Acuity AI Advisory

AI Governance · ISO 42001 Certified

AI governance for Irish law firms. Built to the standard your clients expect.

A shadow AI audit, acceptable use policy, and EU AI Act compliance framework — designed by a certified ISO 42001 lead auditor and aligned to Law Society of Ireland guidance.

Book a 30-Minute Discovery Call
CertifiedISO 42001 Lead Auditor
AuthorLaw Society of Ireland AI Governance Toolkit — Tools 1.1 and 2.1
AlignedLaw Society Guidelines for the Use of Generative AI by Solicitors (2025)

Shadow AI is already in your practice

Staff are using ChatGPT, Copilot, and other tools without a policy, without data-handling guardrails, and without the firm's knowledge. In our shadow AI audits across Irish firms, the average practice has between four and nine AI tools in active use that the managing partner cannot name.

When something goes wrong — a hallucinated citation in a court submission, a confidential brief processed through a consumer chatbot, a regulator query about Article 4 literacy — the absence of a policy is the firm's exposure. The tool is not the defendant.

Three components. One governance framework.

Component 01

Shadow AI Audit

  • What AI tools are in active use across the firm, by whom, and for what tasks
  • Risk classification of each tool: Block, Formalise, Adopt, or Monitor
  • Delivered as a mapped inventory with prioritised actions

Component 02

AI Acceptable Use Policy

  • Tailored to the firm's practice areas and existing technology environment
  • Covers the ten policy domains required for credible legal-sector governance
  • Aligned to Law Society of Ireland guidance and EU AI Act obligations
  • Firm-specific adaptation sections included for handover and ongoing review

Policy domains covered

Permitted uses · Confidentiality · Privilege · Verification · Disclosure · Supervision · IP and copyright · Data protection · AI literacy · Governance and review

Component 03

EU AI Act Compliance Framework

  • Article 4 AI literacy obligations mapped to role-specific training requirements
  • Risk-tier assessment for the firm's current and planned AI use cases
  • Deployer obligations checklist for any high-risk system in use

The standard

What ISO 42001 means for your firm

ISO 42001 is the international standard for AI management systems. It establishes the requirements for responsible AI governance — covering risk assessment, policy design, accountability structures, and continuous review. It is the AI equivalent of ISO 27001 for information security.

A certified ISO 42001 lead auditor is qualified to design, assess, and audit AI management systems against this standard. For a law firm building an AI governance framework, this certification means the framework is designed to a verifiable international benchmark — not to a consultant's personal judgement.

When the firm is asked by a corporate client, an insurer, or a regulator how its AI governance was designed, “to ISO 42001 by a certified lead auditor” is an answer that closes the question.

Proof point

Acuity AI Advisory developed Tools 1.1 (Shadow AI Audit) and 2.1 (AI Vendor Assessment Framework) for the Law Society of Ireland's AI Governance Toolkit, published on the Law Society Tech Hub.

lawsociety.ie/solicitors/knowledge-base/tech-hub

Common questions

Does my firm need an AI acceptable use policy?

Yes. If any member of staff uses ChatGPT, Microsoft Copilot, Claude, Gemini, or any other AI tool to assist with client work, the firm needs an acceptable use policy. The Law Society of Ireland's Guidelines for the Use of Generative Artificial Intelligence by Solicitors (2025) confirm that the solicitor remains responsible for verifying AI output. In the absence of a policy, the firm has no documented basis on which that responsibility is being discharged. The policy is what converts informal, unmonitored AI use into governed AI use.

What is shadow AI in a law firm?

Shadow AI is the use of AI tools by staff without the firm's knowledge, approval, or governance framework. In Irish law firms this typically means fee earners and support staff using consumer ChatGPT, free Claude accounts, or unmanaged Copilot deployments for tasks involving client information. The exposure is twofold: the firm has no record of where client data has been processed, and the firm has no basis to demonstrate compliance with confidentiality, privilege, or data protection obligations. A shadow AI audit surfaces what is actually in use so it can be either formalised or removed.

What does ISO 42001 certification mean?

ISO 42001 is the international standard for AI management systems, published in December 2023. It establishes the requirements for responsible AI governance covering risk assessment, policy design, accountability structures, and continuous review. A certified ISO 42001 lead auditor is qualified to design, assess, and audit AI management systems against this standard. For a law firm building an AI governance framework, working with a certified lead auditor means the framework is designed to a verifiable international benchmark — not to a consultant's personal judgement.

What are solicitors' obligations under the EU AI Act?

Irish solicitors have three main obligations under the EU AI Act. First, Article 4 (AI literacy): from 2 February 2025, every member of staff using AI on behalf of the firm must have proportionate AI literacy training. Second, deployer obligations: where the firm uses high-risk AI systems (which can include AI used in administration of justice contexts), it carries documentation, oversight, and transparency obligations. Third, transparency to clients where AI is involved in producing advice or work product. These obligations apply regardless of whether the firm developed the AI tool or simply uses it off the shelf.

How does this align with Law Society guidance?

The framework is aligned directly to the Law Society of Ireland's Guidelines for the Use of Generative Artificial Intelligence by Solicitors (2025) and uses the AI Governance Toolkit published on the Law Society Tech Hub. Acuity AI Advisory developed Tools 1.1 (Shadow AI Audit) and 2.1 (AI Vendor Assessment Framework) for that toolkit. The policy and audit deliverables map to the same structure that the Law Society endorses, which means the governance framework the firm adopts is consistent with the profession's own guidance rather than running parallel to it.

Legal AI Productivity Accelerator·AI workflow packs for Irish solicitors·Governance toolkit detail
Preview of AI Governance Policy Template

Free download

AI Governance Policy Template

A structured starting point for your firm's AI governance policy — covers inventory, risk classification, acceptable use, data handling, and review schedules. Adaptable for legal sector requirements.

No spam. Unsubscribe at any time.

Ready to put AI to work in your practice — safely?

A 30-minute call is enough to identify the highest-value starting point for your firm.

Book a Discovery Call Get in touch