AI Policy Design Framework

How to use this framework

1. Pick the right room. The decisions below are managing-partner-level, not associate-level. Convene the firm's governing committee, or the managing partner with the AI committee, with the firm administrator and IT lead present.
2. Walk every section. Don't skip sections because they "don't apply." Document the why explicitly. A section labeled "not applicable: this firm does not handle litigation" is itself a decision and a record.
3. Capture the answers. Each decision prompt has an answer. Capture them in a working document, even rough. The captured answers become the firm-specific values that fill the placeholders in the policy template.
4. Identify the responsible owner. Each section names a decision; the firm should also name a person responsible for executing it. Renewal questionnaires that probe AI governance increasingly expect a named owner, and "everyone" is not the right answer.
5. Set a review date. AI tools, regulatory guidance, and carrier expectations are moving fast. The decisions captured today will need re-examination within 6 to 12 months.

Why this comes before the template

A policy adopted by accepting a template's defaults produces a thin record. A disciplinary investigator, an opposing counsel deposing the managing partner, or a carrier underwriter assessing renewal will ask why the firm chose its tools, its data tiers, its verification cadence, its exception path. "We adopted the standard template" is a weaker answer. Compare it to: "we considered three tool tiers, reviewed each provider's training-on-input posture, classified our matter types into the four data tiers, and chose the configuration that matches our practice." The framework is the structured route to the second answer.

The Oregon State Bar Professional Liability Fund publishes a similar framework alongside its Sample Generative AI Policy and treats it as a discrete artifact. PLF's experience administering the only mandatory bar-administered LPL program in the United States is that managing partners adopt better policies when they have a structured pre-adoption decision process. The framework below serves the same purpose, mapped to our 15-section template and tied to the renewal-application questions carriers are now asking.

The 15 decisions

Each section below is a decision the firm needs to make before the corresponding policy section can be adopted with confidence. The "Maps to" reference is to the Policy Template section that operationalizes the decision.

1. Scope and definitions

Defines who is covered by the policy, on what devices, and what counts as an "AI tool" for the firm's purposes.

Decide:

• Who is in scope? All attorneys, all staff, contract attorneys, of-counsel, summer associates, vendors with firm-data access? Be specific.
• What devices are covered? Firm-issued only, BYOD with mobile-device management, BYOD without MDM, personal devices used for any firm work?
• What counts as an AI tool? Standalone chatbots, AI features embedded in word processing or email, AI features in legal research databases, AI features in practice management, AI features in document review platforms, AI features in transcription tools? Drawing the boundary too narrow is a common failure mode; AI features have already arrived in tools the firm uses every day.
• How are personal AI accounts treated? Personal-tier subscriptions to ChatGPT, Claude, or Gemini that are individually paid by an attorney or staff member, used for firm work? The default in the template is prohibited; confirm the firm agrees.

Red flags:

• "AI policy" framed as covering only standalone chatbots. AI is now embedded in Westlaw Precision, Lexis+ AI, Microsoft 365 Copilot, Adobe Acrobat AI, and most major DMS / PM platforms; the policy must address these.
• Carve-outs for partners or for "trusted" senior attorneys. Rules 5.1 and 5.3 do not exempt managerial lawyers from supervisory rules; carve-outs invert the structure.

What underwriters ask: "Which AI tools are in use at the firm?" The honest answer requires having walked through the scope question above. The firm-wide Usage Register answers it retrospectively; the scope decision answers it prospectively.

Maps to: Policy Template, Section 1

2. Tool capabilities and limitations

Sets the firm's baseline expectations for what AI is and is not good at, before any tool is approved.

Decide:

• Does the firm articulate, in policy text, that AI is not a substitute for authoritative legal research databases, professional judgment, or human review? The Policy Template does this affirmatively. Confirm.
• Does the firm distinguish between general-purpose tools (ChatGPT, Claude, Gemini, Copilot) and legal-specific tools (Westlaw Precision AI, Lexis+ AI, Harvey, Spellbook, Paxton)? The risk profiles differ; the policy can either treat them uniformly or set different expectations.
• Will the firm publish, internally, a short tool-capability primer for staff? Many firms find that the staff who use AI most are also the staff with the least accurate intuition about what AI can do reliably.

Red flags:

• Treating AI as a generic productivity tool indistinguishable from spell-check. AI hallucinates citations and invents authority. Spell-check does not.
• Treating AI as if it replaces Westlaw or Lexis. Several Oregon and federal sanctions decisions in 2025–2026 have rested on attorneys who used a search engine's AI overview as if it were primary-source verification. It is not.

