Acuity AI Advisory

Legal Sector

AI Compliance Audit for Solicitors

Most Irish law firms are using AI without a full picture of what is deployed, what obligations apply, and where the professional conduct exposure lies. This audit produces that picture.

Request the audit

TL;DR

An AI compliance audit for solicitors identifies every AI tool in use across the practice, maps each against the Law Society's AI guidance, assesses EU AI Act risk tiers, and produces a gap analysis with prioritised actions. This is the starting point for any law firm taking AI governance seriously.

What an AI compliance audit means for a law firm

Law firms are unusual in the AI compliance picture: they are simultaneously deployers of AI (subject to EU AI Act obligations), regulated professionals (subject to Law Society and LSRA oversight), and custodians of privileged client information (subject to strict confidentiality duties). An AI compliance audit must address all three dimensions — not just the regulatory layer.

In practice, this means the audit begins with a full inventory of AI tools in use across the firm — including tools that individual fee earners have adopted on their own initiative without formal approval. Shadow AI is the norm in Irish law firms, not the exception. Document drafting assistants, legal research tools, contract review platforms, and AI-powered email management are in daily use at many firms without governance, without vendor assessment, and without any analysis of where client data goes.

The audit maps each tool against three frameworks simultaneously: the EU AI Act risk tier classification, the Law Society's December 2025 AI guidance, and the firm's own professional conduct obligations under the Solicitors Acts. The output is a written gap analysis with prioritised remediation actions — not a general report, but a specific action list for this firm, with this tool set, in this regulatory context.

What the audit produces

  • AI Systems Register — every tool in use, including unapproved shadow AI
  • EU AI Act risk classification for each system
  • Law Society guidance gap analysis — what the firm is and is not meeting
  • Professional conduct exposure assessment
  • Client confidentiality risk assessment for AI-processed data
  • Prioritised remediation action list with accountability assignments

EU AI Act obligations for Irish solicitors

The EU AI Act classifies AI systems used in the administration of justice and in legal proceedings as high-risk. This includes AI tools used to assist in preparing court documents, analysing case law, assessing litigation risk, or making recommendations that influence legal strategy. High-risk classification means additional obligations: conformity assessments, human oversight requirements, logging and auditability, and transparency obligations to clients and counterparties.

The Legal Services Regulatory Authority (LSRA) is the designated sectoral regulator for law firms under the EU AI Act in Ireland. The August 2026 enforcement deadline is a hard date — not a planning target. Firms that have not assessed their AI use against the Act's requirements before that date are exposed.

Even AI tools that fall below the high-risk threshold carry limited-risk obligations under the Act — including transparency requirements when AI interacts with clients or produces content presented to third parties. The compliance audit maps all tools, not just those with the highest risk classification.

Why Acuity AI Advisory

Acuity AI Advisory is vendor-neutral and fixed-fee. The audit output is not shaped by any commercial interest in subsequent technology sales. Ger Perdisatt, who leads all engagements, is a former COO of Microsoft Western Europe — with direct experience of how AI systems are actually deployed in large organisations, not how vendors describe them in sales decks.

Acuity AI is a contributor to the Law Society of Ireland's AI governance toolkit and has direct familiarity with the profession's regulatory framework. The audit is grounded in sector knowledge, not generic AI governance templates applied without adaptation.

Acuity AI Advisory also holds a non-executive directorship at DAA and Tailte Éireann, bringing board-level governance perspective to every engagement. The audit fee is fixed and confirmed within 48 hours of a scoping call. No retainer, no open-ended proposal, no variation.

Questions

Common questions

What does an AI compliance audit for a law firm involve?

An AI compliance audit for a law firm begins with a structured inventory of every AI tool in use across the practice — including tools that individual solicitors have adopted without formal approval. Each tool is then mapped against the EU AI Act risk framework and the Law Society's AI guidance. The output is a written gap analysis identifying where obligations are unmet, which tools present the highest risk, and what remediation actions are required. The audit covers regulatory exposure, professional conduct obligations, and client confidentiality risks.

What is shadow AI and why does it matter for solicitors?

Shadow AI refers to AI tools adopted and used by individual fee earners without formal firm approval or governance oversight. In Irish law firms, shadow AI is common: ChatGPT for drafting, AI-assisted legal research tools, contract review platforms accessed on personal accounts. The problem is not that solicitors are using AI — it is that client-privileged material may be entering systems the firm has not assessed, approved, or governed. Shadow AI creates professional conduct exposure, confidentiality risk, and EU AI Act deployer liability simultaneously.

How does an AI compliance audit relate to Law Society requirements?

The Law Society of Ireland's December 2025 AI guidance establishes expectations for how solicitors govern AI in practice. The guidance does not create new rules, but it clarifies how existing professional obligations — competence, confidentiality, supervision — apply when AI tools are used. An AI compliance audit maps the firm's current AI use against this guidance, identifies gaps in policy, supervision, and verification procedures, and produces a prioritised action list. The audit output serves as evidence of due diligence if a complaint or investigation arises.

Related

EU AI Act ComplianceAI Governance for Law Firms

Request an AI Compliance Audit for Your Practice

Fixed-fee. Written findings. Vendor-neutral.

Get in touch