Talking Data and AI: AI in the Legal Spotlight Artwork

The Head Resourcing Podcast

Sharing insights across talent, technology and transformation.

Head Resourcing is a leading Technology, Digital and Transformation recruitment agency bringing you insights from HR, Talent Acquisition and Tech leaders from across the UK.

All Episodes

The Head Resourcing Podcast

Talking Data and AI: AI in the Legal Spotlight

April 27, 2026 • Head Resourcing • Episode 5

0:00 | 43:31

TALKING DATA AND AI: EP 5

AI in the Legal Spotlight: Ethics, Liability, and Confidentiality in a Digital Age

Whether you are an IT or HR professional this is for you!

We covered;
- AI and Professional Ethics: Upholding Standards in a Digital Age
- Liability in the Age of AI: Who is Responsible When AI Gets it Wrong?
- AI and Client Confidentiality: Navigating Privacy in the Digital Era

About the speaker:
Callum Sinclair is Head of Technology and Commercial and leads Burness Paull’s Band 1 ranked Technology practice. He has worked in the field of information and communications technology law for over 25 years and has a life-long passion for technology. He specialises in a broad range of technology and sourcing projects for clients on both customer and supplier side, principally in the regulated utilities, financial services and public sectors. This includes ICT procurement and sourcing, enterprise cloud and digital transformation deals, and AI and cyber advisory work.

Callum is a recognised thought-leader in Technology, having been named in the UK Lawyer magazine’s “Hot 100”, in The Times’ Digital List of 100 people from Scotland’s digital technologies industry who are “changing the world”, and is a past winner of the Leadership Award at the ScotlandIS Digital Tech Awards.

This webinar originally took place in 2025, all information was correct at the time of recording.

SPEAKER_01 0:00

For joining today's webinar. This is the fifth and final episode of our data and AI webinar series. I'm your host, Lyle Ritchie. If you don't know, I'm head of Talent Solutions here at Head Resourcing. Today we're going to talk about AI in the legal spotlight, looking at the ethics, liability, and confidentiality in a digital age. You could say today's guest knows a thing or two about this topic. I'm delighted to be joined by Callum Sinclair, Callum's currently partner at Burness Paul, and has over 25 years experience in this field in information and communication tech law and has worked with some of the world's leading tech businesses and buyers. A past winner of Scotland is Digital Leader of the Year. And he's also been on the Times digital list of a hundred people from Scotland's digital technologies industry who are changing the world. So really looking forward to this. I think we're in good hands. Before I hand over to Callum, just a couple of quick points. So today's webinar will last around 45 minutes. This will be about half an hour. I'll be chatting with Callum and he'll be answering questions that I'm delivering. And there will be 15 minutes for a QA session at the end. So can you please use the QA box? And if you could thumbs up the questions you would like the answers to, and we can get those questions answered at the end. Please also engage through the chat function. And we can go from there. All right. So without further ado, I will pass you all over to Callum. And Callum, from me, I suppose, first question for you. Can you introduce yourself in a bit more detail than I have and talk to us all more about what your team does?

SPEAKER_00 1:52

Sure. Thank you, Lyle. And thanks very much to Head Resourcing for inviting me to do this. Hello, everybody. I recognized a few familiar names just popping up with a hello there on the chat. So uh delighted to be here today. Um yeah, as as you've mentioned, and I couldn't have I couldn't have scripted that any better myself, Lyle. Uh as you mentioned, I've been a technology lawyer for about 25 years. I'm a director at Scotland Is. Um and I also sit on the Scottish Financial Enterprise Data and AI Group and I was on the La Society Technology Committee. Um I've worked at various uh firms, including international firms. Uh I've been seconded to in-house legal teams in financial services. Um, and I've most recently been a partner at uh and head of tech at Burness Paul for about 10 years. Um, and for those who don't know, Burnus Paul, we are a Scottish headquartered uh UK law firm, uh duo-regulated, uh, full full service English and Scottish advice, about 700 people, about 100 partners. Um, and we act for some of the largest technology businesses in the world, um, as well as some truly exciting scale-ups, um, some of who are on the call, um, mostly in Scotland and London. Um the team here consists of about 25 specialist tech lawyers, and our sort of core areas of advice would be around tech contracting, advisory work, uh, intellectual property, uh, data and cyber, commercial contracts, sports, media, and entertainment and competition law. And unsurprisingly, while we we find ourselves advising on AI governance and risk um quite a bit, um, which hopefully leads us neatly into today's topic.

