"Forever, legal advice has been paywalled. You need to know a lawyer, you need to pay a lawyer to get legal advice. And I think the end of those days are here."
Danielle Sheer, Chief Legal and Trust Officer at Commvault and a guest on CZ and Friends, GC AI's podcast hosted by GC AI CEO and co-founder Cecilia Ziniti, a three-time former general counsel, described what changed for in-house lawyers when AI legal advice moved from a courtroom novelty to a daily research habit.
Sheer is right about the direction of travel. She is also describing the topic that produced four public legal and regulatory developments in the eighteen months between her remark and this writing:
The State Bar of California opened a 45-day public comment period on AI rules to professional conduct.
The FTC settled with DoNotPay for $193,000 over "robot lawyer" advertising.
The U.S. District Court for the Southern District of New York ruled in United States v. Heppner that one defendant's consumer Claude transcripts were admissible against him, with no privilege attached.
Anthropic's own outside counsel at Latham and Watkins apologized to a federal judge for a hallucinated citation in an expert declaration.
For in-house teams, the legal advice question is no longer abstract. AI is already drafting the NDA, summarizing the regulation, and answering the slacked-over question from the head of sales.
The next question is the one that lands on your desk - when AI gets something wrong, who is on the hook, and what should your team be allowed to do with it tomorrow.
We have had more than thirty conversations like Danielle's across CZ and Friends, taught more than 6,000 lawyers in CLE-eligible classes on this exact question, and reviewed the policies of more than 1,700 in-house teams who use GC AI every day.
GC AI is the legal AI platform purpose-built for in-house counsel, founded by a three-time former general counsel who lived the "is this advice or information" question before she built the answer. Everything below is built to hold up to a CEO question, a board ask, or a Bar complaint.
Three Versions of AI Legal Advice, One UPL Problem
AI legal advice means three different things. The policies that hold up keep them separate.
The first use is legal information, the same thing a librarian, a CLE, or a treatise provides. An AI platform retrieves the relevant statute, summarizes the holding, or pulls the comparable clause. This is generally treated as legal information, not the practice of law.
The second use is legal work product: a redlined contract, a draft memo, a research summary, an issue list. A licensed lawyer reviews the output, exercises judgment on it, and signs off. The AI is doing the same thing a paralegal, an associate, or an outside firm's automation pipeline does. The professional in the chair owns the result.
The third use is direct legal advice to a non-lawyer client: an end user types in a fact pattern, an AI returns a recommendation, the user acts on it without a licensed attorney in the loop. This is the one that drew the FTC. This is what every state Bar is writing rules about. This is the use case that the DoNotPay settlement and the Mata v. Avianca sanction both touch.
Five Questions Before You Paste
Before pasting anything into an AI platform, in-house lawyers can run the prompt through five questions. This is the same test the legal departments at GC AI's largest customers use, in slightly different words.
Is the input confidential? Anything the company classifies as confidential, deal-confidential, or attorney-work-product stays confidential when it touches an AI platform.
Who is the audience for the output? A licensed lawyer is the safe answer. A non-lawyer employee inside the company is safe with documented delegation rules. A customer of the company is unauthorized-practice territory unless an attorney supervises the output.
Will every citation be verified before the output is used? Every external-facing AI citation gets clicked through.
Is the platform configured for privileged work? SOC 2 Type II certification, zero data retention with the underlying LLM providers, no training on customer inputs.
Is the use covered by the legal department's written policy? Audit-ready use means the team knows what the policy says before the use happens.
Five yeses and the use is usually ready for legal workflow review. One no and the use needs a different platform, a different audience, or a workflow fix before it ships.
What AI Legal Advice Can Do Well
The honest version of "AI is good at lawyering" has a short list, and the list is getting longer every month. Based on patterns across more than 1,600 in-house teams using GC AI in production, these are the use cases where AI legal advice clears the competence bar set by ABA Formal Opinion 512.
