New York City Bar Issues Ethics Opinion on Lawyers' Use of AI Under the New York Rules of Professional Conduct

AI Recording Tools and the New York Rules: What the NYC Bar's Ethics Opinion Means for Your Practice

The New York City Bar Association's Professional Ethics Committee has issued an opinion on how the New York Rules of Professional Conduct apply to lawyers using AI tools to record, transcribe, or summarize conversations (see AI for Legal).

The message is clear: you can use these tools, but only with disciplined safeguards. Think consent, confidentiality, vendor controls, and accurate oversight - then document everything.

Key ethics issues you need to cover

• Consent to record (law + ethics): New York is a one-party consent state, but many jurisdictions require all-party consent. If any participant or location could trigger all-party rules, get explicit consent from everyone before hitting record.
• Confidentiality and privilege (Rule 1.6): Treat AI recorders and Speech-To-Text transcription services as third-party vendors receiving client confidential information. Use "reasonable efforts" to prevent disclosure, including strong contractual and technical protections.
• Competence (Rule 1.1): You must understand how the tool works, its limits, and the risks. Don't rely on raw transcripts or AI summaries without review. Validate accuracy when it matters.
• Supervision (Rules 5.1 and 5.3): Train your team on when and how recording is allowed. Vet and supervise vendors like you would nonlawyer assistants - because that's what they are in this context.
• Truthfulness and fairness (Rules 4.1, 4.4, 8.4): Don't record covertly where consent is required. Don't mislead opposing counsel or third parties about recording or transcription.
• Fees (Rule 1.5): Be transparent about pass-through costs for transcription and avoid billing for time the AI performed. Bill for review, analysis, and legal judgment, not machine output.
• Court and agency rules: Many courts prohibit or restrict recording proceedings or conferences without permission. Know the rule before you record.

Practical safeguards that meet the Rules

• Disclose and get consent in writing: Tell clients and participants that you use an AI-enabled recorder/transcription tool, why you're using it, what data is captured, where it's processed, and how it's secured. Capture consent on the record and in writing.
• Lock down vendor risk: Use providers that offer encryption in transit/at rest, role-based access, audit logs, regional data controls, and explicit "no training on your data" terms. Sign a DPA/BAA if applicable.
• Control settings: Disable data retention for model training. Restrict sharing. Enable deletion schedules. Use private storage where possible.
• Narrow the scope: Record only what you need. Pause for privileged strategy, sensitive identifiers, or off-the-record parts of a call.
• Review before reliance: Check transcripts and AI summaries for accuracy before using them in advice, filings, or discovery responses.
• Jurisdiction check: For multi-state or cross-border calls, apply the strictest consent rule involved.
• Incident posture: Document an incident response plan specific to recording/transcription data (who, how, and when to notify if something goes wrong).

Common scenarios and how to handle them

• Client intake or strategy calls: Get all-party consent. Announce recording at the start and note it in your file. Pause for privileged strategy and internal discussion.
• Witness interviews: Confirm consent up front. Consider whether recording could chill cooperation or create discoverable material. If you record, use a secure tool and store with restricted access.
• Meetings with opposing counsel or third parties: Do not record without explicit consent. Surreptitious recording can violate law, ethics, or both.
• Court conferences or proceedings: Check the specific court rule. Many prohibit recording without permission. When in doubt, don't record.
• Internal team calls: Internal recordings still carry client confidences. Apply the same vendor and security controls.

Engagement letter language to consider

• We may use secure AI-enabled tools to record and transcribe calls/meetings to improve accuracy and efficiency.
• Data will be encrypted and not used to train public models.
• You may opt out at any time; we will then disable recording for your matters.
• We will review and verify transcripts before relying on them for legal work product.
• Any third-party costs will be disclosed and billed transparently.

Vendor due diligence checklist

• Security: Encryption in transit/at rest, SSO/MFA, granular access control, audit logs.
• Privacy: No data training without consent, data location options, deletion timelines, subprocessor list.
• Contracts: Confidentiality, breach notice timelines, indemnities, IP ownership of outputs, discovery response process.
• Controls: Admin policy enforcement for recording defaults, retention, sharing, and export.
• Evidence: Third-party security reports/certifications (e.g., SOC 2 Type II).

Policy outline for your firm

• Approved tools and use cases
• Consent requirements and scripts
• Recording and redaction standards (what not to capture)
• Storage, retention, and deletion timelines
• Review and quality control steps before reliance
• Disclosure and billing practices
• Training and periodic audits
• Incident response and client notification

For source rules, see the New York Rules of Professional Conduct here, and the NYC Bar's ethics opinions archive here.

If your team needs structured upskilling on safe, effective AI use, explore job-specific training options here.