Last verified: 2026-06-22
A homebuyers’ petition came up before a single judge of the Delhi High Court in September 2025 with what looked like a tidy bundle of authority. A neat string of precedents, each one apparently on point, each one seeming to settle the dispute. Then the court went looking for them. Some did not exist at all; in one instance, the petition quoted a “paragraph 73” of a judgment that ran to only 27 paragraphs. The citations had been generated by an AI tool, and they were fabricated. Faced with that, the petitioner’s side did the only thing left to do: it withdrew the plea, which the court dismissed as withdrawn while warning that AI used in this way was impermissible. And that quiet withdrawal is exactly why AI ethics for lawyers in India has stopped being a seminar topic and become a working problem.
The embarrassment, honestly, is the smallest part of it. The real exposure is professional. An advocate owes the court a duty of candour, a duty of competence, and a duty not to mislead. A fabricated citation, even an unwitting one, touches all three. And this wasn’t a freak event. It sits inside a global pattern of AI “hallucinated” authorities turning up in filings, from London to New York to, now, Delhi. The question every Indian advocate faces isn’t whether AI is useful. It clearly is. The question is what your professional obligations are the moment you start using it.
Here’s the part that catches people off guard. Two months before that Delhi courtroom, in July 2025, the Kerala High Court had already issued the first AI-use policy for India’s district judiciary. It restricted AI to assistive tasks, mandated human verification of AI output, and confined judicial work to approved tools. Judges, in other words, were being handed guardrails. Advocates were not. And as of June 2026, the Bar Council of India has issued no AI-specific rule for advocates at all.
That gap is where the confusion breeds. Plenty of advocates assume that because there’s no “AI rule,” anything goes. The opposite is true. Three bodies of law already bind every Indian advocate the second they paste a client’s file into a chatbot. There’s the Bar Council of India’s confidentiality framework under the Advocates Act, 1961. There’s the law of attorney-client privilege, long carried by the Indian Evidence Act, 1872 and now by the Bharatiya Sakshya Adhiniyam, 2023. And there’s the Digital Personal Data Protection Act, 2023. None of them say the word “AI.” All of them apply to it anyway.
This guide does three things the existing coverage doesn’t. It maps those three duties, section by section, onto the concrete act of an advocate feeding client data into an AI tool. It separates honestly what binds you today from what’s merely proposed (the AI Bill 2025) or foreign (the American and UK guidance everyone keeps quoting as if it were Indian law). And it hands you the practical artefacts no competitor bothers with: a pre-upload checklist, an anonymisation workflow, and a vendor data-processing-agreement rubric you can put to work this week. Start with the short answer.
AI ethics for lawyers in India is governed not by any AI-specific bar rule, since none exists as of 2026, but by three duties that already bind every advocate: Bar Council of India confidentiality, attorney-client privilege under the BSA 2023, and the Digital Personal Data Protection Act, 2023. Using AI is permitted. Breaching these duties is not.
So the framing question isn’t “may I use AI?” It’s “what do I have to get right when I do?” The sections below answer that, pillar by pillar, then turn the rules into a checklist you can actually use.
Is it ethical for lawyers in India to use AI?
Most advocates reach this question only after they’ve already used the tool. A junior drafts a notice in ChatGPT, a partner runs a contract through an AI summariser, someone pastes a witness statement in to “just clean up the grammar.” The ethics question arrives second, usually with a small knot of doubt attached. That instinct is healthy. It means you already sense that something here is governed, even if you can’t name what.
So is it ethical? Yes, with conditions. There’s nothing in Indian professional-conduct law that prohibits an advocate from using AI, and a flat ban would be both unenforceable and absurd given how much of legal work AI already touches. But “permitted” is not the same as “unregulated.” The use is governed by duties you already carry, not by a dedicated AI code that doesn’t exist.
The short answer
The short answer is that AI use by Indian advocates is permitted but governed by pre-existing professional and statutory duties, not by any AI-specific rule. There’s no Bar Council of India regulation that says “an advocate may use generative AI subject to the following,” and there’s no statute aimed at lawyers and AI specifically. What there is instead is a stack of older obligations that apply the instant client information enters the picture: confidentiality under the BCI framework, privilege under evidence law, and data-protection duties under the DPDP Act, 2023.
Think of it this way. Using AI is like hiring a research assistant you’ve never met, who works in a building you can’t see, and who may keep copies of everything you hand them. None of that is forbidden. All of it is your responsibility to manage. The ethics live in the management, not in the tool.
Why “no AI rule, so anything goes” is dangerous
Here’s the central misconception, and it’s worth naming plainly. Because the BCI hasn’t issued an AI rule, a lot of advocates conclude the area is a free-for-all. That reading gets the relationship between specific and general rules exactly backwards. The absence of a specific rule doesn’t switch off the general ones. It just means the general ones do all the work.
Consider a common version of the question: if I use AI only for legal research, never for drafting with client facts, do confidentiality rules still apply? They do, the moment any client-identifying detail enters a prompt. Asking an AI to summarise a reported judgment that’s already public is low risk. Asking it to “find me precedents like my client’s situation, where the client is a listed company facing a SEBI show-cause for X” leaks the very thing you’re meant to protect. The tool is the same. The exposure is completely different, and it turns on what you put in, not on whether the activity is labelled “research.” (If you want the productivity side of this picture, AI tools Indian lawyers are already using in practice is a separate companion piece; this guide stays on the duties, not the tooling.)
The practical reality is that the “no rule means no risk” assumption is how disciplinary trouble starts. An advocate who genuinely believes nothing binds them takes fewer precautions, keeps no record of decisions, and has no defence when a client or a regulator asks what safeguards were in place. Frankly, this gets overlooked far too often.
How we got here: a short timeline
It helps to see the sequence, because the law here is older than the technology and the technology is moving faster than the regulators. The confidentiality and privilege foundations are genuinely ancient by tech standards: the Indian Evidence Act dates to 1872 and the Advocates Act to 1961, with the Bar Council of India Rules built on top. Both were written long before anyone imagined a chatbot, and both are AI-agnostic by design, which is precisely why they reach AI without naming it.
The modern layer arrives quickly after that. The Digital Personal Data Protection Act, 2023 became India’s first comprehensive data-protection statute and recast client data as “personal data” with fiduciary duties attached. In July 2024, the American Bar Association issued Formal Opinion 512, the first major bar guidance anywhere on generative AI ethics. In March 2025, a senior Supreme Court judge publicly flagged the danger of AI tools like ChatGPT generating fabricated case citations and legal facts.
Then the Indian developments cluster. July 2025 brought the Kerala High Court AI policy for the district judiciary. September 2025 brought the Delhi High Court fake-citation incident. November 2025 saw the Supreme Court’s Centre for Research and Planning release a White Paper on AI and the judiciary. And on 27 February 2026, the Supreme Court, taking cognizance of a trial court order that had relied on fabricated AI-generated judgments, held that a decision resting on such non-existent precedents would amount to misconduct, with legal consequences to follow. Running alongside, the Artificial Intelligence (Ethics and Accountability) Bill, 2025 was introduced in the Lok Sabha as a private member’s bill in December 2025, and the DPDP Rules, 2025 began a phased rollout.
