The Information Commissioner’s Office describes AI as “an umbrella term for a range of technologies and approaches that often attempt to mimic human thought to solve complex tasks. Things that humans have traditionally done by thinking and reasoning are increasingly being done by, or with the help of, AI.”

AI systems and applications can understand and respond to human language, generate content and images, answer questions, analyse data and act creatively, independently and autonomously in many ways.

Traditional AI relies on pre-programmed rules, instructions and algorithms to perform particular, defined tasks. It can analyse and learn from data, and be trained to follow rules, or perform tasks in particular ways. However, it does not have the ability to generate new ideas or dynamically learn from the data it is trained on. Examples of traditional AI include voice assistants such as Siri and Alexa.

In recent years, there has been substantially greater interest in, and use of, generative AI.

Generative AI is a particular type of AI that can produce new content, including text, photos, audio and more, in response to a user’s prompt, question or request. To do this, the generative AI is ‘trained’ on existing data and information, constantly learning and refining its output. ChatGPT and Microsoft CoPilot are examples of generative AI, but there are many others.

To understand more about how AI works, you can read this ICO article and the Law Society’s guide to Generative AI.

AI can have beneficial uses, such as analysing data quickly, helping with document drafting, and summarising large amounts of information.

However, no generative AI system is perfect. AI models are programmed to learn based on the datasets on which they are trained. Those datasets can contain biases or inaccuracies, which can be subsequently reflected in the model’s outputs. This means that AI can make mistakes or ‘hallucinate’ an erroneous response.

Additionally, it is not possible to understand – or work out – how or why an AI model has produced a particular answer or output, nor to verify the sources of information it has used to generate its response.

As a Costs Lawyer, you should be aware of these limitations and risks, and the data protection and cyber security risks set out later in this guidance.

You should always consider whether a particular generative AI system is appropriate for the task for which you are using it.

You must be able understand how an AI system you are using operates, and to be able to explain it clearly to clients.

You should consider undertaking training to understand how to use AI effectively, and the risks and benefits involved. If you are manager, you should ensure that your staff are similarly trained.

You should ensure that you review and verify all outputs produced by an AI system, and never rely solely on AI for decision-making. If you rely on AI-generated content or AI-informed work without maintaining this important level of oversight, you are likely to be in breach of Principles 1, 3 and 4 of the Code of Conduct. Remember that generative AI system cannot replace your own expertise, experience and judgment as a Costs Lawyer.

As a Costs Lawyer, you have a duty under Principle 7 of the Code of Conduct to keep the affairs of your client confidential unless disclosure is required or allowed by law or if the client consents in writing to disclosure.

Under Principle 7, you must ensure that your client is able, in your reasonable opinion, to give informed consent to waiving their right to confidentiality.

This duty continues to apply when you are using AI while carrying out work for a client. From an ethical perspective, it means that you should not input any confidential client information into any AI system without understanding whether the information will be accessible to others, and the security features of that system.

You should ensure that you never input confidential client information into a public generative AI system (such as ChatGPT).

If you are using a closed AI system (such as a system that has been developed specifically for your firm and is not public), you should ensure that you understand the system’s security and data protection features, including:

• Who can view the information that you input into the system;
• How long data inputted into the system is retained for;
• Whether any data inputted into the system will be disclosed to a third party; and
• Whether any data that inputted will be used to further train the system.

You should also ensure that you understand how any data inputted into the system will be kept secure (for example, whether it is encrypted) and the protocol to be followed in the event of a data or security breach.

You should note that the risks of using AI are higher when using a public-facing AI tool such as ChatGPT, but that there are also risks associated with closed system AI tools.

As a Costs Lawyer, you must comply with your duty to the court and promote the proper administration of justice at all times (Principle 2 of the Code of Conduct). You also must not knowingly or recklessly either mislead the court, attempt to mislead the court, or allow the court to be misled (Principle 2.2 of the Code of Conduct).

If you use generative AI to assist with research, drafting documents or any other legal tasks, you must critically review, verify – and where necessary – correct, any AI-generated output to confirm that it is accurate and consistent with your own legal knowledge and experience. This aligns with your duties under Principle 4 of the Code of Conduct (provide a good standard of work to your client).

This is particularly important if you are using AI to assist with developing material that will be presented to a court. AI can make mistakes. It can produce hallucinations and is not free from bias. If you use generative AI material that has not been reviewed and checked for accuracy, and it later turns out to be false or misleading, this is likely to be a breach of Principles 1 and 2 of the Code of Conduct.

It is important that your clients understand how AI may be used in their case, so that they can make an informed decision about the work being undertaken on their behalf. ICO guidance says you must ensure that you inform individuals about how you are collecting and using their personal data, including when you are using AI to process their personal data.

You should be able to clearly explain to your client how your AI systems work and how their data will be processed by the system, if requested. If you are a manager, you should ensure that your staff also understand, and can explain, the AI systems you use.

If you are using AI, this should be reflected in your client care letter and/or terms of engagement, or privacy notice. If your client care letter, terms of engagement or privacy notice does not refer to use of AI, you should review and update them accordingly.

Where you have a data sharing agreement with your professional client (e.g. a solicitor or barrister) or another third party, you should review this  to ensure that your use of technology and AI does not breach any of the terms of that agreement.

UK GDPR and the standard rules around data processing and data protection apply to your use of AI systems.

It is crucial that you understand who will have access to the data you input into a generative AI system (including a closed system), and that you understand the system’s security features.

If you are a manager, you should consider carrying out a risk assessment or impact assessment before adopting any AI system.

The Information Commissioner’s Office (‘ICO’) has guidance on how to apply the UK GDPR principles to the use of information in AI systems, practical advice to help explain AI systems to individuals, and a toolkit for assessing risks posed by AI systems.

A 2023 report from the UK National Cyber Security Centre (NCSC) highlighted that legal services are increasingly targeted by ransomware attacks, with small firms being particularly vulnerable.

A particular risk in relation to AI systems – including closed systems – is that queries, prompts and data stored online (which may include confidential or sensitive information) may be hacked or otherwise made publicly accessible.

As a Costs Lawyer, you should familiarise yourself with the cyber risks of using generative AI systems, and how these risks can be mitigated. The SRA has produced a Risk Outlook report on the use of AI in the legal market, and the NCSC has produced guidance on a wide range of AI and cyber security, which you may find helpful.

You should also consider that you understand whether – and how – your use of AI could affect your professional indemnity insurance cover. You should discuss this with your insurer or broker where necessary.