AI Tools in Legal Practice: Model Rule 1.1 Competence and Confidentiality Obligations

Adopting AI in your practice? Rule 1.1 competence, Rule 1.6 confidentiality, and Rule 5.3 supervision all apply to AI tools — and 2026 sanctions cases show courts are enforcing them. Here's what solo and small-firm attorneys need to know, including Texas-specific guidance.

AI Tools in Legal Practice: Model Rule 1.1 Competence and Confidentiality Obligations
Loading AudioNative Player...

Rule 1.1 Competence — What It Requires When You Use AI

Model Rule 1.1 has not changed. What counts as competent preparation has. In its Formal Opinion 512, the ABA Standing Committee on Ethics and Professional Responsibility confirmed that lawyers must exercise the "legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation," and that regarding generative AI specifically, lawyers "must have a reasonable understanding of the capabilities and limitations" of any tool they use, according to ABA Formal Opinion 512. That standard does not require you to become a machine learning engineer. It requires you to know, tool by tool, where the output can be trusted and where it cannot.

The opinion is deliberately task-specific rather than categorical. The degree of independent verification required "will necessarily depend on the GAI tool and the specific task that it performs," per the same opinion — running a brainstorming prompt for deposition themes carries a different risk profile than asking a tool to summarize case law or draft citations for a filing, and document review demands more scrutiny than idea generation. The opinion is also blunt about what happens when lawyers skip that calibration: it cautions that "lawyers' uncritical reliance on content created by a GAI tool" constitutes nearly certain malpractice. Read together, these two points are the actual rule — verify in proportion to the stakes of the task, and never submit unverified AI output as if it were your own researched work product.

The case law shows what happens when lawyers ignore that rule, and the trajectory from 2023 to 2026 is not encouraging. Mata v. Avianca set the original template: Judge P. Kevin Castel dismissed the case and fined the attorneys $5,000 after they submitted six fabricated ChatGPT-generated citations, then compounded the error by defending the fake cases in briefing rather than withdrawing them once challenged — the court ordered them to notify every judge falsely cited in the fabricated opinions. That case is now three years old, and the pattern it exposed has not slowed down. It has escalated.

In 2026, the Sixth Circuit sanctioned attorneys in Whiting v. City of Athens for more than two dozen fabricated citations, finding the conduct went beyond "sloppiness in drafting" and amounted to "misconduct in arguing the appeal." The court ordered reimbursement of the opposing side's fees, imposed double costs — "the stiffest penalty available under Rule 38" — and added $15,000 each in punitive sanctions, stating it wanted to send "the loudest message" that this conduct "is not allowed in our court or any other." Weeks later, the Ninth Circuit went further in Lnu v. Blanche, fining two attorneys $2,500 each and suspending them from practice before the court for six months — not for outright invented cases, but for subtler AI-introduced inaccuracies. The court warned that these quieter errors "may prove more dangerous to our profession in the long run" than obvious fabrications, precisely because they are harder to catch before filing.

⚠️
As of April 2026, researchers have documented 1,313 court proceedings in which AI-generated content was submitted to a court or tribunal, 496 of them involving licensed attorneys — this is not a 2023 anomaly, it is an accelerating pattern.

That volume is the point. This is no longer a cautionary anecdote about one overwhelmed solo practitioner in 2023 — it is a documented, growing category of professional discipline spanning multiple circuits and three years of escalating penalties. Rule 1.1 competence in the AI era means building a verification habit calibrated to each tool and each task, before a judge builds one for you.

Rule 1.6 Confidentiality — Prompts, Data, and Client Information

Every prompt is a disclosure. That reframing matters because Rule 1.6 does not stop applying just because the recipient of client information is a large language model instead of a paralegal or co-counsel. Before typing a single fact about a matter into a generative AI tool, ABA Formal Opinion 512 requires lawyers to evaluate the risk that the information will be disclosed to or accessed by others outside the firm. For tools that learn from what users feed them, the opinion goes further: client informed consent is required prior to inputting information relating to the representation, and a boilerplate engagement-letter waiver will not satisfy that duty. Informed consent under Rule 1.6 means explaining specific information about the risk and giving the client a clear explanation of the GAI tool's benefits — not a single sentence buried in paragraph fourteen of an intake form.