What does that pattern tell you? That India is drawing AI boundaries fast, but starting with the judiciary, not the bar. The direction of travel is unmistakable. The advocate-facing rule simply hasn’t been written yet. Until it is, the older duties are the whole of the law, and that’s the rest of this guide.
What the Bar Council of India rules actually require (and don’t) on AI
When advocates ask “what do the Bar Council of India AI rules say,” they’re usually hoping for a checklist with the BCI’s stamp on it. It isn’t there. But that doesn’t leave you in a vacuum, and treating the absence as permission is the mistake this section is built to prevent. The conduct rules that already exist were drafted broadly enough to catch new technology without amendment, and they catch this.
The honest baseline: no AI-specific BCI rule yet
Let’s be honest about the baseline, because every other claim depends on getting it right. As of June 2026, there’s no AI-specific Bar Council of India rule. No notification, no circular, no standard of conduct that names artificial intelligence and tells advocates how to use it. Anyone who claims otherwise is either describing the Kerala High Court judiciary policy (which binds judges, not advocates) or a foreign opinion like the ABA’s (which isn’t Indian law at all).
That distinction matters more than it sounds. AI for judges and AI for advocates are governed by entirely different sources. The Kerala HC policy is an internal judicial direction. An advocate isn’t bound by it, can’t be disciplined under it, and shouldn’t cite it as if it set their own standard. What binds the advocate is the conduct framework under the Advocates Act, 1961 and the rules the BCI has made under it. So if there’s no AI rule, what exactly is that framework asking of you?
What does bind you: confidentiality and non-disclosure
What binds you is the confidentiality and non-disclosure duty that sits at the core of the advocate-client relationship. Under the Advocates Act, 1961, the BCI frames standards of professional conduct, and the BCI Rules, Part VI, Chapter II, carry the duties to the client. The relevant ones here are Rule 15, which bars an advocate from misusing or taking advantage of the confidence reposed by the client, and Rule 7, which directs that an advocate not disclose the communications made by the client (a duty expressly tied to the privilege under Sec. 126 of the Indian Evidence Act, 1872).
Now apply that to an AI input. When you paste a client’s brief, a draft settlement, or a list of witnesses into a chatbot, you’re handing the client’s confidence to a third party: the AI vendor. The duty doesn’t ask whether you meant well or whether the tool felt private. It asks whether you protected the confidence. If the vendor can read, store, or train on what you submitted, you’ve arguably shared the client’s confidence with an outsider, and you did it without the safeguards the duty implies. That’s the link competitors skip. The rule was written for human leaks: a careless conversation, a misfiled brief. It reaches digital ones just as squarely.
Does this mean research-only use is safe? Partly. If you use AI to understand a doctrine or summarise public law, no client confidence changes hands and the duty isn’t engaged. The trouble begins the instant a client-identifying fact enters the prompt, however small. A name, a matter number, a distinctive set of facts that could only be one client: each is enough to convert “research” into “disclosure.”
The duty of competence and verifying AI output
There’s a second duty that AI puts under strain, and it’s competence. An advocate is expected to bring reasonable skill and care to the client’s matter. Does that require you to understand and verify what an AI produces? In substance, yes. This is the theme the ABA built Opinion 512 around (competence in the age of generative AI), and while that opinion isn’t Indian law, the underlying competence duty in Indian conduct rules points the same way.
What does competence look like in practice? It means you cannot delegate judgment to the machine. If an AI hands you a “precedent,” competence requires you to pull the actual judgment and confirm it exists, says what the AI claims, and is good law. If an AI drafts a clause, competence requires you to know why each term is there. The mistake we see most often is treating fluent output as correct output. AI is built to sound right, which is exactly what makes unverified reliance dangerous.
A common question advocates raise here is whether they should tell the client that AI was used on the matter. There’s no Indian rule compelling disclosure to the client today. But where AI use is material to the advice or the fee, candour with the client (and good client relations) points toward telling them, especially if the client’s own data was processed. Treat it as a judgment call shaped by the confidentiality and DPDP duties below, not as a settled requirement.
Personal vs firm liability
Here’s a worry that comes up constantly: my firm has no AI policy, so am I personally liable if I use AI? The uncomfortable answer is that your individual duty doesn’t evaporate because a firm policy is missing. Professional-conduct duties attach to the advocate, not only to the firm. A junior who uploads a privileged document can’t point to the absence of a firm rule as a defence to a confidentiality breach.
The flip side is that firms carry real exposure too, which is why in-house counsel managing firm-wide AI policy increasingly treat this as a governance priority rather than an IT afterthought. A firm with no protocol leaves every fee-earner to improvise, multiplies the points of failure, and has no audit trail when something goes wrong. So the honest position is this: the firm should have a policy, and the individual advocate is still on the hook if it doesn’t. Both things are true at once.
Client confidentiality and privilege when you feed data into an AI tool
This is the section that should make you pause before your next upload. Confidentiality is the ethics duty most advocates know. Privilege is the evidence-law protection most advocates assume runs automatically alongside it. They don’t always move together, and AI is exactly the situation that can pull them apart. Get the distinction wrong and you can comply with your confidentiality duty while still handing the other side a privilege-waiver argument.
Confidentiality vs privilege: the distinction competitors blur
Start with the concepts, because almost every competitor piece treats them as the same thing. Confidentiality is a professional-conduct duty: the advocate must not disclose or misuse the client’s confidence. It’s owed to the client and enforced through discipline. Privilege is different. It’s a rule of evidence that protects certain advocate-client communications from being compelled in legal proceedings. One is about what you must not do. The other is about what a court can’t make you (or your client) produce.
Why does the difference bite for AI confidentiality for lawyers? Because the two can come apart. You might handle a document so carelessly that you breach confidentiality, yet privilege survives. Or you might preserve confidentiality in spirit while doing something (like routing privileged material through an outside vendor) that arguably waives privilege as a matter of evidence law. AI use is precisely the act that can trigger the second without you noticing the first.
How privilege works under Indian law
Under Indian law, professional-communication privilege has long lived in Sec. 126 to Sec. 129 of the Indian Evidence Act, 1872, and now sits in Sec. 132 to Sec. 134 of the Bharatiya Sakshya Adhiniyam, 2023. Specifically, Sec. 132 of the Bharatiya Sakshya Adhiniyam, 2023 (which carries forward the old Sec. 126) protects communications made to an advocate by or on behalf of the client in the course and for the purpose of professional engagement, barring the advocate from disclosing them without the client’s consent. The privilege cannot be treated as waived merely because the client gives evidence (Sec. 133), and confidential communications with a legal adviser are themselves protected from compelled disclosure (Sec. 134).
The privilege belongs to the client, not the advocate, and it’s hedged by familiar limits: it doesn’t cover communications made in furtherance of a crime or fraud, and it can be waived. If the doctrine itself is unfamiliar, it’s worth reading how attorney-client privilege works under Indian law before you map the AI-waiver risk onto it. The protection also extends, in practice, to the advocate’s clerks and the materials prepared for the engagement. Does that protection reach an AI-assisted communication? If the AI is purely your internal tool and nothing leaves a closed environment, the better view is that the communication keeps its character. The risk arrives when the material leaves your control and reaches a third party, which is where AI vendors enter the picture.
