Most Irish solicitors I've spoken to want to use AI. They've tried ChatGPT on a personal account, found it useful for drafting a letter or summarising a long email thread, and then quietly stopped — because somewhere in the back of their mind a Law Society guidance note is flashing red. They're right to stop. Pasting client matter into a public model is, on any honest reading, a disclosure to a third party. The interesting question isn't whether AI belongs in a law firm. It does. The question is how you put it there without breaking privilege, without breaching GDPR, and without ending up in front of the Legal Services Regulatory Authority explaining yourself.
I've spent the last while building the engineering answer to that question. What follows is the practical version — the architecture, the controls, and the specific decisions an Irish firm of any size needs to make before letting an AI model anywhere near a client file.
Why public AI tools and legal privilege don't mix
Legal professional privilege in Ireland rests on a simple condition: the communication must be confidential. Once a third party sees it, the privilege can be lost, and the client — not the solicitor — bears the consequence in litigation. When you paste a draft pleading, a counsel's opinion, or a client's instructions into a consumer AI chatbot, you are sending that text to a server operated by a third-party processor, often outside the EEA, frequently used for model training unless you've configured it otherwise, and almost always logged for abuse monitoring by humans you've never met.
That's before you get to GDPR. Client files contain personal data, often special category data — health, criminal allegations, family circumstances. Article 28 requires a written processor agreement with specific clauses. Article 44 onwards governs transfers outside the EEA. A consumer ChatGPT or Claude account satisfies none of this. A business-tier account with a DPA gets you closer, but you still need to know where the data lands, who can access it, and what happens to it after the request completes.
The Bar Council and Law Society have both flagged AI use as an area requiring care. The supervisory mood across Europe — the EU AI Act, the Irish Data Protection Commission's enforcement record, and the LSRA's complaints process — is that "I didn't realise" is not a defence for a regulated professional. So the engineering answer has to start from the assumption that no client data leaves the firm's control, ever, unless the client has been told and has agreed.
The architecture that actually works: on-premise inference
The cleanest solution, technically and legally, is to run the AI model on hardware the firm controls. This is not as exotic as it sounds. Open-weight models — Llama, Mistral, Qwen, and the Gemma family — are now genuinely competent at the tasks a solicitor actually wants: summarising long documents, drafting standard correspondence, extracting clauses from contracts, and answering questions about a corpus of internal precedents.
A typical setup for a small-to-medium firm looks like this: a single GPU server (an RTX 6000 Ada or an A6000 will handle a 70-billion-parameter model at usable speed for a handful of concurrent users), running an inference engine like vLLM or llama.cpp, sitting behind a private network. Staff access it through a web interface that looks much like ChatGPT but lives at an internal address. The model never has internet access. The server logs are kept on the same machine. Backups are encrypted and stored locally.
For larger firms, the same pattern scales horizontally — more GPUs, a load balancer, role-based access tied to your existing Active Directory or Azure AD. The principle stays identical: the data stays inside the firm's perimeter, the model runs on your iron, and no API call ever leaves the building. This is the foundation of what I built into the Intelligence Brain for legal practices — the assumption that a solicitor's working notes are as confidential as the safe in their office, and the technology has to honour that.
Retrieval-augmented generation against your own precedents
A general model on its own is a clever generalist. What makes it useful in a law firm is connecting it to the firm's own document store — its precedents, its template library, its closed matter files, its internal knowledge. This is retrieval-augmented generation, or RAG, and it's where most of the engineering effort goes.
The pattern: documents are chunked into passages of a few hundred tokens, each passage is converted into a vector embedding using a local embedding model (BGE, E5, or a domain-tuned variant), and the vectors are stored in a database like Qdrant or pgvector. When a solicitor asks a question — "what's our standard indemnity wording for a software licensing matter?" — the question is embedded, the nearest matching passages are retrieved, and the model is asked to answer using only those passages as context.
