GenAI Compliance Obligations For The Legal Sector In Singapore: Balancing Innovation And Risk

Introduction: The Reshaping of the Legal Sector

Generative AI (GenAI) is reshaping the legal sector worldwide. As the recently released State of Legal Innovation in Asia-Pacific (SOLIA) report notes, "nearly 90% of APAC legal professional respondents use AI in their work." Tasks like legal research, contract drafting, reviewing documents and case files, and even client communication are now supported by GenAItools that promise enhanced efficiency. But these benefits come with risks. Recognizing both the opportunities and challenges of GenAI, Singapore's Ministry of Law and the Singapore Academy of Law issued a draft Guide for Using Generative AI in the Legal Sector (Guide). The aim is to set out practical, ethical safeguards for lawyers, in-house counsel, and other legal professionals while using GenAI. The public consultation on the draft Guide closed on 30 September, and Lexplosion contributed feedback as part of the process. Pending the release of the final guidelines, this post outlines Lexplosion's reading of the draft Guide's key GenAI compliance obligations for the legal sector in Singapore.

Use of AI in Legal Practice

AI tools have been in use in the legal profession over the years to speed up e-discovery, automate billing and document review, and support case research. What is different about GenAI is that it can generate content based on prompts and data inputs, whether to create drafts of legal documents, summaries of case law, or redlines to a contract.

As the Guide notes, GenAI can augment almost every stage of the legal workflow, particularly where it impacts legal advice, client deliverables, or court filings. The following are some common use cases noted:

1. Managing practice workflows like billing and managing case files.
2. Conducting quick and comprehensive legal research.
3. Streamlining document review.
4. Analysing and drafting contracts.
5. Preparing correspondence or advice for clients.

GenAI has great potential for the legal sector, but its use must be balanced with core responsibilities like upholding ethics and protecting client confidentiality and trust. Hence, if the legal sector doesn't build in strong compliance measures, the risk of errors, data breaches, and ethical lapses increases significantly.

KeyRisks of Using AI in Legal Practice

GenAI has the potential to transform the legal profession, yet as the Guide highlights, its adoption isn't without significant risks that must be managed carefully.

1. Hallucinations

GenAI can generate content that is persuasive but may be inaccurate or fabricated, a phenomenon known as "hallucination." Such risks are particularly concerning when conducting legal research, drafting documents, or preparing case analysis.

2. Bias in AI Outputs

GenAI systems may carry inherent biases from their training data. These biases can affect the quality or fairness of legal analysis if left unchecked.

3. Confidentiality Risks

Client confidentiality is a cornerstone of legal practice, but the use of GenAI heightens the risk of data exposure, especially with sensitive client information. This risk increases with free-to-use AI systems, where data may not be adequately protected.

4. Outdated References

GenAI tools may cite outdated case law, superseded legislation, or misapply rules to the wrong jurisdiction.

5. Over-Reliance on GenAI

The Guide emphasizes that lawyers remain fully responsible for all work product, including documents filed in court, even when using GenAI. An over-reliance on GenAI risks undermining professional competence and diligence.

6. Transparency and Client Trust

The use of AI may also raise client concerns. If not disclosed properly, clients may feel that their representation is being shaped by Gen AI.

GenAI Compliance Obligations for Legal Professionals

The Guide identifies three pillars that form the foundation for the adoption of GenAI in the work of a legal professional and the safeguards that legal professionals must implement.

1. Professional Ethics

Technology does not change the fact that lawyers are bound by the Legal Profession Act 1966 and the Professional Conduct Rules (PCR). Even if GenAI generates a work product, it is the lawyer who signs off that remains accountable.

Compliance obligations to mitigate these risks include:

• GenAI outputs must be reviewed and verified by the responsible lawyer.
• Lawyers must apply heightened scrutiny to GenAI outputs outside their core expertise areas.
• Supervising lawyers should remain fully accountable for GenAI outputs prepared by non-lawyers or junior staff.
• Document the output generation process where GenAI is used in submissions or affidavits to courts to ensure that disclosure and verification can be provided if required by the court.

