The SRA has issued AI guidance and most firms have read it. The problem is that reading guidance and actioning it are two different things. This briefing cuts through the language and maps exactly what the SRA expects from law firms using AI — with specific Code of Conduct paragraph references and a 10-point compliance checklist.
The SRA's position is clear: existing professional conduct obligations fully apply to AI use in legal practice. There is no AI-specific carve-out, no grace period, and no reduced standard for firms that are "still learning" about AI. The supervising solicitor is responsible for AI outputs used on their matters — always.
The Four SRA Obligations That Apply to AI Use
1. Competence — Code for Solicitors Para 3.2 / Code for Firms Rule 4.2
You must only act in areas where you are competent to do so, and you must maintain competence in tools you use in practice. The SRA has made clear this extends to AI tools. A solicitor who uses an AI tool without understanding its capabilities, limitations, hallucination rates, and data handling practices is not meeting the competence standard. Ignorance of AI limitations is not a defence to a conduct complaint arising from AI-generated errors.
2. Client Confidentiality — Code for Solicitors Para 6.3
You must keep the affairs of current and former clients confidential unless disclosure is required or permitted by law. Using AI tools that process client information without adequate data protection agreements, without understanding where client data goes, or without client knowledge where consent may be required — all potentially breach this obligation. The fact that a fee earner used an AI tool without the firm's knowledge does not insulate the firm or the supervising partner from responsibility.
3. Supervision and Personal Accountability — Code for Solicitors Para 3.5 / Code for Firms Rule 4.4
SRA Code Para 3.5 is explicit: supervising solicitors remain personally accountable for work carried out by those they supervise. This applies fully to AI-assisted work. Code for Firms Rule 4.4 requires firms to have an effective system for supervising client matters. A firm that deploys AI tools without supervision protocols, verification requirements, or audit trails is not meeting this standard — and both the supervising solicitor and the firm face concurrent regulatory exposure.
4. Transparency with Clients — SRA Transparency Rules
While the SRA has not yet mandated specific AI disclosure obligations, the broader transparency framework and emerging Law Society guidance both point toward an expectation that clients should be informed when AI is used materially on their matters — particularly where it affects the cost, quality, or nature of the legal service delivered.
What the SRA Expects Firms to Have in Place
- A documented AI Acceptable Use Policy that governs which tools can be used, on what types of work, and with what oversight requirements
- An AI tool register identifying approved, conditionally approved, and prohibited tools — updated as the tool landscape evolves
- Data Processing Agreements with all AI tool vendors before those tools are used on client work
- Mandatory training for all fee earners on AI capabilities, limitations, and the firm's governance requirements — with completion records maintained
- An AI output verification protocol requiring qualified solicitor review before AI-generated work is used or sent to clients
- An AI incident reporting mechanism — so that AI-related failures, errors, or data incidents are captured, assessed, and escalated appropriately
- Named accountability for AI governance at firm level — the SRA expects someone to be responsible
What the SRA Will Look for in an Investigation
If the SRA investigates an AI-related conduct complaint, it will ask the following questions. Your answers determine whether you have a defence:
- Did the firm have a written AI governance policy in place at the time of the incident?
- Was the fee earner trained on AI use and the firm's governance requirements?
- Was the AI tool in use approved by the firm and subject to an appropriate DPA?
- Was the AI output reviewed and verified by a qualified solicitor before use?
- Was the client informed of AI use in a manner consistent with the firm's transparency obligations?
- When the incident occurred, did the firm have an incident reporting mechanism and did it use it?
If the answer to any of these is no, the firm's position in an investigation is significantly weakened. If the answer to most of them is no, the firm has no meaningful defence.
The 10-Point SRA AI Compliance Checklist
- Written AI Acceptable Use Policy — live, communicated to all fee earners, reviewed in the last 12 months
- AI tool register — approved / conditional / prohibited list, published and accessible
- Data Processing Agreements executed with every AI tool vendor before use on client work
- DPIAs completed for AI tools processing personal data
- Mandatory AI training delivered to all fee earners — completion records maintained
- AI output verification protocol — mandatory solicitor review before any AI output is used on a matter
- Client disclosure approach defined — when and how clients are told about AI use
- Matter-level AI use log — maintained for all active matters involving AI
- AI incident reporting mechanism — with defined SRA notification thresholds
- Named AI Governance Lead at firm level — with management committee accountability
The SRA has confirmed it is actively monitoring AI-related complaints and conduct issues. It has signalled that enforcement activity will increase. Firms that cannot demonstrate a governance framework when investigated will face a significantly more difficult regulatory conversation than those who can show documented, implemented controls — even if those controls are not yet perfect.
Sources: SRA Code of Conduct for Solicitors 2019 (Paras 3.2, 3.5, 6.3) · SRA Code of Conduct for Firms 2019 (Rules 2.1(a), 4.2, 4.3, 4.4) · SRA Technology and Innovation Guidance 2024 · SRA AI Guidance 2024 · Law Society AI Practice Notes · SRA Transparency Rules · SRA Effective Supervision Guidance 2024
This briefing is for informational purposes only and does not constitute legal advice. Ronke Jegede · Cardinal AI Systems · June 2026