Skip to content

AI governance for professional services

Your partners remain personally liable for what the AI drafts.

When a solicitor, accountant or surveyor uses AI in client work, the named professional and the firm stay liable for the output. A tool cannot hold a duty of competence or confidentiality. Governance AI helps your board, partnership or management committee govern AI so client trust, privilege and your regulator's conduct rules survive contact with it, and builds the systems that hold those controls in place.

Take the Board AI Scorecard Book a conversation

Professional responsibility cannot be delegated to a tool.

A professional services firm answers to three authorities at once. Clients entrust it with privileged and confidential material. A frontline regulator can fine it, intervene in it or close it. The courts and indemnity insurers stand behind its advice. The SRA's Risk Outlook on AI is explicit that solicitors remain personally accountable for AI outputs and cannot pass that responsibility to a tool. The ICAEW Code of Ethics binds members to professional competence and due care before they rely on any AI system. These are conduct duties, not commercial preferences.

The pressing risk is specific. Feed privileged or confidential client material into an AI tool the firm does not control and you may waive privilege, breach confidentiality and the UK GDPR, and expose client secrets through model training or retention. Hallucinated authorities and false figures reaching a client or a court expose the firm to negligence and discipline. The gap usually sits at the top, where partners reached leadership through fee-earning excellence rather than scrutiny of how a model handles client data.

The standards professional services firms are held to.

AI does not create a separate rulebook. It runs through the duties and regulators you already answer to.

  • Solicitors Regulation Authority (SRA) Standards and Regulations

    The Codes of Conduct impose competence, confidentiality and supervision duties on AI-assisted legal work, and the SRA's Risk Outlook confirms solicitors stay personally accountable for AI outputs.

  • ICAEW Code of Ethics

    Binds chartered accountants to competence, due care, confidentiality and objectivity, and requires a member to judge whether an AI tool and its data are sufficient before relying on the output.

  • RICS Responsible Use of AI professional standard

    Requires human oversight, professional scepticism, disclosure of AI use to clients in writing, and documented AI governance including risk registers.

  • Information Commissioner's Office (ICO) and UK GDPR

    Governs AI processing of personal and special-category client data, requiring a lawful basis, DPIAs, explainability and senior sign-off, with the firm as controller accountable for compliance.

  • SRA Indemnity Insurance Rules and Minimum Terms and Conditions

    Require qualifying professional indemnity cover on minimum terms, so the board must ensure AI-driven errors and disclosed AI use fall within adequate and appropriate cover.

What good AI governance looks like for professional services firms.

The Board AI Scorecard measures five areas. Here is what each means in your sector.

Accountability & board oversight

A named professional, not the model, owns every AI-assisted output that reaches a client or a court, and the firm can show who reviewed it and when.

AI policy & controls

Your AI policy states which matter types and client data AI tools may touch, what disclosure clients receive, and how it maps to your SRA, ICAEW or RICS conduct duties.

Risk, transparency & assurance

AI risks sit on the firm's risk register with named owners, including hallucinated authorities, privilege waiver, and whether AI-assisted work stays inside your professional indemnity cover.

Data & security

Privileged and confidential client material never leaves systems the firm controls or trains a third-party model, with retention and residency confirmed and a DPIA where personal data is processed.

Board literacy & capability

Partners and fee-earners can recognise where an AI tool's output is likely to be wrong and what an adequate supervision regime looks like, especially over junior staff relying on it.

Questions your board should be asking.

  • Which client matters and data types are AI tools permitted to touch, and how do we guarantee privileged or confidential material never leaves systems we control or trains a third-party model?
  • How do we evidence that a competent professional has reviewed and takes responsibility for every AI-assisted output before it reaches a client or court, and how is that supervision recorded?
  • Does our conduct meet our regulator's expectations on disclosing AI use to clients across the RICS standard and SRA, ICAEW and ICO guidance?
  • Have we confirmed with our PII insurer that AI-assisted work is disclosed and covered, and that our cover stays adequate and appropriate given our AI risk profile?
  • What is our process for catching hallucinated authorities, false figures and biased outputs before they cause client harm, and who owns that control?
  • Do we have a DPIA, a lawful basis and senior sign-off in place for any AI system processing personal or special-category client data under the UK GDPR?

Taking these to a meeting? Print the one-page board pack.

We govern the AI and build the controls that hold it.

Start with the free Board AI Scorecard, a short self-assessment that shows your partnership where its AI exposure sits against the duties your regulator already enforces. The AI Wake-Up Call is a board session that translates those duties into the decisions a managing partner or COLP has to own, and the GovernIQ™ Diagnostic goes deeper into your matters, data and supervision regime. Our founder, Dr Karl George MBE, created the tgf Governance Code, a twelve-principle framework endorsed by the late Sir Adrian Cadbury, and we align work to ISO/IEC 42001, the NIST AI Risk Management Framework, UK GDPR and the NCSC cloud security principles. We help you prepare for certification against these standards and do not issue it. One team advises and then builds the system, so the governance you agree is the governance that ships.

About the GovernIQ™ DiagnosticAI governance for boards

Latest insights for professional services firms

A violet signature underline beneath a blank framed area, representing a named professional taking responsibility for AI-assisted output

Sector playbooks

What a RICS AI disclosure teaches every regulated profession

A surveying build generated its AI disclosure from real decision records. Here is how to turn that into a disclosure template for any regulated profession.

ArticleGovernance AI7 min read

Begin with a clear view of where your firm stands.

Take the free Board AI Scorecard, or have a short conversation with us about AI in your client work. No tool will hold your duty of competence for you, so it is worth knowing what your partnership is accountable for before AI is in front of a client. Most AI governance is performance, not protection.

Take the Board AI Scorecardor book a conversation

AI governance in other sectors.