How to Use AI With Client Data in 2026: A Step-by-Step Compliance Guide for Professionals

In January 2026, three things changed how every professional should think about AI. The major E&O insurance carriers added absolute AI exclusions to their standard policies. The Colorado AI Act came into effect alongside expanded California amendments. FINRA's 2026 Annual Regulatory Oversight Report formally added “agent-based AI risks” to its enforcement focus for the first time. Then in February, OpenAI patched a ChatGPT vulnerability that allowed attackers to exfiltrate user data through specially crafted images. In May, AI evaluation startup Braintrust disclosed a breach and told every customer to rotate sensitive keys.

If you use AI tools with client data, this is your problem. The good news is that the path forward is clear and the steps are well-defined. Here is the complete 2026 guide to using AI with confidential client information without violating compliance obligations, losing professional privilege, or discovering — too late — that your insurance policy excludes the very claim that was just filed against you.

The Three Risks You Are Actually Running

When professionals use mainstream AI tools with client data, three things go wrong at once. Most firms are aware of one or two. Almost none have addressed all three.

1. Compliance risk. Regulatory bodies including FINRA, the SEC, AICPA, state bar associations, and state legislatures (Colorado, California, Illinois, Texas, and others) now have specific obligations around AI use with client data — many of which became operational in early 2026.

2. Privilege risk. Following the February 2026 ruling in United States v. Heppner (S.D.N.Y.), conversations with public AI platforms are not protected by attorney-client privilege or work product doctrine. The court held that public AI platforms have no confidentiality obligation, so submitting privileged material to them constitutes voluntary disclosure to a third party — waiving the privilege.¹

3. Insurance risk. Effective January 1, 2026, the standard Insurance Services Office (ISO) Form CG 40 47 01 26 introduced an absolute AI exclusion for general liability policies — excluding bodily injury, property damage, and personal injury arising from generative AI. W.R. Berkley's Form PC 51380 went further, introducing absolute AI exclusions across D&O, E&O, and Fiduciary Liability lines.² If you have not specifically negotiated an AI endorsement, your professional liability insurance may no longer cover the very category of claim you are most likely to face.

Step 1: Inventory Your Firm's Actual AI Usage

Before you can govern AI use, you have to know what is happening. Most firms radically underestimate their exposure because employees use AI tools without formal authorization — a phenomenon now widely called “shadow AI.”

The scale of shadow AI in professional services is significant. Pew Research found that 79% of lawyers use AI in practice, but only 10% of firms have policies guiding that use. A 2025 survey showed that 60% of employees use free AI platforms rather than corporate-approved tools, and 46% of US workers admit uploading sensitive company information to public AI platforms.³

How to inventory:

1. Send a confidential, anonymous survey to all staff asking: which AI tools do you use weekly, what types of work do you use them for, and have you ever input client information?
2. Review browser history reports if your firm uses a managed device program (focus on chat.openai.com, gemini.google.com, claude.ai, perplexity.ai).
3. Check expense reports for AI tool subscriptions — many employees are paying for personal accounts to use at work.
4. Inspect any browser extensions installed firm-wide — in February 2025, Spin.AI documented a malicious browser extension campaign that compromised approximately 3.7 million ChatGPT sessions.⁴

Document what you find. You cannot create defensible governance without an honest baseline.

Step 2: Map Your Regulatory Obligations

Your obligations depend on your profession, your jurisdiction, and the type of client data you handle. The major sources for 2026 are:

For Financial Advisors and Broker-Dealers

FINRA 2026 Annual Regulatory Oversight Report (December 2025) — Expanded its generative AI section significantly. For the first time, the report explicitly flagged “agent-based AI risks” as an emerging enforcement focus. FINRA emphasized that existing rules (including Rule 2210, Rule 3110 supervision, and Books and Records requirements) apply unchanged to AI-generated content and AI-assisted communications.⁵

SEC's amended Regulation S-P (Phase 1 effective December 3, 2025; Phase 2 effective June 3, 2026) — Requires investment firms to ensure vendor contracts include confidentiality provisions sufficient to protect information uploaded to AI tools from model training or unrelated processing. Consumer AI tools without such contracts may not meet this requirement.⁶

For Attorneys

ABA Formal Opinion 512 (July 2024) — Requires lawyers to obtain informed client consent before inputting confidential client information into generative AI tools with self-learning capabilities. Multiple state bars (including Arkansas, California, and New York) have adopted parallel rules. Failure to verify that AI tools do not retain or reuse confidential data may constitute professional misconduct.⁷

The American Bar Association published an updated Checklist for Responsible AI Use in Law Firms in early 2026, organized around four pillars: assessment, training, supervision, and disclosure.⁸

For CPAs and Tax Professionals

AICPA Statement on Standards for Tax Services (SSTS) — Defines “tool” to include AI systems. Tax professionals retain all professional obligations whether or not they use AI. Confidentiality obligations under SSTS and IRS Circular 230 apply to any AI tool processing client data.

