Book a call
By LegalEdge News

Do AI note takers and generative LLMs cause legal risks?


There’s been a huge rise in businesses using artificial intelligence, automation and generative AI. From drafting emails to recording meetings, these tools all promise speed, efficiency and convenience.

An area seeing particularly rapid adoption is AI note takers and generative tools such as ChatGPT. While they can save time and improve productivity, they also introduce real (though manageable) legal risks around how information is handled, stored and shared at work. 

It’s also important to recognise that alongside data protection and confidentiality, legal privilege is a significant concern for lawyers when using AI tools, and one that businesses should take seriously.

Our consultant legal counsel, Simon Conyers, explores how AI note takers and generative AI tools can create legal risk, where those risks usually come from, and what practical steps businesses can take to use AI safely and sensibly.

The legal risks with AI note takers 

AI-driven note-takers can be game-changers, saving you significant time by handling all your admin, providing an accurate transcript of discussions, and automatically generating summaries and action points. 

However, that can have legal implications, as those discussions become permanent records that can be used later. Without careful user access settings in place, AI notetakers can be automatically stored on your system or even shared without your consent or knowledge, which could cause issues with confidentiality agreements you may have in place, create disclosure risks, and potentially harm your business. 

The risks are real, particularly when sensitive information is involved, but they can be mitigated by ensuring the appropriate settings and controls are in place. 

Confidentiality is the real risk.

The biggest risk when using AI note-takers concerns confidentiality agreements and sensitive data. There is a risk of accidentally breaching confidentiality clauses or NDAs, exposing commercial plans, or unknowingly feeding confidential information into LLMs. 

To reduce this risk, it’s important to 

  • Understand what type of AI tool you are using, such as whether it is open or closed and what it does with your data. 
  • Check settings carefully to ensure the tool is not being trained on your data. 
  • Put clear AI policies in place so employees know when it is and is not appropriate to use these tools and how to use them. 
  • Encourage good practice around transparency, such as asking for consent before using AI note takers in meetings/discussions.
  • Understand clearly where transcripts and notes are stored, and what access controls are in place to prevent unauthorised access.

Simon explains these are not new concerns, but they are often overlooked:

“You need to think about how personal data is processed, whether confidential business is being discussed and the risk that AI can accidentally place that information into the public domain.”

Understanding the difference between open and closed AI tools.

The biggest risks from AI chat tools and notetakers come from using free, consumer-grade accounts. It may be tempting to use unpaid versions of ChatGPT, Perplexity, Claude, or Gemini (or others), but those free accounts may, by default, train their systems on user data unless settings are checked and contractual protections are in place.

Businesses should have regular conversations with staff, so everyone understands the risks of using free tools, supported by clear, practical AI policies. It’s better to assume people are already using these tools than to hope they aren’t, particularly since employees may experiment and inadvertently share confidential or commercially sensitive information without the business’s knowledge.

Paid-for subscriptions can help limit those risks by allowing you to opt out of training on your data, but they still offer only limited guarantees. You should always make sure that you’ve checked and updated any privacy, training and security settings as needed. 

Simon recommends businesses use enterprise and specialist tools that prioritise data security and AI governance. Ideally, you should ask vendors about this and put in place contractual protections, such as specific data processing agreements or master service agreements, that cover confidentiality, data protection, liability, security obligations, and the use of your data for training. 

Remember, although enterprise tools offer lower risk, that doesn’t mean they are risk-free, and it’s important to evaluate the level of acceptable risk for your business. 

AI use in contracts, intellectual property and due diligence

AI is increasingly becoming a live issue in commercial deals, especially around intellectual property and value. What used to be a theoretical concern is now appearing in real due diligence questions.

The main worries are whether businesses truly own what the AI tool has helped create. That includes source code written with AI tools, content generated by models and improvements made using external systems. If those tools have been trained on the data, or if ownership terms are unclear, the IP position can become complex. This could lead to issues later if and when external due diligence is undertaken. 

Currently, questions about AI and contractual clauses remain relatively broad, but in the near future, they will likely become far more complex in contract negotiations and during due diligence checks. 

That’s why it’s important to understand and document

  • What AI tools are being used? 
  • How and where has AI been used in the business?
  • Whether any data is fed back into models. 
  • Whether the business can genuinely say it owns any IP and its outputs.
  • Who is responsible for the AI outputs?
  • What escalation processes are in place?
  • Where data is being held in your system.
  • What information is internal and what’s external?
  • Where are these data pools and what are they doing?

All of these questions will underpin other areas of the business (such as HR or IT), so be mindful that, if the answers need to be clear and coherent, unclear answers can reduce valuation or stop a deal altogether.

It’s also important to recognise that the Intellectual Property rights you may have will vary by country, so seek relevant legal support where appropriate.  

Why legal privilege is a concern when using AI tools

Legal privilege is another area where AI tools can pose risks in specific circumstances.

Legal privilege is a legal protection that keeps discussions between a lawyer and their client private. It means that if there is a dispute later on, you normally cannot be forced to reveal the advice your lawyer gave you or what you told them.

Legal privilege isn’t going to be an issue for the majority of day-to-day business operations. But there is a risk it can catch businesses out if they take legal advice on a specific matter and then upload that information into an AI notetaker, or use a public AI tool or notetaker, during discussions with their lawyer. If the transcript is inadvertently stored publicly or placed in the public domain, you run the risk of giving up that protection. 

As Simon says:

“By uploading information into a publicly available tool such as ChatGPT, you may be inadvertently waiving your legal privilege, meaning there is a risk that the advice can become disclosable in court. It’s a real risk, but one that can be easily avoided simply by keeping legal advice out of chat tools and refraining from using AI notetakers on calls relating to sensitive legal matters.”

Focus on training people, not fighting AI.

When it comes to rolling out or using AI across a business, it’s important to implement comprehensive training and clear policies and guidelines for staff on its use.  

Problems are most likely to arise when staff use free tools without understanding the risks, or when employees use personal AI tools to save time and the business is unaware of or has not provided clear guidance on their use. 

If a company says it’s not using AI, that usually means it doesn’t know how staff are using it, and that’s where legal risks often emerge.

Key takeaways for your business 

When used safely, AI can bring huge competitive advantages, but the legal risks are real. They need to be actively managed to ensure that those advantages don’t become serious problems later on. 

The key points that every business should remember: 

  • Unless using an enterprise-level tool, all AI tools should be treated with caution, with a potential risk of information ending up in the public domain 
  • Never upload confidential or sensitive information into an AI tool without appropriate security, non-retention, and non-training measures in place. Work with your IT department to configure strict user access settings that will flag or prevent sensitive documents from being uploaded to these tools.
  • Be cautious with AI note takers, especially in situations where confidential conversations are taking place (for example, HR matters, obtaining legal advice, etc.). You should always know where the notes are stored and/or who they are sent to afterwards. 
  • Try to avoid using AI notetakers as the ‘default option.’ Always question, “Do I need a formal, recorded transcript of this conversation?” You should also remain alert and remember when AI transcriptions have been turned on, so you don’t accidentally fall into a casual conversation that later needs to be deleted from transcriptions. 
  • Pay for tools where appropriate and always check the training settings so you can confirm your data is not being used to train models or retained for other purposes.
  • Train your staff how to use AI safely, rather than banning it outright. 
  • Have clear policies in place that you can rely on, which document all the key information you may rely on in contract negotiations or funding rounds. 

If you’d like help with rolling out or using AI tools safely from a legal perspective or help with creating robust AI policies, please get in touch.

Back To Blog Our Services
  • Share:

What do our clients think?