transparent and creating a documented consent record. It also forces the attorney to make a deliberate choice about AI tool use rather than defaulting to whatever is convenient. Whether that documentation is required, or merely best practice, depends on the sensitivity of the client's information and the jurisdiction's adoption of Rule 1.6(c)'s reasonable-efforts standard.

What This Means for Legal AI Design

The Rule 1.6 analysis also defines a design requirement for legal AI tools intended for professional use. A tool that routes client data exclusively through the attorney's own infrastructure — or through a vendor agreement with clear data-processing terms, opt-out from training, and restricted employee access — is a tool that supports rather than undermines the attorney's confidentiality obligations. A tool that offers no visibility into data practices forces the attorney into guesswork, which is not what "reasonable efforts" looks like.

Legal Exception handles legal research rather than client data management. But the Rule 1.6 analysis is relevant to any AI tool in a legal workflow, and understanding it is part of the competence obligation that ABA FO 512 identifies alongside the verification duties more commonly discussed.

This content is legal information, not legal advice. It does not create an attorney-client relationship and cannot substitute for consultation with a licensed attorney about your specific circumstances.