How third-party AI disclosure can waive privilege
Here’s where it gets serious. Privilege can be lost when privileged material is voluntarily disclosed to a third party who isn’t within the circle of confidence. Feeding a privileged document to an external AI vendor (whose servers store it, whose staff might access it, whose model might train on it) is plausibly that kind of third-party disclosure. The argument an opponent would run is simple: by sending the material outside the protected relationship, the client waived the privilege.
Is that settled in India? No, and the honesty here matters. The Baker McKenzie Global Privilege and Professional Secrecy Guide notes, in its India chapter, that AI use by attorneys (both inputs and outputs) remains uncertain and is yet to be tested judicially in Indian courts. It adds that privilege may be challenged where the tool lacks confidentiality protections or discloses to third parties. So there’s no Indian precedent yet that an AI upload waives privilege. There’s also none that it doesn’t. That uncertainty is itself the risk.
And consider the second-order effect, because this is where the real exposure sits. The day an Indian court does rule on this, privilege-waiver-by-AI becomes a litigation weapon. An opposing party who learns you ran the file through a consumer chatbot can move to compel the underlying material, arguing the privilege was waived at the point of upload. The fight stops being an ethics question and becomes a discovery and admissibility battle that can cost your client the protection of their own documents. That prospect, not the BCI’s silence, is what should govern your behaviour now.
Does free ChatGPT train on your client’s data?
The most common practitioner worry, and a fair one: does free ChatGPT train on my client’s data? The accurate answer is, it depends on the product and the settings, and you must check rather than assume. Consumer AI products have historically used user inputs to improve their models unless the user opts out or uses a configuration that excludes training. Enterprise and API tiers often contractually exclude training on customer inputs. But the only reliable source is the specific vendor’s current terms for the specific product you’re using, not a general impression.
There’s a further wrinkle that surprised a lot of lawyers abroad. A court order can require an AI vendor to retain user data, including chats a user thought were deleted. In mid-2025, a US federal court in the New York Times litigation against OpenAI ordered the company to preserve output logs that would otherwise have been deleted, sweeping in consumer chats users had explicitly deleted. If that happens, your “deleted” client material may still exist on the vendor’s systems and could, in theory, be reachable. The lesson isn’t that AI is unusable. It’s that “I deleted it” and “the vendor said it’s confidential” are vendor claims, not legal guarantees, and your privilege analysis has to assume the data persists somewhere.
So what’s verifiable versus what’s marketing? Verifiable: the written terms, the data-residency commitments in a signed agreement, the retention clauses. Not verifiable by you: what the vendor actually does on its back end. Treat the gap between the two as risk you carry on the client’s behalf.
DPDP Act 2023 duties for lawyers using AI
If the BCI duty is the one advocates underestimate and privilege is the one they misunderstand, the DPDP Act is the one most don’t realise applies to them at all. Yet the DPDP Act for lawyers is arguably the sharpest of the three, because it carries monetary penalties and statutory obligations that don’t depend on any disciplinary committee taking a view. The moment client data is “personal data” and you’re deciding how it’s processed, you’re inside this statute. AI just makes the processing more visible and more risky.
Is a lawyer a data fiduciary under the DPDP Act?
Start with the labels, because the whole regime turns on them. Sec. 2 of the Digital Personal Data Protection Act, 2023 defines the key roles. “Personal data” is any data about an identifiable individual. A “data fiduciary” is the person who alone or with others determines the purpose and means of processing personal data. A “data processor” is a person who processes personal data on behalf of a data fiduciary.
So which are you? When an advocate decides to feed a client’s personal data into an AI tool and chooses why and how, the advocate is making the purpose-and-means decision, which points squarely at data fiduciary status. The AI vendor, processing that data on your instruction under its terms, looks like the data processor. This isn’t a formality. If you’re the fiduciary, the statute’s consent, security, and breach duties land on you, and you can read the consent and security obligations under the DPDP Act 2023 in more depth to see how heavy that load is.
Consent before processing
Do you need client consent before putting their information into an AI tool? Under Sec. 6 of the Digital Personal Data Protection Act, 2023, consent must generally be free, specific, informed, unconditional, and unambiguous, given by a clear affirmative action, and limited to the data necessary for the stated purpose. The Act recognises certain “legitimate uses” that can operate without fresh consent, but processing client personal data through a third-party AI tool isn’t an obvious fit for those, so consent is the safer footing.
What does that mean concretely? A blanket line in your engagement letter saying “we may use technology” probably won’t carry the weight of “specific” and “informed” consent for routing the client’s personal data through an external AI vendor that may store or process it abroad. The better approach, in our view, is an explicit, purpose-specific consent: tell the client you propose to use a named category of AI tool, for what task, with what data, and what the vendor does with it. Get that agreement before the first upload, not after a problem. And if the client says no, that decision is binding on you.
Security safeguards, purpose limitation, and breach duties
Consent is only the entry point. Sec. 8 of the Digital Personal Data Protection Act, 2023 loads the data fiduciary with general obligations. You must implement reasonable security safeguards to prevent personal-data breaches, process only for the consented purpose, ensure accuracy where the data drives a decision, and comply with breach-notification duties. The fiduciary also remains responsible for processing done by a processor on its behalf, which means the vendor’s breach can become your breach.
So what does an AI-caused data breach actually expose you to? If a vendor you chose suffers a breach involving your client’s personal data, you, as the fiduciary, face notification obligations and potential financial penalties under the DPDP enforcement regime, which is built around significant monetary penalties rather than nominal fines. The purpose-limitation point is just as live: if you uploaded data for “drafting” and the vendor uses it for “model training,” that’s arguably processing beyond the consented purpose, and the responsibility for that mismatch runs back to you. Worth flagging: this is the part of the statute that turns a casual upload into a compliance event with a price tag.
Personal vs sensitive data, and Significant Data Fiduciary thresholds
A frequent confusion: does “personal data” include my corporate client’s files? The data of a company itself isn’t personal data, because a company isn’t an identifiable individual. But corporate files are stuffed with personal data: employee details, director information, customer records, counterparties’ contact data. So the answer in practice is yes, corporate matters routinely involve personal data, and uploading “the company’s files” usually means uploading individuals’ personal data with it.
Does the DPDP Act distinguish sensitive or special-category data the way some foreign laws do? This is a real point of difference. The DPDP Act, 2023 takes a broadly unified approach to personal data rather than carving out an elaborate “sensitive personal data” category the way the earlier draft regime and several foreign statutes did. That doesn’t make sensitive material safe; it means the same fiduciary duties apply across the board, and the practical sensitivity of medical, financial, or children’s data should still drive extra caution.
Could a large firm become a Significant Data Fiduciary? Possibly. The Act lets the government classify certain fiduciaries as Significant Data Fiduciaries, judged on factors like the volume and sensitivity of data processed and the risk to data principals. SDFs carry heavier duties, such as appointing a Data Protection Officer and conducting impact assessments. A large firm processing huge volumes of personal data across many matters isn’t obviously outside that net. It’s not automatic, but it’s not impossible either, and the bigger the practice, the more seriously it should plan for that classification.