Maps to: Policy Template, Section 2

3. Approved AI tools and tiers

The most firm-specific decision in the framework. Determines what tools are sanctioned, under what conditions, and who reviewed them.

Decide:

• What AI tools are actually in use at the firm right now, including shadow AI? Surface this list before drafting the approved list. Most firms find that shadow AI is wider than expected.
• Who reviews and approves a new tool? A single partner, an AI committee, the IT lead, the managing partner? Name the role, not the person.
• What does approval require? Baseline checks include reviewing the Terms of Use, the privacy policy, and data-handling representations. Add confirmation of training-on-input posture, data retention, jurisdiction of data storage, and a documented use case. The Policy Template lists these; the firm should confirm and add to them.
• How are tiers defined? The template proposes Tier 1 (Approved enterprise), Tier 2 (Conditional, limited use cases), Tier 3 (Prohibited consumer-tier). Confirm the firm agrees, or define alternatives.
• Will the firm require recognized security evidence (SOC 2 Type II, ISO 27001) for Tier 1 placement? Default in the template is yes for Confidential and Highly Sensitive data tiers; confirm.
• How often is the approved list reviewed? Annually is common; quarterly is stronger.

Red flags:

• Tools approved on the basis of marketing claims rather than the contract. Vendor websites describe what the product can do; the contract describes what the vendor has committed to. The contract is the operative document.
• "We use the enterprise version" as a complete answer. Enterprise versions vary in their data-handling posture; some still train on submitted content under specific conditions. Read the contract.
• The approved list as a one-time exercise. Tools update their data-handling terms (sometimes silently). The list is a living document.

What underwriters ask: "What due diligence do you perform before approving an AI tool?" The Vendor Due Diligence Checklist is the operational artifact that answers this. The approval-process decision above is the policy-level commitment to use it.

Maps to: Policy Template, Section 3

4. Acceptable use

Enumerates the affirmative use cases the firm sanctions for approved tools. The positive complement to Section 5's prohibitions.

Decide:

• What categories of work are explicitly permitted: drafting and editing, summarizing, brainstorming, research support, internal training, administrative content, others?
• Are there practice-area-specific permissions or restrictions? A litigation-heavy firm may want stricter rules on drafting filings; a transactional firm may want stricter rules on contract review or due diligence summaries.
• How does acceptable use interact with the data tiers? The default is that any acceptable use is governed by data classification (no Confidential or Highly Sensitive data into Tier 2 or Tier 3 tools). Confirm.
• Does the firm permit AI-assisted client-facing communications (emails, client memos, status reports)? If yes, under what review? If no, document the rationale.

Red flags:

• Acceptable-use list that conflicts with the prohibited-use list. Common drafting error; resolve by reading both sections together at adoption.
• Acceptable use not tied to verification. If the firm permits AI for research-support work but does not require that surfaced authorities be verified, that gap is the failure mode behind every published AI sanctions case.

Maps to: Policy Template, Section 4

5. Prohibited uses

The hard-stop list. Easier to enforce than acceptable-use because it has fewer dependencies on context.

Decide:

• Is the use of any tool not on the approved list prohibited for client matters? Default: yes.
• Is the use of any consumer-tier AI tool prohibited for client information? Default: yes.
• Is the use of AI as the sole basis for legal advice or matter strategy prohibited? Default: yes.
• Is filing AI-generated content with a tribunal without completing the verification protocol prohibited? Default: yes.
• Is the use of AI to make adverse decisions about a person (hiring, firing, client intake, fee allocation) without independent human review prohibited? Default: yes; this addresses Rule 8.4(g) and applicable anti-discrimination law.
• Are there client-imposed restrictions to honor? Outside-counsel guidelines from large clients increasingly include AI-use restrictions and disclosure requirements. The firm's policy should commit to honoring those terms regardless of what the firm's general policy permits.

Red flags:

• Prohibited list that is hortatory rather than enforceable. "Attorneys should not" is weaker than "attorneys may not." Use the latter.
• Personal-account exception. The firm's policy applies regardless of whether the AI account is firm-paid or personally paid. The Sky Sister News and Mata cases both involved attorneys using personal accounts.

Maps to: Policy Template, Section 5

6. Client data and confidentiality

Sets the data-classification scheme, the trigger for informed consent, and the matter-file documentation requirements.

