Outside counsel guidelines have traditionally focused on billing, resourcing, expenses and reporting. Those controls still matter, but they do not address how legal work is now being delivered.
As law firms adopt AI for research, drafting, review and analysis, in-house legal teams need guidelines that go beyond invoice compliance and address a more fundamental question: when a firm uses AI to assist with work done on your behalf, what are your requirements, and how do you verify they are being met?
Why Existing Guidelines Fall Short
Most current outside counsel guidelines predate the use of AI in firm delivery. They often do not address which AI tools can be used, how AI-generated content is reviewed before reaching clients, what data can be processed through external AI systems, where that data is processed, or how AI use is disclosed and documented.
Without specific controls, in-house teams rely on assumptions, and a loose “use AI responsibly” clause is too vague to govern risk.
What Updated Guidelines Should Cover
Updated outside counsel guidelines should permit AI-assisted work with clear controls. Some legal teams may choose to go further and require firms to use AI where it is appropriate, provided that use is based on agreed criteria, supports efficiency, and does not compromise quality, confidentiality or professional judgement.
The starting point is transparency. Firms should disclose when AI has been used to prepare work product, advice or communications delivered to the in-house team. This does not need to be onerous. A short note in the matter record or covering communication may be sufficient. The objective is simply to make AI use visible, rather than hidden within the firm’s internal processes.
Guidelines should also make clear that any AI-generated content provided to the client must be reviewed and approved by a qualified lawyer before it is sent. The reviewing lawyer should remain responsible and accountable for any content, task or action generated with AI assistance. AI use does not reduce the firm’s obligation to provide accurate, appropriate and legally sound advice. Nor should it excuse errors. The firm remains fully responsible for the quality of its work.
Data protection and confidentiality controls should also be specific. Firms should not process client data through external AI systems without prior approval. The guidelines should define what client data can be used, which systems are approved, where data is processed and stored, and what controls are in place to prevent third-party AI platforms from retaining or accessing that data.
Finally, in-house teams should reserve the right to ask how AI was used on a matter, what outputs were reviewed, and who reviewed them. Firms should be required to keep sufficient records to answer those questions. This creates a practical audit trail without slowing down appropriate AI use.
Connecting Guidelines to Matter Management
Outside counsel guidelines and AI governance work best when they are connected to the matter management lifecycle. They need to be embedded into the everyday workflow for instructing, managing and reporting on external legal work.
This means referencing AI expectations and governance in instructions, adding disclosure checkpoints in reviews, and including AI criteria in panel and performance evaluations. Did the firm flag AI use? Were outputs reviewed? What types of tasks and matters used AI?
Treating AI governance as ongoing oversight, and incorporating it into day-to-day work, is what makes guidelines operational.
A Practical Starting Point
For most in-house teams, the immediate priority is to add a dedicated AI section, or supplement, to existing outside counsel guidelines covering: disclosure, lawyer review obligations, data handling, and audit rights. That does not require a full rewrite of the guidelines and can be implemented quickly.
The more substantive work, connecting those requirements to matter instructions and performance oversight, can follow as the team’s own AI governance matures.
Conclusion
Law firms are integrating AI into delivery faster than procurement or legal ops teams are updating the policies that govern them. Outside counsel guidelines that were written before AI became a standard part of legal workflow are already out of date.
The firms that are easiest to work with will be those that welcome this kind of transparency. It signals that their AI use is structured, supervised and defensible. For in-house teams, enhanced guidelines are a practical starting point for a more disciplined conversation about how external work gets done in the age of AI.