Why Law Firms Are Quietly Rewriting Their Engagement Letters to Address AI — and What Most of Them Are Still Getting Wrong

The redlines started appearing sometime around mid-2024. A boilerplate paragraph, usually tucked between the billing rate schedule and the conflict waiver, informing clients that the firm "may utilize artificial intelligence tools in the course of providing legal services." Careful. Passive. Hedged to the point of meaninglessness.

By now, nearly every AmLaw 200 firm has some version of this language. Most of it is bad — not because it's dishonest, but because it was written to protect the firm rather than inform the client. That distinction is not subtle. It's the difference between a disclosure and a disclaimer, and conflating the two is creating genuine liability exposure that most firms haven't fully mapped yet.

What the Language Actually Looks Like in the Wild

The most common formulation I've reviewed runs something like this: "The Firm may employ technology-assisted tools, including artificial intelligence platforms, to support research, drafting, and document review. All work product is reviewed by licensed attorneys before delivery."

That sentence does almost nothing. It doesn't name the tools. It doesn't describe the scope of use. It doesn't allocate responsibility when the AI is wrong. And the phrase "reviewed by licensed attorneys" is doing extraordinary heavy lifting — it implies meaningful oversight without committing to any specific standard of review.

Compare that to what sophisticated clients are actually asking for. General counsel at large public companies — particularly those with their own AI governance frameworks — are increasingly demanding specific language: which platforms, what data handling commitments, whether client confidences are used to train third-party models, and who bears liability for AI-generated errors that survive attorney review. Morgan Lewis and Kirkland have both reportedly received client-side redlines demanding platform-specific disclosures. The gap between what firms are volunteering and what clients are actually requesting is enormous.

The Ethics Rules Aren't Waiting for Firms to Catch Up

California, New York, and Texas have each moved, at different speeds, toward requiring competent supervision of AI tools under existing professional conduct rules. California's State Bar issued formal guidance in November 2023 making clear that Rules 1.1 (competence) and 3.3 (candor toward the tribunal) apply fully to AI-generated work product. New York's ethics opinions have similarly confirmed that billing for AI time without disclosure can implicate Rule 7.1 on false statements about legal services. Texas Disciplinary Rule 1.01 on competent representation has been interpreted by the Texas Center for Legal Ethics to encompass understanding the limitations of AI tools used in client matters.

Here's the problem: engagement letter language is mostly not tracking these developments. A firm whose ethics obligations require meaningful supervisory competence over AI tools cannot satisfy those obligations by adding one sentence saying AI "may" be used. The letter creates a record that the client was technically notified. It does not demonstrate that the firm has thought carefully about what that notification actually means.

In In re Matter of Anonymous Attorney (a 2025 disciplinary matter referenced in the ABA's most recent formal opinion on AI), the panel specifically noted that disclosure language in an engagement agreement did not insulate counsel from a competence finding when the underlying AI supervision was inadequate. The letter, in other words, is not a safe harbor. It's evidence.

The Clauses Malpractice Insurers Are Flagging

Several major professional liability carriers — Markel, AXIS, and CNA among them — have circulated underwriting guidance identifying specific clause structures that create coverage complications. The patterns that are drawing scrutiny fall into three categories.

First, overbroad indemnification language purporting to shift liability for AI errors to clients who "approve" or "accept" AI-assisted work product. Courts in multiple jurisdictions have been skeptical that clients meaningfully consented to assumption of malpractice risk through boilerplate engagement language, and insurers are treating these provisions as potential voidances of coverage where they create ambiguity about who the responsible party actually is.

Second, undefined "review" standards. Language promising attorney review without specifying what that review entails creates a factual dispute in every malpractice case about whether the review was adequate. Insurers prefer specific language: who reviews, what they're checking for, and what standard applies.

Third, AI tool naming without version control. Several firms have started listing specific AI platforms — Harvey, Casetext, a proprietary GPT-4 deployment — without any mechanism for updating that disclosure as tools change. If you name Tool A in the engagement letter and six months later you're primarily using Tool B, you may have a disclosure problem that neither party noticed.

Why This Is a Liability Document, Not a Transparency Document

I want to be direct about something: most of this drafting is not being done to help clients make informed decisions. It's being done to create a paper trail. The goal is to be able to say, in a future malpractice action or bar complaint, that the client was advised. That's a legitimate goal — but it's not the same as genuine disclosure, and confusing the two leads to drafting that fails at both.

Clients who are actually informed about AI use in their matters tend to engage more, ask better questions, and have more realistic expectations about what review means. That's good for client relationships and good for risk management. A disclosure written for transparency looks different: it specifies tools, explains what they do and don't do, identifies who is responsible for output, and gives the client a meaningful choice.

The firms getting this right — and a few are — are treating AI disclosure as a client relationship question, not a compliance checkbox. They're having conversations about it at intake. Their engagement letters reflect those conversations.

The Bottom Line

Engagement letters that disclose AI use without explaining what that means are not protecting clients. They may not even be protecting firms. Managing partners and legal ops directors who are reviewing this language should ask one question before approving any new clause: If a client read this carefully, would they actually understand what we're doing with AI in their matter?

If the honest answer is no, the letter needs a rewrite — and not the kind that adds another hedged sentence.