This ABA Opinion 512: Compliance Guide for Solo Attorneys addresses a stark reality: The rules exist, the workflows don’t, and the liability is yours either way.
And when there’s no workflow, compliance fails exactly when it’s tested — under pressure, in a filing, or in a dispute.
ABA Formal Opinion 512 arrived in July 2024. It is not advisory. It applies existing Model Rules to AI use and makes clear that every ethical obligation you carry — competence, confidentiality, supervision, billing — extends to every tool in your practice.
The opinion is also explicit on accountability: responsibility does not transfer to the tool. The AI cannot be sanctioned. Every output it produces is yours — legally, ethically, and professionally — from the moment you use it in a matter.
What Opinion 512 does not provide is a workflow for actually satisfying these obligations.
That is the problem. Solo attorneys reading the opinion come away knowing what they cannot do. Almost none come away with a process for what they must do instead. The gap between those two positions is where bar complaints originate.
What Solo Attorneys Are Actually Doing
There are two groups. Both are exposed.
The experimenters are using ChatGPT for research summaries, first-draft pleadings, and client communications. They have not read the vendor terms. They have not updated their engagement letters. They have no verification checklist. If a bar investigator asked them to demonstrate their AI compliance process, most could not produce one.
This is not carelessness. It is a structural failure. The tools produce useful output, and the assumption forms that careful review is sufficient. It is not. Understanding how a tool handles data — whether it trains on user inputs, who has access, what the vendor retains — is part of the competence obligation under Rule 1.1. Using a tool without that knowledge is a violation in progress.
The avoiders read about the Mata v. Avianca sanctions and stopped there. They have decided AI is too risky, which means they are absorbing the full administrative workload manually while competing firms operate faster within compliant structures. Avoidance is not a compliance strategy. It is a competitive concession that does not eliminate the underlying obligation.
Both groups share the same problem: they know the rules exist. Neither has built a system that satisfies them.
What the ABA Opinion 512: Compliance Guide for Solo Attorneys Actually Requires
Five duties. Here is what each one means in practice — and what the exposure looks like when it is absent.
Competence (Rule 1.1) You must understand the tools you use: how they handle data, whether they train on inputs, what their failure modes are. The opinion describes technological competence as a “moving target.” An attorney who cannot answer basic questions about their AI tools’ data practices is already outside the competence standard — regardless of whether an error has occurred yet.
Confidentiality (Rule 1.6) Inputting client information into a self-learning AI tool — one that uses prompts to train its model — is a potential confidentiality violation. Informed consent is required before that happens, and the opinion is explicit that boilerplate engagement letter language does not satisfy the standard. Specific disclosure of the tool, the risk of third-party data access, and a real client choice are all required. If your engagement letter predates your AI use, it provides no coverage at all.
Fees (Rule 1.5) Billing for time AI eliminated is an overcharge with a clear paper trail. If the matter file shows AI-generated output and the invoice shows two hours for work the tool produced in ten minutes, the gap is documentable. AI tool costs are generally overhead, not billable expenses. The narrow exception — per-use third-party services for a specific client matter — requires prior disclosure.
Supervision (Rules 5.1 and 5.3) If staff or contractors use AI on your matters, you are responsible for every output. The opinion treats AI vendors as outsourced service providers and applies the full supervisory framework accordingly. The absence of a written policy does not limit exposure — it eliminates the only available defense.
Verification The opinion classifies AI as a “prediction tool.” It generates statistically probable output, not reasoned conclusions. In Mata v. Avianca, an attorney filed a brief containing citations to cases that did not exist. The AI had produced plausible-sounding authority. The attorney had no verification process. The court imposed sanctions. Independent verification of every output — before it is used, sent, or filed — is a competence obligation. Without a repeatable process, verification is only as reliable as the attorney’s attention on that particular day.
The Gap: Why an ABA Opinion 512: Compliance Guide for Solo Attorneys Is Vital
Most commentary on Opinion 512 stops at the obligations. Verify everything. Read vendor terms. Obtain informed consent. Bill accurately.
These are directives, not systems. A directive tells you what to do. A system tells you how to do it consistently, under workload pressure, with a record that it was done.
“Verify everything” is not a workflow. Without a defined checklist, verification depends on the attorney’s attention and time — both of which compress under pressure. An output that looks authoritative will pass informal review when the attorney is stretched.
“Read vendor terms” is not a one-time task. Vendor terms change. A tool that did not train on user inputs when you adopted it may have updated its data practices since. Without a scheduled review, your vendor assessment is immediately outdated — and that gap is a competence failure under Rule 1.1.
“Get informed consent” is not satisfied by awareness. It requires a template that meets the opinion’s specific standard, a process for identifying which matters require consent before AI is used, and documented proof that consent was obtained. None of this exists by default in any AI tool.
Compliance requires structure that holds up under scrutiny. Awareness does not satisfy the obligation. A system does.
What Most Solo Attorneys Are Getting Wrong Right Now
Not reading vendor terms. Most attorneys using consumer-grade AI tools have not read the terms of service for a single one. They do not know whether the tool trains on their inputs or retains data after they stop using the service. Under Rule 1.1, this is not a minor gap. It is the competence failure the opinion was written to prevent.
No verification process. AI output is reviewed informally — read through, obvious errors corrected, draft sent. There is no checklist. There is no dated record of what was verified. Mata v. Avianca is the documented consequence of this approach: plausible-looking output that was not verified, filed in federal court, and sanctioned. The attorneys who filed it were not incompetent. They lacked a process.
