ARTICLE
2 June 2026

Federal Courts Issue Diverging Rulings On The Use Of Generative AI In The Context Of Privilege, Work Product And Protective Orders

AG
Akin Gump Strauss Hauer & Feld LLP

Contributor

Akin Gump Strauss Hauer & Feld LLP logo
Akin is a law firm focused on providing extraordinary client service, a rewarding environment for our diverse workforce and exceptional legal representation irrespective of ability to pay. The deep transactional, litigation, regulatory and policy experience we bring to client engagements helps us craft innovative, effective solutions and strategies.
Explore Firm Details
Federal courts issued four significant decisions in the first quarter of 2026 addressing the intersection of generative artificial intelligence (AI) and maintaining attorney-client privilege...
United States Colorado Technology
Marshall L. Baker,Natasha Kohne,Evan D. Wolff
+2 Authors
 Your Author LinkedIn Connections
Akin Gump Strauss Hauer & Feld LLP are most popular:
  • within Wealth Management topic(s)

Key Points

  • Federal courts issued four significant decisions in the first quarter of 2026 addressing the intersection of generative artificial intelligence (AI) and maintaining attorney-client privilege and work product protections, as well as confidentiality and data security in the context of protective orders.
  • There is an emerging split regarding whether using public third-party generative AI tools waives work product protections. While the U.S. District Court for the Southern District of New York (SDNY) held that such use may destroy protection in the criminal context, courts in the Eastern District of Michigan and the District of Colorado ruled that litigants in the civil context did not waive work product protections merely by using public AI tools, likening the platforms to software tools rather than adversaries.
  • Courts are proactively updating protective orders to address the unique data retention and privacy risks of public or ‘open’ AI systems. One court restricted the use of public AI tools for designated ‘Confidential Information,’ while another banned the use of public AI tools for all discovery materials, including nonconfidential documents, mandating the use of ‘closed’ enterprise systems.
  • To mitigate legal risks, businesses should prioritize the use of ‘closed’ enterprise AI systems, review contracts and terms of service around the AI systems’ retention of inputs and outputs for training or sharing with third parties, and, when required in the context of a protective order, ensure the ability to permanently delete or ‘claw back’ sensitive discovery materials at the conclusion of a matter.

Background

The rapid adoption of generative AI platforms (such as ChatGPT, Claude and Gemini) has led litigants and counsel to increasingly use these tools for analyzing documents, drafting strategy and synthesizing facts. However, public AI platforms often collect user inputs and associated outputs to train their underlying machine-learning models, raising confidentiality, data privacy and privilege waiver concerns. In Q1 2026, federal courts were forced to address these novel technological issues across civil and criminal dockets. The resulting decisions yield instructive, though sometimes conflicting, guidance on how traditional legal doctrines apply to modern AI workflows.

United States v. Heppner (S.D.N.Y. Feb. 17, 2026)

Public AI Use Defeats Privilege and Work Product

As detailed in our prior client alert, the SDNY ruled in a criminal case that a defendant’s written exchanges with a publicly available generative AI platform were not protected by either the attorney-client privilege or the work product doctrine. The court found that no attorney-client relationship existed with this public AI platform. The court also held that users lack a reasonable expectation of confidentiality because the platform’s privacy policy provides that it discloses the use of inputs and outputs for AI training and reserves the right to share such data with third parties.

The court ruled the work product doctrine inapplicable because the defendant initiated the AI communications on his own initiative rather than at counsel’s behest. Because the documents did not reflect counsel’s strategy at the time of their creation, the court rejected the argument that a party’s independent research acquires protection simply by being shared with an attorney.

Warner v. Gilbarco, Inc. (E.D. Mich. Feb. 10, 2026)

AI Platforms Are “Tools,” Not Adversaries, Preserving Work Product

In an employment dispute, the defendants moved to compel a pro se plaintiff to produce all documents and information concerning her use of third-party AI tools in connection with the lawsuit. The magistrate judge denied the request, holding that the information sought was not discoverable because it was prepared in anticipation of litigation. The court further ruled that the information was not relevant, and even if marginally relevant, was not proportional to the needs of the case.

The court also denied the defendants’ request to overrule the plaintiff’s privilege objections or require a privilege log. Rejecting the argument that the plaintiff waived work product protection by using ChatGPT, the court held that a work product waiver requires disclosure to an adversary or in a way likely to reach an adversary. The court emphasized that generative AI programs are “tools, not persons,” and disclosure to such a tool does not waive work product protection. Compelling the production of the plaintiff’s “internal analysis and mental impressions” as the defendants sought here, the court noted, would “nullify work-product protection in nearly every modern drafting environment.”