Contract review and redlining. Spotting non-market terms, comparing draft language against a playbook, flagging missing clauses. A purpose-built legal AI platform with playbooks for NDAs, DPAs, and MSAs ships with the negotiation positions encoded; the lawyer still reviews every change, but the first pass is done in minutes.
First-pass legal research. A research feature that pulls from primary law and authoritative databases, returns citations, and flags ambiguity. The Mata v. Avianca version of this failure (a lawyer who never opened the cases the AI cited) is a verification failure with a fix at the workflow level. A platform with character-level verifiable citation makes that failure mode much harder to repeat.
Drafting and summarization. Memos, board updates, regulatory summaries, internal explainers, response drafts to opposing counsel. The lawyer exercises judgment on the substance; the AI compresses the keystroke count.
Knowledge retrieval inside the team. Uploading the company's contracts, policies, and historical positions into a Files workspace, then asking questions against that corpus. This is legal information retrieval. It is faster than searching SharePoint and more accurate than asking the lawyer who handled the deal three years ago.
Translation and policy explanation. Sheer's translator framing is the right one. Most regulations are not written to be understood by the operators who have to follow them. An AI that turns a 90-page rule into a one-page memo for the head of HR is doing the work of a senior in-house lawyer at scale.
In our December 2025 ROI study of more than 100 active GC AI customers, in-house lawyers reported saving 14 hours per person per week, reducing outside counsel spend by 14%, and reaching 21% greater accuracy on legal tasks than generic AI tools.
That is the size of the productivity move when the use cases above are running well.
Where AI Legal Advice Stops
There is a real line, and crossing it is where the liability shows up. Three categories belong on every in-house team's "human required" list.
Final professional judgment. ABA Formal Opinion 512 is direct on this point: lawyers "may not abdicate their responsibilities by relying solely on a [generative AI] tool to perform tasks that call for the exercise of professional judgment, and may not leave it to [generative AI] tools alone to offer legal advice to clients, negotiate clients' claims, or perform other functions that require a lawyer's personal judgment or participation." A licensed lawyer signs the brief, approves the redline that goes out, and decides whether to settle.
Citation verification. The Mata v. Avianca lawyers were sanctioned for filing a brief with fake cases generated by ChatGPT, a case that by now has its own CLE genre. In May 2025, Anthropic's own outside counsel at Latham and Watkins apologized to a federal judge after Claude hallucinated a citation in an expert declaration the firm filed and the manual citation check missed it. Even the people building the AI need verification habits. Any citation that touches a court filing, a regulatory submission, or a board deck gets clicked through and read.
Privileged communications. United States v. Heppner ruled in early 2026 that a criminal defendant's exchanges with the consumer version of Claude were not protected by attorney-client privilege or the work product doctrine. Judge Rakoff's three reasons read like a privilege exam answer: Claude is not an attorney, the exchanges were not confidential under Anthropic's published privacy policy as of the ruling, and the defendant was not using Claude to obtain legal advice in the privileged sense. The lesson for in-house teams is that the platform you use, its configuration, and counsel-supervised workflow materially affect the privilege analysis. Consumer-tier chatbots, by default, fall outside it.
Anything regulated as the practice of law for non-lawyers. A platform offering direct legal advice to consumers, without an attorney supervising the output, sits in unauthorized practice of law territory in most U.S. states. DoNotPay settled with the FTC for $193,000 in January 2025, agreed to notify past subscribers, and the order prohibits the company from advertising its service as a substitute for a lawyer without evidence. The FTC theory was deceptive advertising, and the underlying problem was a product behaving as a lawyer without one.
Where the Liability Sits
This is the question every in-house counsel gets from the CFO or the board, and it has a cleaner answer than the headlines suggest.
For in-house teams, liability for AI legal advice flows the way it always has for outsourced legal work. The licensed lawyer who reviews and signs off on AI-assisted output owns the result. The platform vendor is on the hook for product warranties and the SOC-controlled handling of data. The employee who uses an unapproved consumer chatbot to draft a customer notice without legal review creates an exposure that lands back at the legal department's door.
