California attorney · CA Bar #279869

AI compliance attorney for law firms

I'm Sergei Tokmakov, a California attorney and a daily AI user since the GPT-3 beta. I run ethics-compliant AI rollouts for solo and small-firm attorneys against CA RPC 1.1, 1.6, 5.3 and ABA Formal Opinion 512, with cross-border coverage for the EU AI Act, California ADMT, and the Colorado AI Act. Flat-fee work, written deliverables, no offshore handoffs.

1,500+contracts drafted
700+Upwork reviews
14+years in practice
100%job-success score
CA RPC 1.1 + 1.6 + 5.3 · ABA Formal Op. 512
Quick answer

California Rules of Professional Conduct 1.1 (competence), 1.6 (confidentiality), and 5.3 (non-lawyer supervision), combined with ABA Formal Opinion 512 (July 2024), require lawyers to understand their AI tools, supervise outputs, protect client data, and disclose AI use where it materially affects the work. The California State Bar's November 2023 Practical Guidance is the state-specific companion. Cross-border firms also navigate the EU AI Act (Regulation (EU) 2024/1689), California ADMT regulations under CPRA, and the Colorado AI Act (effective February 2026). The fix is a written AI Use Policy plus vendor diligence plus a documented supervision record.

RPC 1.1
Competence + tech duty
RPC 1.6
Confidentiality on AI inputs
RPC 5.3
Non-lawyer supervision
RPC 1.5
Fee reasonableness on AI work
Quick CRPC risk check
3 questions on your firm's AI compliance posture
Do you have a written AI use policy?
BAA / DPA with each AI vendor?
Outputs reviewed before client send?
Risk score
--
Answer the 3 questions for a posture estimate.
Full AI Workflow Risk Map below →I am a CA-licensed attorney; this is screening, not formal advice.

What I do for AI implementation in law firms

1

Map the firm's AI use to RPC 1.1 and 1.6.

Competence under RPC 1.1 includes technological competence, RPC 1.6 protects confidentiality on AI inputs. I map the firm's stack to both rules and identify gaps.

RPC 1.1 + 1.6
2

Build the AI-use policy that proves compliance.

California State Bar's January 2024 guidance expects firms to have a written AI policy. I draft it so the firm has documentary proof of compliance for ethics-counsel inquiries.

Bar guidance 2024
3

Draft client-disclosure language.

RPC 1.4 communication duty includes disclosing AI use that affects representation. I draft the engagement-letter and intake-form language that satisfies disclosure without scaring clients.

RPC 1.4
4

Anchor fee reasonableness under RPC 1.5.

If AI shortens the work, RPC 1.5 reasonableness of fees applies. I draft fee-agreement language that handles the AI-efficiency question cleanly.

RPC 1.5

Why this calls for an attorney, not a consultant

DIY / template

What a self-written letter misses

  • Adopts AI without RPC 1.1, 1.6, 5.3, 1.4 mapping
  • Cannot prove competence or confidentiality compliance
  • Misses non-lawyer supervision under RPC 5.3
  • Has no client disclosure or fee-reasonableness rationale
Attorney letter

What the attorney letter does

  • Maps the firm's AI stack to RPC 1.1, 1.6, 5.3, 1.4
  • Builds the AI-use policy that proves compliance
  • Drafts client-disclosure language for engagement letters
  • Anchors fee reasonableness under RPC 1.5

California Rules of Professional Conduct already cover AI, the gap is most firms have not written the policy that proves compliance.

The controlling law and guidance

Why proof matters. My own practice runs on AI daily. The Terms.Law chatbox is Claude Opus 4.7 via the Anthropic API. The Opus tools on /tools/* are the same. Document generators across the site use Claude Code. I write AI Use Policies for clients while running a public AI-implementation lab on my own domain. That is the proof point: I do the same work I am proposing to do for your firm, with the same ethics guardrails, and the practice is documented.
CRPC compliance scanner

AI Workflow Risk Map

Toggle each control your firm has in place. The score moves in real time and the CA Rules of Professional Conduct grid lights up as gaps close. This is the same audit I run before quoting a $2,500 AI Use Policy build.

15 AI-governance controls

AI governance score
0 / 100

Rule-by-rule compliance

Scoring is illustrative and based on the California State Bar's January 2024 AI guidance plus CRPC. Actual compliance posture depends on documentation, training records, and how the policy maps to the firm's matter mix. Email me at owner@terms.law for a scoped audit.