The Florida Bar's approach sharpens this into an operational test. Florida Bar Ethics Opinion 24-1 holds that lawyers must obtain the affected client's informed consent prior to utilizing a third-party generative AI tool if the utilization would involve the disclosure of confidential information — but that obligation can be mitigated by using an in-house AI program where it does not disclose confidential information to a third party, thus removing the obligation on the lawyer to obtain informed consent. That single distinction is the practical dividing line for adoption decisions: a consumer-facing chatbot that routes your prompts to a third-party server sits on one side, and an enterprise tool with contractual data controls sits on the other.

Florida's opinion also lays out a three-part due diligence framework that any firm evaluating a vendor should run before signing up, not after:

  • Confirm the AI provider is contractually required to preserve confidentiality, that the obligation is enforceable, and that the provider will notify the lawyer in the event of a breach.
  • Examine the provider's security measures and policies rather than taking marketing claims at face value.
  • Determine whether the provider retains information submitted by the lawyer before and after the discontinuation of services.

That third point is easy to overlook. A tool can have excellent security in production and still retain your prompts indefinitely in logs, backups, or training pipelines after you cancel the subscription.

Texas adds a specific warning worth flagging here, even though it deserves fuller treatment later. Texas Ethics Opinion 705 describes a self-learning program as one that stores and incorporates user inputs into its existing datasets so as to continue refining its responses and improving operation of the service — and warns that confidential information a lawyer inputs may be stored within the program and revealed in responses to future inquiries by third parties, which the opinion calls obviously unacceptable. California's State Bar reaches the same conclusion from a different angle: its practical guidance for generative AI notes that these tools may use submitted queries and uploaded documents to train the underlying model, and may share those queries with third parties, so lawyers who intend to input client confidential information should confirm — by reviewing the terms of use, not by assumption — that it won't be used or shared for any other purpose.

⚠️
The free consumer version of a chatbot and the enterprise version sold to your firm are not the same product from a confidentiality standpoint. Enterprise tiers typically come with a data processing agreement that disables training on your inputs; free consumer accounts often do not. Read the terms of use for the specific tier you're actually using — not the vendor's general privacy page.

Three states and a national bar association arrive at the same operational floor from different directions: know whether your tool learns from your inputs, know whether it shares them with anyone else, and get that in writing before you rely on marketing copy.

Rule 5.3 Supervision — AI as Non-Lawyer Assistance

Competence and confidentiality govern how a lawyer uses an AI tool directly. Rule 5.3 governs something adjacent but equally important: how a lawyer answers for the tool's output when someone else in the practice — an associate, a paralegal, or the software itself — is the one running the prompt. The D.C. Bar's Ethics Opinion 388 is the clearest statement of this idea to date, and it treats AI output with the same skepticism a careful partner would apply to a junior associate's first draft or a contract vendor's deliverable. The opinion states plainly that under Rules 5.1 and 5.3, "a lawyer should take reasonable measures to ensure that any supervised lawyer's or nonlawyer's use of GAI conforms to the Rules of Professional Conduct and the principles discussed in this opinion." The analogy is deliberate: a large language model is not a colleague with judgment and accountability, it is more like a very fast, occasionally unreliable assistant whose work still needs a supervising lawyer's sign-off.

D.C. Bar 388 turns that analogy into two concrete obligations. The first is upstream, before the tool is ever used on a client matter. The opinion recommends "requiring employees to satisfy themselves that client confidentiality under Rule 1.6 will be protected before using a GAI product," and warns that if the tool's privacy policy will not adequately protect client confidences, "Rules 5.1 and 5.3 likely prohibit supervising lawyers from permitting supervised personnel to use the GAI" at all. In other words, vetting an AI vendor's data-handling practices isn't just good hygiene, it can be a precondition to lawful use of the tool by anyone in the practice. The second obligation is downstream, after the tool has produced something: the opinion calls for firms to "require lawyers and nonlawyers within or retained by a law firm to take steps to verify the accuracy of the output of any GAI they use." A hallucinated citation or a misstated deadline doesn't stop being the lawyer's problem because a machine generated it first.