Decide:

• What data tiers does the firm recognize? The template proposes Public, Internal, Confidential, Highly Sensitive. Confirm or revise.
• What types of matter content fall into which tier? The classification is firm-specific; a personal-injury firm and a securities firm classify differently. The framework's job is to surface that the classification needs to happen, not to dictate it.
• When is informed consent required? Default is when a tool retains or trains on submitted content in a manner that raises a material confidentiality risk. Confirm the firm agrees with that trigger; some firms set a more conservative trigger (any AI use on any client matter requires consent).
• Is the firm's standard engagement letter being updated to address AI? ABA Formal Opinion 512 specifies that boilerplate engagement-letter language is not sufficient for tool-specific informed consent; the engagement-letter language is general notice, and tool-specific consent is a separate document.
• Where is consent documented? Default: in the matter file, with date, signatory, tool, use case. Confirm.

Red flags:

• Single-tier "all client data is confidential" framing. Useful sentiment, unhelpful for governance. AI tools handle different classifications differently; the policy needs to as well.
• Consent obtained once at engagement and treated as covering all future tools and uses. ABA Op 512 explicitly rejects this.

What underwriters ask: "Do you obtain client consent before inputting client information into AI tools?" The Informed Consent Form is the artifact; the trigger decision above is when it gets used.

Maps to: Policy Template, Section 6

7. Client disclosure and communication

Determines how the firm tells clients about AI practice, both generically (engagement letters, public notice) and matter-specifically.

Decide:

• Will the firm publish a public Notice of AI Practices on its website? Default is yes; the Client AI Notice resource is a starting template.
• Will the firm's engagement letter include AI-disclosure language? Default is yes, with a plain-language paragraph and an invitation to request additional detail or restrict AI use.
• How are client questions about AI use answered? Default is accurately and promptly. The harder question: who at the firm answers, and does that person have access to the matter's usage log?
• When AI output materially influenced significant decisions (litigation outcome evaluation, jury analysis, material drafting judgments), will the firm consult with the client before relying on the output? Default is yes.
• How does the firm comply with client outside-counsel guidelines that impose AI restrictions? Default is to comply with the client's terms.

Red flags:

• Public notice that promises more than the firm actually does. "We never use AI on confidential client matters" is a bold and falsifiable statement; if the firm does use approved AI on confidential matters under proper conditions, the notice should not say otherwise.
• Engagement-letter language that frames AI as a fee-saving tool and offers a discount. Rule 1.5 prohibits double-billing for AI savings; the engagement letter should not promise savings the firm cannot deliver.

Maps to: Policy Template, Section 7

8. Verification of AI-assisted filings

The most-litigated section in 2025–2026. Operationalizes Rule 3.3 and is the dispositive question in every published AI sanctions case.

Decide:

• Does every AI-assisted filing trigger the verification protocol, regardless of whether citations were generated by AI or only summarized by it? Default is yes.
• What does verification require? The template specifies eight checks: citations, quotations, holdings, jurisdiction, doctrinal reasoning, bias, formatting, attorney sign-off. Confirm or revise.
• Is the verification done in Westlaw, Lexis, or another authoritative database? Search-engine AI overviews are not verification (the Doiban v. OLCC sanction in March 2026 turned on this).
• Who signs the verification log? Default is the responsible attorney; confirm.
• Where is the verification log retained? Default: matter file. Confirm.
• Is there a cost-aware caveat in the policy that says, "if verification takes longer than original drafting, AI was the wrong tool"? Default is yes; this is a useful internal check.

Red flags:

• Verification by reading the AI tool's summary of a case. AI tools can describe a case correctly while citing the wrong jurisdiction or stating a holding that has been superseded. Verification is reading the case, not reading the summary.
• Reliance on legal-specific AI tools (Westlaw Precision AI, Lexis+ AI, Harvey, Paxton) without verification. These tools also hallucinate, less often but materially. Verification still applies.
• Verification framed as the associate's responsibility while the supervising attorney signs the filing. Both bear independent responsibility (Couvrette v. Wisnovsky in Oregon makes this explicit).

What underwriters ask: "What controls prevent AI-generated false citations from reaching court filings?" The Verification Log Template is the artifact; the eight-check decision above is the substance.

Maps to: Policy Template, Section 8

9. Data security and privacy

Distinct from confidentiality (Section 6). Confidentiality covers what information goes in. Data security covers the rest: which devices are used, which networks, and how long the records are retained.