IRC §7216 — Makes it a federal crime to knowingly or recklessly disclose information furnished in connection with a tax return. Penalties include up to $1,000 per violation and up to one year imprisonment. Inputting client tax information into consumer ChatGPT constitutes a disclosure to a third party (OpenAI) and may violate this provision.⁹

For Healthcare Professionals

HIPAA Security Rule (proposed revision, January 2025) — The Department of Health and Human Services Office for Civil Rights proposed the first major HIPAA Security Rule update in 20 years, citing the rise of AI tools and ransomware. The proposal removes the distinction between “required” and “addressable” safeguards and introduces stricter expectations for risk management, encryption, and resilience around AI tools that touch PHI.¹⁰

State Laws

Colorado Artificial Intelligence Act (one of the first comprehensive state AI laws, with key provisions effective in 2026), theCalifornia CCPA AI amendments, and Illinois HB 3773 (effective January 1, 2026, requiring notification when AI assists in employment decisions) all introduce new transparency and accountability requirements. Twelve states now have AI healthcare-specific legislation.¹¹

Step 3: Read Your Insurance Policy — Today

This is the step most firms skip. It is also the most urgent.

Beginning January 1, 2026, multiple major insurance carriers introduced AI exclusions in their standard professional liability policies. Two are particularly important:

• ISO Form CG 40 47 01 26 — An “Exclusion of Generative Artificial Intelligence” endorsement excluding bodily injury, property damage, and personal injury arising from generative AI, applicable to general liability policies.
• W.R. Berkley Form PC 51380 — An absolute AI exclusion spanning D&O, E&O, and Fiduciary Liability lines.

Many carriers are now requiring affirmative AI endorsements (riders that specifically add AI coverage back into the policy) — and the underwriting for these endorsements typically requires documented AI governance: training registers, audit logs, and decision-level oversight procedures.²

On April 2, 2026, Gartner issued formal guidance to general counsel recommending that organizations assess AI insurance offerings to mitigate AI risks. Munich Re and its subsidiary HSB launched a dedicated AI liability product for small businesses in March 2026.¹²

What to do right now:

1. Pull your current E&O and general liability policies.
2. Search the policy documents for “artificial intelligence,” “machine learning,” or “generative” — be thorough; some exclusions are buried in defined terms.
3. If you find an exclusion, contact your broker the same day and ask: (a) when did this take effect, (b) what AI endorsement options are available, (c) what governance evidence is required for the endorsement.
4. If your policy renews in 2026, expect this to be a contested negotiation point. Plan for it.

Step 4: Build Your Tool Tier System

Once you understand your obligations, the question becomes which AI tools you can use for which tasks. The framework that works for most professional services firms is a three-tier system based on what happens to your data.

Tier 1: Public Consumer AI

ChatGPT (free), Gemini (consumer), Claude.ai, Perplexity, and similar.

What happens to your data: Transmitted to the provider, processed on their servers, potentially used for training, retained according to the provider's policy, and subject to subpoena. In May 2025, a federal magistrate judge ordered OpenAI to preserve all output log data — meaning every chat and uploaded file since June 2025 is under preservation order.¹⁴

Approved use: Research and drafting that contains zero client- specific information. General learning. Template-style content with no client identifiers.

Prohibited use: Anything involving a client's name, account details, financial information, medical information, legal strategy, tax return data, or any other information that could identify the client or constitute a disclosure under your professional standards.

Tier 2: Enterprise AI With Data Protection Contracts

ChatGPT Enterprise, ChatGPT Team, Claude for Enterprise, Microsoft Copilot for Microsoft 365, and similar enterprise tiers.

What happens to your data: Still transmitted to the provider, but with contractual protections against training, retention, and unauthorized use. Typically includes a Data Processing Agreement (DPA) or, for healthcare, a Business Associate Agreement (BAA).

Approved use: Client data is permitted IF you have verified the following: (a) a signed contract with zero-retention and no-training clauses, (b) the contract addresses your specific regulatory obligations (IRC §7216, HIPAA, Reg S-P, state laws), (c) your engagement letters disclose AI use, and (d) you have logged usage for the audit trail your insurance endorsement requires.

Verification required: “We do not train on your data” is different from “We do not retain your data.” Both protections are needed. The contract should explicitly address both.

Tier 3: On-Device AI

Applications that run the AI model entirely on your local hardware. The model file lives on your computer; inference happens on your CPU or GPU; data never leaves the device.

What happens to your data: Nothing leaves your device. There is no transmission, no retention by a third party, and no possibility of subpoena-able vendor records.

Approved use: Any client work, without exception. Because there is no third-party disclosure, the entire category of risk addressed in Tiers 1 and 2 disappears. On-device AI converts the compliance question from “does my vendor agreement satisfy these requirements?” to “is there a vendor at all?” — and when the answer is no, you have the cleanest defensible position available under every applicable standard.