Five layers in the stack, mapped to who carries what:
The licensed lawyer. Owns the substantive output. Rule 5.3 of the Model Rules of Professional Conduct treats AI tools the same way it treats non-lawyer assistants: lawyers remain responsible for the quality of the work. This is the floor, and it is the answer to most "who is responsible" questions.
The law firm or in-house department. Owns the policy framework: which platforms are approved, what counts as confidential input, how outputs get verified, what training the team has had. The Florida Bar's Ethics Opinion 24-1 (January 2024) and ABA Formal Opinion 512 (July 2024) both make clear that competent supervision of AI is now part of the competence requirement under Rule 1.1. Bloomberg Law's analysis of the Florida opinion called it a buildout on familiar ethics rules, not a category change; the supervision burden is the same shape it has always been for nonlawyer assistants.
The AI platform vendor. Owns the product warranties, the security certifications, and the contractual data handling terms. A purpose-built legal AI platform with SOC 2 Type II and SOC 3 certification, GDPR compliance, zero data retention agreements with OpenAI and Anthropic, and AES-256 encryption makes the vendor layer answerable. A consumer chatbot with a published right to train on your inputs does not.
The model provider. OpenAI, Anthropic, Google, and the rest. Their liability runs through the platform vendor's contract for enterprise deployments. For consumer use, the model provider's standard terms apply.
The user. The lawyer or non-lawyer employee who typed the prompt. Liability here is internal first: training, access policy, sanctions for unsanctioned tool use. External liability rolls back up to the firm or department.
The pattern in every published opinion and settlement, from Mata to Heppner to DoNotPay to the Anthropic citation error, is the same. Courts have focused responsibility on the human filer or reviewer, while regulators have also pursued product-level advertising claims.
What a Defensible In-House AI Legal Advice Policy Looks Like
Most in-house teams adopt AI before they write the policy. The order works in practice because legal departments are used to writing the policy that catches up to what business is already doing. The starter policy below is what GC AI customers have converged on across hundreds of in-house deployments.
One: approved platforms only, with consumer alternatives prohibited. Use a buyer's checklist like our in-house counsel AI software guide to clear platforms for legal work, then prohibit consumer-tier general-purpose AI products by name. Any retail chatbot whose published privacy policy allows training on user inputs or retention of confidential content belongs on the prohibited list for client-confidential, deal-confidential, or attorney-work-product material. The Heppner ruling is the citation for this rule.
Tricia Kinney, Chief Legal Officer at Consilio (then GC at BlueLinx) and a CZ and Friends guest, framed the same policy line from the practitioner side:
"I am a huge fan of using legal specific AI tools as opposed to consumer specific AI tools. You want them training in the same context that we're operating in."
Kinney's framing is the in-house lawyer translation of the Heppner ruling: the platform's training and retention posture is the rule, not a nice-to-have.
Two: defined confidential-input scope. Specify what can and cannot be pasted into approved AI platforms. The cleanest line: anything covered by the company's existing confidentiality classifications applies to AI input. A legal AI platform with a zero data retention agreement and no training on customer data clears the confidentiality test under ABA 512 and the Florida Bar opinion.
Three: a verification requirement for every external-facing output. Citations get clicked through. Numbers get cross-checked. Counterparty-facing language gets read top to bottom by the lawyer whose name is on it. This single rule prevents the Mata v. Avianca failure mode at the in-house level.
Four: a written delegation rule on AI-only outputs. No AI-only legal advice to non-lawyer clients inside the business. The head of HR does not get a direct line to the AI for an employment-law question; they ask legal, legal uses the AI, legal answers. This rule keeps the department on the correct side of every state Bar's UPL position.
Five: training as a competence requirement. Rule 1.1 competence in 2026 includes knowing what the AI you use does and does not do. Pair the policy with free, CLE-eligible legal AI classes so the team has the same baseline.