Decide:

• What devices may be used for which data tiers? Default: Tier 1 confidential and higher-tier work is on Firm-managed devices only; BYOD requires MDM enrollment for anything above Internal tier.
• How is account access managed? Default: per-individual provisioning, no shared credentials, prompt removal on departure or role change.
• What network conditions are required? Default: encrypted connection, VPN required for Confidential and Highly Sensitive tier work on non-firm networks.
• What chat-history and retention controls are configured on enterprise AI accounts? Default: minimum required for legitimate operational use.
• What is the procedure for accidental data exposure (a confidential prompt entered into a non-approved tool)? Default: immediate notification to the responsible owner; treat as a potential incident under Section 13.
• What security evidence does the firm require from vendors of Tier 1 tools? Default: SOC 2 Type II, ISO 27001, or equivalent.

Red flags:

• Personal devices with no MDM used for confidential client work. The risk is not theoretical: lost personal devices are a common malpractice incident vector.
• Shared enterprise accounts to "save licensing costs." Defeats per-user accountability and conflict screening.
• Long retention windows on AI chat history. Discoverable in litigation; subpoena-responsive.

Maps to: Policy Template, Section 9

10. Supervision and training

Rule 5.1 and 5.3 territory. Sets the supervisory chain and the training expectations.

Decide:

• Who is responsible for firm-wide AI governance? Default: the managing partner or an AI committee. Name the role.
• How is supervision exercised on a per-matter basis? The template requires affirmative notification to the supervising attorney before AI-assisted work product is submitted for review, identifying tool, use case, and verification status. Confirm.
• Does the firm subscribe to the human-in-the-loop principle as a named principle? Default is yes (Section 10 of the template names it explicitly).
• For firms with out-of-jurisdiction co-counsel: does local counsel bear independent verification responsibility for filings they sign? Default is yes (Couvrette v. Wisnovsky in Oregon found local counsel personally liable for failing to supervise out-of-jurisdiction lead counsel's AI use).

Red flags:

• Supervision framed as "review at the end." Rule 5.1 supervision is forward-looking; an end-of-pipeline check that the work product looks fine is not supervision.
• Reliance on the responsible attorney to "tell me if there's an issue." Notification is the default in the template precisely because reliance on associates and staff to flag issues is not supervisory practice.

What underwriters ask: "Who at the firm is responsible for AI governance?" and "Who reviews AI-generated work product before it leaves the firm?" The supervisory decision above answers both.

Maps to: Policy Template, Section 10

11. Billing treatment

Rule 1.5 territory. ABA Formal Opinion 512 has specific requirements that are easy to miss.

Decide:

• How is hourly billing treated when AI compresses the work? Default: bill only for time actually expended (including time prompting and reviewing output); time saved is not billed.
• How are flat and contingent fees treated? Default: where AI materially compresses contemplated work, the responsible partner considers whether the fee remains reasonable and raises the question with the client if not.
• Are AI tool costs treated as overhead or as pass-through expenses? Default: tools that function like office infrastructure (embedded AI features) are overhead; tools billed per matter or per use are pass-through at actual cost, no surcharge unless agreed in writing.
• Is learning time billed? Default: no; time spent learning a tool the firm will use regularly is not chargeable.

Red flags:

• Billing the same hours for AI-assisted work that the firm would have billed before adopting AI. ABA Op 512 specifically prohibits this; the Oregon Doiban sanction reinforced it.
• Surcharging on AI tool costs. Default is pass-through at actual cost; surcharges require client agreement.

Maps to: Policy Template, Section 11

12. Competence and training requirements

Rule 1.1 and Comment [8] territory. Sets the training cadence and log requirements.

Decide:

• Is training required before any approved tool may be used? Default: yes.
• What does training cover? Default: tool capabilities and limitations, confidentiality posture, prohibited uses, verification protocol.
• Is training refreshed when a tool is materially updated or a new tool is added? Default: yes.
• How is training completion logged? Default: in each user's training file with date and tool identified. The Training and CLE resource has the template.
• Is ongoing technological-competence CLE required, beyond initial training? Some states (notably North Carolina, Florida) require AI-specific CLE; check state-specific obligations.

Red flags:

• Training treated as a one-time onboarding event. AI tools change quarterly; training that does not keep pace is documentation that the firm fell behind.
• Training framed as optional or as "if interested." Rules 5.1 and 5.3 do not contemplate optional training on the matters being supervised.