What clients send me

Before the audit kicks off, I ask for the following so the deliverable is grounded in your actual practice, not a generic template:

  • A list of every AI tool currently in use across the firm (Claude, ChatGPT, Copilot, Gemini, niche legal-AI products, document generators, intake bots)
  • The TOS, master subscription agreement, or BAA for each AI vendor, including any data-processing addenda
  • A short description of the workflows AI currently supports (drafting, redlining, intake, summarization, research, marketing)
  • The current data-classification regime (what counts as confidential, what counts as privileged, what is OK to share with vendors)
  • Engagement letter and intake form templates in current use
  • Any existing AI Use Policy, ethics opinion, or vendor-approval process (formal or informal)
  • The firm's structure (number of attorneys, paralegals, contractors, support staff) and rough practice-area mix
  • Cross-border exposure: EU clients, EU attorneys, Colorado clients, healthcare clients, financial-services clients
  • Recent client questions or RFP responses on AI governance (clients are increasingly asking)
  • Any malpractice insurance carrier requirements around AI use

If you do not have all of the above, send what you have. The audit interview is partly about filling in the gaps.

What I send back

$2,500

What you get

  • A written AI Use Audit memo summarizing current tools, current workflows, current data flows, and compliance gaps under CA RPC 1.1, 1.4, 1.5, 1.6, and 5.3 plus ABA Op. 512
  • A vendor diligence matrix scoring each AI vendor against confidentiality, training, retention, security, and contract-term metrics
  • A written AI Use Policy (typically 10-15 pages) tailored to your practice areas and approved-tools list
  • A client AI disclosure addendum drafted for your engagement letter
  • A one-hour live training session, recorded for staff who cannot attend live
  • Two rounds of revisions over 30 days

For the $3,500-$5,000 Implementation Package, everything in the audit package plus the custom workflow build, training for up to 10 staff, and 30 days of post-deployment support. Scope and fee fixed in writing before work starts.

How the engagement runs

1
Send stack

List of AI tools + TOS / BAAs.

2
Audit

Map workflows to RPC 1.1, 1.4, 1.5, 1.6, 5.3.

3
Vendor matrix

Score each vendor on training/retention.

4
Draft policy

10-15 page AI Use Policy.

5
Train staff

One-hour live training, recorded.

6
Revise

Two rounds of revisions over 30 days.

Choose your path

Start here if

Hourly advisory

$240/hr
  • One AI vendor contract needs review
  • Specific RPC 1.1 or 1.6 question
  • No retainer
Accept hourly - $240
Most common

Audit + Policy

$2,500
  • Firm-wide AI use audit and written policy
  • Vendor diligence matrix + client disclosure
  • One-hour live training (recorded)
Accept audit - $2,500
Start here if

Full implementation

$3.5-5k
  • Custom workflow build + document generator
  • Team training (up to 10 staff)
  • 30-day post-deployment support
Email for quote

Pricing

One-off

Hourly Advisory

$240 / hr
  • AI vendor contract review
  • Specific AI ethics question (written opinion)
  • Single-document review (engagement letter, policy addendum)
  • Written response within two business days
  • No retainer
Flat fee

AI Use Audit + Policy

$2,500 · flat
  • Firm-wide AI use audit
  • Written AI Use Policy (10-15 pages)
  • Vendor diligence matrix
  • Client AI disclosure addendum
  • One-hour live training (recorded)
  • Two rounds of revisions over 30 days
Custom quote

Full Implementation

$3,500-$5,000 custom
  • Everything in the Audit + Policy package
  • Custom workflow design (intake, drafting, generation)
  • Document-generator setup on your domain or mine
  • Team training (up to 10 attorneys/staff)
  • 30-day post-deployment support
  • Scope and fee fixed in writing before work starts
Email me for a quote

Related on Terms.Law

Service page
AI Implementation for Law Firms (full overview)
Transparency
My AI Stack - what I use, how I keep it ethical
Case studies
Anonymized AI implementation engagements
Guide
AI for Solo Lawyers - starter policy + tool picks
Free Opus tool
AI Compliance Assessor for Law Firms
Hub
All 17 California practice areas