SPEAKER_01 3:30

Good stuff. Thanks for the introduction. Seems like you're uh a busy man. There's lot lots there, so we'll get we'll get straight into it. So first, if you could talk about kind of what ethical frameworks or guidelines should be considered when developing and deploying AI systems, would you say, Callum?

SPEAKER_00 3:47

Sure. Um, yes, there's a range of international frameworks that have emerged, mostly principles-based and foundational, but they can be a helpful start point for grounding organizational policies and approach. So I would say that the start point probably is the organization for economic cooperation and development, the OECD's foundational AI principles dating back to 2019, and they established international consensus on AI values. Um and there are five principles one, inclusive growth, sustainable development and well-being, two, respect for rule of law, human rights, and democratic values, including fairness and privacy, three, transparency and explainability, four, robustness, security and safety, and five, accountability. And then you have um other frameworks like UNESCO's recommendation on AI ethics, which was adopted in 2021 and endorsed by all 194 member states, um, which addresses broader societal implications of AI development. And then you get some more technical standards that translate those high-level principles into actionable practice. So perhaps the best known of those is the US National Institute of Standards and Technology. So the NISC NIST AI risk management framework, easy for me to say, um, which break which breaks AI risk management down into four core functions. So govern, map, measure, and manage. Um, and there are also seven key characteristics in that framework of trustworthy AI, which are similar, very similar in substance to the OECD principles. And then, you know, other more technical standards um like ISO 42001, which is the international standard focused on management structure for AI systems and IEEE 2021 standard for ethical systems design. And these ones are much more aimed at hardware and software engineers. So although those standards are generally voluntary, um, elements of them are increasingly being adopted into AI regulations around the world. Um, and they can provide a really solid foundation on which to build and run responsible and ethical AI systems. A wee bit closer to home, um, UK regulators like the FCA and the Information Commissioner's Office have taken a, they've also taken a close interest in generative AI developments, including the importance of ethical and trustworthy AI. Um and although their current guidance and initiatives are increasingly influenced by the UK's pro-innovation approach, which we'll talk about a wee bit later, um, compliance with the regulatory regimes, such as the senior managers regime and the consumer duty for FCA compliance remains paramount. And our own regulators in law, the the Slitors Regulation Authority and the Law Society of Scotland are also taking a close interest. So a real range of frameworks and guidelines to think about, Lyle.

SPEAKER_01 6:53

Thanks very much, Calum. Yeah, it seems like there is a lot, and I'm sure growing as well, but that that's given uh the audience uh you know a good flavour of the different frameworks out there. So thanks for answering that. So moving on to um some of the concerns. So what's the kind of biggest kind of ethical concerns with current AI technologies used, would you say, in professional services at the moment, Callan?

SPEAKER_00 7:17

So I think it's worth making a distinction here and being clear about what we mean by AI in that context. Um, AI systems have been used in professional services and wider business for many years. Um, if you include machine learning and robotic process automation and other forms of more basic AI or what's been badged as AI, and they've been generally subject to wider organizational policies on responsible use and data privacy, et cetera. And that was all fine. Um now in an era of generative AI, some of those risks are amplified, and there are new risks to contend with, which requires an evolved approach. Um, risk for professional services are mostly the same for other businesses. So you have seen much written about the concerns around accuracy of outputs, uh, of bias, um, of intellectual property risk, data privacy risk, and cyber risk. Um and for professionals, this could manifest in over-reliance on systems leading to incorrect advice or negligence, you know, placing client data at risk through shadow AI use, maybe of public large language models like Chat GPT with sensitive client information, and in the legal world, crucially a loss, potential loss of legal professional privilege or breach of client confidence, which I'll maybe mention a wee bit later as well. Um, there are already well-documented uh cases in multiple territories, um, including the UK, of hallucinated cases being pledged before a court. Um, and AI is being litigated in other ways, for example, by um IP rights holders groups uh against large AI companies for alleged large-scale hoovering up of their proprietary content to train um large language models. So there are a number of ethical concerns and risks to think about in a professional context.

SPEAKER_01 9:15

Okay, thanks for that, Calm. Yeah, there seems to be a lot there, and I'm sure as things, as you know, time goes, there's going to be more that'll that'll be come to light, and um there'll be more challenges there. So um, no, that makes sense. So, with regarding AI systems specifically, so how can AI systems be designed to ensure, I suppose, kind of that kind of ethical decision making, would you say?

