News EnglishArtificial Intelligence in Legal Practice: The real risk is legal, not technological

Generative Artificial Intelligence (GenAI) has rapidly evolved from an experimental technology into a tool with concrete applications in the business and legal environments. Currently, its use—whether institutionally or even informally within organizations, has expanded to tasks such as drafting contracts, preparing legal opinions, conducting legal audits, performing comparative analyses of regulatory provisions, and translating complex legal documents.

Its adoption offers significant benefits in terms of efficiency, consistency, and resource optimization, enabling organizations to reduce operational burdens and streamline processes that have traditionally been time-intensive. However, its implementation also presents important challenges, particularly when these tools are involved in activities that require technical judgment, professional discretion, or highly specialized knowledge. In such cases, the absence of appropriate supervision, validation, and control mechanisms may result in legal, regulatory, and reputational risks for organizations.

Myth vs. Reality. 

The most common myth we frequently hear is: “If Artificial Intelligence (AI) generated it, no one is accountable; it’s just a tool.” In reality, AI is precisely that: a tool, not a substitute for professional judgment.

There are still people responsible for the deliverables. Companies are accountable for how they use these technologies and for the controls they establish, and advisors are obliged for the quality of their advice and the oversight of the information generated.

AI does not eliminate accountability; it makes it more visible and requires clear oversight controls.

Most common risks:

1. Convincing errors: “standard” clauses that do not actually exist, inconsistent definitions, or incorrect legal references, drafted with apparent confidence.
2. Information leaks: uploading personal data, trade secrets, or confidential information to public tools or platforms without proper contractual agreements.
3. Lack of traceability: being unable to identify which prompt was used, which version of the document was approved, or which sources support its content.
4. Breach of contract: offering the client “expert review” when in reality automation was used without sufficient supervision, or failing to meet confidentiality and security obligations towards vendors.

Transparency of Legal Counsel in Mexico.

To date, Mexico does not have a “General AI Law” applicable to all corporate uses. However, this does not mean that the use of these tools is unregulated.

Several legal obligations remain fully in force: confidentiality, personal data protection, contractual duties, reasonable security standards, and civil or contractual liability. Furthermore, ethical and professional standards apply, raising the level of diligence expected of legal advisors.

In 2025, the Mexican Bar Association (BMA) published guidelines for the responsible use of Artificial Intelligence. The guidelines emphasize a focus on transparency with the client, which involves explaining the benefits, risks, and limitations of AI-assisted work in the context of legal representation.

In practice, there are at least two rules that should be formalized as internal policy:

1. AI can support the work, but it does not replace professional judgment.
2. Transparency with the client: disclose the role AI played in the work performed, its limitations, and the verification and control measures applied to the result (in line with the guidelines issued by the BMA)

Furthermore, the Mexican Judiciary has already discussed the use of AI in judicial proceedings through criteria that emphasize minimum standards of transparency and human oversight. Although these criteria do not directly regulate companies, they do reflect a clear trend in the legal environment: AI may be used, but there must be demonstrable control and oversight.

Practical Checklist for Using AI in Legal Consulting.

1. Internal AI Policy: Define permitted and prohibited uses, responsible parties, and approval levels.
2. Information Classification: Establish a clear rule prohibiting the uploading of trade secrets, intellectual property, personal data, or sensitive information to public or non-contracted tools.
3. Traceability: Maintain a log of prompts, sources used, document versions, and relevant changes.
4. Mandatory human review: No AI-generated results should be escalated without prior human review and random quality testing (sample testing) with documented evidence.
5. Vendor due diligence: Evaluate security, sub-processors, data location, and retention policies.
6. Contractual clauses: Include provisions regarding confidentiality, liability, auditing, intellectual property, and limits on the use of the technology.
7. Training: Train the team to use AI correctly as a support tool and to identify “red flags” (non-existent citations, contradictions, overly confident tone, or fabricated data).
8. Incident reporting channel: establish a clear procedure for reporting and managing data breaches, information distortions, or material errors.

AI can streamline legal work. What it cannot do is replace the accountability of those who use it.

The conversation about artificial intelligence no longer revolves solely around productivity; today, it is about rules, oversight, and accountability. Organizations that integrate it with clear guidelines, confidentiality controls, and documented verification can achieve efficiency without sacrificing trust.

In Mexico, by 2026, the discussion is no longer whether Artificial Intelligence will be used, but under what rules of governance, oversight, and accountability it will be implemented within organizations. In an environment where its adoption is advancing faster than regulation, the use of AI requires documented processes, human oversight, and clear standards of transparency and accountability.

In this sense, AI ceases to be a risk and becomes a tool: useful for accelerating drafts, organizing information, and standardizing processes, but always subject to human judgment and verifiable controls.

When well-managed, it can support decision-making. When misused, it will amplify errors and expose sensitive information. This is why the real challenge is not using AI, but using it with control, oversight, and traceability.

In summary, the integration of emerging technologies into the business and legal environment represents a strategic opportunity that must be approached with vision, prudence, and responsibility. At VAHG, we are committed to supporting our Clients in this process, providing comprehensive advice to address these challenges with legal certainty, so that innovation and ethics advance in alignment. We are convinced that, through the right approach, it is possible to build an environment where technology and the legal framework coexist harmoniously, securely, and sustainably.

In this regard, our support focuses on three fundamental pillars: (i) the design and implementation of internal policies for the responsible use of artificial intelligence; (ii) the identification and mitigation of contractual, regulatory, and data protection risks; and (iii) the establishment of oversight, governance, and control mechanisms that enable technology adoption aligned with each organization’s objectives and values.

 

Elvia Rios Saldaña| Partner +52 (33) 38171731 Ext. 228 |erios@vahg.mx

Ana Karen Inzunza Sanchez | Partner +52 (33) 38171731 Ext. 235 | ainzunza@vahg.mx

  

Luis Andrés Estrada Intriago | Senior Associate

+52 (33) 38171731 Ext. 224 | lestrada@vahg.mx 

 

Valeria Hernández Orozco | Paralegal

+52 (33) 38171731 Ext. 227 |vhernandez@vahg.mx

 

**The publication of this document does not constitute legal, accounting or professional advice of any kind, nor is it intended to be applicable to particular cases. This document refers to laws applicable in Mexico.