AI for Legal Teams: What's Safe to Automate (and What Isn't)
61% of UK lawyers now use generative AI, and the High Court has already dealt with fake citations. A practical map of what legal teams can automate safely, and what stays human-led.

By Ivan Pylypchuk, CEO of SoftBlues. Has led Claude and automation projects for finance, legal and professional services teams across the UK and Ireland.
Legal teams can safely automate document triage, meeting notes, first-draft summaries and matter intake, where errors are visible and cheap. Contract review and legal research can be AI-assisted, but a lawyer must verify every citation and clause. Advice to clients, court submissions and undertakings stay human-led. The SRA is clear: solicitors remain personally responsible for all work, however it was produced.
The adoption numbers explain the urgency. 61% of UK lawyers now use generative AI at work, yet only 17% say it is embedded in their firm's strategy and operations (LexisNexis, Sep 2025). That gap between individual use and firm-level control is exactly where the risk lives. At SoftBlues, an AI implementation firm working with regulated mid-market companies across the UK and Ireland, most of our legal-sector work is closing it.
Key facts
Who this is for, and who it isn't
This is for in-house legal teams and mid-sized firms in England and Wales, typically inside organisations of 50 to 500 people, deciding what AI may touch and under what controls. It is an implementation guide from practitioners, not legal advice; questions about privilege or professional conduct in a specific matter belong with your COLP or professional adviser. If you are after a tool listicle, this is not that either.
What is safe to automate with AI for legal teams?
Sort the work by what happens when the output is wrong. Where an error is visible before it causes harm, automate. Where an error is plausible and expensive, keep a qualified human between the model and the outcome.
| Risk level | Work | Why it sits here |
|---|---|---|
| Safe to automate | Document triage and classification, meeting and call notes, first-draft summaries of long documents, matter intake capture, internal knowledge search | Errors surface in normal workflow and cost minutes, not matters |
| Automate with lawyer review | First-pass contract review against a playbook, research memos, first drafts of standard letters and clauses, due diligence document sweeps | The failure mode is plausible-but-wrong. Every citation, clause and factual claim must be verified before it leaves the team |
| Keep human-led | Advice to clients, court submissions, undertakings, settlement judgements, anything built on privileged strategy | Professional responsibility cannot be delegated, and the SRA will not treat "the model wrote it" as mitigation |

The middle row deserves the most attention because it is where the productivity gain is largest and where the June 2025 High Court cases happened. AI-assisted is fine. Unverified is not.
What does the SRA expect when lawyers use AI?
The SRA regulates outcomes, not tools. Its Risk Outlook on AI in the legal market groups the risks under accuracy, bias, confidentiality and accountability, and lands on a simple principle: the standards do not change because the drafting did. In practice that means competence and supervision duties apply to AI output the way they apply to a trainee's work, with one important difference. A trainee learns from correction; a general-purpose model does not know your correction happened.
The SRA also encourages firms to document where AI is used, run risk assessments, and train staff in responsible use. None of that is exotic. It is the same discipline firms already apply to precedent banks and outsourced work, pointed at a new tool.
What did the High Court say about AI in court documents?
In June 2025 the High Court handed down judgment in two joined matters, Ayinde v London Borough of Haringey and Al-Haroun v Qatar National Bank, after documents put before the court contained citations that did not exist (Legal Cheek, Jun 2025). The court found the threshold for contempt proceedings had been met, stopped short of initiating them, ordered £2,000 in wasted costs and made regulatory referrals, with an explicit warning that lawyers who fail their professional obligations here "risk severe sanction".
Two working rules fall out of the judgment. First, verification of every authority is non-negotiable, whoever or whatever produced the draft. Second, a firm needs a written position on where generative AI may and may not be used, because "we had no policy" reads badly in front of a judge and a regulator alike.
How do you protect privilege and client confidentiality?
Treat the tool's data path as seriously as the output. Consumer AI accounts may retain and reuse prompts, which is why client material belongs only in systems covered by a contract that excludes training use, with enterprise-grade access controls, audit logs and appropriate hosting. This is the practical difference between a lawyer pasting clauses into a free chatbot and a firm deploying a governed system: same underlying technology, entirely different risk position.
Confidentiality is the hard rule under the SRA Code; UK GDPR adds its own requirements when client files contain personal data, including a lawful basis and, for new high-risk processing, a data protection impact assessment. Half of AI-using lawyers relying solely on general-purpose consumer tools is the statistic that should worry a COLP most.
| Risk | Practical control |
|---|---|
| Fabricated citations or clauses | Mandatory human verification and cite-checking before anything leaves the team |
| Confidentiality breach | Approved tools only, no client data in consumer accounts, contractual exclusion of training use |
| Privilege erosion | Keep privileged strategy out of prompts in tools that log or retain them |
| Nobody accountable | A named partner or GC owns AI use, backed by a written policy and an audit trail |
| Skill fade in juniors | Juniors still do the reasoning; AI output is sampled and reviewed in supervision |

How should a legal team start?
Start with document operations, not advice. Triage, summaries, intake and file checks are measurable, low-drama, and produce their own evidence of accuracy. That sequencing is how we approach every regulated deployment, and we have described the general pattern in our guide to AI document processing for finance and legal ops.
A concrete example of the shape we recommend: in a discovery engagement for a UK financial-advice business, we scoped an AI-assisted compliance file review where the system checks each file against the firm's own checklist, flags gaps, and routes every flag to a human reviewer with a link to the source document. Nothing is decided by the model and everything is traceable. The design is written up honestly as a proposal-stage engagement in our compliance file review case study; the same checklist-and-flag pattern transfers directly to legal file reviews and due diligence.
Frequently asked questions
Can solicitors use ChatGPT for client work?
Using generative AI is not prohibited, but consumer accounts that may retain prompts are a poor home for client material. The safer pattern is a firm-approved deployment with contractual data protections, plus verification rules for anything that leaves the team. Your confidentiality duties apply regardless of the tool.
Will the SRA discipline lawyers for using AI?
Not for using it. The regulatory risk is failing existing duties, such as competence, supervision and confidentiality, with AI in the loop. The June 2025 High Court referrals were about unverified fabricated citations, not about the technology itself.
Is it safe to put contracts into an AI tool for review?
It can be, under two conditions: the tool sits under a contract that excludes training use and keeps your data in an appropriate environment, and a lawyer verifies the output against the document before anyone relies on it. First-pass review against a playbook is one of the highest-value legal AI use cases we deploy.
Do we need a written AI policy?
Yes, and it can be two pages: which tools are approved, what data may enter them, which tasks require lawyer verification, who owns the policy, and how often use is reviewed. The High Court cases make the absence of a policy a liability in itself.
Are legal-specific AI tools better than general models?
They differ on sources and workflow, not on the need for verification. About half of UK lawyers using AI rely solely on general-purpose systems, and well-governed general models with retrieval over your own documents often outperform generic legal tools on firm-specific work. Judge tools by data handling, auditability and fit to your process.
How long does a safe deployment take?
Our engagements run to production in 90 days at a fixed price with a money-back guarantee if the proof of concept fails (our data). Legal deployments spend proportionally more of that time on data-path and verification design, which is time well spent.
SoftBlues is a registered Anthropic Partner Network member and a registered Google Cloud and Microsoft partner, working with regulated mid-market organisations across the UK and Ireland. We run six of our own departments on Claude, including the workflows in this article, so the controls we recommend are ones we live with. If your legal team is deciding what to automate first, or you want the wider picture across business process automation, the quickest next step is a conversation. Book a discovery call.


