Compliance8 min read

SRA Guidance on AI: What Solicitors Must Know

The SRA has no separate AI rulebook: your existing duties apply. Confidentiality (paragraph 6.3) is the crux. Anonymise client detail before any prompt.

By Pierre de ONYRI

The SRA (Solicitors Regulation Authority) has not written a separate AI rulebook. Its published position is simpler. The existing SRA Standards and Regulations already apply when a tool joins the work. So the question is not “what are the AI rules?”. It is “how do my duties apply here?”. Confidentiality is the crux. Paragraph 6.3 of the SRA Code of Conduct requires you to keep client affairs confidential. Pasting matter detail into a public AI tool is a disclosure to a third party. UK GDPR then stacks on top. The fix is concrete: strip names, parties and identifying detail before the prompt.

There is no separate AI rulebook

The SRA regulates solicitors in England and Wales. It does not cover Scotland or Northern Ireland. It has published no AI-specific rules. Its Risk Outlook report on the use of artificial intelligence in the legal market is a research and risk advisory publication. It is not a code of practice. It creates no new obligation.

That framing changes your practical task. You are not waiting for a new rulebook. You are applying duties you already know. Confidentiality. Competence. Supervision. Accountability. The Risk Outlook lists its own risk headings: bias, errors, scale, confidentiality and privacy, accountability, regulatory divergence and crime.

Confidentiality: paragraph 6.3 is the crux

Paragraph 6.3 of the SRA Code of Conduct carries the confidentiality duty. It sits in both Codes. The Code for Solicitors, RELs and RFLs. And the Code for Firms. The wording is direct. You keep the affairs of current and former clients confidential. Three exceptions only: the law requires disclosure, the law permits it, or the client consents.

The SRA's confidentiality guidance addresses third-party disclosure head on. Client consent must be clear enough. The client must understand to whom their information will be made available. When. And for what purpose. The SRA tells firms to reflect such arrangements in their terms of engagement.

This is where AI turns. Pasting matter detail into an external tool is not an internal act. It is a disclosure to a third party. The AI provider is that third party.

One word on breach. The SRA's guidance treats unauthorised disclosure as a breach. A compelling justification may mitigate it. It does not erase it after the fact. That distinction matters.

What the Risk Outlook actually names

The SRA's Risk Outlook report names the exact failure mode you worry about.

  • Staff uploading client case information into public AI tools such as ChatGPT.
  • Confidential data exposed when it is transferred to an AI provider for training.
  • One client's sensitive details resurfacing in output generated for another client.
  • Accountability that does not delegate: the firm answers for third-party AI outputs.

That last point deserves a pause. The Risk Outlook is explicit. Firms remain answerable for the outputs of third-party AI providers. You cannot hand your accountability to a technology supplier. The SRA's compliance tips add two details. The COLP (Compliance Officer for Legal Practice) is responsible for regulatory compliance when new technology is introduced. And board oversight is critical, at purchase and in ongoing use.

Verification: the Ayinde ruling

In June 2025, the Divisional Court settled a neighbouring question. The case is Ayinde v London Borough of Haringey and Al-Haroun v Qatar National Bank [2025] EWHC 1383 (Admin). It was handed down on 6 June 2025. It came from the President of the King's Bench Division and Johnson J.

The rule is plain. Anyone using AI for legal research has a professional duty to check its accuracy. The check runs against authoritative sources. The court named three. The National Archives case law database. Government legislation databases. And the official Law Reports. The check comes before any professional use.

The facts show the scale of the problem. In Ayinde, five cited authorities did not exist. In Al-Haroun, 45 citations were problematic and 18 were entirely fabricated. Contempt proceedings were not initiated. But referrals were made to the SRA and the BSB (Bar Standards Board).

Two honest caveats. This duty is owed to the court. It does not come from the regulator. It is a separate source of obligation from the SRA's. And Ayinde is about verification, not confidentiality. Both problems are real, but they are distinct.

UK GDPR adds a second layer

UK GDPR stacks on top of the conduct duty. It does not replace it. Client personal data in a prompt engages your controller duties. The regulator is not the same one. The SRA on one side. The ICO (Information Commissioner's Office) on the other.