Frequently asked questions

You
Does using AI in legal practice violate CA RPC 1.1?
S
No, not by itself. California Rule of Professional Conduct 1.1 (competence) requires that I understand the technology I use, including its benefits and risks. The State Bar's November 2023 Practical Guidance on Generative AI is clear: I can use AI, but I must supervise outputs, verify citations, and not rely on AI for legal judgment. Refusing to use AI when it would benefit a client can itself raise competence concerns. ABA Formal Opinion 512 (July 2024) operationalized this standard nationally.
You
What about confidentiality under CA RPC 1.6?
S
Rule 1.6 prohibits revealing client information without informed consent. That means free-tier ChatGPT, which trains on inputs by default, is unsafe for client-confidential material. The fix is contractual: enterprise plans that disable training, APIs that do not retain prompts, or aggressive redaction before pasting. A written AI Use Policy locks this in across the firm and creates the supervision record. I have audited firms that thought they were "just using ChatGPT" and were quietly leaking privileged matter into training data for months.
You
Do I need a written AI Use Policy?
S
If you have any non-lawyer staff (paralegals, assistants, contractors), yes. CA RPC 5.3 makes you responsible for supervising non-lawyer assistants, and the State Bar's guidance treats AI tools as such. A written policy documents your supervision system: which tools are approved, what data is allowed, who reviews outputs, and how you handle client disclosure. Without it, a future bar complaint has no record of your guardrails. Even a solo with no staff benefits from a policy for engagement-letter consistency.
You
What's ABA Formal Opinion 512?
S
ABA Formal Opinion 512 (July 2024) is the bar's first comprehensive guidance on generative AI. It addresses competence (Model Rule 1.1), confidentiality (1.6), supervision (5.1, 5.3), communication (1.4), fees (1.5), and candor to tribunals (3.3). California's State Bar Practical Guidance (November 2023) is the state-specific companion. Both are foundational reading for any firm rolling out AI; my audits include a compliance walkthrough against both documents.
You
What is California ADMT?
S
California's Automated Decision-Making Technology (ADMT) rules under the California Privacy Rights Act (CPRA) regulate businesses that use AI for significant decisions about consumers. The California Privacy Protection Agency (CPPA) finalized ADMT regulations governing pre-use notice, opt-out rights, and risk assessments. Law firms that use AI for client intake decisions, fee structures, or matter routing may be in scope. I run an ADMT applicability check for any firm with consumer-facing AI features and document the result in writing.
You
What about the EU AI Act?
S
The EU AI Act (Regulation (EU) 2024/1689) is extraterritorial: it applies to any AI system whose output is used in the EU, regardless of where the provider is located. For US law firms with EU clients, EU-based attorneys, or EU end-users, the Act creates compliance obligations around risk classification, transparency, and (for high-risk systems) registration and conformity assessments. I assess EU AI Act exposure as part of the audit for any firm with cross-border activity.
You
What about the Colorado AI Act?
S
Colorado's AI Act (Colo. Rev. Stat. § 6-1-1701 et seq., effective February 1, 2026) regulates "high-risk artificial intelligence systems" that make consequential decisions affecting consumers in employment, education, financial services, healthcare, housing, insurance, and legal services. Developers and deployers have notice, risk-management, and impact-assessment obligations. Firms serving Colorado clients with AI-assisted intake, pricing, or scoping decisions may be in scope. The audit includes a Colorado AI Act applicability check.
You
Which AI tools do you recommend for legal work?
S
I do not recommend tools generically; I match tools to the data classification and the use case. Claude (Anthropic) Team and Enterprise plans, ChatGPT Team and Enterprise, and Microsoft Copilot for M365 are the three I most often clear for client-confidential work because they contractually disable training. I avoid free-tier ChatGPT, Google Gemini free tier, and any vendor whose TOS reserves broad rights to train on inputs. The right tool depends on your practice areas and data, not on which model is "smartest" at the moment.
You
How do I bill for AI-assisted work?
S
CA RPC 1.5 prohibits unreasonable fees. If AI compresses a four-hour task to forty minutes, you bill forty minutes, not four hours. The efficiency gain belongs to the client. What you can bill for: prompt engineering, output review, the judgment work AI cannot do, and the time you spend tailoring AI output to the matter. Flat-fee engagements largely solve this; hourly engagements need engagement-letter language that explains what is and is not billable. I draft that language as part of the audit.
You
What if AI hallucinates a citation in my filing?
S
Rule 3.3 (candor to the tribunal) makes you responsible for what you file. Several attorneys have been sanctioned for filing briefs with fabricated AI-generated citations. The fix is verification: every cite gets checked against the primary source before it leaves the firm. My AI Use Policy templates include an explicit citation-verification checklist as a mandatory step. The doctrinal principle is simple: the lawyer is the supervising authority over the AI, just as the lawyer is over a junior associate.

Ready to put real guardrails around your firm's AI use?

Email me the firm size, primary practice areas, and current AI tools. I'll respond same day with a scoped proposal.

Email owner@terms.law