SPEAKER_00 9:39

Well, I suppose it's back to some of the foundational principles that we discussed earlier. So um implementing policies and procedures and training um at every level of the organization to ensure that risks and regulation um uh are properly understood, um, proper and proper internal governance to manage the development, implementation, deployment, and continuous monitoring of AI systems. Uh, no doubt most of our attendees today will be familiar with the sort of privacy by design principles introduced by um the GDPR, the General Data Protection Regulation. And if you think about this in a similar way, how are you designing processes to ensure that impact and ethics are considered from the earliest stages of design alongside perhaps privacy and security? And that could include as part of a more formal um form-based process like a data privacy impact assessment or a DPIA. It could be um deploying peer review or red teaming or or mechanisms like like that. And it could also uh include ensuring that appropriate signposting is included to end customers, you know, for example, making them aware that they are interacting with an AI chatbot when that might not be immediately clear and as these things become more sophisticated. So some of this will be driven, I think, by organizational culture. How you know how responsibly do you collect and process data about your customers and clients just now? Um, you know, what what's it used for? How long do you keep it? Um and if there's overreach, if there's overreach or poor behaviors there, then AI could potentially make that a lot worse. Legal frameworks like the like the EU AI Act, um, again, we'll talk about that a wee bit later, but um will also increasingly hold organizations accountable for responsible and ethical design. So it makes sense to act to act now. Uh there can be much wider considerations in the ethics of AI as well. So, you know, ESG, for example, environmental social governance considerations. Um, for example, the impacts of AI on the environment and on the workforce. And there's been a lot of discussion in the press recently about the enormous amount of energy and water consumed by large-scale data centers necessary to meet AI demand, even in the relatively near term. Uh, you know, the share and make up of the energy mix and of natural resources like water, potential damage to the environment from industrial scale data centers, power plants, and grid infrastructure, and what trade-offs will need to be made, you know, all these are ethical issues to be considered. And then what about workforce? You know, if you would typically build a software platform or a service using a team of supervised junior coders, and that team is entirely replaced by systems like Jules by Google or GitHub Copilot, you know, overseen by a small number of senior developers, you know, that also gives rise to some some tricky ethical training and organizational culture questions. And and I know that's certainly that'll be an issue close to your heart, Lyle, and and to the hearts of those at head resourcing.

SPEAKER_01 13:02

Yeah, absolutely. Um, yeah, no, there's there's a lot there. And I think um it kind of leads nicely on to my next question there. And and I know this a lot of people in the call will be interested in the answer to this, but what steps should companies take to mitigate those kind of liability risks when it comes to associated with with AI, would you say, Call?

SPEAKER_00 13:23

Well, uh, I mean, having experienced professional expert humans in the loop is is definitely still the most effective way of mitigating uh liability risks associated with with AI. Um, you know, humans are not without their biases either, of course, and and you know, we're certainly not infallible, but but human experts checking against primary sources in an appropriate way is a robust, is a robust means of spotting AI bias and hallucinations, which which by the way can often be quite convincing, you know, mentioned the the stream of cases uh uh where you know across geographies of hallucinated cases being voted in courtrooms, for example. I think as as AI models become more sophisticated and AI moves further towards agentic principles, you know, there's already instances of multiple models being used to validate and verify outputs. So effectively cross-checking each other's homework, if you will, um, and AI agents performing different tasks to improve outputs, um, all designed to optimize quality and minimize risk. So you might have an EI agent specifically pointed at various aspects of quality checking, for example. Um, but ultimately a lot of the oversight mechanisms where which professional organizations use and businesses use and already have in place to ensure quality outputs from their systems and from their junior professional colleagues and will continue to remain important. So there's, I suppose, there's a mix um Lyle of existing and new steps.

SPEAKER_01 14:57

Okay. Okay, no, yeah, that's that makes sense. And as you said, I suppose the AI is learning all the time and becoming more sophisticated. So yeah, if you it's just somebody checking over that your homework um is becoming more sophisticated. Hopefully that'll help mitigate some of those risks. So what about liability then? So this is obviously a uh uh a topic we'd like to discuss. So, how is liability for AI errors typically determined, would you say, firstly, Callum?