Does anonymisation remove DPDP obligations?
The hopeful question everyone asks: if I anonymise the data, does the DPDP Act stop applying? The honest answer is that genuine anonymisation can take data outside “personal data” entirely, because data that no longer identifies an individual isn’t personal data. But that’s a high bar, and most of what advocates do is not anonymisation. It’s pseudonymisation.
The distinction is the whole game. Pseudonymised data replaces direct identifiers with codes but can be re-linked to the individual (you kept the key, or the underlying facts are distinctive enough to re-identify). Pseudonymised data is still personal data, so the DPDP duties still apply. Truly anonymised data is irreversibly stripped so no individual can be singled out, even by combining it with other available information. If a “redacted” brief still describes a one-of-a-kind transaction in a niche sector, you haven’t anonymised it; a knowledgeable reader can name the client. The residual-risk check is where this gets decided, and we come back to the practical workflow for it in the toolkit below.
Confidentiality vs data protection: how the BCI duty and the DPDP Act differ
A lot of advocates collapse these two into one fuzzy “I’ll keep it safe” instinct. That’s a mistake, because they’re different duties, owed to different people, enforced by different bodies, with different consequences. Understanding the BCI confidentiality vs DPDP distinction is what lets you see why a single AI upload can put you in two kinds of trouble at the same time.
Two regimes, not one
The first regime is an ethics duty owed to the client. The BCI confidentiality obligation exists because the client trusted you, and it’s enforced through professional discipline. The second is a statutory duty owed under data-protection law to the individual whose data you process, enforced by a regulator with penalty powers. They protect overlapping but distinct interests: one guards the client’s confidence in their lawyer, the other guards any identifiable person’s control over their personal data.
And here’s the second-order point that catches firms out: these regimes compound, they don’t substitute. Satisfying one doesn’t discharge the other. You could have airtight client consent under the BCI lens and still breach the DPDP Act because you lacked a lawful processing basis for an employee’s data buried in the file. Two duties, two analyses, every time.
Data fiduciary vs data processor
The DPDP layer also assigns roles that the BCI duty doesn’t bother with. Under the data-protection regime, the lawyer who decides the purpose and means of processing is the data fiduciary, and the AI vendor processing on the lawyer’s instruction is typically the data processor. The BCI duty, by contrast, doesn’t care about “processors.” It simply asks whether the advocate protected the client’s confidence. So the same act (an upload) is described two ways: as a possible confidence-breach under conduct rules, and as fiduciary-to-processor data flow under the statute.
The comparison below lays the two regimes side by side so you can see exactly where they diverge.
| Dimension | BCI confidentiality (ethics duty) | DPDP Act 2023 (statutory duty) |
|---|---|---|
| Source of duty | Professional-conduct duty under the BCI Rules made under the Advocates Act, 1961 | Statutory obligation under the Digital Personal Data Protection Act, 2023 |
| Who is protected | The client who reposed confidence in the advocate | Any identifiable individual whose personal data is processed (the data principal) |
| The lawyer’s role | An advocate bound by confidentiality and non-disclosure | Likely a data fiduciary; the AI vendor is typically a data processor |
| What triggers it for AI | Sharing the client’s confidence with a third-party tool | Processing personal data without a lawful basis or consent (Sec. 6) |
| Consequence of breach | Disciplinary action for professional misconduct | Monetary penalties under the DPDP enforcement regime |
A single upload can trigger both
Now picture the cascade. A junior associate, trying to be efficient, uploads a bundle of privileged corporate files to a free AI tool to draft a summary. In one action they’ve potentially breached the advocate’s confidentiality duty to the client, exposed the firm to a DPDP processing question over the employees’ and counterparties’ personal data inside those files, and handed an opponent a possible privilege-waiver argument. One upload, three exposures.
That’s the firm-level liability cascade, and it’s a genuine second-order effect most guides miss. The two regimes don’t take turns; they fire together. Which is exactly why the safeguards in the next section aren’t optional polish. They’re the thing standing between a routine efficiency and a three-front problem.
When AI misleads the court: hallucinated citations and the duty of candour
The confidentiality and DPDP risks are about what you put into AI. This risk is about what you take out of it and hand to a judge. AI fake citations and professional misconduct in India have moved from hypothetical to headline, and the reason it’s an ethics problem (not just a quality-control slip) is that it collides directly with an advocate’s oldest duty to the court.
The duty of candour and not misleading the court
An advocate is an officer of the court before they’re an agent of the client. That carries a duty of candour and a duty not to mislead the court, including not putting forward authorities you haven’t verified. When an AI invents a case (a plausible-looking citation, a real-sounding party name, a volume and page that lead nowhere) and you file it without checking, you’ve placed a false authority before the court. Whether you intended to deceive or were merely careless, you’ve breached the standard, because the duty includes the obligation to know that what you cite is real.
Why is this a conduct problem and not just an error? Because the remedy for honest mistakes is correction, but the duty here is preventive. The court is entitled to rely on the advocate’s representation that the cited law exists and says what it’s said to say. Outsourcing that representation to a tool that fabricates with total fluency, and then not verifying, is the failure. The hallucination is the AI’s. The breach is yours.
What happened in the Delhi High Court fake-citation matter
The Delhi High Court matter from September 2025 is the Indian face of this problem. A homebuyers’ welfare association, moving the High Court under Article 227 of the Constitution and Sec. 115 of the Civil Procedure Code against a set of trial court orders, relied on case citations that turned out to be fabricated by an AI tool. Some of the cited judgments did not exist; in another, the petition quoted a paragraph number higher than the total number of paragraphs in the actual ruling. Once the fabrications surfaced, the plea was withdrawn rather than pressed, and the court dismissed it as withdrawn while calling the use of AI in this manner impermissible and a serious concern. The detail that matters for ethics isn’t the withdrawal. It’s that fabricated authorities reached a filing at all, which is the exact point where the duty of candour is engaged.
This was not an isolated event. The Bombay High Court, in an income-tax matter, found that an assessing officer had relied on three judicial decisions that did not exist. The court cautioned that AI-generated results must be cross-verified before being relied on in quasi-judicial work. Another High Court imposed costs on a litigant who filed AI-generated written arguments citing non-existent case law. The pattern (AI hallucinations entering Indian court filings) is now well documented across multiple courts, which is exactly why the duty to verify every authority before filing has moved from good practice to professional necessity.
The reported Supreme Court stance on AI fake citations
The stakes climbed further in early 2026. On 27 February 2026, the Supreme Court, taking cognizance of a trial court order that had relied on four non-existent, AI-generated judgments, held that a decision built on such fake precedents would be misconduct and that legal consequences would follow. The order arose in the judicial context (a judge’s reliance on fabricated authorities), but its logic hardens the consequence for everyone who puts unverified AI output before a court, moving it from judicial embarrassment to disciplinary exposure. It closes the comfortable gap between “the AI got it wrong” and “I’m responsible,” because responsibility for what is filed or relied on attaches to the person who put it forward, not to the software.
