Skip to main content

How to Write an AI Usage Policy for Your Law Firm (Without a Law Degree in Technology)

A practical guide to writing an AI usage policy for your law firm that meets Law Society expectations and actually gets followed.

AI Policy Compliance Law Society
6 min read By ServiceScaler

Your firm probably needs an AI usage policy, and there is a good chance the one you have (if you have one at all) is not doing what it needs to do. Sixty five percent of Australian law firms now report having an AI policy in place. But most of those policies are generic templates downloaded from the internet, listing tools and principles without addressing how your lawyers actually use AI day to day.

A policy that sits in a folder and gets read once during onboarding is not a policy. It is a liability.

What the Law Societies Actually Require

The regulatory landscape has moved quickly. If you have not checked your obligations recently, here is where things stand.

The Law Institute of Victoria issued guidance in September 2025 setting out expectations for firms using AI in legal practice. The focus is on supervision, competence, and client disclosure. Lawyers must understand the tools they use, supervise AI output as they would supervise a junior practitioner, and inform clients when AI has materially contributed to legal work.

The Queensland Law Society published Guidance Statement 37, which goes further on record keeping requirements. If AI is used in the preparation of legal advice or court documents, the firm must maintain records of the AI tools used, the prompts given, and the verification steps taken.

Most recently, the Joint QLS/LIV/LSWA Checklist released in February 2026 provides a consolidated set of minimum standards across three jurisdictions. If your firm operates across state lines, this checklist is your baseline.

The common thread across all three is this: you need to demonstrate that your firm has thought about how AI is being used, put controls in place, and documented those controls in a policy your lawyers actually follow.

The Professional Indemnity Angle

Beyond regulatory compliance, there is a practical reason to get this right. Professional indemnity insurers are starting to ask about AI policies during renewal applications. Some are already including specific questions about AI governance, approved tools, and verification procedures.

A firm without a documented AI policy, or with a clearly generic one, may face higher premiums or additional conditions on coverage. If an AI related claim arises and the firm cannot demonstrate it had reasonable controls in place, the insurer's response may not be what you hope for.

This is not hypothetical. As AI use in legal practice becomes routine, insurers are adjusting their risk models accordingly.

What Your Policy Must Cover

At minimum, your AI usage policy needs to address five areas. Miss any of these and you have a gap that either your regulator or your insurer will eventually notice.

1. Approved Tools and Permitted Uses

List every AI tool your firm has approved for use in legal work. Be specific: not just "ChatGPT" but which version, which licence tier, and whether it is the enterprise version with data protections or the free consumer version without them. State clearly which tools are approved for which purposes: drafting, research, document review, transcription, or general administration.

Equally important: state what is not approved. If lawyers are not permitted to use free consumer AI tools for client work, say so explicitly.

2. Verification Before Filing or Sending

Every piece of AI generated content used in legal work must be verified by a qualified practitioner before it is filed with a court, sent to a client, or relied upon in advice. Your policy needs to specify what verification looks like in practice.

This means more than "check it is accurate." Define the steps: verify all case citations exist and are current, confirm legislative references are to the correct version, check that factual claims match the source material, and review the output for fabricated content. AI models can produce convincing but entirely fictional case references. Your verification process must catch these.

3. Client Disclosure

When must you tell a client that AI was used in their matter? The Law Society guidance points toward disclosure when AI has materially contributed to legal work product. Your policy should define what "materially contributed" means for your firm and set a default position. Many firms are landing on proactive disclosure as standard practice, which is the safer approach.

4. Billing and Time Recording

How do you record time spent using AI tools? If a task that previously took two hours now takes 20 minutes with AI assistance, how do you bill for it? Your policy needs to address this directly. Some firms are moving to value based billing for AI assisted work. Others are recording actual time spent including the AI assisted portion. Whatever your approach, document it and apply it consistently.

5. Record Keeping

Under QLS Guidance Statement 37, firms should maintain records of AI use in legal work. Your policy should specify what gets recorded: the tool used, the date, the matter number, the nature of the prompt (without including confidential client information in the log), and the verification steps completed. This does not need to be complex. A simple log template attached to the matter file is sufficient.

Common Mistakes to Avoid

The most frequent problem we see is policies that list approved tools but do not specify verification steps. Saying "lawyers must verify AI output" without defining what verification means in practice is like saying "lawyers must do good work." Technically true but operationally useless.

The second most common mistake is failing to address client disclosure. If your policy is silent on when and how to inform clients about AI use, your lawyers are making individual judgment calls with no guidance. That inconsistency is a risk.

Third, many policies do not address what happens when a new AI tool appears. Your lawyers will discover new tools. Your policy needs a process for evaluating and approving new tools rather than assuming the approved list will never change.

Making the Policy Stick

A policy only works if people follow it. The firms with effective AI policies share two practices: they train on the policy during onboarding and at least annually, and they make compliance easy. If following the policy requires lawyers to fill out a complex form for every AI interaction, they will stop doing it within a week. Keep the compliance steps simple and proportionate to the risk.

Build the verification checklist into your document management workflow rather than making it a separate step. Add the AI use log to your matter file template rather than asking lawyers to maintain a separate register. The less friction, the higher the compliance rate.

What to Do Next

If you want a policy tailored to your firm's specific tools and practice areas rather than a template, we build them. We assess which AI tools your firm is actually using, map them against the current Law Society requirements, and deliver a policy your lawyers can follow in practice, not just file away. Talk to us about getting your AI policy right.

Want to discuss this topic?

Book a free consultation to talk about how these ideas apply to your organisation.

Get in Touch