SPEAKER_00 15:24

Well, I mean, when you say typically, there's I don't think there's enough precedent yet at the moment to say to say how AI errors are typically determined. Um, but I I certainly can uh, you know, and I can talk in a moment about legal frameworks which are being set up to address some of these very questions and how current UK laws might view things. Um and there are some interesting different approaches being adopted. So, for example, the the Inc. The Law Commission for England and Wales has produced um a recent discussion paper uh called uh AI and the law, highlighting the difficulty in determining liability if an AI tool uh causes harm or loss to an end user. And it highlights the complexity of the AI supply chains and the numerous stakeholders involved in the process. So, for instance, you know, one entity might collect and prepare the data to train the AI tool, another might design the software or product incorporating the AI tool, and yet another might be responsible for testing the AI system for errors or for unwanted features. And that complexity makes it very challenging to identify which party should be held accountable, especially in the situations where you have negligence claims, where liability requires offending parties to owe the victims a duty of care. And that's quite an elastic concept as it is. The indirect relationship between end users or individuals and certain stakeholders in the AI supply chain will complicate the determination of responsibility for harms caused. And I think further challenges emerge from the lack of transparency in the design, development, and training of AI systems. So even where technical details are accessible, AI tools are often exceedingly complex, uh involving large-scale, intricate mathematical functions that are difficult for even AI experts to comprehend and explain sometimes. And that complexity makes it challenging to determine why an AI system has produced a specific output or predict how it will evolve. So even when the experts examine the internal workings of an AI system, they may be unable to identify the reasons and the causes behind its outputs, unlike how we understand human decisions and human reasoning through their knowledge and belief systems and intentions. Interestingly, the Law Commission paper that I mentioned actually explores the possibility of separate legal personality for AIs as distinct as distinct from the organizations and humans that create them. Although, to be honest, I think that's more of a discussion point, academic discussion point or provocation rather than a serious proposal that has any legs. The EU AI Act, again, which I'll talk about in a moment, it allocates certain responsibilities under law to providers and deployers of AI, primarily focused on providers, and they can be held accountable for failures against those responsibilities. So ultimately, what am I saying? While as as so many as so many disputes and so much of litigation does, I suspect it will come down to parties' ability to lead compelling evidence and persuade a court or an adjudicating body um why one or more parties should bear um responsibility and liability in the absence of more developed legal frameworks. Right. Okay.

SPEAKER_01 18:48

No, that makes sense. Um no thanks for answering that, Callum. I noticed there is a couple of questions coming in, but um guys, I'm gonna uh hold off to the end to get those answered from Callum because there's a few more questions, so we'll we'll keep going. Um so what what are some of the effective strategies for ensuring client data specifically is secured when using AI technologies? I know there'll be a lot on the call interested in hearing your answer to that.