What underwriters ask: "Have all attorneys and staff completed AI competency training?" The training-log decision above produces the artifact.

Maps to: Policy Template, Section 12

13. Incident response

What happens when the policy is violated, when a tool malfunctions, or when AI-generated content reaches a tribunal in error.

Decide:

• What counts as an incident? The template lists four categories: inadvertent input of client information into an unapproved tool, output disclosure, submission of AI-generated misstatement to a court or third party, provider-side breach or outage. Confirm or expand.
• What is the notification window? Default: 24 hours from identification.
• Who is notified? Default: managing partner / AI committee.
• What does the assessment cover? Default: client notification under Rule 1.4, bar reporting, remedial disclosure to a tribunal under Rule 3.3, insurance notice obligation.
• How are incidents logged? The Incident Log resource has the template; confirm the firm uses it.
• How are patterns of incidents reviewed? Default: at quarterly attestation and at the annual policy review.

Red flags:

• Incident response framed as confidential remediation without bar or carrier notice consideration. Some incidents trigger mandatory reporting; the assessment cannot be skipped.
• Long notification windows. 24 hours is the default; longer windows compress the firm's ability to mitigate.

What underwriters ask: "Have you experienced any AI-related incidents in the past 12 months?" The incident-log decision above produces the answer; the response procedure decides what happens before the underwriter ever sees it.

Maps to: Policy Template, Section 13

14. Exceptions and waivers

The policy will be too restrictive in some specific cases. The exception process makes that workable without making the policy itself porous.

Decide:

• Who approves exceptions? Default: managing partner or AI committee.
• What does an exception request describe? Default: proposed tool and version, use case and matter, data classification, duration, compensating controls.
• What is the maximum exception duration? Default: 30 to 90 days, renewable.
• How are exceptions logged? Default: in an AI exception register with date, scope, approver, expiration.
• How does the firm review whether recurring exceptions justify amending the standing approved-tools list? Default: at the annual policy review.

Red flags:

• Exception approval delegated below managing partner. The exception is, by definition, a deviation from the firm's governance rules; approval should sit with the level that adopted the rules.
• Indefinite exceptions. An exception with no expiration is just a hole in the policy.

Maps to: Policy Template, Section 14

15. Policy review and update cadence

AI moves faster than annual policy cycles. Setting the review cadence consciously prevents the policy from becoming a stale document the firm forgets to revisit.

Decide:

• What is the review cadence? Default: annually at minimum. Trigger an additional review whenever there is a material change to the approved-tools list, the rules of professional conduct or bar guidance, or the firm's practice areas.
• Who reviews and re-approves? Default: managing partner or governing committee.
• How is version-control handled? Default: current version date and approver recorded at the top of the policy; prior versions retained.
• Is the Quarterly Attestation in place as an interim check? The annual review is the floor; the quarterly attestation is the cadence that lets the managing partner say, with documentation, that supervision was active during the year.

Red flags:

• "At least annually" treated as "exactly annually." When ABA Op 512, a state bar opinion, or a sanctions case reshapes the substantive standard mid-year, move to the new standard. Don't wait for the next anniversary.
• Version history not retained. If a firm adopted a policy in 2024 and amended it in 2026, both versions should be reproducible on request.

Maps to: Policy Template, Section 15

Documenting the decisions

The framework's value is in the captured answers, not the prompts. A useful pattern: hold the framework session as a meeting (or series), keep minutes, and produce a decision summary that names the firm's answer for each section. Store the summary alongside the adopted policy in the firm's governance file. Both are produced on request at malpractice renewal, in disciplinary inquiries, or at deposition.

A short version of the decision summary, paired with rationale for each decision, also works as the cover memo to the policy adoption. It documents that the firm considered and chose, rather than adopted by default.

After the framework

1. Adopt the policy. Take the captured answers into the Policy Template; replace each placeholder with the firm-specific decision; have the managing partner sign and date.
2. Train the firm. Section 12's training requirements take effect when the policy does. Schedule training and log completion before the effective date.
3. Collect signed acknowledgments. Every attorney and staff member with access to an approved tool signs the Employee Acknowledgment Form.
4. Run the compliance pass. Walk the ABA Opinion 512 Compliance Checklist and confirm every artifact exists.
5. Schedule the next review. Calendar the annual review and the quarterly attestations.

Last verified against ABA Formal Opinion 512 and the policy template: 2026-04-29.