The direction is unmistakable and the prudent assumption is conservative. Can filing AI-fabricated citations be professional misconduct in India? The safe working answer for any advocate today is yes, treat it as capable of being misconduct, and verify accordingly. You don’t want to be the test case that settles the question against you.
Disclosed vs undisclosed AI use
A subtler question sits underneath: is using AI without telling the court itself a breach of candour? There’s no Indian rule today that compels an advocate to announce “this was drafted with AI.” So undisclosed use, by itself, isn’t currently a candour breach. The breach is filing unverified or false content, disclosed or not. Disclosure doesn’t cure a fabricated citation, and non-disclosure of properly verified, AI-assisted work isn’t, on current rules, a violation.
That said, the calculus shifts the moment a court asks. If a bench directly inquires whether AI was used, candour requires a straight answer. And as judicial AI policies mature, expect the expectation to drift toward disclosure in some settings. For now, the rule of thumb is simple: verify everything you file, and never let AI use become something you’d be uncomfortable admitting if asked directly. (The foreign experience with this exact problem, covered further below, shows where undisclosed, unverified AI use leads.)
What binds you now vs what’s coming
This is the section that kills the confusion. The conversation about AI law for lawyers in India mixes three very different things as if they were one: rules that bind you today, proposals that might bind you tomorrow, and foreign guidance that never binds you here. Separating them is the single most useful thing you can do, because it tells you what to comply with now and what to merely watch.
What actually binds you today
What binds you today is short and entirely made of existing law. There are exactly three sources, and you’ve now seen each. There’s the Bar Council of India confidentiality and competence framework under the Advocates Act, 1961. There’s attorney-client privilege under the Indian Evidence Act, 1872 and the Bharatiya Sakshya Adhiniyam, 2023. And there’s the Digital Personal Data Protection Act, 2023, with its consent, security, and breach duties. That’s the live compliance perimeter. Everything else in the AI-ethics conversation is context, not obligation.
Notice what’s not on that list. No AI-specific bar rule. No AI statute aimed at lawyers. No binding code of AI conduct for advocates. If a duty isn’t traceable to one of those three existing sources, it isn’t yet enforceable against you, however sensible it sounds.
What is coming, not yet binding
Now the horizon, where the language has to stay careful because none of it binds you yet. The Artificial Intelligence (Ethics and Accountability) Bill, 2025 was introduced in the Lok Sabha as a private member’s bill in December 2025. But a private member’s bill is a long way from law (only a handful have ever been enacted), and commentary has questioned whether it addresses the legal sector specifically. Treat it as a signal of legislative interest, not a present duty. The DPDP Rules, 2025 are a different matter: as the phased rollout proceeds, the consent, security, and breach-notification mechanics are likely to harden, which raises the practical compliance bar for lawyers acting as data fiduciaries.
And a BCI or court-issued AI advisory for advocates is plausible, though not yet issued. Given the Kerala High Court precedent for judges and the momentum behind the Supreme Court’s White Paper, practitioners widely expect advocate-facing guidance in a future regulatory cycle. Early signals suggest the gap is recognised. But “expected” is not “in force,” and you comply with what exists, while preparing for what’s likely.
The Kerala HC policy and the SC White Paper
Two judiciary-side developments get cited so often that their scope needs pinning down. The Kerala High Court’s July 2025 AI policy governs the use of AI tools in the district judiciary, restricting AI to assistive functions, mandating human verification of AI output, and confining judicial work to court-approved tools. The Supreme Court’s November 2025 White Paper on AI and the judiciary, released by its Centre for Research and Planning, sets out direction for AI in the court system more broadly. It flags hallucinated citations as a core risk and recommends human verification, secure in-house infrastructure, and ethical-use guidelines.
Here’s the crucial qualifier: both govern judges and the court system, not advocates. AI for judges and AI for advocates run on separate tracks. So who do these rules apply to? Judicial actors. An advocate can read them as a strong indication of where the bench’s thinking is heading, and as a model for sensible safeguards, but cannot be disciplined under them and shouldn’t present them as their own binding standard. They’re direction-of-travel, not your rulebook.
| Source | Status | What it requires | Effective |
|---|---|---|---|
| BCI confidentiality and competence duties | Binding (existing) | Protect client confidence; competently verify AI output | In force |
| Attorney-client privilege (IEA 1872 / BSA 2023) | Binding (existing) | Don’t disclose privileged material to third parties without consent | In force |
| Digital Personal Data Protection Act, 2023 | Binding (existing) | Consent, security safeguards, purpose limitation, breach duties | In force; Rules phasing in |
| Kerala HC AI policy (judiciary) | Boundary-setting, not advocate-binding | Assistive use, verification, audit trails for the district judiciary | In force for that judiciary |
| SC White Paper on AI (judiciary) | Direction-of-travel, not binding | Frames AI use in the court system | Policy paper, Nov 2025 |
| AI (Ethics and Accountability) Bill, 2025 | Proposed, not binding | Cross-sector AI duties (legal-sector coverage debated) | Pending (verify) |
The honest bottom line
So let’s retire the myth for good. “No AI rule means anything goes” is false, and now you can see exactly why: the things that bind you were never about AI in the first place. They’re about confidence, privilege, and personal data, and AI is simply a new way to engage them. The regulatory gap is real, but it’s a gap in AI-specific rules, not a gap in duties. Until an advocate-facing AI standard arrives, the three existing sources are the whole answer, and they’re enough to get you into serious trouble if ignored.
A practical AI-use compliance toolkit for Indian advocates
Everything above is the law. This is what you do with it. The gap no competitor fills is the operational one: how does an advocate actually decide, before each upload, whether this is safe? The toolkit here turns the three duties into routines you can run in minutes, so compliance becomes a habit rather than a crisis. None of it requires a compliance department. It requires a checklist and the discipline to use it.
The pre-upload checklist
Run this before any client-related material goes into an AI tool. Each step maps to a duty you’ve already met in this guide, so it isn’t bureaucracy for its own sake.
- Identify whether the document contains personal data or privileged client communication. If it’s purely public material, the risk is low and you can proceed; if it’s either of those, continue down the list.
- Confirm a lawful basis or specific client consent before processing, in line with Sec. 6 of the DPDP Act, 2023. No basis, no upload.
- Strip or pseudonymise identifiers, then ask whether what’s left is genuinely anonymised or merely disguised, and whether the residual facts could still re-identify the client.
- Read the AI vendor’s data-processing terms for the actual product you’re using, checking for no-training-on-input, data residency, and deletion on demand.
- Prefer enterprise or legal-specific tools over free consumer AI for anything touching client data, because the contractual protections differ sharply.
- Verify every AI-generated citation and factual claim before it leaves your desk, pulling the underlying authority yourself.
- Log the decision: what was uploaded, why, on what basis, and into which tool, so you have a record if a client or regulator asks.
Why log it at all? Because the difference between a defensible decision and an indefensible one is often just whether you can show you thought it through. A one-line note per upload is cheap insurance against a hard question later.
