AI Best Practices by Profession: How Different Industries Are Using AI in 2026

In 2026, every profession is using AI — but the right way to use it varies dramatically by industry. A tax accountant's compliance constraints look nothing like a therapist's. A litigator's privilege calculus is different from a developer's NDA concerns. A financial advisor's FINRA obligations don't map onto an attorney's ABA opinions.

This is the pillar guide to AI best practices across the major client-services professions. We cover what each profession is actually doing with AI in 2026, what the regulatory landscape looks like, where the common mistakes are, and which deep-dive guide to read next for your field.

What All These Professions Have in Common

Three patterns hold across every client-facing profession we cover here.

The bottleneck is confidentiality, not capability. Modern AI can absolutely handle the document review, drafting, and research tasks these professions need. The hard question is never “can the AI do this” — it's always “can I share this material with the AI without violating a professional obligation.”

The compliance question turns on architecture. Every major regulatory framework — HIPAA, IRC §7216, FINRA, SEC Reg S-P, ABA Opinion 512, state AI laws — distinguishes between data that stays on your device and data that travels to a vendor. On-device AI sidesteps most of the obligations cloud AI imposes.¹

The professional standards are catching up fast. 2025 and early 2026 produced more AI-specific professional guidance than the prior five years combined: FINRA's 2026 Annual Report flagged agent-based AI; the SEC's amended Reg S-P added AI-specific vendor requirements; ABA Formal Opinion 512 introduced AI consent requirements; HHS OCR proposed the first major HIPAA Security Rule update in 20 years citing AI. The profession-by-profession landscape is being rewritten in real time.²

CPAs and Tax Professionals

AI adoption in tax and accounting jumped from 9% of firms in 2024 to 41% in 2025 — the fastest professional services adoption curve on record.³CPAs use AI to draft client memos, explain complex code provisions, summarize court rulings, prepare audit documentation, and accelerate research that used to take hours.

The compliance constraint is IRC §7216. Disclosing tax return information to an unauthorized third party — including a cloud AI vendor without a zero-retention contract — carries criminal penalties up to $1,000 per violation and one year imprisonment. AICPA Statement on Standards for Tax Services adds parallel obligations.⁴

The common mistake: pasting client return excerpts into consumer ChatGPT to get a quick explanation. This is a §7216 disclosure. The right move is either an enterprise AI contract with zero-retention provisions or — cleaner — an on-device tool where no disclosure occurs.

Deep dive: How CPAs Use AI Day-to-Day in 2026: Workflows for Tax Season, Audit Defense, and Advisory Work. Also see our tax AI tools roundup and CPA landing page.

Attorneys and Law Firms

79% of lawyers use AI in practice (2025 ABA TechReport), but only 10% of firms have a formal AI usage policy. That gap is closing fast — driven largely by the February 2026 federal ruling in United States v. Heppner(S.D.N.Y.), which held that conversations with public AI tools carry no expectation of privacy and are not protected by attorney-client privilege.⁵

Beyond privilege, ABA Formal Opinion 512 (July 2024) requires informed client consent before inputting confidential client information into AI tools with self-learning capabilities. Multiple state bars have adopted parallel rules.

The common mistake: drafting privileged strategy memoranda in ChatGPT, Claude.ai, or Gemini. Heppner makes clear this is a third-party disclosure that may waive privilege. The right move is on-device AI or Enterprise-tier cloud AI with strict zero-retention contracts.

Deep dive: AI for Lawyers in 2026: Practical Workflows for Litigation, Document Review, and Client Counseling. Also see our Heppner risk analysis and Lawyers landing page.

Financial Advisors and RIAs

AI adoption among RIAs more than doubled between 2023 and 2026, with 63% of firms now using AI tools daily. Use cases include client meeting summaries, financial plan drafting, regulatory research, prospect outreach, and portfolio commentary generation.⁶

Two regulatory frameworks dominate: SEC Reg S-P (amended December 2025 for larger firms, June 2026 for smaller) requires vendor contracts to include confidentiality provisions protecting client data from AI training. FINRA's 2026 Annual Report explicitly flagged agent-based AI risks as an enforcement focus for the first time. FINRA Rule 3110 supervision and Rule 2210 communications standards both apply unchanged to AI output.

