Legal Prompting - AI Act: obligations for legal professionals
S01:E09

Legal Prompting - AI Act: obligations for legal professionals

International

Episode description

Ninth episode of Legal Prompting. After discussing professional secrecy as a criterion for choosing an AI infrastructure, we shift our focus to the regulatory framework: the European AI Act and the obligations placed on legal professionals as deployers of AI systems.

The central principle: those who use AI in legal practice are not mere users but regulated subjects under the AI Act, with precise obligations. To these is added the cross-cutting duty of AI literacy (Article 4), already applicable since February 2025.

Three concrete applications:

  • Classify the risk of the system used (prohibited, high, limited, minimal)
  • Notice to the client and transparency under Article 50 of the AI Act
  • Documenting use: logs, standard prompts, human controls

Three cross-cutting operational rules: effective human oversight, preliminary assessment of tools, continuous updating on the Regulation’s deadlines.

In the next episode we will close the journey with a synthesis of the method and a look at the perspectives of evolution.

To dive deeper, subscribe to the newsletter at nicfab.eu.

Download transcript (.vtt)
0:09

Welcome back to Legal Prompting, this is Nicola Fabiano.

0:14

In the previous episode, we discussed professional secrecy and how choosing an AI infrastructure

0:21

is, first and foremost, a deontological decision.

0:26

Today, we shift our gaze from the single tool to the regulatory framework that governs

0:33

its use, the European AI Act and the obligations it places on legal professionals.

0:40

The central principle is easy to state and hard to practice.

0:45

The AI Act does not only regulate those who develop or place AI systems on the market,

0:53

it also regulates those who use them, that is, the deployer, and the legal professional

0:59

who integrates AI into their practice is, in every respect, a deployer.

1:06

This means that choosing a good tool is not enough.

1:10

You must use it within a precise perimeter of obligations.

1:15

To this perimeter, we must add a cross-cutting one already fully applicable since February

1:21

of 2025, the duty of AI literacy for staff set out in Article 4 of the regulation.

1:30

Anyone using AI in a law firm must have acquired adequate competence.

1:36

Anyone who entrusts those tools to collaborators must ensure they have it too.

1:42

Three concrete applications.

1:45

First, classify the risk of the system you use.

1:50

The AI Act distinguishes between prohibited systems, high-risk systems, limited-risk systems,

1:58

and minimal-risk systems.

2:01

Many general-purpose tools used in a law firm fall within the limited-risk category with

2:08

obligations that are mainly about transparency, but when a system is used to assess individual

2:16

profiles, to support decisions that affect fundamental rights, or for activities covered

2:23

by Annex 3 of the regulation, the classification changes.

2:29

The first question is not whether the tool works well, but which risk category your concrete

2:36

use of it falls into.

2:39

Second, notice to the client and to the recipients.

2:43

Article 50 of the AI Act imposes transparency obligations toward those who interact with

2:51

AI systems or receive their output.

2:54

For the legal professional, this translates into clear clauses in the engagement letter,

3:00

in opinions that flag where AI has contributed, and in communications that do not pass off

3:07

as purely human and content generated or reworked with AI.

3:12

It is not a bureaucratic formality, it is how you preserve the trust that grounds the

3:19

professional relationship.

3:20

Third, documenting your use.

3:24

The AI Act requires the deployer to keep the logs of high-risk systems and to monitor how

3:31

they operate.

3:33

Even outside the high-risk category, professional prudence requires you to document which tools

3:39

are used, for which tasks, with which standard prompts, and with which human controls.

3:47

An internal register, even a simple one, is the trail that allows you to answer tomorrow,

3:54

before a client, an authority or a judge, on how a given content was produced.

4:00

Three cross-cutting operational rules.

4:05

First, effective human oversight, not symbolic.

4:09

The AI Act speaks of human oversight, and the phrase is not a slogan.

4:15

It means that the professional must be in a position to understand, verify and, if necessary,

4:22

contradict the output of the system.

4:24

If the output is not verifiable, oversight is only apparent.

4:29

Second, preliminary assessment of tools.

4:34

Before integrating a system into your workflow, you must check the technical documentation

4:39

provided by the supplier, the data processing terms, the conformity guarantees and the consistency

4:47

with your duty of confidentiality.

4:50

A technological choice made in haste becomes a regulatory problem tomorrow.

4:55

Third, continuous updating.

4:58

The AI Act is a regulation that enters into application gradually, with different dates

5:05

for different categories of systems.

5:08

Some prohibitions apply from February of 2025, the obligations on general-purpose AI models

5:16

from the following August, and the rules on high-risk systems come fully into force from

5:23

August of 2026.

5:25

The legal professional must follow its implementation, because their responsibility grows as the

5:33

obligations become binding.

5:35

In the next episode, we will close the journey, a synthesis of the legal prompting method,

5:41

and a look at the perspectives of evolution, both regulatory and technological.

5:47

To explore these themes further, I invite you to subscribe to the newsletter at nickfab.eu,

5:54

where each episode is accompanied by a dedicated issue with references, notes, and additional

6:02

materials.

6:03

See you soon!