Two things matter here. First, the retrieval has to respect matter-level access control. If a solicitor isn't on the team for a particular matter, the vectors from that matter must not be returned to their queries. This means the access control list lives at the chunk level, not just at the document level, and it's enforced before retrieval rather than filtered afterwards. Second, the model must be instructed — and tested — to refuse to answer when the retrieved passages don't support an answer. Hallucinated citations to non-existent cases are the single most common way AI embarrasses a lawyer. The fix is not better prompting; it's a strict grounding regime where the model quotes the source passage and the interface shows the user exactly which document the answer came from.
The controls a regulated firm actually needs
Privacy and privilege are necessary but not sufficient. A law firm AI system also needs to satisfy the firm's professional indemnity insurer, the LSRA's expectations on file-keeping, and the firm's own quality standards. The controls I'd insist on for any deployment:
- Audit logging. Every prompt, every retrieved document, every model response, tied to the user, the matter, and the timestamp. Stored for the same retention period as the underlying file. This protects the firm if a client later questions advice given.
- No model training on firm data. The base model is frozen. If you fine-tune for in-house drafting style, that fine-tuning happens on a separate, isolated copy and the resulting weights are treated as confidential firm property.
- Output review workflow. Anything the AI produces that goes to a client or to court is reviewed and signed off by a qualified solicitor. The system makes this explicit — drafts are marked as drafts, not as advice.
- Data minimisation in prompts. Where a solicitor doesn't need the client's name to get a useful answer, the system pseudonymises before the model sees the text. This is straightforward to automate with a named-entity recognition pass.
- Conflict checking. Before retrieval, the system checks whether the matter the user is working on has any conflicts with the matters whose documents are about to be retrieved. This is the same conflict logic the firm already runs at intake; it just needs to apply at query time too.
What to tell clients and what to put in your engagement letter
Transparency is both a legal requirement under GDPR Articles 13 and 14 and a professional duty of candour. Your engagement letter should say, in plain English, that the firm uses AI tools to assist with drafting, summarisation, and research; that those tools run on infrastructure controlled by the firm and do not transmit client data to third parties; that all AI-generated output is reviewed by a qualified solicitor before being relied upon; and that the client may opt out of AI-assisted handling of their matter without affecting the service they receive.
That last clause matters. Some clients — particularly in family law, criminal defence, and certain commercial disputes — will have strong views. Giving them an explicit opt-out is both the right thing to do and a useful piece of evidence if a complaint ever arises. The technical side of honouring the opt-out is a flag on the matter record that prevents that matter's documents from being indexed, retrieved, or sent to the model. Build it once, apply it everywhere.
Common failure modes I see firms walk into
Three patterns come up repeatedly. The first is the "shadow IT" problem: partners forbid AI use, junior staff use it anyway on personal accounts, and the firm has all the risk and none of the controls. The answer is to provide a sanctioned, easy, internal alternative — if the in-house tool is genuinely useful, the personal accounts go away.
The second is over-trusting model output. AI models are confident liars. They will invent case citations, misquote the Companies Act, and confidently summarise a contract clause that doesn't exist. The control is the grounded-RAG approach above, plus a culture of "show me the source" that treats unsourced AI output the same way a senior partner treats unsourced advice from a trainee.
The third is treating AI as a replacement for judgement rather than a tool that accelerates it. A model can draft a section 31 notice in fifteen seconds. It cannot decide whether issuing one is the right strategic move for the client. Keep the solicitor in the loop on every decision that matters, and use the AI to remove the typing and the searching, not the thinking. That's the philosophy behind the Intelligence Brain generally — augment the expert, don't replace them.
Where to start this week
If you're a managing partner reading this on a Tuesday morning, here's the practical first step. Pick one workflow — contract review, discovery summarisation, or precedent search — and write down what good looks like for that workflow today, without AI. Time it. Note what the bottleneck is. Then talk to someone who builds on-premise systems for regulated firms and ask them to show you a working version of that one workflow, on your own documents, in your own office. Don't sign anything, don't commit to a platform, just see it run on real files behind your own firewall. If it works, you'll know within an hour. If it doesn't, you've lost a morning. Either way, you'll have moved from theoretical worry to a concrete decision — which is the only place from which good engineering, and good legal practice, ever starts.