Do not conflate the two consents. Client consent under paragraph 6.3 is not a lawful basis under UK GDPR. They are two separate analyses. The SRA's compliance tips point you to your data protection obligations too. Explain to individuals how their personal data will be processed. Follow the rules on automated decision-making and profiling, per ICO guidance.

The ICO publishes dedicated resources. Guidance on applying UK GDPR principles to information used in AI systems. And an AI and data protection risk toolkit.

The dutyWhere it comes fromWhat it means for a prompt
ConfidentialitySRA Code of Conduct, paragraph 6.3Pasting matter detail into a public AI is a disclosure to a third party.
Governance, systems and controlsSRA Code for Firms, paragraph 2.1(a)Your COLP answers for compliance when a new tool is introduced.
Verification of AI researchDuty to the court (Ayinde [2025] EWHC 1383)Check every output against authoritative sources before you use it.
Personal dataUK GDPR, enforced by the ICOClient personal data in a prompt engages your controller duties.
AccountabilitySRA Risk Outlook on AIIt stays with the firm. It does not move to the AI vendor.
Five duties, four separate sources. AI created none of them — all of them apply to it.

The fix: anonymise before the prompt

The good news is that AI stays useful. It drafts. It structures. It reasons over a fact pattern. For that, it needs no client name. No party names. No identifying matter detail. Strip them before the prompt and the help remains whole.

Anonymisation removes the disclosure without removing the utility. The material that triggers paragraph 6.3 never reaches the third party. Nor does the personal data that triggers UK GDPR. One move answers both regulators.

Two-lane diagram: at top, a legal matter file whose client-name row and case rows are in the clear (amber) travels past a scales-of-justice glyph toward an AI card that receives the exposed matter, with an amber risk alert; at bottom, the same file anonymised shows cobalt token chips and an intact confidentiality seal, and the AI card receives only tokens with a checkmark.
After the SRA's Risk Outlook report on AI in the legal market, the SRA's confidentiality guidance (paragraph 6.3), and the Divisional Court's judgment in Ayinde [2025] EWHC 1383 (Admin).
  1. 1Read the SRA's current guidance before you open an AI tool.
  2. 2Strip names, parties and identifying matter detail out of the prompt.
  3. 3Use firm-approved tools with a DPA and no-training terms.
  4. 4Check every output against authoritative sources, as Ayinde requires.
  5. 5Record your approach: the tool, the controls, the supervision.

One honest caveat. Anonymisation does not discharge the duty outright. A small matter can still identify the client. So can a distinctive fact pattern. Residual re-identification risk remains. That is why approved tools, a DPA and real supervision still matter. Anonymisation cuts your exposure. It does not replace governance.

That is what ONYRI Sanitize is for. The engine detects sensitive data — names, parties, contact details, amounts, matter references — and replaces it with reversible tokens. Detection and the mapping stay in your browser. Only anonymised text reaches the model. You restore the real values locally, after the reply. The AI still helps with the drafting and the reasoning. The detail that triggers paragraph 6.3 and UK GDPR never leaves your machine.

Frequently asked questions

What does the SRA's guidance say about AI?
The SRA has published no AI-specific rules. Its position is that the existing SRA Standards and Regulations already apply. Paragraph 6.3 of the Code of Conduct requires client affairs to be kept confidential. Pasting matter detail into a public AI tool is a disclosure to a third party. The SRA's Risk Outlook report names that risk, without creating a new obligation. The fix: anonymise before the prompt.
Can a solicitor put client information into ChatGPT?
Not identifying detail. Paragraph 6.3 permits disclosure only where the law requires it, the law permits it, or the client consents. And consent must be clear enough that the client understands to whom, when and for what purpose. The SRA's Risk Outlook specifically names staff uploading client case information into public tools such as ChatGPT. Strip names, parties and matter detail, and work in a firm-approved tool.
Does using an AI tool transfer my accountability?
No. The SRA's Risk Outlook is explicit that firms remain answerable for the outputs of third-party AI providers. The compliance tips add that the COLP is responsible for regulatory compliance when new technology is introduced. And in Ayinde [2025] EWHC 1383 (Admin), the Divisional Court confirmed a duty to check AI research against authoritative sources.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next