Outdated engagement letters. If the engagement letter predates AI adoption, it contains no disclosure. Every matter where AI touched client data is operating without informed consent on record.
Billing practices that have not been reviewed. Time entries logged from memory, flat fees set before AI was available, no written policy defining how AI-assisted time is captured. Any of these, examined in a fee dispute, creates an indefensible position.
No staff policy. If anyone other than the attorney uses AI in the practice — virtual assistants, contractors, clerks — and there is no written policy governing that use, there is no documented supervision. Under Rules 5.1 and 5.3, the liability is the attorney’s regardless.
What a Compliant AI Workflow Actually Looks Like
Compliance that holds under bar review or court scrutiny has one distinguishing feature: it is repeatable and documented. It does not depend on the attorney being thorough on a particular day.
Intake and data handling. A defined decision point exists before any client information enters an AI tool: Is this tool self-learning? Has this client provided informed consent under Opinion 512’s standard? If either answer is uncertain, client data does not enter the prompt. That decision is recorded in the matter file — not assumed.
Verification. A written checklist defines what must be confirmed before AI-generated content is used or filed. For legal research: every citation independently verified against the actual source. For drafted documents: legal standards checked, internal consistency confirmed. The checklist is completed and dated. If verification is challenged, the record exists.
Client communication. Engagement letters contain specific disclosure language — not boilerplate — naming the tools used, the data sharing risk, and the client’s right to decline. For matters involving self-learning tools, a separate consent record is stored in the file. This is reviewed each time a new tool is adopted.
Billing. A written policy defines how AI-assisted time is captured: actual time spent prompting, reviewing, and correcting — not estimated time based on what the task previously required. If a billing dispute surfaces AI use in the matter record, the policy is the baseline.
Vendor management. Every external AI service has been reviewed against defined criteria: data retention terms, breach notification obligations, conflict screening, enforceability of confidentiality agreements. That review is documented, dated, and scheduled for re-review.
The documentation is not bureaucratic overhead. It is the difference between a process that looks compliant and one that is.
What to Do This Week
Monday — Audit your tools. List every AI tool in use, including those used by staff or contractors. For each one: have you read the current terms of service? Is the tool self-learning? Flag any tool where either answer is uncertain. Those are your active exposures.
Tuesday — Read the terms. For every flagged tool, pull the current terms and privacy policy. Look specifically for training data provisions, data retention timelines, post-cancellation data handling, and third-party access. If the terms are unfavorable or unclear, that tool does not touch client data until a consent process is in place.
Wednesday — Update your engagement letter. Replace generic language with specific disclosure: which types of tools are used, that data may be shared with the vendor, that third-party access is a risk, and that the client may decline. Draft a separate informed consent template for matters requiring it under Opinion 512.
Thursday — Review billing practices. Examine the last 30 days of time entries for AI-assisted work. Identify any entries where logged time reflects prior task duration rather than actual AI-assisted time. Write a billing policy that defines how AI time is captured. Date it.
Friday — Write your verification checklist and staff policy. One page each. The verification checklist defines every step required before AI output is used or filed. The staff policy defines which tools are approved, what data cannot be entered, and what verification is required before output reaches the attorney. Both documents are dated and stored accessibly.
So Where Does This Leave You?
Opinion 512 does not make AI use optional. It makes unstructured AI use indefensible.
The obligations apply to every tool in your practice now — whether or not a process exists to satisfy them. The bar does not exempt attorneys who were too busy to build the system.
Manual compliance breaks under real workload conditions. It holds when the attorney has time and attention. It fails during a heavy caseload, a deadline, or a difficult matter — exactly the circumstances where an error is most likely. Compliance that depends on the attorney’s discipline on a given day is not compliance. It is a risk management gap with unpredictable timing.
The infrastructure has to be built into how the practice operates. Not held in the attorney’s head.
Where LegalContext Fits
LegalContext is not a research tool. It does not generate legal arguments, produce case citations, or draft substantive work product. Those functions require attorney judgment and carry the deepest compliance obligations.
What LegalContext handles is the administrative communication layer: intake responses, follow-up sequences, appointment confirmations, client updates. The attorney defines the messages. The system executes them consistently. Nothing goes out without attorney approval. No client data enters an uncontrolled model.
This is what Opinion 512 implicitly describes as appropriate AI structure: the attorney retains control over judgment and output; the system handles execution. No follow-up depends on the attorney remembering to act. No lead is lost because the attorney was in a hearing. The administrative layer runs whether the attorney is available or not.
Solo practices that rely on manual administration for compliance will find that it holds until it doesn’t. A system holds consistently. That is the operational distinction — and it is not optional for a practice built to last.
Find Out Where Your Practice Is Exposed — Before Someone Else Does
Most solo attorneys reading this are already exposed. Not hypothetically. The engagement letter is outdated. The vendor terms have never been reviewed. The verification process is informal. The billing policy does not exist in writing.
These gaps are invisible until a client files a complaint, a court questions a filing, or a billing dispute puts time records under scrutiny. At that point, the absence of documentation is the problem — not just the underlying error. The exposure was always there. It simply became visible.
The AI Readiness Assessment identifies where your current setup falls short across tools, workflows, billing practices, and engagement letter adequacy — before those gaps surface in a context that costs you.
Under 10 minutes. The gaps it finds have already been accumulating.
