AI for Law Firms: Professional Rules, sec. 203 StGB & Liability (2026)

AI promises law firms research in minutes, draft pleadings at the push of a button, and searchable case knowledge. At the same time, it triggers a very concrete fear: Am I committing a crime if client data flows into the AI — sec. 203 StGB (German Criminal Code provision protecting professional secrets)? Am I breaching my duty of confidentiality? And who is liable if the AI invents a court decision?

Here is the short answer up front, so you can keep reading instead of hesitating:

May a law firm use AI? Yes. Using AI is permissible under the professional conduct rules and is not a violation of sec. 203 StGB — provided that confidentiality is preserved, that any AI service provider that is brought in is bound to secrecy under sec. 203(3)/(4) StGB, and that every AI output is subject to final review by the lawyer. Sec. 203 is not a ban on digitalization.

As of May 2026. This article is written by Leon Lotz — a business lawyer (Wirtschaftsjurist) and software developer. It is not a substitute for legal advice in an individual case.

What legal tech & AI can do in the law firm today — and where the line is

The productive use cases have long been part of everyday work: full-text search across your own case files, summaries of long documents, first drafts of pleadings and contracts, translations, a searchable firm-wide knowledge base. The benefit is real — but every use case carries a different legal risk.

Use case	Benefit	Main legal risk
Full-text/document analysis of your own files	Finding and structuring in seconds	Sec. 203 / confidentiality (where does the data flow?)
Legal research & draft pleadings	Time savings, a first pass	Hallucination → duty of care / duty to review
Client communication via chatbot	Relief, availability	Transparency (Art. 50 EU AI Act), data protection
Firm knowledge management (RAG)	Making internal know-how usable	Data residency, access rights, sec. 203
Applicant/personnel selection via AI	Recruiting efficiency	High-risk under the EU AI Act (the exception!)

The line is not drawn at the whether but at the how. Two topics decide on permissibility and liability: the duty of professional secrecy (Mandatsgeheimnis) and the lawyer’s duty to review. We will look at both in detail.

Professional secrecy & sec. 203 StGB — the real crux

What sec. 203 StGB protects — and for whom

Sec. 203 StGB criminalizes the violation of private secrets. Anyone who, as a member of a profession bound to secrecy (Berufsgeheimnisträger), discloses another person’s secret that was entrusted to them in that capacity may be committing a criminal offense. Those covered include attorneys, tax advisors, and notaries. For attorneys, sec. 43a(2) BRAO (German Federal Lawyers’ Act) adds the professional duty of confidentiality on top of this. Carelessly handing client data to a cloud service that processes it on US servers can implicate both provisions.

AI is no ban on digitalization — the 2017 reform

This is where the biggest misunderstanding lies. Until 2017, it was disputed whether an attorney could even bring in an external IT or cloud service provider without violating sec. 203. The Act on the Reorganization of the Protection of Secrets in the Involvement of Third Parties in the Professional Activity of Persons Bound to Secrecy (Gesetz zur Neuregelung des Schutzes von Geheimnissen bei der Mitwirkung Dritter an der Berufsausübung schweigepflichtiger Personen, in force since November 9, 2017) answered this question.

Since then, sec. 203(3) StGB has defined the “contributing person” (mitwirkende Person): anyone who participates in the professional activity of the person bound to secrecy — expressly including IT service providers and SaaS/cloud vendors, and therefore also AI service providers — may be granted access to secrets insofar as this is necessary for the activity. The contributing person is in turn bound to secrecy and is itself subject to sec. 203(4).

In practical terms, this means: using AI is permitted if three conditions are met — bringing the provider in is necessary for the activity, the provider is instructed on its duty of secrecy, and adequate safeguards against unauthorized disclosure are in place. For attorneys, sec. 43e BRAO additionally specifies the conditions for permissible IT outsourcing: the provider must be obligated to maintain confidentiality, and comparable protection standards must be ensured.

Why a DPA alone is not enough

A common and costly error: “But we have a data processing agreement.” A DPA (Auftragsverarbeitungsvertrag) under Art. 28 GDPR is necessary as a matter of data protection law — but it does not cover sec. 203 StGB. Sec. 203 is criminal law, not data protection law. Both layers must be satisfied separately.