The common mistake: using ChatGPT to draft client communications with portfolio-specific context. The communication may then be subject to FINRA Rule 2210 review and Books and Records requirements that the cloud AI vendor's data flow complicates. On-device AI keeps the entire AI-assisted communication inside the firm's controlled environment.

Deep dive: AI for Financial Advisors in 2026: Practical Workflows for Client Meetings, Planning, and Compliance. Also see our Financial Advisors landing page.

Therapists, Counselors, and Mental Health Professionals

Adoption is slower in clinical mental health than in financial or legal services — partly because of HIPAA caution, partly because the cultural norms in therapy emphasize human-centered care. But it's real and growing: AI for progress note formatting, treatment plan support, CE material summarization, and research literature review.

The regulatory framework is HIPAA, plus state mental health practice acts and 42 CFR Part 2 for substance abuse treatment records. HIPAA's third-party disclosure rules historically required a Business Associate Agreement with any AI vendor processing PHI. HHS OCR proposed the first major Security Rule update in 20 years (January 2025), citing AI tools explicitly.⁷

The common mistake: pasting de-identified session notes into ChatGPT without realizing that even de-identified notes may contain enough context to be re-identifiable under HIPAA's low-threshold standard. On-device AI eliminates this risk because no PHI leaves the device — re-identification is only a problem when there's a third party in a position to do it.

Deep dive: AI for Therapists and Counselors: HIPAA-Safe Workflows for Notes, Treatment Planning, and Continuing Education. Also see our Therapists landing page.

Freelance Developers and Agencies

Software developers were early AI adopters; freelancers and agencies were slower because of contract concerns around client code and IP. By 2026 those concerns are mainstream: GitHub's March 2026 Copilot policy change made code-training opt-out by default, triggering a developer migration to local AI tooling.⁸

The legal framework here isn't a regulatory body — it's contract. Master Services Agreements, NDAs, and engagement letters typically prohibit disclosure of client material to third parties without consent. Submitting client code or specifications to a cloud AI may be a contract breach.

The common mistake: pasting a client's confidential specification or proprietary algorithm into ChatGPT to get coding help. This is almost certainly a contract breach under standard NDA terms — even if the developer doesn't mean to disclose IP, the architectural fact of transmission is the disclosure.

Deep dive: AI for Freelance Developers and Agencies: Best Practices for Client Code, NDAs, and IP Protection in 2026. Also see our Developer AI Privacy Guide and Developers landing page.

Patterns That Hold Across All Five Professions

Despite the regulatory diversity, four practical patterns hold everywhere.

Define your tier system early. Decide which AI tools are approved for which categories of work. Use consumer AI for non-confidential research only. Use enterprise AI with contracts for client-data work, after contract review. Use on-device AI for the most sensitive material. Document the tier policy so every team member understands which tool to reach for when.

Update engagement letters now. Most professional engagement letters don't yet address AI usage. Update them this year. Disclose which AI categories you use, confirm your compliance approach, and clarify your continuing responsibility for the work product.

Train your team — and document it. Policies that aren't understood aren't followed. Annual or biannual training is becoming the standard expectation from insurers and regulators alike. Keep attendance and assessment records.

Quarterly audit. Survey staff about actual AI usage, including unapproved “shadow AI.” Most firms underestimate their real exposure by 3–5x. Catching the gap quarterly is more sustainable than annually.⁹

Where to Read Next

Pick the deep dive that matches your profession:

• CPAs and Tax Professionals: Day-to-Day AI Workflows
• Lawyers and Law Firms: Practical AI Workflows for Litigation and Counsel
• Financial Advisors and RIAs: AI Workflows for Client Meetings, Planning, and Compliance
• Therapists and Counselors: HIPAA-Safe AI Workflows for Notes and Treatment Planning
• Freelance Developers and Agencies: Best Practices for Client Code, NDAs, and IP

For the broader compliance framework that underlies all of these, see our compliance step-by-step guide. For the architectural foundation, see the On-Device AI pillar.