advanta

HomeModule LibraryGovernance

Module CLI-01 sigil: Governance pillar, Strategy layer, maturity bands 1 to 3.Deterministic sigil for Module CLI-01. The Pillar geometry encodes Governance (Pillar 4); the top-right marker S encodes the Strategy layer; the baseline meter encodes maturity bands 1 to 3.SCLI-01
P4· L-G· Bands FoundationalOperationalIntegrated

· CLI-01

Client Disclosure and Consent Guidelines

When a client matter touches AI tools, the client deserves to know — and increasingly, the bar requires they be told. The Client Disclosure and Consent Guidelines define when AI use must be disclosed, what the disclosure must contain, when affirmative consent is required versus when notice suffices, and how the firm records both. Without these Guidelines, AI use becomes either over-disclosed (alarming clients) or under-disclosed (creating professional conduct exposure). Methodology v2026.1.

strategic

·

Per-engagement

·

1–2 hours per new matter; 30 minutes per material AI change

Methodology v2026.1·Verified 23 May 2026·Reviewed 23 May 2026

Executive Summary

This Module provides legal departments with a complete, ready-to-implement framework for transparent client disclosure and consent when using AI in legal services. It operationalises ABA Formal Opinion 512 and core confidentiality, communication, and billing duties across the full disclosure lifecycle: risk assessment by scenario, template selection, informed consent, billing transparency, ongoing change notifications, and specialised sector and cross-border requirements. The Module is tightly integrated with the broader AI governance stack: GOV-02 AI Use Policy, GOV-04 Bias Testing & Monitoring, DAT-03 Data Processing Agreement, VEN-04 Security & Compliance Checklist, and STR-07 AI Task Force Charter. It introduces a five-scenario Disclosure Framework, including a dedicated path for Agentic Tier (Level 4) autonomous AI tools with enhanced governance and consent. Every executed disclosure, consent form, and change notification is treated as DPS-grade Defensibility evidence, with clear retention schedules and audit procedures. The result is a repeatable, auditable process that keeps clients informed, protects privilege and confidentiality, clarifies AI-related fees, and positions the firm to withstand regulatory, client, and court scrutiny.

Defensibility Evidence Produced

All executed client consent forms (Scenarios 3–5) constitute primary DPS Defensibility lens evidence (7-year minimum retention). Agentic Tier consent forms (Scenario 5) require 7-year retention as highest-priority defensibility records. Standard disclosure records (Scenarios 1–2) constitute Adoption lens evidence (3–5 year retention). Change notification acknowledgments and client inquiry response records retained 5–7 years. Full consent record bundle constitutes DPS Defensibility evidence for attorney professional responsibility inquiries, regulatory audits, and client disputes.

Elements:

Methodology transparencyGovernance posture

Client Disclosure and Consent Guidelines for AI Use

Module Guide

Purpose

These Client Disclosure and Consent Guidelines give legal departments a structured, defensible way to communicate with clients about AI use. The Module covers the full disclosure lifecycle: scenario-based risk assessment, template selection, informed consent, billing transparency, change notifications, and specialised sector and cross-border situations. Every executed consent form and disclosure letter is treated as a DPS Defensibility evidence record.

When to Use It

  • Blueprint Stage: Pillar 4 — Governance, Risk & Defensible AI (ethical compliance)
  • Frequency: Every client engagement; whenever AI usage changes, expands, or a new tool is deployed
  • Audience: General Counsel, Legal Operations Lead, Practicing Attorneys, Client Relations
  • Context: Client engagement, consent procedures, billing transparency, risk management

Ecosystem Dependencies

| Dependency | Relationship |

|—|—|

| GOV-02 AI Use Policy | Must be adopted before disclosure procedures can be finalised — defines internal AI governance basis for client communications |

| GOV-04 Bias Testing & Monitoring Checklist | Results inform high-risk disclosure language, particularly for Class 3 (Bias) concerns |

| DAT-03 Data Processing Agreement | Executed DPA is a gate for any high-risk AI engagement where client data is processed |

| VEN-04 Security & Compliance Checklist | Vendor compliance score informs what can be asserted in client security disclosures |

| STR-07 AI Task Force Charter | AI Task Force reviews complex or ambiguous disclosure situations and serves as escalation authority |

How to Use It

  1. Risk Assessment: Evaluate AI tools using the Disclosure Scenario Framework (Section 2) to determine the required disclosure level.
  2. Template Selection: Select the appropriate template from Section 3 based on scenario.
  3. Metric 0 check: Confirm AI BoM entry exists for all tools being disclosed before proceeding.
  4. Client Communication: Present clear, specific information about AI use and benefits.
  5. Consent Documentation: Obtain and document client consent per Section 4 procedures.
  6. Ongoing Disclosure: Update clients about changes in AI usage, new tools, or Agentic Tier upgrades.
  7. DPS Record Retention: File all executed disclosure and consent records per Section 4 retention schedule.

