- First federal court ruling to address attorney-client privilege waiver via consumer AI use.
- Court applied the Kovel doctrine framework: third-party disclosure waives privilege absent functional-equivalent agency.
- Vendor tier matters. Enterprise AI agreements with no-training and no-retention terms are factually distinguishable from consumer tier use.
- Operational consequence: every firm that wants its consumer-tier AI use to remain privileged needs to address it in the engagement letter, the vendor agreement, or both.
Heppner v. United States.
Disclosure of confidential client information to a consumer-tier generative AI service (here, ChatGPT) may constitute a waiver of attorney-client privilege and work-product protection where the vendor's terms of service permit the vendor to retain, review, or train models on user submissions. The privilege analysis under federal common law treats the AI vendor as a third party absent a Kovel-equivalent agency relationship.
What happened. #
A federal civil action arose from a fee dispute in which one of the parties discovered that the opposing attorney had used ChatGPT (free or Plus tier, consumer-grade) to draft work-product materials including client-fact summaries. The opposing party moved for production of those materials and any related OpenAI-side records, arguing that the disclosure to OpenAI waived privilege. The court took the motion as the occasion to address, in 2026, the first federal-court analysis of consumer-tier AI use as a potential privilege event.
The holding. #
Disclosure of confidential client information to a consumer-tier generative AI service (here, ChatGPT) may constitute a waiver of attorney-client privilege and work-product protection where the vendor's terms of service permit the vendor to retain, review, or train models on user submissions. The privilege analysis under federal common law treats the AI vendor as a third party absent a Kovel-equivalent agency relationship.
The court's reasoning. #
Judge Rakoff applied the federal common-law approach to attorney-client privilege, including the functional-equivalent doctrine articulated in United States v. Kovel, 296 F.2d 918 (2d Cir. 1961). The Kovel framework permits non-attorney assistants to fall within the privilege when their role is necessary to the lawyer's rendering of legal advice, but the doctrine requires an agency relationship and an expectation of confidentiality. A consumer-tier AI vendor whose terms permit retention, review, or training on user inputs is, on the face of the contract, not subject to the firm's confidentiality expectations. The court reserved that an enterprise-tier arrangement with explicit no-training and no-retention provisions might produce a different result. The work-product analysis tracked the privilege analysis.
Operational implications. #
For firms, Heppner is the case to read before drafting an AI-use engagement-letter clause. Three immediate operational changes follow. First, the firm's AI policy must distinguish consumer tier from enterprise tier and restrict client-data use to the enterprise tier with verified terms. Second, the engagement letter should disclose that AI tools are used and identify them by name, vendor, and tier. Third, the firm should keep documentation of each vendor's data-handling terms at the date of use, because the privilege analysis depends on what the contract said when the disclosure happened, not on what the vendor's current homepage says. The IXSOR vendor-diligence redline guide covers the specific clauses the firm should be looking for.
Primary sources. #
- United States v. Kovel, 296 F.2d 918 (2d Cir. 1961)
- Federal Rule of Evidence 502 (privilege waiver)
- ABA Formal Opinion 512 on AI confidentiality
This is a case brief, not legal advice. Dan Hughes is not an attorney; IXSOR does not provide legal services.