Morgan v. V2X, Inc. (D. Colo. Mar. 30, 2026)

Work Product Upheld, But AI Tools Must Be Disclosed and Restricted

In another employment case, a pro se plaintiff resisted disclosing the name of the AI tool he used, citing the work product doctrine. The court agreed that Rule 26(b)(3) protects the plaintiff’s mental impressions and litigation preparation materials. The court expressly distinguished the SDNY’s ruling in Heppner, noting that, as a civil case governed by the Federal Rules of Civil Procedure, Rule 26(b)(3) protects the work product of a party, not merely counsel. Agreeing with Gilbarco, the court also noted that pro se litigants act as both party and advocate, making their use of AI protectable.

However, the court compelled the plaintiff to disclose the specific name of the AI tool used, noting that the plaintiff failed to demonstrate how identifying the tool would reveal mental impressions or case strategy. According to the court, it appeared that the plaintiff had already submitted Confidential Information to an AI system, and thus the defendant is entitled to know which one.

Addressing the extent to which a protective order should restrict AI use, the court rejected competing language from both parties. It found the plaintiff’s proposal addressed only cybersecurity concerns rather than AI-specific data processing risks, while the defendant’s language was “over-engineered” to fit its own specific AI contracts. Instead, the court amended the order with its own language, banning parties from inputting any Confidential Information into modern AI platforms unless the provider is contractually prohibited from: (1) storing or using inputs to train or improve its model; and (2) disclosing inputs to third parties except where essential for service delivery and where the third party is bound to obligations no less protective than those required by the court’s order. The court also required that the AI provider contractually afford the party the ability to remove or delete all Confidential Information upon request.

The court recognized that this provision practically bars the use of most “low-to-no-cost” AI tools for confidential data, potentially disadvantaging pro se litigants. The court decided, however, that it could not ignore the “real risks” of mainstream AI tools compromising confidentiality.

Jeffries v. Harcros Chemicals Inc. (D. Kan. Mar. 25, 2026)

Public AI Tools Banned for All Discovery Materials

In an environmental putative class action, the defendants moved to amend an existing protective order to ban the use of public or “open” generative AI tools for all documents and information produced in discovery, regardless of whether they were designated as “Confidential.” The plaintiffs objected, characterizing the proposal as a disfavored “umbrella” protective order that would drive up litigation costs and infringe on First Amendment rights. The court granted the motion, concluding that the defendants met their burden to show good cause for the amendment based on the identified AI-specific risks.

The court agreed with the defendants that because data submitted to a public AI tool is used to train and improve the system, it is “practically impossible” to effectively claw back or delete such data once it has been processed. The court found that these “very real security risks”, including the creation of a “centralized repository” for discovery data, could expose critical infrastructure information and violate U.S. data privacy laws and the strict disclosure rules under the European General Data Protection Regulation (GDPR). Ultimately, the court reasoned that restricting the parties to “closed” AI tools would facilitate the discovery process by “incentivizing more fulsome document productions.”

Practical Implications

The intersection of these four rulings demonstrates that while AI offers immense efficiency gains, utilizing it without proper guardrails poses threats to privilege, confidentiality, and protective order compliance. Organizations and legal teams should take the following steps:

  • Audit and Update Acceptable Use Policies: Companies should implement or revise policies to prohibit employees from inputting sensitive or litigation-related information into publicly available generative AI platforms to avoid discovery-related risks.
  • Recognize the Threat of Privilege Waiver: While some courts (WarnerMorgan) have held that using public AI for litigation preparation, particularly in the civil context, does not waive work product protection, avoiding the use of public AI is the safer approach.
  • Invest in “Closed” Enterprise AI Solutions: To safely utilize AI in litigation, businesses should utilize closed, enterprise-grade AI systems. In the context of protective orders, courts are requiring that AI tools have strict contractual safeguards—specifically, “zero data retention” policies and prohibitions on using user data to train underlying models.
  • Beware of Sweeping Protective Orders: Legal teams must carefully review protective orders before integrating AI into their eDiscovery workflows. As seen in Jeffries, courts may be willing to ban the use of public AI tools for any document produced in discovery, regardless of whether it holds a formal “Confidential” designation. Attempting to use a public AI tool to summarize an opponent’s production could result in a violation of a court order.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Marshall L. Baker
Marshall L. Baker
Photo of Natasha Kohne
Natasha Kohne
Photo of Brennan Meier
Brennan Meier
Photo of Evan D. Wolff
Evan D. Wolff
Photo of C. Brandon Rash
C. Brandon Rash
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More