RankShield Legal
Citation checker Request access
Firm Security

Outside counsel guidelines are adding AI clauses: what clients now demand

Corporate legal departments are writing AI terms directly into their outside counsel guidelines, and the pattern is consistent: disclose which AI tools touch the matter, obtain approval before client data enters any third-party system, restrict how that data is handled and retained, and grant the client the right to audit the firm’s practices. The hardest clause is the last one, because most firms can answer an audit demand only with a representation letter, not verifiable evidence.

By Jamie Kloncz, Founder, RankShield 19 min read Published

If you searched for outside counsel guidelines AI clauses, you are probably on one side of the same document: an in-house team deciding what to require, or a firm deciding how to answer. This article serves both. It maps the four clause types appearing in 2026 OCG supplements, the stricter approval gates regulated-industry clients impose, the billing conversations AI efficiency is forcing, and the enforcement gap at the center of it all: clients can demand almost anything on paper, but verifying compliance is another matter entirely. That gap is where the next competitive advantage for law firms is being decided.

The material below is informational, written for firm leaders and in-house counsel who need a working map of the terrain. It is not legal advice, and it does not tell you how to read your specific engagement terms. Treat it as a framework for the conversation you are already having, or are about to have, when the next supplement lands in your inbox with an AI section attached.

Why clients are adding AI sections to outside counsel guidelines

AI clauses moved from bar opinions into engagement terms because a contract binds immediately and privately, while an ethics opinion only advises. Clients stopped waiting to be told and started asking in writing.

The push did not start with clients; it started with regulators of the profession itself. Practical guidance summarized by ABA Law Technology Today identifies three situations in which lawyers should disclose AI use: when it affects billing, when work is effectively outsourced to a tool, and when the client asks [1]. Those duties trace to state-level guidance, including Florida’s Opinion 24-1 on billing implications and Kentucky’s treatment of AI as a form of outsourcing [1]. Once ethics authorities established that disclosure is sometimes mandatory, sophisticated clients drew the obvious conclusion: stop waiting to be told, and start asking in writing.

Outside counsel guidelines are the natural vehicle because they already govern every other operational dimension of the relationship: staffing, billing, data security, conflicts. Adding an AI section costs the client one drafting cycle and shifts the compliance burden entirely onto the firm. It also converts a vague professional-responsibility question into a contractual one. A firm that quietly runs client material through an unapproved tool is no longer just navigating gray ethics territory; it is breaching the engagement terms. That reframing, from ethics to contract, is why AI clauses spread through OCGs faster than through bar opinions.

There is a second reason the OCG is the chosen instrument, and it is about leverage rather than convenience. Bar opinions are advisory and slow to arrive; they describe what a lawyer should do, and they bind only through the disciplinary process. An engagement term binds immediately and privately, enforced by the client’s own commercial remedies. A general counsel who wants assurance today, not after the next round of ethics guidance, does not have to wait for the profession to catch up. The client simply writes the requirement into the document the firm must sign to keep the work, and the ethical floor described in bar guidance becomes a contractual ceiling the firm agreed to honor.

The four clause types showing up in 2026

Guidance published on Lexology describes OCG AI supplements as built from four parts: disclosure requirements, review obligations, data-handling restrictions, and audit rights [2]. In practice, firms are seeing those four parts expressed as distinct clause families, each with its own compliance burden. Disclosure is the entry point and the easiest to satisfy. Approval gates and data-handling restrictions require operational controls inside the firm. Audit rights are the capstone, because they are the client’s only mechanism for checking whether the first three clauses were actually honored rather than merely acknowledged in an engagement letter.

The four clause types, as they appear in current supplements:

Firms drafting responses should treat these as a stack: each clause assumes the one before it. A firm that cannot produce a reliable disclosure inventory cannot honestly answer an approval clause, and a firm without data-handling controls has nothing meaningful for an auditor to examine. In-house teams writing supplements should assume the same logic in reverse and sequence their demands accordingly [2].

The stack framing matters because it explains why so many firms answer these supplements badly. A firm that treats the four clauses as four separate promises will sign all four and then discover, months later, that it built the operational capacity for none of them. The clauses are dependent, not parallel. Reading the table below by column makes the dependency visible: the burden rises as you move down, and the ability to satisfy a lower clause presumes you already satisfied the ones above it.

  • Disclosure: which AI tools the firm uses, on which matters, disclosed to the client rather than discovered by the client.
  • Approval: explicit client sign-off before client data enters any third-party tool, AI included.
  • Data handling: no-training commitments, retention limits, and isolation of privileged material from general-purpose systems.
  • Audit rights: the client may verify the firm’s AI practices directly, not simply accept the firm’s representations.
Clause typeWhat it asks the firm to doWhere the burden lands
DisclosureName the AI tools in use and the matters they touchRecordkeeping: a current, honest inventory
ApprovalSecure client sign-off before data enters a toolProcess: a documented gate and a wait step
Data handlingRestrict training, retention, and access to privileged materialTechnical controls: isolation and configuration
Audit rightsLet the client verify the first three were honoredEvidence: proof the client can independently check

The four-part structure comes from published guidance on drafting OCGs for AI-assisted work [2]. The columns describing where the burden lands are analysis, not a fixed contractual template; specific supplements phrase and combine these clauses differently.

