Legal professional privilege is one of the most fundamental protections available to a client in the legal system. It protects confidential communications between lawyers and their clients from compelled disclosure, and its scope has been refined over centuries of common law. But the rapid integration of artificial intelligence (AI) into business practice is raising questions that the law has not yet answered: when AI is used to generate, process, or engage with legal advice, does privilege still attach — and if it once did, can it survive?
These are no longer theoretical concerns. A United States federal court addressed exactly this situation in February 2026, in United States v Heppner,[1] where a defendant’s privilege claims over AI-generated documents were rejected outright. The court found that material processed through AI may lose the confidentiality necessary to sustain a privilege claim, and advice generated by AI, rather than by a lawyer, may never attract privilege in the first place. Both risks are now present in everyday business practice.
While there are nuances in the Heppner case, it serves as an important reminder for Australian organisations, their Boards and legal advisers, particularly at a time of heightened regulatory investigation and enforcement extending to Directors, and the increasing risk of class actions and shareholder actions. As AI becomes a standard tool, Australian organisations and Boards need to understand what is at stake and the risk of inadvertent waivers of legal professional privilege must be front of mind.
A real-world warning: United States v Heppner
In United States v Heppner, Heppner was the subject of a criminal investigation in the Southern District of New York. In 2025, after receiving a grand jury subpoena and becoming aware that he was the target of the investigation, Heppner used an AI tool to process and organise material relating to his defence strategy, including analysis of the facts and the legal issues he anticipated the government might be pursuing. The material was prepared with a view to sharing it with his lawyers so that he could discuss defence strategy with them.
When those materials were later sought by the prosecution, Heppner’s legal team claimed attorney-client privilege (or ‘legal professional privilege’). The court found no basis for the claim, holding that by inputting the material into the AI tool, Heppner had disclosed it to a third party. It was particularly relevant in this case that Heppner used a free version of the AI tool, the terms of use for which expressly provided that inputs were not confidential and users had no expectation of privacy in their inputs.
While Heppner is a United States decision, it is the first published judicial determination of privilege claims over AI-generated content, and it crystallises precisely the risks that Australian organisations face.
Legal professional privilege in Australia: The framework
Legal professional privilege in Australia operates both as a common law doctrine and a statutory right reflected in the largely uniform evidence legislation enacted federally,[2] in New South Wales,[3] Victoria,[4] Tasmania,[5] the Australian Capital Territory,[6] and the Northern Territory.[7] By contrast, Queensland, South Australia and Western Australia (presently)[8] have not adopted the uniform evidence legislation, and in those jurisdictions privilege continues to operate primarily as a doctrine of the common law. The High Court has confirmed that privilege is not a mere rule of evidence but a fundamental common law right.[9] It protects two categories of communication:
- Legal advice privilege: confidential communications between a lawyer and their client made for the dominant purpose of giving or receiving legal advice; and
- Litigation privilege: confidential communications between a lawyer, their client, or (in some cases) a third party, made for the dominant purpose of actual or reasonably anticipated litigation.
The first risk: Confidentiality and waiver
It is a well-established principle that for a communication to be protected by privilege, it must be and remain confidential. Confidentiality is not static; it can be lost by express, implied or inadvertent (or accidental) waiver, and questions about its loss are broadly fact-specific.
A key distinction for AI use is between what might be called public AI systems and closed AI systems.
Public AI systems, such as free versions of popular generative AI tools like ChatGPT and Gemini, may use data to train the underlying large language model for wider use and may process and store inputs depending on their standard terms of service. Users typically cannot negotiate the terms of service. Whereas enterprise or closed generative AI systems (such as ChatGPT Enterprise, Claude Enterprise and Copilot), by contrast, offer contractual protection around information privacy, confidentiality and data security, and generally include terms which limit or prohibit the AI system’s ability to use inputs to improve or train its underlying model.
In an official guideline adopted by the Supreme Court of Queensland as well as lower Queensland Courts on 15 September 2025,[10] judicial officers are directed that “any information that you input into a public Generative AI chatbot should be seen as being published to all the world“. The guideline explains that public AI chatbots “can remember every question that you ask them, as well as any other information you put into them” and “could then use that information to respond to queries from other users“.
The implication for privilege is clear. If anything typed into a public AI chatbot “could become publicly known“, it is difficult to maintain that the information retains the confidentiality necessary to sustain a claim for privilege.
A court examining a privilege claim over material that was uploaded to a public AI platform would be very likely to treat the act of uploading as inconsistent with an intention to maintain confidentiality.
