As we progress through this series, we have demystified the basic mechanics of Generative AI and touched on the next development of AI, Agentic AI. If you have engaged with the practical exercises, you are likely navigating two feelings simultaneously: an appreciation for the technology’s potential, and a healthy concern regarding its professional hazards.
For any responsible practitioner, risk is not an abstract concept to be feared, but a factor to be managed. This article provides a structured Risk & Responsibility Framework. It moves beyond general caution to provide a clear method for evaluating AI tools, ensuring that your use of technology aligns with the high standards of the Singapore Bar.
1. The Four Categories of Risk
In the Singapore legal landscape, AI-related risks generally fall into four areas. Each requires a specific professional response:
- Confidentiality Risk: The danger that client data is accidentally exposed, shared, or used by the AI company for secondary purposes.
- Accuracy Risk: The danger of relying on “hallucinations”—outputs that look like legal facts but are actually fabricated by the AI.
- Privilege Risk: The danger that sharing information with a third-party AI provider could be interpreted as a waiver of legal professional privilege.
- Competency Risk: The danger of failing to meet your professional obligations to supervise work and understand the tools used in your practice.
2. Deep Dive: Confidentiality Risk
Confidentiality Risk is arguably the most immediate hurdle for the Singaporean practitioner. Under the Legal Profession (Professional Conduct) Rules 2015, we are the custodians of our clients’ most sensitive information. AI introduces a third party into this relationship.
To manage this risk, you must distinguish between the “data loops” of your tools:
- The Training Risk: Public AI models often use your prompts to “train” their future versions. If you input a unique clause from a client’s private agreement, that information could theoretically be surfaced to another user in a different context.
- The Security Risk: Not all AI providers offer the same level of encryption or data residency. For Singapore lawyers, knowing whether data is stored in a jurisdiction with comparable data protection laws is a key part of your due diligence.
- The Mitigation: The most effective way to eliminate Confidentiality Risk is through Enterprise-grade solutions. These “closed-loop” systems contractually guarantee that your data is not used for training and is kept in a secure, private environment.
3. Accuracy Risk: The Tiered Review Model
AI is a “probabilistic” tool—it predicts the next word rather than checking a database for truth. To manage this, you should use a Tiered Review Model, deciding how much you need to check the AI’s work based on the importance of the task.
| Task Category | Examples | Review Requirement |
| Tier 1: Administrative | Drafting internal meeting agendas or organising rough notes. | A quick “sanity check” to ensure it makes sense. |
| Tier 2: General Research | Summarising general legal principles or non-contentious memos. | Cross-reference the main points against primary sources (e.g., LawNet). |
| Tier 3: Client-Facing | Drafting specific clauses, advice letters, or settlement offers. | Thoroughly check every citation, statute, and factual claim. |
| Tier 4: Formal Submissions | Court documents or formal legal opinions on sensitive matters. | Non-Delegable: Use AI only for structure; the actual legal reasoning must be your own. |
4. The Framework in Action: A Case Study
To see how these principles apply in a daily workflow, let’s look at a common task: Drafting an initial reply to a Letter of Demand (LOD) regarding a commercial debt.
Step 1: Assessing Confidentiality & Privilege Risk
- The Dilemma: You want the AI to help structure the reply based on your client’s specific facts.
- The Decision: You decide not to use a public chatbot because the specific debt amount and the names of the parties are confidential. Instead, you use your firm’s secure Enterprise AI. You also omit highly sensitive “strategy” notes to ensure you don’t inadvertently create a discoverable record that could harm Privilege.
Step 2: Assessing Accuracy Risk
- The Dilemma: The AI suggests a specific timeline for repayment based on the Limitation Act.
- The Decision: This is a Tier 3 task. You do not take the AI’s word for it. You open LawNet to verify that the specific section of the Limitation Act cited by the AI is current and applies to this type of debt.
Step 3: Managing Competency Risk
- The Dilemma: The draft generated by the AI sounds very professional and persuasive.
- The Decision: As the “Editor-in-Chief,” you read every line. You notice the AI used a “Standard of Proof” phrase common in US law but not used in Singapore. You manually correct the terminology to ensure it meets Singapore professional standards before sending it to the client for approval. By the way, this case study highlights a common ‘problem’ with many GenAI tools, that they are slanted towards American practices.
5. Privilege Risk: Protecting the Circle of Secrecy
Legal professional privilege is a vital right in Singapore, but it can be lost if confidentiality is broken. Unlike a conversation with your trainee, an interaction with an AI involves an outside company.
- The Circle of Secrecy: If you use a tool that does not guarantee a secure, private environment, that “circle of secrecy” is broken. This could lead to your AI prompts being subject to discovery by the opposing side.
- Sensitive Instructions: Prompts like “What are the flaws in my client’s witness statement?” reveal your legal strategy. If the tool is not a secure enterprise version, these instructions could potentially be accessed by others.
6. Competency Risk: Your Duty of Supervision
The Legal Profession (Professional Conduct) Rules 2015 (PCR) do not mention AI specifically, but the duty of competence (Rule 5) and the duty of supervision (Rule 32) apply to all tools you use.
Being a competent lawyer in the AI era means:
- Basic Understanding: Knowing how your AI tool works and being aware that it can sometimes be biased or factually wrong.
- Ultimate Responsibility: You remain the “Editor-in-Chief.” You cannot blame the software if a document you file contains an error. The AI’s output becomes your work the moment you send it out.
7. The Quick Risk Check
Before using AI for a task, perform a quick check using this simple matrix:
| Low Sensitivity (General research, no names) | High Sensitivity (Client names, privileged facts) | |
| Low Stakes (Brainstorming) | Public AI is fine: Just check for general logic. | Enterprise AI Only: Use carefully and keep data to a minimum. |
| High Stakes (Opinions, Court) | Enterprise AI Preferred: Check every word against LawNet. | Human-Led Only: Use AI for structure only; you do the core legal work. |
8. Setting a Firm AI Policy
For partners in small firms, a formal AI Policy is a keyway to protect yourself against claims of misuse of AI. A good policy should cover:
- Approved Tools: List exactly which secure tools are allowed for client work.
- Client Disclosure: Decide when and how you will tell clients that AI was used to assist in their matter.
- Checklists: Set clear rules for how staff must verify AI-generated content before it is finalised.
- Insurance: Check with your insurer to ensure your use of AI is covered under your existing policy.
9. Conclusion: Mastery Through Discipline
Risk management is not about stopping progress; it is about enabling it safely. By using a systematic approach, you can move from cautious experimenting to confident use. You aren’t avoiding the technology—you are mastering it by applying the same high professional standards that have always defined your practice.
In our next article, we shift from Risk to Opportunity, exploring how AI can help you provide better service and turn efficiency gains into a competitive edge for your firm.
Disclaimer:
This article is intended for general information purposes only and does not constitute legal advice. Practitioners must exercise independent professional judgement when using AI tools and ensure compliance with all prevailing ethical guidelines and Practice Directions.