The anonymisation workflow
Anonymisation is where most advocates overestimate themselves, so treat it as a deliberate process, not a quick redaction pass. Start by removing direct identifiers: names, addresses, phone numbers, PAN, account numbers, anything that points straight at a person. That’s necessary but rarely sufficient.
Then attack the indirect identifiers, which are what trip people up. A unique transaction value, a niche industry, an unusual procedural posture, a distinctive set of dates: combine two or three and a knowledgeable reader can re-identify the client even with every name gone. Decide honestly whether you’ve anonymised (irreversibly stripped so no one can single out the individual) or merely pseudonymised (swapped identifiers for codes you or the facts can reverse). If it’s pseudonymised, the DPDP duties still apply and you should treat the data as personal data. The residual-risk check is the final gate: ask “could a motivated outsider, combining this with public information, name my client?” If the answer is yes or maybe, anonymisation isn’t enough, and the material either needs more stripping or shouldn’t go into a non-trusted tool at all.
The vendor DPA evaluation rubric
A data-processing agreement (DPA) is the contract that turns a vendor’s marketing promises into enforceable obligations. For client data, you want one, and you want to read it. The rubric below tells you what to demand, what good looks like, the red flags, and how heavily to weight each clause.
| Clause to demand | What good looks like | Red flag | Weight |
|---|---|---|---|
| No training on input | Explicit contractual bar on using your inputs to train or improve models | Silence, or “we may use data to improve our services” | High |
| Purpose limitation | Vendor processes only to deliver the service you asked for | Broad rights to “any business purpose” | High |
| Data residency | Storage and processing in a defined, disclosed jurisdiction | Unspecified or shifting global locations | Medium to high |
| Breach notification | Prompt, time-bound notice to you on any personal-data breach | No notification commitment, or vague timelines | High |
| Sub-processor control | Named sub-processors, notice of changes, equivalent obligations flowed down | Unrestricted right to share with undisclosed third parties | Medium |
| Deletion and return | Data deleted or returned on request and at contract end | No deletion right, or indefinite retention | High |
How do you use it? Score each clause, weight the highs heavily, and treat any high-weight red flag as close to disqualifying for genuinely sensitive matters. A tool can be brilliant and still be wrong for privileged client data if its DPA fails these tests.
Cloud vs on-premise / closed model
Are Indian-hosted or data-residency AI tools actually safer legally? Often, yes, but for specific reasons, not as a slogan. A cloud tool sends your data to a third party’s servers, which is the disclosure that engages privilege-waiver risk and DPDP processing duties. An on-premise or closed model that runs inside your own environment may never disclose data to an outside party at all, which can keep the material inside the circle of confidence and simplify the DPDP analysis.
Data residency matters because keeping personal data within India can ease cross-border-transfer questions under the DPDP framework, which lets the government restrict transfers to notified countries. It also reduces the chance of foreign legal process reaching your client’s data. But residency isn’t a cure-all. An Indian-hosted tool with a terrible DPA can still train on your inputs or suffer a breach. The better approach is to combine residency with the DPA rubric above: where the data lives, plus what the contract permits, together determine the real risk.
Tool-type risk differences
Not every AI use carries the same risk, and treating them alike either paralyses you or makes you reckless. Is summarising a public judgment different from drafting a contract with client facts? Completely. Summarising a reported, public judgment puts no client confidence and no personal data into the tool, so the confidentiality and DPDP exposure is minimal. Drafting a contract that contains the client’s identity, commercial terms, and counterparties’ details puts all three duties in play at once.
The free-versus-enterprise distinction tracks the same logic. The table below sets out the confidentiality difference between consumer and enterprise or legal-specific AI, because this is the choice advocates make most days without thinking about it.
| Factor | Free consumer AI | Enterprise / legal-specific AI |
|---|---|---|
| Training on your inputs | Often used to train unless you opt out | Usually contractually excluded |
| Data-processing agreement | Generally none with the individual user | Negotiable DPA with enforceable terms |
| Data residency control | Typically none | Often configurable or India-hosted options |
| Access and confidentiality controls | Limited; consumer terms | Role-based access, audit logs, stronger controls |
| Suitability for privileged client data | Poor; high waiver and DPDP risk | Better, if the DPA passes the rubric |
The honest takeaway is to match the tool to the data. Public material in a free tool is fine. Client facts belong only in a tool whose contract you’ve read and whose protections you can defend.
How India compares: ABA Opinion 512 and the UK approach
Everyone quotes the foreign guidance, so let’s handle it properly and then put it in its place. ABA Formal Opinion 512 and the UK approach come up in every Indian discussion of lawyer AI ethics, usually cited as if they settled the Indian position. They don’t. They’re persuasive context and useful templates, and that’s all. Here’s what they actually say, and why an Indian advocate should read them as comparison, never as command.
ABA Formal Opinion 512
The American Bar Association’s Formal Opinion 512, issued on 29 July 2024, was the first major bar guidance on generative AI ethics. It organises the issues around duties Indian advocates will recognise: competence, confidentiality, communication with the client (including informed consent), candour to the tribunal, supervisory responsibilities, and reasonable fees. Its core message is that existing professional-conduct rules already govern AI use, which is the same conclusion this guide reaches for India through entirely different sources.
But (and this is the part people skip) Opinion 512 is an interpretation of the American Model Rules of Professional Conduct. It has no legal force in India whatsoever. An Indian advocate cannot be disciplined under it, can’t cite it as binding, and shouldn’t treat its specific requirements as Indian obligations. What does require it in India? Nothing. It’s worth reading because the reasoning travels well, not because it applies.
The UK Bar Council and SRA approach
The UK has taken a guidance-led route too. The Bar Council and the Solicitors Regulation Authority have issued material on using AI outputs responsibly, emphasising that the duty to check accuracy, protect confidentiality, and not mislead the court remains the lawyer’s regardless of the tool. The framing is familiar: the technology is permitted, the responsibility stays human.
As comparison, this is genuinely useful, because the UK reasoning maps neatly onto Indian duties of competence and candour. As law, it’s irrelevant in India. The same caution applies as with the ABA: read it for the thinking, not for the rule, and never present UK guidance to an Indian forum as though it governed the matter.
UK fake-citation matters
The UK courts have already confronted the exact hallucination problem India is now meeting. In R (Ayinde) v London Borough of Haringey [2025] EWHC 1040 (Admin) (heard with Al-Haroun at the Divisional Court as [2025] EWHC 1383 (Admin)), fabricated authorities were put before the court, and the judge described the conduct as professional misconduct, with costs orders following. In MS v Secretary of State for the Home Department [2025] UKUT 305 (IAC), an Upper Tribunal case, a barrister relied on a fake citation generated by ChatGPT and was referred to the Bar Standards Board. The thread running through them is consistent with the duty of candour discussed earlier: the obligation to verify authorities is the advocate’s, and the tool’s hallucination is no defence.
These are foreign judgments, so they’re comparison only and aren’t linked to Indian primary databases. They matter to an Indian reader as a preview, not as precedent. They show what a developed jurisdiction does when unverified AI citations reach the bench, which is to put the responsibility squarely back on the lawyer, exactly where Indian conduct duties would put it too.