Requirement	Legal basis	Does it cover it?
Data processing agreement (DPA)	Art. 28 GDPR	Data protection — not sec. 203
Criminally enforceable secrecy obligation	Sec. 203(4) StGB	Professional secrecy
Instruction of the contributing person	Sec. 203(3)/(4) StGB	Exclusion of criminal liability
Safeguards (technical/organizational)	Sec. 43e BRAO / 203	Professional rules + sec. 203

For this second layer, the industry has established the “sec. 203 declaration” (known, for example, from DATEV practice): a separate, criminally enforceable obligation of the provider to maintain secrecy. Anyone feeding personal client data into an AI needs both — a DPA and a sec. 203 obligation.

Professional conduct rules: what the BRAK guidance requires

In December 2024, the Federal Bar Association (Bundesrechtsanwaltskammer, BRAK) published its first guidance on the use of AI (Hinweise zum Einsatz von künstlicher Intelligenz, as of 12/2024). There are three core duties you should know:

Independent final review. AI does not replace the lawyer’s own judgment. Every AI output must be checked on the lawyer’s own responsibility before it goes into a pleading or piece of advice. The BRAK expressly warns against adopting results unchecked — AI can make mistakes and misrepresent the legal position.

Confidentiality under sec. 43a(2) BRAO. The duty applies without restriction to AI as well. The BRAK’s practical advice: keep queries as abstract and anonymized as possible; where documents have to be uploaded, anonymize them beforehand.

Transparency. Openness about the use of AI toward clients and courts is required under both professional conduct rules and contract; the relationship to the EU AI Act must be observed.

The BRAK guidance is an orientation aid, not a statute — but it describes the standard of care against which you will be measured if it comes to it. You can read more about the GDPR requirements for AI systems in the article on the data protection impact assessment for AI systems.

Liability: when the AI invents court decisions

The KG Berlin case

On November 20, 2025, the Berlin Court of Appeals (Kammergericht Berlin, order – 17 WF 144/25) reprimanded a lawyer for lack of due care. A pleading in a family law matter had cited a decision of the Federal Court of Justice (Bundesgerichtshof, BGH) — “BGH, order of 14.11.2007 – XII ZB 183/07, FamRZ 2008, 137” — that simply does not exist. The court found that no such decision could be located under that case number or in the cited source; it was apparently an AI “hallucination.” A second cited decision (Higher Regional Court of Brandenburg, OLG Brandenburg) was also entirely fabricated.

An important note on how to read this: it is a single-case reprimand from family law, not a leading decision by a supreme court. But as evidence of the duty to review, the order is striking — and highly current (as of May 2026).

Who is liable?

The lawyer. The AI is a tool, not the bearer of responsibility. Anyone who files a fabricated citation breaches their duty of care — with possible consequences under both professional conduct and liability law. The conclusion is uncomfortable but clear: every citation must be checked against the primary source before it is used. This can be safeguarded technically — for example, with a RAG system that generates answers only from verified sources with a reference, instead of freely “making things up.”

Final review by the lawyer: an AI-generated case number is checked against the primary source before it goes into the pleading — the duty of care after the KG Berlin order

The bottleneck is not generation but verification: a citation may only enter a pleading once it has been matched against the primary source. It is precisely this review layer — not the model — that decides liability.

EU AI Act: is law firm AI “high-risk”?

A widespread panic goes: “Law firms are high-risk.” That is generally wrong.

Annex III no. 8 of the EU AI Act covers AI in the administration of justice only when it is used by or on behalf of a judicial authority to assist that authority in researching the facts, interpreting the law, and applying the law. The addressees are courts and judicial authorities — not the advisory practice of attorneys. Research, drafts, and summaries within a law firm therefore regularly do not fall under high-risk.

The genuine exception: if you use AI for personnel or applicant selection, that may be high-risk under Annex III — regardless of the fact that you are a law firm. For that case, the timeline is worth a look: under the “Digital Omnibus” politically agreed in May 2026, the high-risk obligations under Annex III are to apply not from August 2, 2026 but only from December 2, 2027 (as of May 2026, not yet finally adopted) — though this does not change the assessment that matters here.