RANKSHIELD LEGAL AI Clauses in Outside Counsel Guidelines The four-part stack clients are writing into engagement terms 4 Clause types in 2026 OCG AI supplements Disclosure, approval, data handling, audit3 Situations that trigger AI disclosure duties Per ABA Law Technology TodayOpinion 24-1 Florida guidance on AI billing disclosure 4th Audit rights: the clause a representation letter cannot answer RankShield Legal rankshieldlegal.com
Source: Lexology; ABA Law Technology Today

Disclosure clauses: the entry point that is deceptively simple

Disclosure looks like the easy clause, and in isolation it is. The firm names the tools it uses and the matters they touch, and the client is informed rather than left to find out. The difficulty is not the promise; it is the recordkeeping that makes the promise true over time. Disclosure is only as good as the inventory behind it, and inventories decay. Tools get adopted by individual practice groups, trial versions get spun up for a single matter, and a browser extension a paralegal installed six months ago quietly processes documents no one flagged as AI-assisted. A disclosure clause the firm signed in good faith becomes inaccurate the moment its inventory falls out of date.

This is why disclosure sits at the base of the stack. The three situations that trigger disclosure duties under the guidance summarized by ABA Law Technology Today, billing impact, effective outsourcing, and a direct client question, all assume the firm actually knows what it is running [1]. A firm that cannot answer the simple question of which AI tools touched a matter cannot honestly answer any of the three triggers, and it certainly cannot answer the approval and audit clauses that build on top of disclosure. The practical work of a disclosure clause, then, is maintaining a living inventory that reflects reality rather than the state of the firm’s tooling on the day the OCG was signed.

3 situations that trigger AI disclosure duties, per guidance summarized by ABA Law Technology Today [1]

What regulated-industry clients require before AI touches their data

Disclosure is retrospective: act, then inform. Approval is prospective: ask, wait, record, then act. Regulated-industry clients demand the second, and there is no “disclose it later” once the data has already moved.

The strictest terms come from clients who are themselves regulated. ACC guidance prepared with Alston & Bird, published in January 2026, reports that OCGs from regulated-industry clients, including financial services, healthcare, and government, frequently require explicit client approval before client data enters any third-party tool, and that requirement expressly includes AI systems [3]. This is a meaningful step beyond disclosure. A disclosure clause lets the firm act and inform; an approval clause makes the client a gatekeeper for every new tool, every workflow change, and in some drafts every individual matter where AI will be used.

For these clients, the logic is straightforward: their own regulators hold them accountable for where sensitive data travels, so they extend that accountability downstream to their law firms. A bank that must answer examiners about third-party data flows cannot carve out an exception for outside counsel. Firms serving regulated industries should therefore expect approval clauses to be non-negotiable and should build the operational muscle to comply: a current inventory of AI tools, a documented approval trail per client, and technical isolation that keeps privileged material out of any system the client has not signed off on [3].

The operational difference between disclosure and approval is a difference in tense. Disclosure is retrospective; the firm can act and then inform. Approval is prospective; the firm must ask, wait, and record the answer before any client data reaches the tool. That single change reshapes internal workflow. It means a matter team cannot reach for a new tool mid-deadline on the theory that it will disclose the use later, because for a regulated client there is no later. The data either had approval before it entered the system or it did not, and the firm must be able to show which. Firms that internalize this early avoid the uncomfortable scenario of explaining, after the fact, why client material reached a system the client never signed off on.

Data-handling restrictions: no training, limited retention, real isolation

The third clause family governs what happens to client material once it is inside an approved tool. Data-handling restrictions typically ask for three commitments: that client data is not used to train the underlying model, that retention is limited rather than indefinite, and that privileged material is isolated from general-purpose systems [2]. Each of these is a technical configuration question, not a matter of good intentions. A firm cannot promise a no-training posture it has not verified in the tool’s settings, and it cannot promise isolation of privileged material if that material flows through the same general system as everything else.

Isolation is the commitment most easily promised and most rarely evidenced. It is one thing to assert that privileged documents never touch a general-purpose model; it is another to show, matter by matter, the method that kept them separate. This is where data-handling restrictions connect back to the approval clause and forward to audit rights. The approval clause decides which systems are allowed to see client data; the data-handling clause decides how that data is treated once inside; and the audit clause asks the firm to prove both were honored. A firm that treats data handling as a policy statement rather than an enforced configuration will find it has nothing concrete to hand an auditor when the fourth clause is finally exercised.

