Concerns around the use of public artificial intelligence tools in legal practice have intensified following the UK Upper Tribunal's decision of Munir v Secretary of State for the Home Department [2026]. In Munir, the UK Upper Tribunal treated information entered into an open-source AI tool by a solicitor as having been effectively placed into the public domain, with the result that confidentiality and legal privilege belonging to the client were lost. Although that decision is not binding in Hong Kong, it is likely to be regarded as highly persuasive given the shared common law foundations.
The principle articulated in Munir reflects the orthodox common law doctrine: legal professional privilege only protects confidential communications. Once confidentiality is destroyed, privilege cannot subsist. The Tribunal’s reasoning treats the input of sensitive material into a public AI tool as analogous to publishing it on the Internet. In such circumstances, confidentiality and privilege would be irreversibly lost. The key point is not the intention of the user, but the objective loss of control over dissemination.
From a Hong Kong law perspective, the courts have consistently affirmed that legal professional privilege is a fundamental right but only in certain circumstances. In MK v Director of Legal Aid [2024], the Court of Final Appeal made it clear that legal privilege would only protect communications between a lawyer and their client that are made under conditions of confidentiality. As a result, the use of public AI tools would pose a serious risk to privilege because such platforms typically reserve rights to process, store or reuse input data and therefore open it up to the general public.
Similarly, a US decision United States v Heppner (S.D.N.Y., February 2026) suggests that material generated through public AI systems may not itself be capable of attracting confidentiality. In that case, it was ruled that prompts (inputs) and AI-generated responses (outputs) are not protected by attorney-client privilege because:- (i) the AI platform is not an attorney; (ii) the communications were not confidential; and (iii) the client did not communicate with the AI in order to obtain legal advice.
The UK Munir and the US Heppner decisions reflect a clear conceptual divide. In Heppner, the court treated the issue as one of whether privilege arose at all, finding that it did not because the communications lacked confidentiality and were not made with a legal adviser. In Munir, by contrast, the analysis proceeded on the footing that privilege initially existed, but was subsequently forfeited through disclosure to a publicly accessible platform.
Although there is currently no directly analogous Hong Kong case addressing AI platforms and privilege, recent authorities demonstrate that the courts will closely scrutinise how privileged material is used in practice. For example, in Sarah Tanya Borwein Olsen v Market Dragon Ltd and Another [2024], the Court of First Instance held that merely referring to without prejudice material in open documents (instead of exhibiting them in open documents or correspondence) may constitute a waiver. Aside from that, the Law Society of Hong Kong issued a paper in January 2024 stressing caution when using generative AI, especially cloud-based tools, due to risks of data leakage and loss of privilege. It advises against inputting confidential client information without strong safeguards and requires AI-generated legal content to be clearly marked as privileged, access-controlled, and subject to human oversight when reviewing AI-generated work products.
The issue concerning confidentiality and public AI tools is therefore not merely theoretical. Public AI tools often operate on terms that permit data retention, model training and human review. Even where providers assert safeguards, the absence of absolute confidentiality is sufficient, as a matter of Hong Kong law, to raise a real risk that privilege is waived.
The implications for both legal professionals and their clients when handling sensitive and legally privileged information are clear:
- Although as far as statutory law is concerned, there is no law, regulation or regulatory body specifically targeting AI in Hong Kong, the Personal Data (Privacy) Ordinance (PDPO) applies and regulates the use of personal data. To protect confidentiality and comply with the PDPO, organisations should adopt clear AI policies covering approved AI tools, data limits, retention rules, and staff training, as highlighted in the PCPD's Guidance on the Ethical Development and Use of Artificial Intelligence, PCPD's Artificial Intelligence Model Personal Data Protection Framework and PCPD’s Guidelines for Use of Generative AI for Employees.
- Organisations should exercise great caution in the use of public AI tools when seeking legal advice or considering advice provided by a lawyer. In particular, the input of confidential or legally sensitive material such as lawyers' reports into publicly accessible platforms should be very carefully controlled. Where AI tools are used, organisations should consider adopting secure, controlled environments with clear contractual protections governing data use, retention, and access.
While the UK Upper Tribunal’s decision in Munir is not binding in Hong Kong, it provides a clear indication of how common law courts may respond to the intersection of AI technology and legal privilege. In the absence of local authority, and given the established Hong Kong approach to waiver, the prudent course is to assume that the use of public AI platforms in connection with sensitive information will likely lead to any privilege being lost.
When it comes to the use of public AI tools and legal professional privilege, the guiding principle for both the lawyers and their clients must be 'Use it AND lose it'!
