Can a New Jersey Solo Attorney Draft an AI Use Policy That Actually Holds Up?
Photo by Olivier Leysen on Unsplash
6 min readJuly 15, 2026

Can a New Jersey Solo Attorney Draft an AI Use Policy That Actually Holds Up?

law firm AI policyNJ RPC 5.1AI governance for lawyers

Most NJ solo attorneys fall into one of two camps when it comes to AI governance: they either have no written policy at all, or they've copied a generic template from the internet that reads like a corporate IT memo and applies to almost nothing in their actual practice. Neither protects them.

The New Jersey State Bar Association has encouraged attorneys to approach AI "thoughtfully and with appropriate safeguards," and the NJSBA's own Task Force on Emerging Technology has signaled that written firm policies are a key part of that picture. But what does a policy need to say to be genuinely useful, rather than a document that exists only to check a box?

Why a Policy Matters More Than the Tool You Choose

Attorneys spend a lot of time evaluating which AI tool to use. They spend far less time thinking about the governance layer that sits on top of whatever tool they pick. That's backwards.

A well-structured AI use policy does something no individual tool can do on its own: it defines who in your firm can use AI, for what categories of work, under what review requirements, and with what documentation trail. That's the kind of structure the NJ Rules of Professional Conduct quietly demand even when they don't say the words "artificial intelligence."

RPC 5.1 requires attorneys with managerial authority to make reasonable efforts to ensure the firm has measures in place that give reasonable assurance all attorneys conform to the Rules. If you're a solo with contract associates, or a small firm managing paralegals who've started using AI tools on their own initiative, an unwritten policy isn't a policy. It's a gap.

The Four Sections Every NJ Firm's AI Policy Should Include

Scope. Which tools are approved, and which are prohibited outright? Be specific. "ChatGPT" and "Claude" and "Westlaw AI" are different products with different data-handling architectures. A blanket statement like "AI tools may be used with caution" tells no one anything actionable.

Also define what work categories AI may be used for. Research summaries, first drafts of routine correspondence, and document organization are low-stakes starting points. Drafting court filings, generating client-facing legal advice, or producing anything that goes out under your signature needs a different level of review protocol spelled out in writing.

Confidentiality handling. Under RPC 1.6, you can't use a tool that sends client data to a third-party server for training purposes without either a proper data processing agreement in place or client consent. Your policy should name your approved vendors, confirm whether a business associate agreement or data processing addendum is in place with each one, and prohibit staff from copy-pasting client facts into any unapproved tool. This is especially critical for NJ attorneys who handle matters with HIPAA-adjacent data, such as personal injury files with medical records or estate matters with sensitive financial information.

Review and verification requirements. Every AI-generated work product that leaves your office should pass through a documented human review step before it does. The policy should say who is responsible for that review (always a licensed attorney, never delegated entirely to a paralegal), what that review must cover (legal accuracy, citation verification, factual alignment with the client file), and how the review is recorded. A simple date-stamped note in the file is enough. The absence of any record is what creates exposure.

This section also needs to address citation verification specifically. The NJ courts have not yet issued a standing order on AI-generated citations the way some federal courts have, but that window will not stay open indefinitely. Building the verification habit now, before it's mandated, costs very little. Getting sanctioned for a hallucinated case cite costs considerably more.

Training and acknowledgment. New staff should not be handed AI access on day one without a brief orientation on what the policy requires. Existing staff who've been using AI informally, which is most of them, should sign an acknowledgment that they've read the policy and understand the firm's specific rules. That signature isn't bureaucratic formality. It's the factual predicate that lets you demonstrate, if you ever need to, that reasonable supervisory measures were in place.

One Practical Starting Point

If you're building this from scratch, don't start with a blank document. Start with a list of every AI tool currently being used in your office, including tools your staff may be using without telling you (Grammarly, Otter.ai, and Google's AI-assisted features in Workspace all count). Map each tool to a data-handling category: does it retain inputs, does it use inputs for model training, and does the vendor have a signed agreement with you?

That inventory is the foundation. The policy grows out of it. A policy written to govern tools you don't actually use, or that ignores tools you do use, is the worst of both worlds: paperwork that creates no protection.

The NJ State Bar's Ethics Hotline (1-800-214-1425) remains an underused resource for solo attorneys who want to pressure-test a specific policy question before committing it to writing. If your policy is more than six months old, or was never written to begin with, that call is a reasonable next step.

Get the weekly roundup

New AI Sidebar articles delivered to your inbox. No spam, unsubscribe anytime.