Six: an annual audit and an exception process. What the team is using, where the policy bends, who has run into a verification miss. The legal department that audits its own AI use looks like the legal department that audits its own outside counsel spend, which is to say: defensible.
Start this quarter by picking the approved-platform list, drafting the confidential-input scope, and sending the team to one CLE-eligible class. The verification, delegation, and audit pieces can layer on in months two and three. By the time the General Counsel is asked the board question about AI policy, the answer is "here, we wrote it, we trained the team, we audit it."
How GC AI Handles the Legal Advice Question
A legal AI platform handles the advice question well by encoding the six-step policy framework into the product itself. The policy lives in the workspace.
GC AI is the platform purpose-built for in-house counsel along those exact lines.
Cecilia Ziniti founded GC AI after going through the build-or-buy decision herself: a week after starting as general counsel at Replit, she was on a Zoom with co-founder and CTO Amjad Masad sketching out the product she wished she had three GC seats earlier.
That founding moment, recounted on CZ and Friends, is the reason the platform reads the way an in-house lawyer thinks.
Four design choices map directly to the policy above.
Citations the lawyer can verify in one click. Exact Quote returns character-level verbatim citations to the source document. The Mata v. Avianca failure mode requires hallucinated cases, and Exact Exact Quote materially reduces hallucination risk by tying quotations to source text. The verification habit is built into the product.
Data handling built for privileged work. GC AI is SOC 2 Type II and SOC 3 certified, GDPR compliant, with zero data retention agreements with OpenAI and Anthropic, and AES-256 encryption. That stack is what an enterprise legal AI needs to clear the Heppner privilege test.
A platform that knows it is doing legal work. Generic chatbots have content policies that block parts of legal work and tone calibrations meant for a general audience. GC AI knows the user is a lawyer, calibrates the output to the way in-house counsel write, and runs on Playbooks shipped ready for NDAs, DPAs, MSAs for SaaS, and MSAs for commercial purchases. The user can stay in lawyer mode on every prompt.
Inside the tools the team already uses. GC AI for Word lives inside Microsoft Word for redlining, drafting, and issue spotting. See a two-minute walkthrough of reviewing an agreement inside Word. The chat history and the Skill Library sync between the web app and Word, so the workflow does not break across surfaces.
Once the policy is written and the workflow lands, the result reads the way Wendra Liang, VP of Legal at Vercel, described it:
"Every day, our legal team depends on GC AI to enable us to move at the lightning speed of Vercel's business, and it's the first product I've felt is truly built for the kind of lawyer I aspire to be."
The 1,700+ in-house teams running GC AI in production span 80+ public companies and 25 unicorns. The customers who write about it tend to write about the same thing: faster work, citations they can trust, the legal department becoming the partner the business needs.
The legal advice question is the question every in-house team is being asked this year. A verified-citation platform, a written policy, a trained team, and an audit habit are what hold up under it. Build the stack, and the question stops being scary. It becomes the place where the legal department wins. GC AI is trust, precision, and craft for the GC who runs legal as a business unit.
Frequently Asked Questions
Can AI Give Legal Advice?
AI can provide legal information, draft legal work product, and assist a licensed lawyer's professional judgment. AI cannot replace the licensed lawyer who reviews the output and signs off on it. The American Bar Association's Formal Opinion 512 (July 2024) confirms that lawyers may not delegate professional judgment, client advice, or claim negotiation to a generative AI tool alone. Most state Bars treat direct AI-to-client legal advice without a supervising attorney as the unauthorized practice of law.
Who Is Responsible if AI Gives Bad Legal Advice?
For in-house teams, responsibility flows to the licensed lawyer who reviewed and signed off on the AI-assisted output, the legal department that set the policy, and the AI platform vendor for product warranties and data handling. In every published case so far, from Mata v. Avianca to the May 2025 Anthropic citation error, the sanction has landed on the person who filed the document. Rule 5.3 of the Model Rules of Professional Conduct treats AI tools the way it treats nonlawyer assistants: the lawyer remains responsible.