  • No training: the tool is configured so client material is not fed back into model training.
  • Limited retention: client data is held only as long as the work requires, not stored indefinitely by default.
  • Isolation: privileged material is kept out of general-purpose systems, with a method that can be shown rather than merely asserted.

How AI efficiency expectations are reshaping billing conversations

Billing is where AI clauses stop being abstract. The ABA Law Technology Today summary is direct on this point: disclosure duties are triggered when AI use affects billing, a position anchored in Florida’s Opinion 24-1 [1]. If a research memorandum that once took six associate hours now takes one hour plus AI assistance, the client is entitled to know, and increasingly entitled by contract to ask how the fee reflects that change. Some OCG supplements pair their AI sections with billing language for exactly this reason: the client wants efficiency gains shared, not silently absorbed as margin.

The Kentucky guidance adds a second billing-adjacent trigger: when work is effectively outsourced to a tool, the client should know, just as it would if the work went to a contract lawyer or an offshore vendor [1]. Firms should get ahead of both triggers rather than waiting for a line-item dispute. That means deciding, matter by matter, how AI-assisted work is described on invoices, whether alternative fee arrangements better fit AI-heavy workflows, and how to document the human review that justifies the fee. Handled well, this conversation becomes a pitch asset; handled defensively, it becomes a write-down.

The uncomfortable tension inside the billing conversation is that the hourly model and AI efficiency point in opposite directions. Under a pure hourly arrangement, a tool that turns six hours of work into one hour reduces the firm’s revenue on that task, which creates a quiet incentive not to adopt it or not to mention it. The disclosure triggers exist precisely to close that gap, and clients writing OCG billing language know it. The firms that come out ahead are the ones that stop treating efficiency as a threat to the invoice and start treating it as something to price honestly, whether by describing AI-assisted work plainly on the bill or by moving AI-heavy matters onto fee structures that do not punish speed.

The billing triggers described here come from ethics guidance summarized by ABA Law Technology Today and from Florida’s Opinion 24-1 and Kentucky guidance [1]. How any individual firm structures its fees is a business and professional-responsibility decision this article does not attempt to make.

Answering audit-rights clauses with verifiable evidence, not representations

Attestation proves isolation and consent were in place at each interaction. It does not adjudicate privilege, and it supplements the OCG’s contractual remedies rather than replacing them.

Here is the enforcement gap at the heart of every AI supplement: a client can write “no client data in third-party AI” into its guidelines, but it has no practical mechanism to verify compliance. Audit rights exist on paper [2], yet exercising them traditionally means questionnaires, certifications, and representation letters, which are all forms of the firm grading its own homework. The client is left trusting the same counterparty the clause was designed to check. In-house teams know this, which is why audit-rights language keeps getting broader even as actual audits remain rare.

This is the gap verifiable evidence closes. Instead of an annual representation, a firm can produce per-interaction attestations: signed records, generated at the moment of each AI interaction, that bind together the tool used, the policy in force, the isolation method applied to privileged material, and the consent on file. Paired with certified citation checks, those records let a firm answer an audit demand with evidence a client can independently verify. RankShield Legal produces exactly those records; the OCG terms themselves remain between client and firm, and attestation supplements contractual remedies rather than replacing them. The firm that shows up to a pitch with proof, while competitors show up with promises, has turned an OCG burden into a trust advantage.

It is worth being precise about what attestation proves and what it does not. A signed per-interaction record can show which tool was used, that an isolation method was applied to privileged material, and that consent was on file at the time. It does not, by itself, establish that any particular document remains privileged, nor does it substitute for the firm’s underlying professional judgment about confidentiality. Attestation answers the operational question an audit-rights clause poses, whether the disclosure, approval, and data-handling commitments were actually honored, and it does so with evidence rather than assurance. The legal conclusions built on top of those facts remain the province of the firm and its client.

Reading an AI supplement before you sign it

For firm leaders, the practical task is not agreeing with the four clause types in principle; it is reading a specific supplement against the operational capacity the firm actually has. The stack structure gives a reliable order for that review, because a firm that cannot satisfy a lower clause has no honest basis for signing the ones that depend on it. The steps below trace that order from the base of the stack upward.

  1. Confirm the inventory existsBefore agreeing to any disclosure clause, verify the firm can actually produce a current list of which AI tools touch which matters. If that inventory does not exist yet, the disclosure promise is aspirational, and every clause above it inherits the same weakness [2].
  2. Locate the approval gateIdentify whether the supplement requires sign-off before client data enters a tool, and whether that gate is per-tool, per-workflow, or per-matter. Regulated-industry clients often demand the strictest version, and the firm needs a documented process to honor it [3].
  3. Check the data-handling specificsRead the no-training, retention, and isolation language against the firm’s real tool configurations, not its intentions. A commitment the firm has not verified in settings is a commitment it cannot keep [2].
  4. Test the audit clause for evidenceAsk what the firm would actually hand an auditor. If the honest answer is a representation letter, note the gap now, while it can still be closed, rather than during the audit itself [2].

