AU0002 AI Leadership Unit: A Legal Services Sector Guide

Last updated: 1 April 2026

Why Legal Services Needs AI Governance Training Now

Legal services sits in an unusual position among professional sectors. It adopted AI tools rapidly — AI-assisted research, contract analysis, due diligence review, and document drafting are now mainstream across large and mid-market firms — but it did so ahead of any clear regulatory framework for AI governance in legal practice. The SRA’s AI guidance arrived in 2024, after many firms had already deployed AI tools at scale. The result is a sector with significant AI adoption and, in many cases, inadequate governance infrastructure to match.

The risks that have already materialised — lawyers submitting AI-generated court filings containing fabricated case citations, client data transmitted to AI tools without appropriate data processing agreements, AI outputs mistaken for definitive legal analysis — are governance failures, not technology failures. They are failures of oversight, supervision, and procurement standards. These are precisely the capabilities AU0002 develops.

Three regulatory and professional factors make AU0002 specifically relevant to legal services:

1. The SRA competence obligation. Solicitors must maintain the skills and knowledge needed to practise competently. As AI becomes embedded in legal work, the SRA’s position is clear: understanding how to use and supervise AI tools responsibly falls within that obligation.
2. The supervision obligation. Partners and heads of department are responsible for supervising the work produced by their teams. Where that work involves AI-assisted outputs, supervision requires being able to evaluate those outputs critically — not just accepting them because a tool produced them.
3. Client confidentiality exposure. Legal professional privilege and client confidentiality are the foundation of the solicitor-client relationship. AI tools that transmit client data to third-party servers, or that produce outputs drawing on information from other client matters, create systemic confidentiality risk that senior lawyers need to be equipped to identify and prevent.

The SRA’s AI Position: What It Requires of Senior Lawyers

The SRA published AI guidance in 2024 and has followed it with ongoing supervisory messaging. The guidance does not prohibit AI use — it sets conditions for responsible use. The core requirements it articulates for solicitors and firms are:

• Competence. Solicitors must understand the AI tools they use, including their limitations and error rates. Using a tool you do not understand, in a matter where the output has legal consequences, is a competence risk.
• Supervision of AI outputs. AI-generated work product must be reviewed by a qualified solicitor before being used in client matters, submitted to courts, or provided as legal advice. The obligation to supervise applies to AI output as to any junior work product.
• Client transparency. The SRA expects firms to have clear policies on when and how they disclose AI use to clients. Where AI plays a significant role in delivering a matter, clients may have a legitimate interest in knowing.
• Confidentiality protection. Firms must ensure AI tools used on client matters do not expose confidential information to third parties. This requires appropriate data processing agreements, enterprise-grade access controls, and clear policies on what data can be inputted to which tools.
• Professional judgement. AI must not substitute for professional judgement. The solicitor retains responsibility for the advice given and must be able to explain and defend it independently of the AI’s output.

Each of these five requirements has a governance and leadership dimension. At firm level, these are not just individual solicitor obligations — they require firm-wide policies, procurement standards, training frameworks, and oversight mechanisms. A managing partner or head of department who has not thought through how their team is using AI, or what the firm’s data handling policies are for AI tools, is exposing both the firm and individual fee earners to regulatory risk.

AU0002’s governance and ethics function area (K7, K8, S7, S8) covers accountability frameworks, ethical AI design, and bias identification. Its procurement and investment function area (K5, K6, S5, S6) covers how to evaluate AI tools, set procurement standards, and build appropriate contract terms. Together they map directly onto what the SRA requires firms to have in place.

Confidentiality, Privilege, and AI: The Governance Challenge

Confidentiality is the issue that keeps general counsel and managing partners awake at night when they think about AI. The risks operate at several levels:

Data transmission to third-party servers. General-purpose AI tools — including many that are marketed for legal use — transmit inputted data to servers operated by the AI provider. Unless the firm has a specific enterprise agreement governing data handling, that data may be used for model training, accessible to the provider’s staff, or subject to US data disclosure obligations (particularly for tools run by US-headquartered companies). For client-confidential matter information, this is a serious confidentiality risk.

Cross-matter contamination. AI tools that are trained on or have access to a firm’s historical work product may inadvertently surface information from one client’s matters in outputs generated for another. This is particularly acute for firms using AI tools that are fine-tuned on their own document libraries without adequate information barrier controls.

Privilege waiver risk. Disclosing privileged legal advice to an AI tool — particularly one operated by a third party — may constitute a waiver of legal professional privilege over that advice, depending on the circumstances. In litigation contexts, this could expose privileged documents to disclosure.

Metadata and inference risks. Even when the substantive content of a matter is not transmitted, metadata about who is working on what — search patterns, query histories, matter codes — can reveal commercially sensitive information about the firm’s clients and instructions.

None of these risks require a firm to stop using AI. They require a firm to have governance arrangements that identify which tools are approved for which types of work, what data handling requirements those tools must meet, how approval is granted for new tools, and who is responsible for monitoring compliance. AU0002’s procurement (K5–K6, S5–S6) and enterprise risk (K9–K10, S9–S10) function areas develop exactly this capability.