SPEAKER_00 19:12

Yeah, yeah. Well, let me, I mean, let me first before we go there, let me first tackle the you know some of the legal frameworks that that exist um to address the liability issues because you know there are different legal frameworks now emerging around the world and quite contrasting approaches. So in the UK, we've completely flip-flopped. Um, you know, Sunarx government, I think, initially said we were taking a pro-innovation stance. Uh, and then as the penny started to drop on the on the scale of the potential risk, you know, we were suddenly apparently leading the world with the first international AI safety summit. Um, and a couple of you know, as yet unsuccessful private members' bills later, and we're back to our pro-innovation approach, which essentially involves, as I can, as far as I can see, a heady combination of you know, one passing the buck to regulators to uh to to monitor and police matters in their own areas, um, overseen by DCIT. So, for example, the MHRA, off-gem, and FCA have all issued guidance, for example. Um, to I suppose kicking the can down the road. So, for example, you know, after fierce debate between IP rights holders and AI companies, um, the Data Use and Access Act uh recently passed into law now requires the UK government to publish reports on the economic impact and policy options for the use of copyright materials and for the development of AI systems by I think by March 2026. So total cop-out. Um, and and then, you know, I suppose reliance ultimately on Scots and English common laws and existing laws on the statute book to govern liability and responsibility. So individuals who experience loss or damage due to AI in the UK must seek compensation through existing legal avenues at the moment, such as contract law, consumer protection legislation, product liability laws, um, and this and the negligence-based tort or delicate um laws, which I mentioned before, which rely on on duties of care being being inferred. So it's all a bit it's all a bit uncertain and unsatisfactory. It in the EU, um, as part of a wide-ranging set of overlapping laws as part of the digital package of legislation, the EU AI Act was recently brought into force and is is being phased in, and it has its roots in the EU's product certification and liability regime. So it focuses uh so focuses on AI systems rather than harms to individuals. So it sets out rules to govern the placing on the market, the putting into service and the use of AI systems. And its main goal is to prevent the risks posed by AI from arising in the first place. Um, it mainly contains the before the event fence at the top of the cliff sort of obligation. And requirements from providers and deployers of AI systems. And a lot of that act is devoted to rules governing high-risk systems. So, for example, in law enforcement, education, access to essential services, and critical infrastructure. So, for example, the AI Act introduces transparency requirements for providers and deployers of AI systems that are designed to interact directly with individuals or create contact content that individuals view. And those are some of those requirements are basically being phased in but are coming into effect fully by August 2026. So and that can be, you know, the interaction with people can be generating synthetic audio, image, video, text content, deploying emotion recognition, biometric categorization. You know, they can be generating and manipulating images, audio or video, or or producing modified text intended for public dissemination on matters of public interest. And there are some pretty chunky GDPR-esque fines for non-compliance with the EU AI Act. So it's probably, it's probably at the moment the high watermark of AI regulation in the world. So it's important that businesses that are operating in the EU or have EU customers are considering whether they or AI systems they deploy and operate are in scope. The AI Liability Directive that was supposed to accompany it and you know addressed much more the and harmonized remedies across the EU for individuals who've been who've harmed been harmed or suffered loss as a result of AI has now been shelved. And as a result, there's a potential gap in unified protections for individuals in the EU. And then, you know, with other areas of the world, it's a fast-moving picture, it's a complex picture in China. Um, they've got different priorities from the US. And actually, even within the US, you've got federal focus on deregulation, but state-level AI laws are beginning to appear in numbers, you know, particularly in the likes of California, where they've just introduced a law on robobosses, believe it or not. So there's a real patchwork of frameworks that will make compliance challenging, um, particularly for international businesses. So I mean, I suppose to your question, um, Lyle, you know, on strategies for ensuring that client data is secure against all of that backdrop. I mean, you know, there's there's a real there's a real mix of of strategies, but certainly starting with robust technical countermeasures, um, you know, private instances of walled-off enterprise versions of AI products, such as LLMs, are probably the place to start. Um, there'll be other technical countermeasures that might include early warning or challenge systems where there's a suspicion that client information or personal data is being entered into uh LLM prompts, public LLM prompts, for example, and also technical mechanisms to guard against shadow AI use in the organization. You know, access to public GPT as chat GPT is usually switched off now in most organizations. Um and it's worth it's worth remembering that there might be certain circumstances under which, say, the US security services under the US Cloud Act can get access to systems of data. You know, and just because the you the the data's hosted outside the US, it doesn't mean that that they're fully protected from that. So data sovereignty is a really hot topic at the moment, and and genuine protections involve more than just regionalized hosting uh options, which is why a number of the hyperscalers are building out solutions to that at the moment. And other broader strategies, you know, of course, include appropriate training for employees and other personnel, you know, acceptable use notices popping up at the right times with reminders of uh on tools about what's off limits, you know, what you can and can't do, robust contracts with AI providers with restrictions clearly articulated, and organizational governance and policies which ensure that individuals can be held accountable for lax behaviors, and it's sort of it's wired back into performance uh frameworks and ultimately disciplinary action. So these are all effective strategies for ensuring that that client data is secure.

SPEAKER_01 26:05

Okay. No, thanks for that, Callum. There's there's lots of um uh hints and tips there on what to look for. So I know it is challenging across the world and different regulations and changes, but uh as you said, trying to pinpoint everything is an ongoing challenge. So um, no, that's fine. So um, next question for me, I'm just cautious of time. I said I know there's more questions coming in. Um what um best practices should professionals follow to maintain client confidentiality within AI, would you say?