Best Practices

  • Use clear, understandable language — avoid technical jargon and unnecessary legal terms.
  • Provide specific information about AI tools and applications (supported by AI BoM entries).
  • Allow adequate time for client questions and decision-making.
  • Document all disclosures, client responses, and consent decisions.
  • Never assert AI capabilities that have not been verified through VEN-04 assessment.
  • Do not use statistics or performance claims unless drawn from DPS-grade evidence.
  • Treat every executed consent form as a DPS Defensibility evidence record.

Metric 0 Pre-Check

Before initiating any client disclosure process, confirm all gates are met:

| # | Gate | Required |

|—|—|—|

| M0.1 | GOV-02 AI Use Policy adopted — provides governance basis for all client AI disclosures | Mandatory |

| M0.2 | AI BoM entry exists for each AI tool to be disclosed to the client | Mandatory |

| M0.3 | VEN-04 compliance assessment completed for any vendor tool referenced in disclosure | Mandatory for high-risk scenarios |

| M0.4 | DAT-03 DPA executed where client data will be processed by AI tool | Mandatory for Scenarios 2–4 and Agentic Tier |

| M0.5 | GOV-04 bias testing completed for any AI tool used in client-facing matter work | Required for Scenarios 3–4 and Agentic Tier |

Gate rule: All mandatory gates must be satisfied before distributing any client disclosure. For Agentic Tier (Level 4) AI tools, all five gates are mandatory.

Section 1: Legal and Ethical Framework

ABA Formal Opinion 512 — Core Requirements

ABA Formal Opinion 512 (2023) establishes that attorneys using generative AI tools in client matters must:

  1. Competence (Rule 1.1): Understand the capabilities and limitations of AI tools used; maintain current knowledge of AI developments relevant to practice.
  2. Communication (Rule 1.4): Inform clients about material AI use, particularly where AI output directly influences legal advice or work product.
  3. Confidentiality (Rule 1.6): Ensure client information is not used to train AI models without informed consent; verify data protection protocols with all vendors.
  4. Supervisory Obligations (Rule 5.3): Supervise AI tools and the work of non-lawyers using AI; attorneys remain responsible for all AI-assisted work product.
  5. Fees (Rule 1.5): Disclose when AI use materially affects billing; distinguish between efficiency gains that benefit the client and additional AI costs passed on.

Risk Taxonomy 2026 Cross-Walk

This Module addresses client disclosure obligations arising from five primary risk classes:

| Risk Class | Disclosure Obligation |

|—|—|

| Class 2: Privilege and Confidentiality | Disclosure of data handling practices, confidentiality controls, and whether client information may be used to train AI models; Model Rule 1.6 compliance |

| Class 3: Bias and Fairness | Disclosure that AI tools have known limitations and biases; attorney review gate assurance; GOV-04 bias testing completion |

| Class 4: Privacy and Data Protection | GDPR, HIPAA, FINRA, CCPA compliance disclosures; sub-processor transparency; data residency communication |

| Class 7: Regulatory Compliance Drift | Disclosure when AI tools are used in regulated practice areas (healthcare, financial services, IP); ABA Model Rules compliance assurance |

| Class 8: IP and Licensing | Disclosure of copyright, training data, and output ownership issues when AI tools generate work product |

Communication Duty — Model Rule 1.4

Model Rule 1.4 requires attorneys to keep clients reasonably informed and to explain matters sufficiently for clients to make informed decisions. In the AI context, this requires:

  • Disclosure when AI tools are used in a matter in a way that is material to the representation.
  • Explanation of the type of AI used (document review, drafting, research, autonomous task completion).
  • Explanation of how attorney oversight is maintained.
  • Notification of any material changes in AI tool use during the engagement.

Confidentiality Obligations — Model Rule 1.6

Model Rule 1.6 protects client confidential information. AI-specific confidentiality obligations include:

  • Verifying that AI vendor agreements prohibit use of client data for model training (VEN-04 gate).
  • Disclosing any data residency limitations or cross-border data transfer requirements (DAT-03).
  • Obtaining explicit consent where client data will be processed by third-party AI vendors.
  • Documenting confidentiality protocols in client-facing disclosures.

Billing Transparency Requirements

Attorneys must disclose when AI use affects fees. Required disclosures include:

  • Whether AI tool costs are billed to the client or absorbed by the firm.
  • How efficiency gains affect time-based billing (benefit passed to client or absorbed by firm).
  • Any AI usage fees charged separately.
  • Changes in billing methodology resulting from AI implementation.

