A federal court in Kansas has drawn a hard line between open and closed AI systems in the context of discovery materials. The March 2026 ruling in Jeffries v. Harcros Chemicals grants a motion to amend a protective order to ban parties from uploading any discovery materials to publicly accessible or open-source AI tools — while expressly permitting the use of secure, closed AI systems. The decision is the most expansive judicial statement yet on the data-security risks that open AI tools pose in litigation.
Background and Facts
The litigation in Jeffries v. Harcros Chemicals Inc. arose in the District of Kansas and involved multiple parties. The defendants moved to amend the existing protective order governing discovery materials, seeking a categorical prohibition on uploading any discovery materials — documents, data, deposition transcripts, or any other materials produced or exchanged in the litigation — to publicly accessible or open-source AI tools.
The defendants advanced three distinct grounds for the amendment, each targeting a different dimension of the risk posed by open AI tools. The first was the training-data problem: publicly accessible generative AI systems continuously train on the data submitted to them by users. Unlike a document uploaded to a secure cloud server, information fed into an open AI tool becomes, in effect, part of the tool’s evolving knowledge base. There is no “clawback” mechanism — once the data has been absorbed into training, it cannot be selectively removed. This renders the standard discovery clawback provisions that govern inadvertent production of privileged materials entirely ineffective.
The second ground concerned data security more broadly, including exposure under data protection frameworks such as the GDPR. Discovery materials often contain personal data of employees, customers, or other individuals. Uploading such data to an open AI tool raises serious questions about whether the data will be retained by the provider, whether it will be used for purposes beyond the immediate query, and whether it will be accessible to the provider’s personnel or, through the provider’s systems, to third parties. These risks are not hypothetical — they have materialised in documented incidents involving corporate employees inadvertently exposing sensitive company data through AI tool use.
The third ground was distinctive: the involvement of critical infrastructure information. The court record indicated that the discovery materials included information relating to chemical manufacturing processes and supply chains. The defendants argued that the exposure of such information through open AI tools implicated national security and critical infrastructure protection concerns beyond ordinary data-privacy risks.
The plaintiffs opposed the motion. Their primary arguments were that the proposed restriction was burdensome — it would limit the litigation tools available to them — and that it implicated First Amendment concerns. They also challenged the defendants’ framing of the AI risk as overstated.
What the Court Decided and Why
The court granted the defendants’ motion and amended the protective order to prohibit the upload of discovery materials to publicly accessible or open-source AI tools. Good cause, the court found, was readily established.
On the training-data issue, the court accepted the defendants’ argument without reservation. The impossibility of clawback once data has been incorporated into an AI training set is a qualitatively different risk from the risk addressed by standard clawback provisions. Protective orders in federal litigation routinely prohibit parties from disclosing discovery materials to third parties; the court treated open AI tools as third parties for this purpose — and third parties with the additional defect that, once disclosure has occurred, it is irreversible.
The court also addressed the plaintiffs’ arguments directly. The burden concern, the court found, was mitigated by the express carve-out for secure, closed AI tools. The order did not prohibit AI assistance in litigation altogether — it prohibited only the use of tools that create irreversible disclosure risks. A party that wished to use AI to assist with analysis of discovery materials was free to do so, provided the tool operated on a closed basis with appropriate data protections.
The First Amendment argument was dismissed. The court noted that protective orders restricting the use of discovery materials for purposes beyond the litigation are standard practice and have consistently been upheld. Restricting how discovery materials may be processed — including by AI tools — is a restriction on the use of materials obtained through the coercive power of discovery, not a restriction on free expression generally.
Critically, the court also rejected the characterisation of the order as a disfavoured “umbrella” protective order. Umbrella orders — those entered without particularised showings of good cause for each category of protected material — are generally disfavoured in federal practice. But the court found that the AI-specific risks identified by the defendants constituted good cause that applied uniformly across all categories of discovery material, not merely to a subset of particularly sensitive documents. The risk of irreversible training-data absorption is not limited to confidential business information or personal data; it applies to any material fed into an open system.
The Principle Established
The Jeffries ruling establishes that open AI tools — systems that train on user inputs and cannot guarantee deletion or non-retention of submitted data — are categorically incompatible with protective-order obligations in litigation. Parties subject to a standard protective order who use open AI tools to process discovery materials are, on this analysis, in breach of their obligations under the order even if they do not intentionally disclose the materials to any human third party.
The open/closed distinction is now judicially endorsed as a meaningful legal boundary. Closed AI tools — systems that operate on private infrastructure, are contractually barred from training on user inputs, and can guarantee deletion — are permissible. Open tools are not. This binary distinction may prove difficult to maintain as AI systems evolve and as the line between open and closed configurations becomes increasingly granular, but it provides clear immediate guidance to litigants and their counsel.
Law firms that have not already audited their AI tool usage against this standard should treat Jeffries as a prompt to do so. The risk is not limited to federal litigation in Kansas: protective orders routinely contain broadly worded restrictions on third-party disclosure, and a court applying Jeffries reasoning in any jurisdiction could find that open AI tool use constitutes a violation of those restrictions.
The India Angle
The Jeffries prohibition maps with particular precision onto the professional obligations of Indian advocates. The Bar Council of India Rules impose a strict duty of confidentiality: an advocate shall not disclose the communications made to him by his client relating to the case. The question of whether uploading discovery materials or case documents to an open AI tool constitutes a “disclosure” has not been directly addressed by the Bar Council, but the Jeffries court’s reasoning — that open AI tools function as third-party recipients of data, with no effective mechanism to recover or delete what has been submitted — provides a persuasive basis for treating such uploads as disclosures for ethical purposes.
Under the Digital Personal Data Protection Act, 2023, the risk is even more concrete. Indian law classifies certain categories of personal data — including health data, financial data, and data relating to children — as sensitive, and imposes heightened obligations on entities that process such data. A lawyer who uploads documents containing such data to an open AI platform is, in effect, transferring that data to a data fiduciary outside the client’s knowledge or consent, without any contractual assurance of appropriate processing standards. This is not merely a professional risk; it is a potential statutory violation. The practical implication for Indian practitioners is straightforward: any AI tool used for client-related work must be a closed, enterprise-grade system with documented data protection commitments — or it should not be used at all.
Case Details
| Case Name | Jeffries et al. v. Harcros Chemicals Inc. et al. |
| Court | United States District Court, District of Kansas |
| Decision Date | 25 March 2026 |
| Key Issue | Whether to amend protective order to ban upload of discovery materials to open AI tools |
| Holding | Motion granted; open AI tools banned from contact with discovery materials; secure/closed AI tools expressly permitted |
| Grounds for Amendment | Irreversible training-data absorption (no clawback); data security and GDPR exposure; critical infrastructure risk |
| Significance | First judicial endorsement of a categorical open/closed AI distinction in discovery; establishes that open AI tools are incompatible with standard protective order obligations |