What applies to everyone nonetheless:

Art. 4 AI literacy — in force since February 2, 2025, independent of risk class: staff who use AI need demonstrable AI literacy. Read more about the AI literacy obligation for staff.
Art. 50 transparency — transparency obligations for certain systems (e.g. AI interaction, generated content); the next stage takes effect on August 2, 2026.

You will find an in-depth discussion of the risk classes under the EU AI Act in the AI Act article.

Which AI is safe? Cloud, EU hosting, on-premise

Two factors decide on security: data residency and the contractual situation. The more sensitive the client data, the more important it becomes where it is processed and who can access it.

Standard cloud (third country): Highest risk — third-country transfer (Chapter V GDPR) plus the sec. 203 problem. Tenable only with an enterprise contract (no training on your data), a DPA and a sec. 203 obligation.
EU hosting: Significantly reduces the third-country problem — but “EU region” alone is not enough as long as the provider is subject to the US CLOUD Act (access risk despite EU servers). What matters is who has legal access, not just where the server stands.
On-premise / local: Data never leaves the firm — the strongest argument for particularly sensitive mandates. A tailored, data-sovereign solution shifts the risk from “someone else’s server” to “your own control.”

There is no such thing as the secure AI — there is the architecture that fits your duty of professional secrecy.

Checklist: introducing AI in the law firm safely

Step	Duty	Implementation
1	Clarify legal basis & data categories	Which (client) data goes into the AI? Personal data?
2	Conclude a DPA	Art. 28 GDPR — no AI tool without a data processing agreement
3	Secure sec. 203 secrecy	Criminally enforceable obligation of the provider (sec. 203(3)/(4))
4	Review IT outsourcing	Sec. 43e BRAO — comparable confidentiality standards
5	Establish final review	BRAK guidance: every citation, every draft is checked
6	Demonstrate AI literacy	Art. 4 EU AI Act — document staff training
7	Arrange transparency	Inform clients, observe Art. 50 EU AI Act
8	Choose data residency	EU hosting / on-premise for sensitive mandates

Frequently asked questions (FAQ)

May I use ChatGPT in my law firm? Yes, but not with unencrypted, identifiable client data in the standard version. The BRAK advises abstract, anonymized queries. For mandate-related processing you need a solution with a DPA, a sec. 203 obligation, and suitable data residency.

Is a data processing agreement (DPA) enough? No. The DPA only covers the GDPR, not sec. 203 StGB. In addition, a criminally enforceable secrecy obligation of the provider under sec. 203(4) is required.

Who is liable if the AI invents a court decision? The lawyer. The duty to review and the duty of care remain with the lawyer — as the Berlin Court of Appeals (KG Berlin) order of November 20, 2025 (17 WF 144/25) shows. Every AI-generated citation must be checked against the primary source.

Is my law firm AI a high-risk system under the EU AI Act? Generally no — Annex III no. 8 addresses judicial authorities, not attorneys. Exception: AI for applicant/personnel selection may be high-risk.

Do I need AI training in the law firm? Yes. Since February 2, 2025, Art. 4 of the EU AI Act requires demonstrable AI literacy from staff who use AI, independent of risk class.

Legally sound law firm AI from a single source

What is special about this topic: it lies exactly on the seam between law and technology. Anyone who only knows the professional conduct rules will not build a compliant system. Anyone who only knows the technology will overlook sec. 203 and the duty to review.

I am a business lawyer (Wirtschaftsjurist) and a software developer — I understand the duty of confidentiality and sec. 203 StGB, and I build the GDPR/sec. 203-compliant law firm AI system (RAG knowledge management, document analysis with source references) myself. If you want to introduce AI into your law firm safely, or have a fitting system built for you, let’s talk about your specific case in a no-obligation initial consultation.

As of May 2026. This article provides general information and is not a substitute for legal advice in an individual case. The legal situation, the BRAK guidance, and the state of implementation of the EU AI Act continue to evolve — please have the current state checked before making specific decisions.

Sources — as of 26.05.2026