AU0002 Function Areas Mapped to Legal Services Requirements

Which Roles in Law Firms Should Complete AU0002

AU0002 is calibrated at Level 5 for people who set direction and governance on AI — not for people who use AI tools as part of their daily work. In a law firm context, the target population is leaders who are responsible for deciding whether AI is deployed, how it is governed, and what happens when it goes wrong.

In-House Legal Teams: A Different Set of Drivers

In-house legal teams face a slightly different AI governance challenge from private practice firms. Rather than managing AI in the context of client service delivery, in-house lawyers are typically managing AI in the context of commercial risk, regulatory compliance, and corporate governance.

The in-house general counsel increasingly occupies a dual role: governing the use of AI within the legal function itself, and advising the board and ExCo on AI-related legal risks across the business. This second role is where AU0002 is particularly valuable. A GC who has completed AU0002 has the frameworks to:

• Advise on AI procurement contracts — understanding what vendor terms actually mean for the organisation’s liability, data ownership, and audit rights
• Brief the board on AI governance obligations — including UK ICO expectations, EU AI Act exposure, and sector-specific regulatory requirements
• Chair or participate in AI governance committees — with the authority that comes from demonstrated competence in the domain
• Assess AI-related legal risk in M&A due diligence — as AI-built products and AI-dependent processes become standard components of target businesses

For in-house teams at levy-paying organisations, the funding route for AU0002 is straightforward — the same Growth and Skills Levy mechanism applies as for any other sector employer.

Client AI Due Diligence: The Commercial Driver

Beyond the regulatory compliance angle, there is a growing commercial driver for AI governance competence in legal services. Sophisticated corporate clients — themselves subject to AI governance obligations under the EU AI Act, FCA/PRA rules, or their own board-level risk frameworks — are increasingly including AI governance questions in their law firm due diligence processes.

Questions now appearing in large client RFPs and relationship reviews include: What is your firm’s AI governance policy? Who is accountable for AI tool decisions? How do you ensure client data is not exposed through AI tools? What training do fee earners receive on AI use? How do you supervise AI-generated work product?

A firm whose senior partners can answer these questions substantively — because they have completed formal assessed training in AI governance — is better positioned than one relying on general assurances. AU0002 creates a documented, assessed credential that can be cited in client conversations and RFP responses as evidence of firm-level AI governance capability.

Using the Growth and Skills Levy in Legal Services

Law firms and legal employers that pay the Growth and Skills Levy — those with payroll above £3 million — can use their levy balance to fund AU0002 for any eligible employed adult. The mechanics are the same as for any other levy-funded training:

1. Identify candidates (any employed adult, UK-resident, working for the levy-paying employer)
2. Select an AU0002 delivery provider from the Register of Apprenticeship Training Providers
3. Agree a training plan — no OTJ requirement, so all delivery can be in work time
4. Draw down funds through the ESFA Digital Accounts system once delivery starts

For large law firms with substantial unspent levy balances — common in firms where partner-level delivery roles have made traditional apprenticeship enrolment difficult — AU0002 offers a fast, high-value route to productive levy deployment among the most senior cohort. A group of partners or heads of department completing AU0002 together can build shared AI governance language across the leadership team as a side benefit of the programme.

Smaller firms below the levy threshold can access co-funded places, where the government covers 95% of training costs and the employer contributes 5%. For a unit of AU0002’s anticipated scope, the employer co-funding contribution should be modest.

Frequently Asked Questions

Does the SRA require law firms to train staff on AI?

The SRA does not mandate specific AI training, but the competence obligation requires solicitors to maintain the skills needed to practise competently. As AI becomes embedded in legal work, the SRA’s position is that understanding how to use and oversee AI tools responsibly falls within that obligation. Senior leaders who allow their teams to use AI tools they cannot adequately supervise are creating a competence and supervision risk.

What are the main confidentiality risks with AI in legal services?

The primary risks are: inadvertent disclosure of client confidential information to third-party AI servers; cross-matter contamination where AI trained on the firm’s work product surfaces information from one client matter in another; potential privilege waiver through disclosure to third-party AI systems; and metadata inference risks. AU0002’s procurement and governance function areas address how to build controls around each of these.

How does AU0002 map to the SRA’s AI guidance?

The SRA’s guidance focuses on competence, supervision, client transparency, confidentiality, and professional judgement. AU0002 covers governance, procurement, risk, and workforce transformation function areas that map onto each of these — equipping senior lawyers with the frameworks to build firm-level policy and oversight mechanisms that match SRA expectations.

Can in-house legal teams use the levy for AU0002?

Yes — any levy-paying employer can use their balance to fund AU0002 for eligible employed adults, regardless of sector. General counsel, heads of legal, and senior in-house lawyers with AI oversight responsibility are all suitable candidates.

Which roles are the best fit for AU0002 in law?

Managing partners, heads of innovation or legal technology, heads of department in AI-intensive practice areas, COOs, general counsel, and risk and compliance partners. The common thread is responsibility for deciding whether and how AI is deployed — rather than day-to-day use of AI tools.