confidentiality

Confidentiality in the Age of GenAI: What Every Legal Team Using AI Must Understand

Adira EditorialLegal AI desk4 min read

The Duty Has Not Changed. The Risk Landscape Has.

Lawyers have always operated under strict duties of confidentiality. Whether rooted in contract, professional conduct rules, or equity, the obligation to protect client information is foundational to legal practice. What has changed, dramatically and quickly, is the surface area across which that duty must be defended.

Generative AI tools have moved from curiosity to infrastructure inside many Singapore law firms and in-house legal teams. The convenience is real. The productivity gains are measurable. But every time a lawyer pastes a contract clause, a client name, or a deal structure into a third-party AI interface, a confidentiality question arises that most organisations have not formally answered.

The Singapore Law Gazette has been examining how tools like Anthropic's Claude are reshaping professional practice. The underlying concern is well put: the legal community's embrace of GenAI has outpaced the professional frameworks designed to govern it.

What Actually Happens to Your Data

Most lawyers using consumer-grade or even enterprise-grade AI tools do not have a clear picture of what happens to their inputs after they hit send. Data may be retained for model training. It may be processed on servers in jurisdictions with different data protection regimes. It may be accessible to vendor staff under certain conditions.

This matters enormously in the context of Singapore's Personal Data Protection Act, the Legal Profession (Professional Conduct) Rules, and, for firms advising on cross-border transactions, the data residency requirements of other jurisdictions. A Singapore-qualified lawyer advising on an M&A deal involving a Hong Kong target and a European buyer is simultaneously navigating at least three overlapping regimes, and the AI tool sitting in the middle of that workflow may not respect any of them.

The failure point is rarely malicious. It is structural. Generic AI platforms are built for breadth, not for the specific confidentiality architecture that legal work demands.

The Jurisdiction Layer That Generic Tools Ignore

One of the most underappreciated problems with off-the-shelf GenAI in legal practice is the absence of jurisdictional grounding. A tool that does not know whether it is operating under Singapore law, English law, or New York law cannot reliably flag when a clause creates a problem, when a disclosure obligation is triggered, or when a limitation of liability provision is unenforceable.

This is not a minor gap. Legal advice is jurisdiction-specific by definition. When an AI tool drafts or reviews contract language without anchoring its analysis to the applicable governing law, it produces output that looks authoritative but carries significant hidden risk.

Adira is built on the principle that jurisdictional awareness is not an optional feature. It is the baseline. Every analysis Adira performs is calibrated to the law of the relevant jurisdiction, so that in-house teams and their external counsel are working from output that is actually usable, not just plausible.

Confidentiality as an Architecture Problem, Not a Policy Problem

Many organisations have responded to GenAI confidentiality concerns by issuing usage policies. These are necessary but not sufficient. A policy that says "do not upload confidential client information to unapproved tools" is only as effective as the enforcement mechanism behind it, and in a busy legal team, enforcement is impractical at the transaction level.

The more durable solution is architectural. Legal AI tools should be designed so that confidentiality protection is built into how data is handled, stored, and processed, rather than delegated to individual lawyers exercising judgment under time pressure.

This means, at minimum, clear data processing agreements, contractual commitments against using legal inputs for model training, and infrastructure that can demonstrate compliance with the professional conduct obligations of the jurisdictions in which the firm or legal team operates. Adira approaches this by treating client data as the lawyer's data, not as training material. The distinction is not merely commercial. It is professional.

What In-House Teams Should Be Asking Right Now

For in-house legal teams evaluating AI CLM tools, confidentiality due diligence should be as rigorous as any other vendor assessment. The questions worth pressing on include: Where is our data stored and processed? Is it used to train or improve the model? What access controls exist for vendor personnel? How does the tool handle contracts that contain their own confidentiality obligations restricting how the document can be shared or processed?

That last question is particularly sharp. Many commercial contracts contain provisions limiting disclosure to specific categories of recipient. An AI tool that ingests and processes such a document may itself constitute a disclosure that the contract did not contemplate.

The Singapore legal market is sophisticated and internationally connected. Its practitioners are well placed to lead on these questions. The starting point is treating AI tool selection not as a technology procurement exercise, but as a professional responsibility decision. The duty of confidentiality has not been suspended by the arrival of Claude or any other model. It has simply been given new tests to pass.

Was this useful?

See how Adira drafts in your voice and reads contracts from your side.

Explore the showroom