SPEAKER_00 26:33

Yeah, that's a really good question. And and the place to start is is absolutely by considering whether it's appropriate to have AI note takers on calls and to switch them off. If not, um it's amazing the number of Teams calls we now have that are started by Otter or Fireflies or some other AI note takers, um, and and those, you know, those being joined or they've been joined to calls. I mean, there are probably um worse examples of free note takers where you know who knows where the raw data and the summarization data is being is being hosted and stored, and you know, or who's training on it. And I think things may change in time, but at the moment I would say they should almost always be switched off when speaking to professionals. And if that professional is a legal professional, then you're you're also risking loss of legal privilege or solicitor client confidentiality if you don't switch them off. Um, I suppose where you're posing scenario-based contextual prompts based on real client situations, one possibility might be to anonymize within prompts where you're confident that that no other sensitive client information is included, but or or identities could be inferred from prompting. But again, even that is to be avoided if you can help it for fear of inadvertent disclosure of client information. And as I say, or maybe mentioned earlier that the legal regulators are taking a close interest in this at the moment. So hopefully a few helpful tips there for maintaining client confidentiality.

SPEAKER_01 27:51

Yeah, no, and even for us as head resourcing, I know there's lots of tools out there when it comes to you know client note-taking stuff on calls, etc. So um, okay, and so what would you say the main privacy kind of concerns when you using AI in kind of professional settings, would you say, Kel?

SPEAKER_00 28:08

Well, I mean, as professionals, um, you know, we obviously deal with a lot of sensitive matters and client data. So we're we're already very accustomed to processes and tools and culture that protects that confidentiality and commercially sensitive information, you know, for example, from increasingly sophisticated cyber attacks, some of which all now be AI generated or powered. So it's I mean, it's critical to understand how the new risks posed by Gen AI and uh augment existing frameworks and how to augment existing frameworks to address those. So, how do you stop client information or personal data being copied into public LLMs or or other shadow AI use? How do you preserve client legal privilege and confidentiality when AI note takers are switched on, and so on? So the answer is a mix again of training for people, technical countermeasures, policy frameworks, vendor assurances and warranties in agreements, you know, perhaps audits and other measures so far that we've discussed, you know, we've discussed so far today. Um, on data privacy involving personal data of individuals specifically, firms will have obligations and responsibilities under data privacy regulation as well. So UK and EU GDPR, for example, you know, for the personal data of clients and others which they hold or process. So and they will go beyond legal frameworks, you know, for example, in preventing use of AI systems for automated decision making or making uh or using personal data, for example. And that's you know, that'll be similar to you know, that's very relevant to the recruitment world. And yeah, absolutely. So, you know, it will involve knowing where any personal data is being processed or hosted outside the firm's networks and and possibly the requirement to impose conditions on third parties in processing via contracts. So there'll be many specific compliance requirements to be thinking about from a data privacy perspective too.

SPEAKER_01 29:55

Okay. No, good. Thanks for that, Callum. Just um I wanted to go into more um obviously your current current role at Berners Paul and talking about so how are Berners Paul adopting kind of Gen AI uh at the moment, what has been your approach?

SPEAKER_00 30:10

Yeah, I mean I'm conscious of the time, so I'll I'll keep this brief, but I'm happy to chat to anyone further about if they're interested in this. Um I mean, the the very short answer is um we're paying close attention, but we're cautious adopters, and we've had plenty of pilots and demos. Um, we developed a little um proprietary tool called Imaginatively ChatBP um to uh really surface use cases. So it's quite a walled-off version of GPT to really understand the legal use cases that we might have and and which might present opportunities for us and and our clients. Um we've had extended pilots identifying um the feasibility of some of those and what deliver how deliverable they are and what ROI um you could be delivered for clients because obviously the training and the um the tool costs to factor into that. Um I suppose, in short, that you know there are still some technical security and integration and product limitations to overcome. So we don't have, for example, there are very few of us that have co-pilot rolled out yet on our desks, although some of our IT colleagues have it. Um we we're I suspect the direction of travel, um cutting to the chase level, will be identifying what co-pilot, which will ultimately be foisted upon us uh as part of our um uh you know, uh your pack, um, will do for us safely within our policies. And then what do we need to do to augment that with, I suppose, products more specifically aimed at the legal sector? And we'll have to have dialogue with our clients and we'll have to ensure that expert human lawyers are always in the loop for legal applications, and that all has implications for our development and our training and our knowledge programs and and ultimately our culture. So we've got a lot to think about as possible.

SPEAKER_01 31:54

And is there many products out there specifically in the legal sector from a kind of AI point of view that you're seeing?