Operational Signals

cli-01.disclosure-coverage

Defensibility Posture Statement

Proportion of active matters with current disclosure record — DE-4 Governance posture record.

Quarterly

cli-01.consent-attestation-rate

Annual Legal AI OS Index

Client consent attestations captured per quarter feeds the Annual Legal AI OS Index disclosure-discipline signal.

Quarterly

cli-01.disclosure-template-currency

Console

Days since last template review against bar guidance update for Console intelligence substrate.

On change

Recommended Stakeholders

Owner

  • General Counsel

Approvers

  • General Counsel
  • Risk & Compliance

Contributors

  • Head of Legal Operations
  • Client Relationship Partners

Informed

  • Board
  • Audit Committee

Inputs · Outputs

Inputs

  • · GOV-02 AI Use Policy
  • · GOV-04 Bias Testing & Monitoring Checklist results
  • · DAT-03 Data Processing Agreement
  • · VEN-04 Security & Compliance Checklist
  • · STR-07 AI Task Force Charter
  • · AI Bill of Materials (AI BoM) entries for all tools
  • · Firm engagement letter and fee agreement templates
  • · Matter-specific risk profile and sector context

Outputs

  • · Scenario-classified AI use profile for each matter
  • · Standard and enhanced AI disclosure clauses embedded in engagement letters
  • · Signed AI-informed consent forms (standard and Agentic Tier)
  • · Billing transparency disclosures for AI-related fees
  • · Change notification records for AI tool updates
  • · AI disclosure and consent filing in matter AI Governance Records
  • · Compliance monitoring and audit trail for AI-related client communications

Framework Crosswalk

ABA Formal Opinion 512

American Bar Association

Operationalises disclosure, competence, confidentiality, supervision, and fee transparency duties for AI use in legal practice.

ABA Model Rules of Professional Conduct (1.1, 1.4, 1.5, 1.6, 5.3)

American Bar Association

Maps AI-related client communication, confidentiality, competence, supervision, and billing disclosures to specific rules.

NIST AI Risk Management Framework

NIST

Supports Govern and Manage functions by embedding AI risk disclosures and consent into client-facing processes.

EU AI Act (governance and transparency provisions)

European Union

Aligns client disclosures with transparency, data governance, and high-risk AI obligations for EU-related matters.

ISO/IEC 42001 AI Management System

ISO/IEC

Provides evidence of AI governance controls for client communication and consent within an AI management system.

Operational Artefacts

  • AI Client Disclosure Checklist

    checklist · v2026.1

    Gated
  • AI Engagement Letter Clauses (Scenarios 1–4)

    docx · v2026.1

    Gated
  • AI Informed Consent Forms (Standard and Agentic Tier)

    pdf · v2026.1

    Gated
  • Consent Form Tracker Template

    xlsx · v2026.1

    Gated

Diagnostic Relevance

Running the Client Disclosure Guidelines strengthens the Defensibility lens — expected Band progression: Foundational → Operational.

Confidence: high

Key Takeaways

  • Classify AI use into five disclosure scenarios, from no client data to Agentic Tier autonomous tools.

  • Use Metric 0 gates to confirm governance, vendor, and data protection prerequisites before any disclosure.

  • Embed standard and enhanced AI clauses into engagement letters based on scenario and risk.

  • Obtain and retain signed informed consent for high-risk and Agentic Tier AI use as DPS evidence.

  • Disclose clearly how AI affects billing, including efficiency gains and any pass-through AI fees.

  • Issue change notifications whenever AI tools, risk profile, or Agentic Tier status materially change.

  • Apply specialised disclosure language for healthcare, financial services, IP, and cross-border matters.

Run this Module

Operational artefacts available to Practitioner Membership members. Methodology v2026.1.

View Membership

Targeting

Audience

GC / CLOLegal Operations

Strengthens

Defensibility lensAdoption lens

Module Details

Format
Module
Difficulty
Foundational
Pillar
P4
Owner
General Counsel
Access
Practitioner Membership
Certification
Practitioner

Maturity Bands

FoundationalOperationalIntegrated

Where this Module lives

The Client Disclosure Guidelines operationalise ABA Rule 1.4 (Communication) and emerging state bar AI disclosure standards. They consume the AI Use Policy (GOV-02) scope and feed the Incident Disclosure Standard (GOV-11) when an AI incident requires client notification. The Module produces DE-2 (Methodology transparency) and DE-4 (Governance posture) records into the DPS. Without it, disclosure decisions happen per-matter without canonical guidance.

Advisory

When this Module sits inside a Programme.

Modules are operated in-house by GC and Legal Operations teams. When the capability transformation is multi-Pillar — or when the regulator timeline tightens — Advanta operates the canonical Module sequence as a Programme.