What in-house teams should sequence into their supplements

The same stack that helps firms read a supplement helps in-house teams write one. Because the four clauses depend on one another, a supplement that demands strong audit rights while leaving disclosure vague has asked for verification of commitments it never clearly specified. Sequencing the demands in dependency order, from disclosure through approval and data handling to audit rights, produces a document a firm can actually answer, which is the point of writing it. A demand a firm cannot honestly satisfy is not leverage; it is a clause both sides quietly ignore.

In-house teams also gain the most from the one clause that is hardest to enforce. Audit rights are the mechanism that checks whether the other three were honored, yet they are rarely exercised because the traditional tools of an audit, questionnaires and certifications, return the firm’s own account of itself [2]. A legal department that wants those rights to mean something in practice should ask, during selection, what a firm can actually produce as evidence. The firms that can answer with independently verifiable records rather than representations are demonstrating exactly the discipline the supplement was written to require.

  • Sequence by dependency: specify disclosure clearly before demanding approval, data handling, and audit rights that build on it [2].
  • Make demands answerable: a clause the firm cannot honestly satisfy becomes a clause both sides ignore.
  • Ask for evidence at selection: find out during the pitch whether a firm can show proof or only sign a letter.

Where the competitive advantage is being decided

Step back from the individual clauses and a larger shift comes into view. The profession spent years treating AI use as an ethics question, answered case by case through bar guidance [1]. Clients have now converted that question into a contractual one, answered up front inside the engagement terms, with disclosure, approval, data handling, and audit rights stacked into a single supplement [2]. The firms that read this shift as pure burden will spend their energy negotiating the language down. The firms that read it as an opening will build the operational capacity to answer every clause and then use that capacity to win work.

The decisive clause remains the last one. Any firm can promise disclosure, approval, and careful data handling; the differentiator is the ability to prove those promises were kept when a client finally asks. That is why the enforcement gap, the space between what an OCG can demand and what a client can verify, is where the next advantage is being decided. A firm that can close that gap with evidence answers the hardest clause in the supplement directly, and it does so while competitors are still drafting representation letters. Turning an OCG burden into a trust advantage is not a slogan; it is the practical outcome of being the firm that shows up with proof.

This article is informational and reflects publicly available guidance current as of its publication date. It is not legal advice, and it does not interpret any specific engagement terms. RankShield Legal is a technology vendor, not a law firm; firms and in-house teams should apply their own professional judgment to their own agreements.

Test yourself

Test yourself on OCG AI clauses

Four questions on what clients now demand and what a firm can honestly prove.

  1. 1Which of the four clause types is hardest to satisfy with only a representation letter?

    Answer: Audit rights

    Audit rights ask the firm to let the client verify the other three were honored. A questionnaire or letter is the firm grading its own homework, which is why the clause needs evidence.

  2. 2How many situations trigger AI disclosure duties per ABA Law Technology Today?

    Answer: Three

    Disclosure duties arise when AI affects billing, when work is effectively outsourced to a tool, and when the client asks.

  3. 3What distinguishes an approval clause from a disclosure clause?

    Answer: Approval is prospective: ask, wait, and record before client data enters a tool

    Disclosure is act-then-inform. Approval requires sign-off before client data reaches the tool, and regulated-industry clients demand that gate with no disclose-it-later option.

  4. 4What does per-interaction attestation prove, stated honestly?

    Answer: That the tool, policy, isolation method, and consent were in place at each interaction

    Attestation shows isolation and consent were bound at each interaction and supplements the OCG's contractual remedies. It does not adjudicate whether a document remains privileged.

Honest self-check. There is no sign-up, and nothing is stored.

Questions answered

Straight answers to the common questions

The questions readers ask about this topic, answered directly. No forms, no sales pitch.

JAMIE KLONCZ · SEO AGENCY NAPLES ONLINE

Pick a question on the left, or search above. You will get the direct answer, the way an answer engine would give it.

REQUEST ACCESS →
Written by

Jamie Kloncz

Founder, RankShield

Jamie Kloncz is the founder of RankShield, the verifiable AI and quantum security platform behind RankShield Legal. An engineer by training, he built RankShield after his own devices and business were attacked, including an AI voice-cloning scam that targeted his family, on one conviction: unverifiable security is the real danger, so every consequential action should leave a receipt anyone can independently check.

More about Jamie →
Try it · Free

Check a citation against live case-law

Paste a citation from an AI-drafted brief and see whether the case actually exists, resolved against live case-law. Free, no sign-up. Then request early access to certify a full filing.

Try the citation checker