On-device AI was technically marginal in 2023. By 2026 it is the fastest-growing segment of professional AI. Gartner now forecasts that more than 50% of enterprise AI inference runs on-premise or on-device, up from less than 10% in 2023.¹⁵

Step 5: Update Your Engagement Letters

Your engagement letters should disclose AI use and clarify the scope of your professional responsibility. The exact language depends on your profession, but the core elements are consistent.

Sample disclosure language (adapt for your jurisdiction and engagement type):

“In providing services under this engagement, [Firm] may use artificial intelligence (AI) tools to assist with research, drafting, analysis, or related tasks. [Firm] uses AI tools that are subject to written data protection agreements that prohibit the AI vendor from using your information for model training and that require deletion of inputs after processing, OR [Firm] uses AI tools that operate entirely on [Firm]'s local hardware so that your information is not transmitted to any third party. [Firm] reviews all AI-generated content before providing it to you and remains fully responsible for the work product delivered.”

For tax engagements, add: “[Firm] will not disclose tax return information to any AI service provider in a manner inconsistent with IRC §7216.”

For attorneys, ABA Opinion 512 requires affirmative informed consent for AI tools with self-learning capabilities. The disclosure should be sufficiently specific that the client can make an informed decision.⁷

Step 6: Write a Firm AI Usage Policy

Your AI policy does not need to be long. It needs to be clear and enforceable. At minimum, it should specify:

1. Approved tools by tier — list the specific tools approved for Tier 1, Tier 2, and Tier 3 use. Forbid all others without written approval.
2. Data classification — define what counts as confidential client data (it should include anything that identifies a client or reveals matters relating to the representation).
3. Allowed and prohibited uses by tier — make the rules concrete (e.g., “Tier 1 tools may not be used to summarize, analyze, or draft anything involving a client's name, account, or matter.”).
4. Verification and review — all AI-generated content must be reviewed by a qualified professional before it is used in client work or delivered to a client.
5. Audit trail — record what tools were used for what tasks. Your insurance endorsement will likely require this; your regulator may too.
6. Incident response — define what to do if confidential information is accidentally submitted to a non-approved tool (notification, mitigation, documentation).
7. Quarterly review — the AI landscape moves fast. The policy should be reviewed and updated at least quarterly.

Step 7: Train Your Team

Policies that are not understood are not followed. Annual or biannual training is the minimum standard most insurers will expect for an AI endorsement.

Effective training covers: the three risks (compliance, privilege, insurance), the tier system and what tools fall in each tier, what data triggers tier restrictions, how to use the approved Tier 2 and Tier 3 tools for everyday work, what to do if a mistake happens, and how to log usage for the audit trail.

Training documentation matters. Maintain attendance records and assessment results. If a regulatory action or insurance claim arises, “everyone knew” is not sufficient; “everyone completed the training on this date with this score” is.

Step 8: Audit Quarterly

Repeat Step 1 every quarter. Survey staff. Review usage logs. Check for new AI tools that have appeared in browser histories or expense reports. Update the policy based on what you find.

A 2026 Deloitte survey found that only 21% of organizations report mature governance for AI agents — a gap that is widening, not narrowing, as autonomous AI tools proliferate.¹⁶ Professional services firms that close that gap now will have a defensible position when the next round of regulatory scrutiny or insurance underwriting arrives.

The Shortcut: When On-Device AI Solves the Whole Problem

Steps 1 through 8 are the comprehensive answer. The shortcut is recognizing that on-device AI — Tier 3 in the framework above — converts most of the problem into a non-problem.

When AI runs entirely on your Mac or workstation, there is no third party receiving client data. That eliminates the IRC §7216 disclosure question. It eliminates the Reg S-P vendor contract question. It eliminates the ABA Opinion 512 informed-consent question (the standard turns on disclosure to AI tools with self-learning training capabilities; on-device models do not train on your inputs). It eliminates the Heppner privilege question, because the same privilege analysis that applies to a word processor applies to local AI. And on the insurance side, it converts your AI usage profile from “cloud AI with potential third-party exposure” to “in-house software with no external transmission” — a materially different underwriting picture.

This is not a claim that on-device AI is appropriate for every workflow. Large document review at scale, cross-firm collaboration features, and certain specialized research tasks may still require Tier 2 enterprise tools with the right contracts in place. But for the vast majority of day-to-day professional work — explaining a clause to a client, summarizing a financial statement, drafting a routine letter, analyzing a confusing IRS notice — on-device AI provides a level of compliance certainty that no contractual guarantee can match.

The 2026 regulatory and insurance landscape did not create new obligations for professionals. It clarified that existing obligations apply just as fully to AI tools as they have always applied to any other technology that touches client data. The firms that build sound AI governance now — grounded in the actual architecture of the tools they use, not just the marketing — will be positioned to use AI competitively while their less prepared peers face client losses, regulatory exposure, and uninsured liability claims.

Step 1 is to find out what is actually happening in your firm. Start there.