The ABA's Formal Opinion 512 reaches the same place from the national ethics framework: it holds that "managerial lawyers must establish clear policies regarding the law firm's permissible use of GAI, and supervisory lawyers must make reasonable efforts to ensure that the firm's lawyers and nonlawyers comply with their professional obligations." Texas Ethics Opinion 705 lists Disciplinary Rule 5.03 — Texas's version of the nonlawyer-supervision rule — among the provisions it applies to AI use, which we'll walk through in more detail in the next section. The point of citing all three is that this isn't a quirk of D.C.'s bar rules. Wherever a jurisdiction has adopted something resembling Model Rule 5.3, regulators are reading it to cover AI tools the same way it covers people.

Solo practitioners don't get an exemption from Rule 5.3 just because there's no associate to supervise. If you're the only lawyer at your firm, you are your own managerial lawyer and your own supervisory lawyer — the policies ABA 512 says a firm must establish are policies you have to set for yourself before you let any AI tool touch client work.

That reframing matters because solo and small-firm lawyers sometimes read "supervision" rules as institutional concerns — something for firms large enough to have a hierarchy. D.C. Bar 388 and ABA 512 don't leave that room. If a solo practitioner uses a drafting assistant, a research tool, or a document-review product, that practitioner is simultaneously the one whose confidentiality obligations are triggered under Rule 1.6, the one whose competence is tested under Rule 1.1, and the one who has to vet the tool and verify its output under Rule 5.3. There is no separate person to delegate the oversight to. The discipline the rule demands — check the vendor's privacy terms before you rely on the tool, and check the tool's answers before you rely on the work — has to happen inside one person's practice, which makes it easier to build into a habit and harder to excuse away.

Texas-Specific Guidance

Texas lawyers now have something the Model Rules discussion above only gestures at: a formal ethics opinion applying those principles directly to generative AI, with citations to the specific Texas Disciplinary Rules of Professional Conduct (TDRPC) that govern here. Texas Ethics Opinion 705, issued in February 2025 at the request of the Taskforce for Responsible AI in the Law (TRAIL), is the state's first formal guidance on the subject. It maps generative AI use onto six existing TDRPC provisions, giving Texas practitioners a direct translation of everything discussed in this article so far.

  • Rule 1.1 Competence → TDRPC 1.01 (Competent and Diligent Representation)
  • Rule 1.6 Confidentiality → TDRPC 1.05 (Confidentiality of Information)
  • Rule 5.3 Supervision of Nonlawyer Assistance → TDRPC 5.03 (Responsibilities Regarding Nonlawyer Assistants)
  • Additional obligations triggered by AI use → TDRPC 3.01 (Meritorious Claims and Contentions), 3.03 (Candor Toward the Tribunal), and 3.04 (Fairness in Adjudicatory Proceedings)

On competence, Opinion 705 is specific about what "understanding the technology" actually requires. Lawyers must "have a reasonable and current understanding of the technology—because only then can the lawyer evaluate the associated risks of hallucinations or inaccurate answers." That framing ties competence directly to hallucination risk rather than treating them as separate concerns. The opinion is equally direct on accountability: regardless of which tool produced a draft or a citation, "a lawyer should always verify the accuracy of any responses received from a generative AI tool," because "lawyers are responsible for the work product they submit regardless of who (or what) does the original research and drafting."

The opinion's sharpest warning concerns tools that learn from what lawyers type into them. Where the confidentiality discussion above touched on this risk generally, Opinion 705 treats self-learning AI as its own category of problem, and its language leaves little room for interpretation.

⚠️
Texas Ethics Opinion 705 warns that with self-learning AI tools, "the confidential information a lawyer inputs to the program may be stored within the program and revealed in responses to future inquiries by third parties. That is obviously unacceptable."

