
The tech is evolving fast. Regulation’s catching up. But where does that leave you – the in-house lawyer expected to manage risk, advise on AI strategy, and somehow do it all with yesterday’s budget?
The rise of GenAI is transforming how businesses create, communicate, and make decisions. From AI-powered customer service to automated drafting tools, it’s touching every corner of operations – and every team wants in.
For legal, that’s a mixed blessing. Yes, GenAI offers efficiency gains. But it also brings a raft of risks – from data privacy breaches and biased outputs, to unclear IP ownership and the erosion of human oversight.
And the kicker? Most businesses are already experimenting with GenAI, often without telling Legal. You’re left to retrofit policies, spot unseen risks, and educate the business – all while fielding a hundred other priorities.
Where the risks really lie
According to the EU’s 2025 Generative AI Outlook Report, some of the biggest legal headaches include:
- Security vulnerabilities – such as data and model poisoning or prompt injection attacks, which can lead to manipulated or malicious outputs.
- Compliance blind spots – particularly with GDPR and the new EU AI Act. Many tools are opaque about how data is processed or used.
- IP uncertainty – with AI-generated works raising novel copyright questions (who owns the output? Can it be protected at all?).
- Skill erosion – as junior staff increasingly rely on AI tools, many GCs worry about the loss of critical training and judgement.
And yet, the pressure to embrace GenAI is mounting. Business leaders see the cost and speed benefits – they just need Legal to “make it work.”
So what’s the smart in-house play?
You don’t need to block GenAI – but you do need to shape how it’s used. Here’s how to stay in control:
1. Map the risks
Start by identifying where and how GenAI is already being used. Talk to product, IT, and marketing teams – chances are, you’ll find shadow AI adoption happening under the radar.
Create a risk matrix: high, medium, low. For example:
- Customer-facing chatbots: High risk (reputation, GDPR).
- Internal HR policy generation: Medium risk (accuracy, bias).
- Drafting internal comms: Low risk (but watch tone and context).
2. Get a policy in place – even a simple one
Many legal teams are waiting for the “perfect” AI policy. Don’t. A short, practical policy is better than none.
Cover things like:
- Approved tools
- Banned uses (e.g. confidential data input)
- Responsibility for outputs
- Review requirements
- Escalation channels
It’s not about locking things down – it’s about making expectations clear.
3. Upskill the business (and your team)
The report highlights a major AI literacy gap across the workforce. That includes legal. Create short internal guides or lunch-and-learns on:
- What GenAI is – and isn’t
- Legal dos and don’ts
- When to loop in Legal
Bonus: this positions you as a proactive business partner, not a blocker.
4. Stay compliant
The EU AI Act is now a reality, and GenAI is firmly in its crosshairs.
That means in-house lawyers need to be across:
- Transparency requirements – including disclosure that content is AI-generated, and clear user instructions.
- Risk classification – GenAI applications might fall into different tiers (e.g. limited risk vs high risk), each with its own obligations.
- Watermarking and logging – depending on the tool and use case, you may need mechanisms to trace and label outputs.
- Provider vs deployer duties – if you’re building or fine-tuning models, you’ve got heightened responsibilities. Even using third-party tools can trigger compliance duties.
This isn’t just an EU issue either. Other countries are watching closely and following suit with their own proposals. It’s a moving target – and your compliance posture needs to keep pace.
If you don’t have the in-house bandwidth, get help. Staying ahead of the rules will be key to enabling (not stalling) innovation.
GenAI won’t wait – but you can lead the way
As the Outlook Report makes clear, GenAI isn’t a passing fad. It’s a permanent feature of the modern business toolkit. And as the legal leader, you have a unique opportunity to shape its use – balancing innovation with integrity.
Because ultimately, your job isn’t just to spot the risks. It’s to help the business seize opportunities – wisely, safely, and with eyes wide open.
the plume press
THE NEWSLETTER FOR IN-THE-KNOW IN-HOUSE LAWYERS
Get the lowdown on legal news, regulatory changes and top tips – all in our newsletter made especially for in-house lawyers.