What India shares and what is distinct
So how do India, the US, and the UK line up on lawyer AI ethics? They share the central move: each treats existing professional duties (competence, confidentiality, candour) as already governing AI, rather than waiting for an AI-specific code. That convergence is reassuring, because it means the instincts you’d bring from any of these systems point the same way.
What’s distinct for India is the source mix and one big addition. India layers a comparatively new, penalty-backed data-protection statute (the DPDP Act, 2023) on top of the conduct and privilege duties, which neither the ABA opinion nor the UK guidance centres in the same way. So the takeaway for an Indian advocate reading foreign material is this: borrow the reasoning on competence and candour freely, but never forget that your data-protection exposure is statutory, domestic, and heavier than the foreign guidance suggests.
Common mistakes Indian advocates make with AI
You’ve seen the duties and the toolkit. Now here’s the failure side, because knowing the rules and avoiding the predictable errors are different skills. These are the AI mistakes lawyers make most often, drawn from the patterns this guide has traced, and each one has a clean fix. Read them as a pre-mortem: any of these can turn a useful tool into a disciplinary or compliance problem.
The first mistake is trusting AI output without verification. An advocate reads a fluent, confident answer and files it, citation and all, without pulling the underlying authority. The fix is mechanical: verify every citation and factual claim against the source before it leaves your desk. Competence isn’t optional just because the draft reads well, and fluent is not the same as correct.
The second is assuming “enterprise” confidentiality claims are accurate without reading the DPA. A vendor’s homepage says “enterprise-grade security” and the advocate treats that as a guarantee. But the marketing line and the contract are different documents, and only the contract binds the vendor. The fix is to read the actual data-processing agreement against the rubric above and trust the clauses, not the slogans.
The third is letting juniors upload privileged documents without a firm-wide protocol, and this is the one with the worst blast radius. A single associate’s upload can engage the confidentiality duty, the DPDP processing question, and a privilege-waiver argument all at once, as the earlier cascade showed. The fix is a written firm protocol that says what may be uploaded, into which tools, and by whom, so the decision isn’t left to whoever is in a hurry. The second-order reality is that the cost of one careless upload is borne firm-wide, not by the individual who clicked.
The fourth is treating anonymisation as a complete cure for DPDP obligations. Advocates redact names, assume the data is now outside the Act, and relax. But pseudonymised data is still personal data, and distinctive facts can re-identify a client no matter how many names you strip. The fix is the residual-risk check: if a knowledgeable outsider could still name the client, you haven’t anonymised, and the duties still apply.
The fifth is the emerging error of underestimating where this is heading, which is itself a second-order shift worth naming. Vendor due-diligence and privilege-waiver analysis are quietly becoming part of the duty of competence, which means evaluating AI DPAs and data-residency claims is turning into billable, expected lawyering rather than optional caution. And the same upload that’s a compliance risk for you is becoming a litigation weapon for your opponent, who may one day argue privilege was waived at the point of upload. The advocates who see this early (and build the skill now) will be advising on it while others are still asking whether they’re allowed to use AI at all.
Frequently asked questions
1. Is it ethical for lawyers in India to use AI tools like ChatGPT? Yes. No Indian conduct rule prohibits AI use, and a flat ban would be unworkable. But it’s permitted, not unregulated. The moment client information enters a prompt, your confidentiality, privilege, and DPDP duties apply. Ethical use means managing those duties carefully, verifying every output, and never assuming the absence of an AI rule means the absence of obligations.
2. Does the Bar Council of India have rules on AI use by advocates? No. As of June 2026, there’s no AI-specific Bar Council of India rule for advocates. What governs you instead are the existing confidentiality and competence duties under the BCI Rules and the Advocates Act, 1961. Those rules don’t mention AI, but they apply to it fully, because they were written broadly enough to catch new technology without amendment.
3. What does BCI Rule 15 say about client confidentiality? The duty commonly cited as Rule 15 of the BCI Rules requires an advocate not to misuse or take advantage of the confidence reposed in them by the client. Applied to AI, sending a client’s confidential material to a third-party tool that can store or train on it can engage this duty, because you’ve shared the client’s confidence with an outsider without adequate safeguards.
4. Is there an AI law for the legal profession in India? Not yet. No statute targets lawyers and AI specifically, and the Artificial Intelligence (Ethics and Accountability) Bill, 2025 remains a proposal, not an enacted law. What binds advocates today is general law: BCI conduct duties, attorney-client privilege, and the DPDP Act, 2023. Judiciary-side policies like the Kerala HC AI policy govern judges, not advocates.
5. Does the DPDP Act 2023 apply to lawyers using AI? Yes. When an advocate processes a client’s personal data, including by feeding it into an AI tool, the Digital Personal Data Protection Act, 2023 applies. The advocate is likely a data fiduciary deciding the purpose and means of processing. That triggers consent, security, purpose-limitation, and breach-notification duties, all backed by monetary penalties under the Act’s enforcement regime.
6. Is a lawyer a data fiduciary under the DPDP Act when using an AI tool? Most likely, yes. Under Sec. 2 of the DPDP Act, 2023, the data fiduciary is whoever determines the purpose and means of processing personal data. An advocate who chooses to put client data into an AI tool, and decides why and how, is making that determination. The AI vendor, processing on your instruction, is typically the data processor.
7. What consent is required under Sec. 6 of the DPDP Act before processing client data? Sec. 6 generally requires consent that’s free, specific, informed, unconditional, and unambiguous, given by a clear affirmative action and limited to the data needed for the stated purpose. A vague “we use technology” clause won’t carry that weight. The safer course is explicit, purpose-specific consent naming the AI use, the data involved, and what the vendor does with it.
8. What are the security safeguard duties under Sec. 8 of the DPDP Act? Sec. 8 requires a data fiduciary to implement reasonable security safeguards against personal-data breaches, process only for the consented purpose, maintain accuracy where data drives decisions, and meet breach-notification obligations. Crucially, you stay responsible for processing carried out by a processor on your behalf, so an AI vendor’s breach involving your client’s data can become your compliance failure.
9. Do I need client consent before putting their information into an AI tool? In most cases involving personal data, yes. Treating the upload as processing under the DPDP Act means you need a lawful basis, and specific, informed consent is the cleanest one. Independently, your confidentiality duty points the same way. The practical rule: get explicit consent for AI processing before the first upload, and respect a client’s refusal as binding.
10. How do I anonymise client data before using AI? Remove direct identifiers first: names, addresses, numbers, account details. Then tackle indirect identifiers, because unique facts (a distinctive deal value, a niche sector, an unusual posture) can re-identify the client even without names. Finally, run a residual-risk check: could a knowledgeable outsider still name the client? If yes, you’ve only pseudonymised, the DPDP duties still apply, and more stripping is needed.
11. Which AI tools are safe for Indian lawyers to use with client data? There’s no fixed “safe list.” Safety depends on the contract, not the brand. A tool is suitable for client data only if its data-processing agreement bars training on your inputs, limits purpose, commits to breach notification, controls sub-processors, and allows deletion. Free consumer tools rarely offer this. Enterprise or legal-specific tools with a readable, negotiated DPA are the better choice for sensitive material.