SPEAKER_00 31:59

Or there are um there are many, some GPI, so general uh AI applications, but um in the legal sector, but also so the the the oligopoly legal providers and the the the legal publishers, Thomson Reuters and Lexus Nexus, have their own products, but there are also a sort of spate of sort of smaller, um more niche providers um addressing different use cases. Um and some of those are very well funded. We expect a bit of consolidation in the sector, you know, they they're getting close, and probably the mass document review use case is getting closest. Um, but but there are some there are still some fundamental challenges with that. So, you know, we've seen a few firms take whole firm licenses of certain products, and and our own view is that it's it's a bit early for that, and actually they're probably not getting they're not seeing return on investment for that at the moment.

SPEAKER_01 32:47

Okay, okay, so work in progress. Yeah, right. So um got 10 minutes here, so I'm just gonna go into some questions we've got. So um Stuart Pratt asks, Hey um, how does flagging use of AI to customers help? His uh first reaction is that it might be transferring ownership of risk to the customer unfairly.

SPEAKER_00 33:07

So that this comes back to the transparency obligations, um Stuart. I mean, I think I think that so that first of all, the EU AI Act is going is going to require that. Um and and most of the most of the principles um based frameworks that we discussed emphasize the importance of transparency. Um so it's not it's less it's less an issue of transferring responsibility or liability and and much more an issue of um making sure that that customers are aware of when AI is is being used and being factored into, you know, for example, decision-making process. And some of this ultimately is about your relationship with your customers and and and generating that trust. Um I saw I saw I think this morning there was a there was a survey, it was either this morning or yesterday, about um AI in the UK and the level of customer trust. Um it's possibly in a financial services context, but I think you know the headline was UK consumers and and still do not trust AI. Um so part of this is an exercise, I think, in helping um educate uh customers and helping to build that trust with customers. And if you are using AI in a clandestine way or in a non-transparent way, then that could be that could be problematic and adverse to that agenda.

SPEAKER_01 34:26

Okay. Great. Thanks for that. Um couple more questions. So we've got a question here from Adam. Um I'd be interested to hear your insights into the risk of culture of firms based in Scotland when it comes to adopting AI internally. Do you see it as something generally encouraged or is it more heavily restricted?

SPEAKER_00 34:45

Real real mix bag. I mean, we we we've you know we're we're doing quite a lot of work with clients at the moment on AI, and uh, and and part of that, you know, there's a real mix of instructions going on. There's some policy drafting and organizational policies, which really speaks to this pay piece and an upgrading of data privacy policy and the like. So, I mean, I suppose organizational cultures are bit are very different generally, and AI is going to have different impacts. So, maybe to give you one example of that, we've certainly seen, you know, we've had certain clients who are saying uh, you know, on the technology side, who are saying uh, you know, there is an opportunity here for us to do the same work and develop our platforms using, you know, instead of hiring our 10 or 15 um new junior coders a year, you know, to deploy some of these tools just with some senior oversight and hire and hire no new coders. Um and there's obviously a there's there's a balance to strike there between what are you then doing with these people? Um are you hiring them but giving them different jobs or roles? What is that, how does that impact on your organizational training? I mean, we're thinking carefully about this in terms of our own junior lawyers. Do we need to be, you know, as we as we start to explore and onboard tools, you know, do we need more of a work shadowing approach? You know, how are we how are we ensuring that the junior lawyers of the future um you know know what we know with 25 years experience? Yeah, um, and that that's you know, I'm I'm very aware of similar conversations everyone will be having, and and there's there's there's lots of discussion on that at the moment, but all of that impacts on on organizational culture. Um, so it is a real mixed bag. I mean, I think there's often we we we we are quite careful not to talk it down too much um in our organization. I think we recognize the tremendous opportunity it presents, and we're realistic about some of the challenges around adoption and integration and delivery. Um, but in things like healthcare, particularly, I mean it's it could be completely and already is, I think, completely uh transformational and it's happening and it's going to happen anyway. So, how are cultures you know adjusting, adjusting to that? And how are they going to make sure that humans continue to remain relevant and that that training is appropriate and that we're still hiring the next generation of talent?

SPEAKER_01 37:03

Yeah, exactly. Listen, it's it's a challenge we're all facing, obviously, being in recruitment myself and how roles are changing and how we can adapt to that when it when it comes to AI. So I think you know it's uh something we're looking at really closely. So we'll see, we'll see how that that materializes. Um a couple more questions, cautious of time. So um Derek's mentioned you may have touched upon this, but do you see AI changing or impacting data classification and how should businesses react or plan for that?

