Upper Tribunal highlights confidentiality risks of using AI in immigration cases

A recent decision of the Upper Tribunal (Immigration and Asylum Chamber) has raised important concerns about the use of artificial intelligence (AI) in legal practice — particularly the risks to client confidentiality.

In UK v Secretary of State for the Home Department [2026] UKUT 81 (IAC), the Tribunal addressed situations where AI tools had been used in preparing legal documents. While part of the judgment dealt with inaccurate legal citations, one of the most significant warnings concerned the potential danger of uploading sensitive client information into publicly accessible AI platforms.

For clients, this issue is critical, and whilst the judgment relates to immigration, the principles discussed apply across the board.

Why confidentiality matters

Confidentiality is a cornerstone of the lawyer/client relationship. Clients must be able to share sensitive details, including personal history, immigration status, medical evidence, or protection claims, knowing that their information will remain private.

If confidential documents are entered into certain public AI systems, there is a risk that:

• The information may be stored on external servers
• It could be accessed or used in ways the firm cannot control
• Legal privilege (the protection that keeps lawyer/client communications private) could potentially be undermined

The Tribunal made clear that these risks are not theoretical. Lawyers must understand how any technology they use handles data.

The Tribunal’s warning

The Upper Tribunal (Immigration and Asylum Chamber) made it clear that the responsibility for protecting client confidentiality rests squarely and continuously with the legal representative. That duty does not diminish simply because new technology is involved. Whether information is shared in a meeting room, sent by email, or processed through digital tools, lawyers remain under a strict professional obligation to safeguard client data at every stage of a case.

The Tribunal specifically warned that uploading client documents or sensitive personal information into publicly accessible or “open” AI platforms may amount to a breach of professional conduct rules. Many widely available AI systems operate on external servers and may retain, process, or use submitted data in ways that are not fully transparent to the user. If confidential information is entered into such systems without appropriate safeguards, there is a real risk that privacy obligations could be compromised. In legal practice this risk is especially serious.

The judgment further emphasised that consequences for mishandling confidential data may extend beyond judicial criticism. If a court concludes that client confidentiality has been put at risk, the matter could be referred to professional regulators, such as the Solicitors Regulation Authority, or to data protection authorities. Regulatory investigations can result in disciplinary action, financial penalties, or reputational damage to a firm.

In this way, the Tribunal’s decision sends a broader message to the profession: misuse of AI is not merely a technical error or a lapse in judgment. Where confidentiality is concerned, it may engage core professional duties and trigger formal regulatory scrutiny.

Conclusion

We treat confidentiality as fundamental. Any technology used within our practice is carefully assessed to ensure compliance with professional obligations and data protection law.

If you have concerns about data protection or would like to understand how your information is safeguarded in your legal matter, please contact our team. Your privacy and trust remain our highest priority.