AI and IT guidance
- Download Considerations when using ChatGPT and Generative AI Software based on large language models from the Bar Council's Ethics & Practice hub.
The updated November 2025 guidance:
- Explains what generative AI and large language models (LLMs) are
- Sets out the key risks with LLMs: anthropomorphism; hallucinations; information disorder; bias in data training; and mistakes and confidential data training.
- Explores the considerations for practitioners when using LLM systems
- Restates the importance of respecting legal professional privilege, confidentiality, and complying with data protection regulations
- Ethics & Practice Hub: see the full IT guidance archive
The Bar Council is highly involved in how IT and new technology impacts the life of the Bar, and:
- provides advice to the Bar in relation to data protection and information security
- among other things, acts on legal policy related to IT, or with an IT aspect, to ensure that the Bar’s recommendations and concerns are heard by government
The issues we work on:
- Monitoring and being actively involved in IT developments and their implications for the legal services market and the practising Bar
- Providing advice to the Bar on IT matters
- Leading on relevant consultation responses relating to: digital infrastructure; digitisation of existing processes; IT and court reform; artificial intelligence and new and developing technologies
Further reading:
Counsel: Hallucinated case citations
Counsel: Why it's time to mobilise on AI
View all Counsel magazine's AI and the Bar collection
Further AI guidance:
- Law Society, Generative AI Guide
- Courts and Tribunals Judiciary, AI Guidance for Judicial Office Holders
- Council of Bars and Law Societies of Europe (CCBE), Guide on the use of generative AI by lawyers
- International Bar Association (IBA), Guidelines and Regulations to Provide Insights on Public Policies to Ensure AI’s Beneficial Use as a Professional Tool
- International Bar Association (IBA), Guidelines on the use of generative AI in mediation
- Chartered Institute of Arbitrators (Ciarb), Guideline on the Use of AI in arbitration
- Commonwealth Lawyers Association (CLA), Malta Declaration on the Use of AI
GDPR
-
The Information Commissioner's Office (ICO) has approved a certification scheme aimed at legal service providers who process personal data. Find out more about the Legal Services Operational Privacy Certification Scheme (LOCS).
- Assess your GDPR compliance with the Information Commissioner's Office (ICO)'s 'Data protection self assessment' checklists
-
Communicating with empathy after a data breach - guidance from the ICO about communicating a data breach with empathy
The Bar Council's IT Panel's articles on GDPR provides bitesize chapters on GDPR to assist barristers and chambers in understanding their professional obligations under the data protection rules.
These articles, as updated for the Data Protection Act 2018 (and all written by the IT Panel), are also published in BarTalk, the Bar Council's fortnightly e-newsletter.
Read the Bar Council's IT Panel's articles
All in PDF format.
- Introduction: The latest play in the data protection series
- Chapter One: The players on the data protection stage.
- Chapter Two: The roles of each principal member of the cast
- Chapter Three: The role of Data Controller continued
- Chapter Four: IT Panel Blog - The Data Controller - principles cont
- Chapter Five: The Data Subject
- Chapter Six: The Data Processor
- Chapter Seven: What happens when it all goes wrong? - The Melodrama Part 1
- Chapter Eight: What happens when it all goes wrong? - the Melodrama Part 2
- Chapter Nine: International Transfers of Data
- Chapter 10: Epilogue
Cybersecurity
- Gain insight on cyber risk management in Mitigo's guide: Cyber Security Matters
- Read the NCSC's 10 steps to cyber security and cyber security tips for barristers
- Use the cyber security questionnaire, created by the Bar Council and the Law Society, to ensure your chambers has taken all possible care in protecting its data
- Test your organisation's response to a cyber attack with NCSC's Exercise in a Box tool
- Read the National Institute of Science and Technology (NIST) Cybersecurity Framework to outline your organisation's best practices, or as strategic planning tool for risk assessment
- Sign up to the Bar Council's on-demand cyber security at the Bar training course
NCSC guidance for small-to medium enterprise (SME) owners
You can protect the personal information you hold by using the resources National Cyber Security Centre (NCSC) have created. SMEs can take these 2 simple steps to help protect themselves from a variety of cyber threats:
- Get a free Cyber Action Plan. Answer a few simple questions, and in less than five minutes, a tailored list of actions will be served to help you to protect your organisation.
- Use the quick, easy and free Check Your Cyber Security tool, which scans internet-connected devices for common vulnerabilities to ransomware and other viruses. It provides advice on how to mitigate any risks, and lets you know if your browser is up-to-date.
Read the NCSC's Small Business Guide: Cyber Security guidance
- Counsel magazine: read articles by Sam Thomas from the Bar Council's IT Panel
- Bar Council blog: 'Enhancing online security using Multi Factor Authentication (MFA)' by Julian Borthwick, member of the Bar Council's IT panel
-
Report: 'The cyber threat to UK legal sector' (2023)' , which explains how UK law firms - of all sizes - can protect themselves from common cyber threats.