Ethical AI integration for Texas attorneys: a practical guide to confidentiality, data privacy, and export controls

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Attorneys should consult the relevant rules and seek specific guidance as needed.

The rapid adoption of artificial intelligence (AI) in Texas legal practice is transforming research, drafting, and client service. While AI offers meaningful efficiencies, its use brings heightened ethical and legal responsibilities—especially regarding client confidentiality, data privacy, and compliance with U.S. export controls. This guide offers Texas attorneys clear, actionable steps to integrate AI ethically and lawfully, in line with the latest State Bar of Texas guidance and regulatory developments.

Texas Attorneys Must Understand AI Risks

Under Rule 1.01 of the Texas Disciplinary Rules of Professional Conduct (TDRPC), attorneys are required to maintain technological competence. This means:

• Gaining a working understanding of how any AI tool handles and stores client information—review terms of service, privacy policies, and data retention practices.
• Consulting IT or cybersecurity professionals if unsure about a tool’s security or data practices.
• Staying up to date on the evolving capabilities and limitations of AI platforms.

Never Compromise Client Confidentiality

Confidentiality is fundamental. Rule 1.05 of the TDRPC and Opinion 705 (February 2025) of the Professional Ethics Committee for the State Bar of Texas require that attorneys never share confidential client information with unsecured or unvetted AI tools. To comply:

• Never input confidential or sensitive client data into public or unvetted AI platforms (e.g., public chatbots like ChatGPT).
• Vet AI vendors for strong security, including data encryption, access controls, and precise data ownership terms.
• Train your team on the safe use of AI and regularly review your firm’s AI policies to ensure they reflect best practices.
• For example, before using an AI tool for contract review, confirm it will not use client data to train its models or share data with third parties.

Always Comply With Data Privacy Laws

Texas law, including the Texas Data Privacy and Security Act (TDPSA), effective July 2024, applies to all attorneys using AI. You must:

• Limit the input of personal data (identifiers, health, financial, or biometric information) into AI tools unless essential and only after confirming compliance with all relevant privacy laws.
• Ensure AI vendors comply with Texas and federal data privacy standards (such as HIPAA and the Texas Medical Records Privacy Act).
• Obtain and document your client’s informed consent before using AI tools to process or transmit their data.
• Monitor ongoing enforcement by the Office of the Texas Attorney General, which has prioritized privacy and AI compliance, especially regarding international data transfers.

Avoid Unlawful Data Transfers

U.S. export control laws regulate not only physical goods but also specific categories of data—especially when transferred or accessed by foreign entities. Texas attorneys should:

• Ensure client data is not transferred, accessed, or stored in countries where U.S. law restricts data sharing, such as China, Russia, or Iran.
• Ask your AI vendor directly about its data storage locations and ownership structures.
• Keep records of your due diligence and compliance steps to demonstrate adherence to export control requirements.

Always Verify AI Outputs

Ethics Opinion 705 is clear: attorneys cannot blindly rely on AI-generated content. You must:

• Independently verify all AI outputs for accuracy and ethical compliance before using them in client matters or court filings.
• Supervise all staff using AI tools, ensuring outputs meet professional standards, and retain ultimate responsibility for the accuracy and appropriateness of all work products.

Be Fair and Transparent With Billing

Efficiencies gained through AI must benefit clients. Ethics Opinion 705 clarifies:

• Only bill for actual time worked, not for time saved by using AI.
• Disclose any AI-related costs (such as subscription fees) to clients in advance and obtain their agreement.

Maintain Clear Policies and Communication

• Develop a written AI policy that specifies approved tools, permissible data types, and review procedures.
• Require mandatory staff training and ongoing supervision.
• Establish a governance process to oversee AI risk management, compliance, and incident response.
• Inform clients promptly if you use AI in their matters, particularly if it involves their data. Obtain and document their informed consent when required.

Conclusion

By understanding AI’s risks, protecting client data, and adhering to State Bar of Texas rules, attorneys can safely and ethically use AI to enhance their practice. Upholding these standards is both a legal obligation and essential to maintaining client trust. The successful integration of AI into legal practice depends not on the sophistication of the technology but on the judgment and diligence of the lawyers who apply it.

Bamdad Shams is a professor of management practice in business law at ESSEC Business School and a lawyer at the Paris Bar.