In a joint initiative, the Law Society of New South Wales, the Legal Practice Board of Western Australia, and the Victorian Legal Services Board and Commissioner published guidance linking AI use directly to the confidentiality obligations under the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 (ASCR rule 9.1) and the Legal Profession Uniform Conduct (Barristers) Rules 2015 (BR rule 114). The guidance is unequivocal: “Lawyers cannot safely enter confidential, sensitive or privileged client information into public AI chatbots/co-pilots (like ChatGPT), or any other public tools. If lawyers use commercial AI tools with any client information, they need to carefully review contractual terms to ensure the information will be kept secure“.[11]
These concerns have also been raised at the federal level. In its submission dated 16 June 2025 to the Federal Court of Australia’s consultation on the use of artificial intelligence in the Court, the Law Council of Australia identified the risk of inadvertent waiver of privilege as a central issue. The Law Council warned of “the risk of breach of client confidentiality, and risk of inadvertently waiving client legal privilege, if documents or case facts are uploaded to—or shared with—GenAI tools, particularly open-source tools“, and recommended that the Court “consider imposing a general prohibition against entering or uploading confidential information relating to any proceedings, unless the technological platform meets certain requirements that mitigate those risks“.[12]
It is important to understand that while the terms of use for many AI systems promise “privacy” to their users, privacy and confidentiality are not the same thing. The promise of privacy does not guarantee confidentiality. This is particularly important in the context of maintaining privilege.
The second risk: Can AI-assisted legal advice be privileged?
A fundamental question is whether legal advice produced with the assistance of AI can attract privilege at all. The answer turns on the requirement that LPP attaches to communications between a client and their legal advisers.
There is no standalone “AI privilege”. Legal advice generated by an AI system and provided directly to a non-lawyer is not capable of being a privileged communication, as the AI system is not a lawyer.
The question of who can give legal advice for the purposes of legal advice privilege is not a new one. All attempts to extend the scope of privilege to advice given by advisers other than lawyers have historically concerned human advisers. The issue was last considered by the UK Supreme Court in 2013 in R (Prudential Plc) v Special Commissioner of Income Tax,[13] where the court held that legal advice privilege required legal advice communicated by a lawyer, confirming it applied only to members of the legal profession.
The business reality: People are using AI every day
The two risks highlighted by the Heppner case converge in practice. Where a director or executive uses a public AI tool to engage with legal advice received from lawyers, the result may be both a waiver of privilege that attached to that advice and the generation of new material that is not itself capable of being privileged. The practical consequences of this convergence are significant, and they are playing out in Australian organisations every day.
Directors, executives, company secretaries, compliance officers, and finance teams routinely use AI tools as part of their daily workflows. Those tools are increasingly sophisticated in summarising documents, drafting correspondence, analysing data, generating reports and answering complex questions. The productivity gains are real and potentially very significant for Australian organisations.
What is less understood is the privilege consequence when the use of those AI tools relates to legal advice, potential litigation or regulatory compliance matters. For example, a director who uses ChatGPT or a similar public AI system to summarise legal advice they have received or to brainstorm a potential legal issue, may inadvertently disclose otherwise privileged information and knowingly (or at least impliedly) waive privilege in the advice.
Board minutes, draft notes and AI: A particularly sensitive risk
In many organisations, the preparation of board minutes is now assisted by AI. A company secretary or executive assistant may take rough notes during a board meeting and then upload those notes to an AI system to restructure the notes into formal minutes, or generate a summary of resolutions.
Where those notes capture the substance of legal advice received by the board, the act of uploading them to a public AI system may constitute a disclosure that destroys the confidentiality necessary to maintain privilege. The extent to which information inputted into a public AI system loses its confidential nature, and therefore the potential protection of privilege, is a matter of fact and degree. Complete disclosure of a privileged communication to a public AI system (under commonly applicable terms of use) is likely to result in a loss of privilege.
The same concern applies to AI transcription tools, which are increasingly used to record board meetings, committee meetings, and executive sessions. These tools, often accessed through off-the-shelf software that records and transcribes video calls, operate by uploading audio or transcribed content to third-party servers for processing. Where a board meeting includes a report from external or internal lawyers or a discussion of legal strategy in the context of anticipated litigation, that content may be processed by a platform whose data handling terms do not guarantee the confidentiality necessary to maintain privilege.
The privilege risks associated with AI transcription and AI-assisted minute preparation have been squarely acknowledged by Australia’s peak governance bodies. In a 2025 Joint Statement, the Australian Institute of Company Directors (AICD) and the Governance Institute of Australia identified the compromise of privileged information as a standalone risk category of using AI to record or transcribe board meetings, warning that “[l]egal advice or privileged information discussed may be compromised in a recording or transcript of the board meeting“.[14]
The Joint Statement recognises that the privilege risk extends beyond the minutes themselves to the board papers that inform them, identifying as a key risk factor “the risk of disclosure of confidential information to third party AI providers – including the potential for the loss of privilege for legal advice included in, or attached to, board papers“.
Critically, the recommended safeguards include limiting or disabling AI transcription “for certain portions of the meeting – for example, ‘in camera’ discussions or where legal advice or privileged information is discussed“, and establishing clear policies addressing “how legal advice or privileged information will be handled where AI is used to record or produce a transcript of meetings or generate draft minutes“.