SPEAKER_00 37:31

Oh, that sounds quite quite a techie question, uh Derek. Um yeah, I mean, I suppose all I would say is on that, is is I mean, in short, yes. Um obviously AI system generative AI systems can be can make sense of unstructured data. Um, and they can do something with unstructured data, but they can do so much more with structured data. Um, and I think actually one of the limitations we're now recognizing, particularly with the large language model providers, is that um that there is only so much they can do with unstructured data, and and when you start to bleed in synthetic data and um and otherwise, that that causes other risks to the models. Um so data classification um will become really, really important. It was already important, but but as these systems start to mine and produce outputs based on um data and how it's classified, um, you know, the the the structure of that data will become increasingly important and the results, the ability to really um have some transformative impacts on the business will will depend on appropriate um classification of data and making sure that that's your data is absolutely in order. Okay.

SPEAKER_01 38:50

Okay, no, good. Um another question. Don't know if this is more technical or not for you, but uh do you see any issues with Microsoft Purview compliance model, which is one of the most mature models used by FTSE 100 and Fortune 500 companies?

SPEAKER_00 39:04

I am gonna blatantly opt out of that one. I'd be very I'd be very interested in the questioners' view on that because we are seeing a range of um products being adopted um and you know with with different challenges. So yeah, that's that's probably more on the techie side.

SPEAKER_01 39:22

Fine, no worries. Um so I think that's most of the questions answered. So I I suppose kind of final thoughts from you, um Cal. You know, there's a lot of information you've given us, a lot of takeaways, which is great. Um but what are your kind of key takeaways? So what what can people be thinking about moving forward after this?

SPEAKER_00 39:42

Yeah, thank you, Lyle. I mean, so I mean, really to start where we ended there, uh you know, Gen AI presents enormous opportunities across a huge field of of human endeavor, and and you know, even even lawyers who can be obsessive about risk recognize that. Um but but whilst the outputs you know can appear like magic, um, particularly on the first time you engage with the you know the AI chatbots, still remember my first use of of GPT back in the day, um or the early versions, you know, they are not magic and ultimately they're just you know large, very large word predictors. And and and in the right hands, they can be incredibly powerful tools, but but AI frameworks and governance are absolutely essential to understand and manage risks, particularly when they're you know when they're they're they're sort of being introduced into a professional um or a business environment. So I suppose the key takeaways would be, you know, always ensure that your business has policies in place for responsible, ethical, and compliant use of AI. Um, you know, bake that into your organization of culture, ideally led from the top. So we're we're aware of a number of clients who have AI um you know committees or board-level committees on AI and how that will be deployed or strategized. Um, you know, provide mandatory training on AI and your AI policies to everyone in your organization because there's an upskilling and a knowledge gap there to be filled. You know, if you use customer-facing AI tools, ensure that you've got mechanisms in place uh, you know, to build in ethics by design and communicate that use clearly to customers as appropriate for reasons earlier discussed. You know, engage with staff and customers around concerns they have and risks and opportunities and have mature discussions about that. Put in place technical countermeasures against shadow AI use and problematic use, you know, and ensure that policies you have link back into performance frameworks and employment contracts so that swift action can be taken for problematic use. And ultimately, if in doubt, um, you know, do talk to expert uh legal counsel, whether internal or external, um, you know, to ensure that there's compliance and documentation and that that is all in order. We're as I say, we're doing a real spectrum of work around AI policy work, upgraded data privacy, and actually some real rocket science type work around um, you know, largely on the AI side. I think that's my personal the IP side rather, rather, that's my personal favorite where you know we're developing helping collecting societies develop, you know, frontier business licenses um to allow block use by um of rights holders, IP by AI companies. So there's a real mix of um of work going on at the moment. But but on on that transparently self-serving note, I will uh I'll hand back to you, Lyle, too. Perfect. Any any closing thoughts or questions?

SPEAKER_01 42:47

Yeah, no, no, that's great. I think you know, um there's lots of kind of key takeaways there, Callum. You know, time's nearly up, so I just have to say thank you so much for your time today. We all do really appreciate it. Lots of um takeaways and further discussions I'm sure we'll be having across many businesses from from the the call today. So thanks again for that, Callum. Thanks to you all for um joining the webinar today. Great to have you on the call um today. So, just final thoughts from me. Next up, we have the talking change and transformation series. We're kicking off at head resourcing. So this will bring together leaders to cover the most pressing topics in the change and transformation space. So, watch out um on our socials for more information on that and enjoy the rest of your day. Thanks all.