DEFINITION
Risk class 7 of the Risk Taxonomy 2026: information protected by attorney-client privilege or matter confidentiality reaches a model provider, a vendor's broader infrastructure, another customer, or a vendor employee through an AI system in a way that compromises privilege or breaches the function's confidentiality obligations to clients — distinct from data leakage in that it covers specifically privileged or contractually confidential matter content with downstream legal consequences. Addressed by data handling and governance posture — the function must maintain matter-level and client-level AI policy mapping, vendor approval workflows that consider client-specific consent, and matter intake processes that surface AI restrictions before tooling is deployed.
Quick Facts
Category
Regulation
Explore Glossary
← All Terms