That single sentence should govern any tool-selection decision a Texas lawyer makes. If a platform trains on user inputs and cannot guarantee that client data stays walled off from other users' queries, TDRPC 1.05 forecloses using it for anything client-related, full stop.

Opinion 705 is also not the endpoint of Texas's engagement with this issue. TRAIL, formed in 2023 under then-State Bar President Cindy Tisdale, requested the opinion, and under 2024-2025 Bar President Steve Benesh the task force went on to produce the State Bar of Texas AI Toolkit, described as the first resource of its kind created by any state bar. For Texas practitioners, that toolkit is worth bookmarking alongside Opinion 705 itself — it is where the state's guidance will keep evolving as the tools do.

A Due Diligence Checklist Before Adopting Any AI Tool

Every obligation covered so far collapses into a handful of questions a solo or small-firm lawyer can actually answer before signing up for a new tool. None of these questions are novel — they come directly from the bar authorities discussed above. What changes from firm to firm is discipline: whether someone actually asks them, in writing, before the tool touches a client matter.

The threshold question is whether the tool is self-learning — meaning it trains on the inputs you feed it. Both the Texas Professional Ethics Committee's Opinion 705 and Florida's Ethics Opinion 24-1 treat this as the fork in the road: a tool that retains and learns from your prompts carries a fundamentally different confidentiality risk than one that processes a query and discards it. If you cannot get a straight answer from a vendor about whether client information becomes training data, you are not ready to use that tool on a confidential matter.

Assuming the tool clears that first hurdle, the next layer is contractual. Florida's three-part vendor test asks whether the engagement includes enforceable confidentiality obligations with breach notification, whether the vendor's security measures and reputation hold up to scrutiny, and whether there is a clear policy for what happens to client data during and after the engagement ends. A vendor's marketing page is not a substitute for reading the actual terms of service or, better, negotiating an addendum that spells these protections out. Some practitioners now also look to security certifications like SOC 2 or ISO 27001 as a rough proxy for vendor maturity, though no bar opinion treats a certification alone as sufficient due diligence.

Internally, ABA Formal Opinion 512 puts the responsibility for firm-wide guardrails on the managing or supervising lawyer — for a solo practitioner, that is simply you, wearing both hats. The opinion requires a clear policy on what AI use is permissible and reasonable efforts to confirm everyone in the firm, lawyer and nonlawyer alike, actually follows it. A policy that exists only in someone's head does not satisfy that standard.

Client-facing obligations round out the list. Opinion 512 is explicit that boilerplate engagement-letter language does not constitute informed consent — clients need specific information about the risks involved and a clear explanation of what the AI tool is actually doing for them. And whatever verification protocol you adopt should match the task: the opinion is clear that scrutiny for a tool generating case citations or analyzing documents needs to be heavier than for a tool used to brainstorm arguments or organize research.

Put together, that gives a concrete list to work through before the next AI tool gets anywhere near a client file.

  1. Confirm in writing whether the tool is self-learning, and if so, what training-data controls or opt-outs the vendor offers.
  2. Read the vendor's actual contract terms for confidentiality obligations and breach notification requirements — not just the privacy policy summary.
  3. Verify the vendor's data retention and deletion policy, both during the engagement and after termination.
  4. Assess the vendor's security posture and reputation, including whether it holds recognized certifications such as SOC 2 or ISO 27001.
  5. Draft a written firm AI-use policy specifying which tools are approved, for which tasks, and under what conditions.
  6. Prepare specific, non-boilerplate consent language for clients explaining the actual risks and benefits of the AI tool being used on their matter.
  7. Set a verification protocol calibrated to the task — heavier human review for citation generation and document analysis, lighter review for brainstorming or internal organization.

Building an AI use policy for your practice or evaluating a new legal AI vendor? Promise Legal helps solo and small-firm attorneys navigate competence, confidentiality, and supervision obligations under the ethics rules.

Start the conversation