2. Confidentiality

Confidentiality is a cornerstone of the lawyer-client relationship as per Rule 6 of the PCR. Since many GenAI tools process data on external servers, sometimes even overseas, lawyers must be selective and careful while using GenAI.

Compliance obligations to mitigate these risks include:

• Avoid free-to-use tools for sensitive data, as these often store the data and may use it to train their AI models.
• Choosing enterprise-grade solutions that offer clear contractual commitments against data storage or model training using client inputs.
• Having anonymisation and minimisation protocols to ensure only necessary data is entered into AI systems.
• Reviewing vendor contracts carefully to ensure commitments on encryption, deletion, and prohibition of data reuse.
• Maintaining access controls and audit logs to track how AI tools are used with client materials.
• Conducting internal risk assessments before onboarding GenAI tools, including consideration of cross-border transfers and cybersecurity safeguards.
• Ensuring approval processes are in place before client data is entered into GenAI tools.

3. Transparency

Clients have a right to know if GenAI is being used in their matters, particularly when it may affect costs, quality, or data handling practices. Lawyers under Rule 5 of the PCR have a duty of honesty towardsclients, and that extends to disclosures on the use of GenAI.

Compliance obligations to mitigate these risks include:

• Informing clients when GenAI is being used in their matters and its impact on representation, fees, or confidentiality. This can be done through engagement letters, the firm's website, or direct communication.
• Responding to client concerns on the use of GenAI, including providing the option to opt out.
• Firms can also assess whether GenAI adoption aligns with client expectations of privacy.

Courts across jurisdictions, including in the UK, US, and recently in Singapore, are already seeing the risks of unchecked GenAI usage, and lawyers have been warned or sanctioned for submitting AI-generated briefs with hallucinated case citations. With robust internal compliance frameworks that include the obligations set out in the draft Guide, the legal sector in Singapore can get a head start in adopting Gen AI responsibly.

A Framework for Responsible Adoption of GenAI

The Guide also provides a detailed five-step framework, complete with examples and checklists, to help firms with the adoption of GenAI. Below is a summary of the core steps:

1. Develop a structured AI adoption plan with governance and client disclosure protocols.
2. Assess where GenAI delivers the most value and prioritise accordingly.
3. Assess AI solutions carefully and evaluate vendors with a focus on data security and regulatory compliance.
4. Educate staff on the adoption of GenAI, starting with pilot projects, feedback, and structured onboarding and training programs.
5. Monitor and update policies and adapt to evolving regulatory standards.

These steps offer a practical roadmap for GenAI adoption. The Guide goes into more detail, but the framework makes it clear that governance and continuous oversight are key for responsible GenAI adoption.

Conclusion: Compliance as a Foundation for Responsible Adoption

Overlooking GenAI compliance obligations is not just a regulatory risk inviting sanctions by regulators or courts; it also undermines client trust. A data breach involving sensitive client information or a GenAI-generated error that leads to flawed legal advice could cause lasting damage to a firm's reputation, far outweighing any cost or efficiency gains. Compliance with the Guide is therefore not a barrier to innovation but the enabler that allows the legal sector to adopt GenAI safely and ethically.

These compliance obligations are derived from the draft, and we are sure the final Guide will reflect the feedback from the consultation and provide a solid baseline for safe GenAI adoption in the legal sector. However, the legal sector will still need to work through a few practical hurdles. Some of the key challenges are the tendency to rely too heavily on GenAI, the casual use of free tools, navigating different data protection laws across jurisdictions, and reassuring clients about how their information is kept confidential. The legal sector also needs to see GenAI adoption as a governance matter, not just a technology rollout. By addressing these issues in the adoption stage, legal professionals can not only avoid compliance pitfalls but also build an edge over competitors.

Technology-enabled compliance management solution: Komrisk

Keeping up with compliance can be complex and time-consuming, especially with technology and regulations constantly changing. Our regulatory compliance management software, Komrisk, is a solution designed to help you streamline the process. Komrisk is more than just a tool; it is a comprehensive compliance management technology in Singapore that can support your team in monitoring and managing regulatory compliance tasks, internal compliance processes and generating reports to reduce governance risks. As a technology solution, it can complement human review and professional accountability.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.