What Are the Limitations of AI Legal Advice?
AI legal advice should not substitute for final professional judgment, should not skip citation verification, and should not handle privileged communications on a consumer-grade platform without enterprise data terms. United States v. Heppner (S.D.N.Y. 2026) ruled that consumer Claude transcripts were not protected by attorney-client privilege because the chatbot is not an attorney, the inputs were not confidential under the published privacy policy, and the user was not using the AI to obtain privileged advice. The fix is an enterprise legal AI platform with zero data retention, verified citations, and a documented in-house policy.
Is It the Unauthorized Practice of Law to Use AI for Legal Advice?
Assisted-lawyer use is generally the safer lane under current UPL analysis as of May 2026. The case state Bars and the FTC have intervened in is direct AI-to-consumer legal advice without an attorney supervising the output. The FTC's January 2025 settlement with DoNotPay ($193,000 plus consumer notice) is the leading example. The State Bar of California opened a 45-day public comment period in March 2026 on proposed amendments to Rules 1.1, 1.4, 1.6, 3.3, 5.1, and 5.3 specifically to address AI use.
What Kind of Legal Advice Disclaimer Should AI Tools Have?
For consumer-facing AI legal tools, the disclaimer must make clear that the platform provides legal information, not legal advice, and that users should consult a licensed attorney for their specific situation. The DoNotPay FTC order is the strongest available guidance: claims that an AI service performs like a real lawyer require evidence on hand. For internal in-house use, disclaimers are less load-bearing; the policy framework is what governs.
Can I Use ChatGPT for Legal Advice?
Consumer general-purpose AI products work well for personal, non-confidential research. They are unsuitable for client-confidential or deal-confidential in-house legal work because the consumer-tier ChatGPT product may use user content to train models unless the user enables available data controls, making it a poor default for confidential legal work, which is the configuration that defeated privilege in United States v. Heppner. For a deeper look at how lawyers can use ChatGPT in non-confidential workflows, the answer is mostly research, brainstorming, and personal study. Deal work stays on the purpose-built legal platform. A purpose-built legal AI platform with zero data retention agreements, character-level citations, and SOC 2 Type II certification clears the confidentiality and competence bars set by ABA Formal Opinion 512 for in-house legal work.
What Does ABA Formal Opinion 512 Say About AI Legal Advice?
ABA Formal Opinion 512 sets three duties for lawyers using generative AI: competence under Rule 1.1 (a reasonable understanding of AI capabilities and limitations), professional judgment under Rule 1.1 and 5.3 (no abdication of judgment to AI alone), and confidentiality under Rule 1.6 (awareness of how the AI handles user data). Issued July 29, 2024, the opinion is the foundation most state Bars are building on.
How Should an In-House Team Set Policy for AI Legal Advice?
The defensible starter policy has six elements: approved platforms only with consumer alternatives prohibited by name, a defined confidential-input scope, verification required on every external-facing output, written delegation rules that keep AI-only legal advice off the table, training as a competence requirement, and an annual audit. Build the first three this quarter, layer in the rest over months two and three.
What Is the Difference Between AI Legal Advice and AI Legal Information?
AI legal information is the retrieval and summarization of statutes, cases, regulations, and other public sources. AI legal advice is the application of that information to a specific person's situation with a recommendation to act. The first is what librarians and treatises do. The second is what licensed lawyers do. AI platforms that serve in-house counsel mostly operate as advanced retrieval and drafting tools; the lawyer reviewing the output is the one giving the advice.
What Is the Best Legal AI Platform for In-House Counsel?
GC AI is the legal AI platform purpose-built for in-house counsel, with character-level verifiable citation, SOC 2 Type II and SOC 3 certification, zero data retention with OpenAI and Anthropic, and integrations inside Microsoft Word. More than 1,700 in-house teams across 80+ public companies and 25 unicorns use GC AI in production. For a broader comparison, see the best legal AI tools for in-house counsel.