The Joint Statement also draws attention to a compounding risk that is often overlooked: discoverability. The AICD and Governance Institute warn that “any recording, transcript or AI-generated draft minutes that are retained will be discoverable and admissible in court as evidence, and has the potential to conflict with the formal board minutes“. Even where the final, approved minutes are carefully drafted to protect privilege; for example, by noting that the board considered relevant legal advice without recording its substance, an earlier AI-generated draft that incorporates the substance of that advice may provide a basis for a party in litigation, or a regulator such as ASIC exercising compulsory information-gathering powers, to argue that privilege has been waived.
For more insights on AI in the boardroom, read our article AI in the Boardroom: balancing innovation and obligation.
ASIC investigations – the section 30 dimension
The consequences of inadvertent privilege waiver in the boardroom context are not limited to litigation. Where ASIC issues a notice to a company or its officers requiring the production of books and records, privilege is one of the few substantive grounds on which production can be resisted.
If privilege in board minutes or related materials has been waived because those documents were processed through a public AI system, that ground of resistance may be unavailable. The company may then find itself compelled to produce documents to ASIC that record the board’s consideration of legal advice, including advice about the matter under investigation, without being able to claim the protection that privilege would otherwise have afforded.
The risk is compounded where the AI system processed not just the final minutes but also drafts, transcripts, summaries, and preparatory materials.
Practical guidance
Our view is that the law in the area of privilege will continue to develop, and a test case in Australia of the impact of AI tools on privilege, is a matter of when, not if.
In the meantime, good governance is key to managing this risk. Adopting and embedding AI tools within your organisation within a clear and trained-on governance framework helps to mitigate this risk (and other risks associated with AI usage), so that use is intentional, and everyone understands the guardrails to work within. This includes:
- Clear and up-to-date AI strategy and risk appetite statement approved by the board, complemented by implemented and maintained usage policies and training that specifically address the production and handling of legal advice, and prohibit uploading legal advice and other confidential material to public AI systems. This prohibition should extend expressly to board papers, draft minutes, notes of meetings at which legal advice was received, and summaries of legal advice.
- Governance and risk frameworks for third party AI tool adoption to include a review of terms of use, with particular attention to whether the tool trains on user inputs or processes content through servers that do not guarantee confidentiality.
- AI transcription tools used for board meetings, committee meetings and executive sessions to be reviewed carefully. Where those tools process content through third-party servers, the terms of use should be assessed to determine whether confidentiality of the content is adequately protected. Where it is not, a closed AI system or tool should be used, or alternative arrangements should be made for meetings at which privileged legal advice will be discussed.
- Directors, executives and staff to be made aware that using a public AI tool (rather than an enterprise version or closed AI system) to engage with, analyse or summarise legal advice received from lawyers may destroy the privilege that attaches to that advice.
- Boards to consider the ASIC section 30 dimension specifically. Where a company is in a sector or situation that carries practical regulatory investigation or enforcement risk, the governance of AI use in connection with board minutes and legal advice is not merely a best practice question; it is a risk management imperative.
Hamilton Locke advises clients on the governance and legal implications of AI adoption in their organisations, including the frameworks necessary to preserve legal professional privilege when AI is part of the workflow. If you would like to discuss how AI adoption in your organisation may be affecting legal professional privilege, or how to structure your board and governance processes to manage this risk, please contact Sophie Bradshaw and Tim Grave.
[1] No. 25 Cr. 503 (JSR).
[2] Evidence Act 1995 (Cth) pt 3.10.
[3] Evidence Act 1995 (NSW) pt 3.10.
[4] Evidence Act 2008 (Vic) pt 3.10.
[5] Evidence Act 2001 (Tas) pt 10 div 1.
[6] Evidence Act 2011 (ACT) pt 3.10.
[7] Evidence (National Uniform Legislation) Act 2011 (NT) pt 3.10.
[8] Note that Western Australia has passed and enacted the Evidence Act 2025 (WA) which adopts the uniform evidence provisions, but the new act is not yet in force.
[9] Esso Australia Resources Ltd v Commissioner of Taxation (1999) 201 CLR 49.
[10] Queensland Courts, The Use of Generative AI: Guidelines for Judicial Officers (15 September 2025).
[11] Victorian Legal Services Board and Commissioner, Law Society of New South Wales and Legal Practice Board of Western Australia, Statement on the Use of Artificial Intelligence in Australian Legal Practice (Statement, 6 December 2024).
[12] Law Council of Australia, Artificial Intelligence Use in the Federal Court of Australia (Submission to the Federal Court of Australia, 16 June 2025).
[13] R (on the application of Prudential Plc) v Special Commissioner of Income Tax (2013) UKSC 1.
[14] Australian Institute of Company Directors and Governance Institute of Australia, Effective Board Minutes and the Use of AI: A Joint Statement (2025).