12. What is a data-processing agreement (DPA), and do I need one with my AI vendor? A DPA is the contract that turns a vendor’s promises into enforceable obligations on how it handles personal data. For client data, you want one and you should read it. Look for no-training-on-input, purpose limitation, data residency, prompt breach notification, sub-processor controls, and deletion rights. Without an enforceable DPA, you’re relying on marketing claims, which aren’t a legal defence.
13. What is the difference between confidentiality (BCI) and data protection (DPDP)? Confidentiality is an ethics duty owed to your client and enforced through professional discipline. Data protection under the DPDP Act, 2023 is a statutory duty owed to any identifiable individual whose data you process, enforced by a regulator with penalty powers. They overlap but don’t substitute. One AI upload can engage both, and satisfying one doesn’t discharge the other.
14. Confidentiality vs privilege: what is the distinction for AI use? Confidentiality is a conduct duty: don’t disclose or misuse the client’s confidence. Privilege is an evidence-law protection that keeps certain advocate-client communications from being compelled in proceedings. AI matters because the two can come apart: routing privileged material through a third-party vendor may risk waiving privilege as a matter of evidence law, even where you intended to keep the matter confidential.
15. How do BCI confidentiality duties and DPDP Act obligations differ? The BCI duty is about protecting the client’s trust and is enforced by disciplinary bodies. The DPDP obligation is about lawful processing of personal data and is enforced through statutory penalties. They use different concepts too: the DPDP Act assigns “data fiduciary” and “data processor” roles, which the BCI duty ignores. They compound, so a single act can breach both at once.
16. There are no AI-specific BCI rules, so what actually binds me right now? Three existing sources bind you today: the Bar Council of India confidentiality and competence framework under the Advocates Act, 1961; attorney-client privilege under the Indian Evidence Act, 1872 and the BSA, 2023; and the Digital Personal Data Protection Act, 2023. Everything else (the AI Bill 2025, foreign guidance, judiciary policies) is context or proposal, not a present obligation on advocates.
17. Can entering client information into ChatGPT breach attorney-client privilege in India? Possibly, and the risk is real even though it’s untested in Indian courts. Privilege can be lost when privileged material is disclosed to a third party outside the circle of confidence. Feeding such material to an external AI vendor may be argued to be that kind of disclosure. There’s no Indian precedent confirming or denying it yet, which is exactly why caution is warranted.
18. Can AI-generated fake case citations be professional misconduct in India? Treat it as capable of being misconduct. Filing fabricated authorities breaches the duty of candour and the duty not to mislead the court, and on 27 February 2026 the Supreme Court held that a decision resting on non-existent, AI-generated judgments amounts to misconduct with legal consequences. Responsibility lies with whoever puts the unverified content before the court, so verify every citation before filing.
19. Can I be penalised under the DPDP Act for an AI-caused data breach? Yes, potentially. As the likely data fiduciary, you carry breach-notification duties and exposure to monetary penalties under the DPDP Act’s enforcement regime if a breach involves your client’s personal data, even where the breach occurs at a vendor you chose. The Act’s penalties are significant rather than nominal, which is why vendor selection and a strong DPA matter so much.
20. Can I be disbarred or face disciplinary action for AI misuse in India? Disciplinary action is possible where AI misuse breaches existing conduct duties: leaking client confidence, filing fabricated citations, or failing the duty of competence. There’s no AI-specific disciplinary rule, but you can be disciplined under the general framework that already applies. The exposure isn’t theoretical, especially as courts harden their stance on unverified AI-generated content reaching filings.
References
Case Law
No Indian case is asserted as decided authority in this post. The Indian incidents referenced are court events, listed under Incidents below. Foreign matters are comparison-only and are not linked to Indian primary databases.
- R (Ayinde) v. London Borough of Haringey [2025] EWHC 1040 (Admin); consolidated Divisional Court judgment with Al-Haroun v. Qatar National Bank as [2025] EWHC 1383 (Admin) (UK) – foreign comparison only; NOT linked to Indian Kanoon.
- MS v. Secretary of State for the Home Department (Professional Conduct: AI Generated Documents) [2025] UKUT 305 (IAC), 12 August 2025 (UK) – foreign comparison only; NOT linked to Indian Kanoon.
Statutes
- Advocates Act, 1961 – foundation for Bar Council of India rule-making and standards of professional conduct.
- Indian Evidence Act, 1872 – Sec. 126 to Sec. 129 (professional communications / privilege), now carried by Sec. 132 to Sec. 134 of the Bharatiya Sakshya Adhiniyam, 2023 (Sec. 132 advocate-client privilege, Sec. 133 no waiver by volunteering evidence, Sec. 134 confidential communications with legal advisers).
- Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) – Sec. 2 (definitions), Sec. 6 (consent), Sec. 8 (general obligations / security / breach), Significant Data Fiduciary provisions; plus the DPDP Rules, 2025 (phased rollout in progress).
Rules
- Bar Council of India Rules, Part VI, Chapter II – Rule 15 (advocate not to misuse or take advantage of client confidence) and Rule 7 (advocate not to disclose client communications, tied to Sec. 126 of the Indian Evidence Act, 1872).
Policy and official sources
- Kerala High Court, “Policy Regarding Use of AI Tools in District Judiciary,” July 2025 – boundary-setting for the judiciary; NOT advocate-binding.
- Supreme Court of India (Centre for Research and Planning), White Paper on AI and the Judiciary, November 2025 – direction-of-travel for the court system; NOT advocate-binding.
Court incidents (verified)
- Delhi High Court, September 2025 – a homebuyers’ welfare association’s petition under Article 227 of the Constitution and Sec. 115 CPC relied on fabricated, AI-generated case citations; the court dismissed the plea as withdrawn and called the use impermissible.
- Bombay High Court (income-tax matter) – an assessing officer relied on three non-existent judicial decisions; the court cautioned that AI-generated results must be cross-verified before reliance.
- Supreme Court of India, 27 February 2026 – taking cognizance of a trial court order resting on four non-existent, AI-generated judgments, the Court held that a decision based on such fake precedents would be misconduct, with legal consequences to follow.
Bill
- Artificial Intelligence (Ethics and Accountability) Bill, 2025 – private member’s bill introduced in the Lok Sabha in December 2025; pending, NOT enacted law.
Foreign comparison (clearly labelled; NOT Indian primary sources, NOT linked to Indian databases)
- ABA Formal Opinion 512 (29 July 2024) – US bar guidance on generative AI ethics (competence, confidentiality, communication/informed consent, candour, supervisory duties, fees).
- UK Bar Council / Solicitors Regulation Authority AI guidance – responsible use of AI outputs; verification, confidentiality, and candour duties remain the lawyer’s.
- Baker McKenzie Global Privilege and Professional Secrecy Guide, India chapter – notes AI use by attorneys (inputs and outputs) remains uncertain and is yet to be tested judicially in Indian courts.
This article is for informational purposes only and does not constitute legal advice. For specific legal guidance, consult a qualified legal professional.
