A senior UK immigration tribunal has issued a warning that any regulated legal professional who uploads client letters or Home Office decision letters to an open AI tool such as ChatGPT is placing that information in the public domain, breaching client confidentiality, and waiving legal privilege — and must report the breach to their regulator and the Information Commissioner’s Office. The November 2025 ruling in R (Munir) v Secretary of State for the Home Department is the most explicit judicial statement yet from a common law jurisdiction on the privilege consequences of open AI tool use.
Background and Facts
The substantive dispute in R (Munir) v Secretary of State for the Home Department arose in the Upper Tribunal (Immigration and Asylum Chamber) in England and Wales. The case concerned immigration proceedings against the Secretary of State for the Home Department — the standard respondent in judicial review proceedings challenging Home Office decisions on immigration and asylum matters.
The AI dimension of the case arose, as it increasingly does, as a secondary issue that the tribunal saw fit to address in its judgment. The precise circumstances that prompted the tribunal’s observation are not exhaustively detailed in the public record, but the context is readily reconstructable. Lawyers and immigration advisers regularly handle large volumes of client correspondence and Home Office decision letters in the course of immigration proceedings. These documents are often lengthy, densely worded, and drafted in administrative language that requires careful reading to fully comprehend. The temptation to run such documents through a generative AI tool for summarisation or initial analysis is understandable — and, the tribunal made plain, seriously misconceived when an open tool is used.
The tribunal’s observation was expressed in the following terms, which merit quotation in full: “We also observe that to put client letters and decision letters from the Home Office into an open source AI tool, such as ChatGPT, is to place this information on the internet in the public domain, and thus to breach client confidentiality and waive legal privilege, and thus any regulated legal professional or firm that does so would, in addition to needing to bring this to the attention of their regulator, be advised to consult with the Information Commissioner’s Office. Closed source AI tools which do not place information in the public domain, such as Microsoft Copilot, are available for tasks such as summarising without these risks.”
What the Court Decided and Why
The tribunal’s statement is an observation rather than a binding holding on the specific facts of the case — but judicial observations by a superior tribunal carry significant persuasive weight, particularly when expressed with the clarity and directness that characterises this passage. The tribunal was not hedging. It stated, flatly, that uploading client information to an open AI tool is a breach of client confidentiality and a waiver of legal privilege.
The reasoning rests on a characterisation of how open AI tools function: information submitted to an open AI tool is, on the tribunal’s analysis, placed “on the internet in the public domain.” This reflects a functional understanding of what happens to data submitted to mainstream generative AI systems. While the precise mechanisms vary by provider and configuration, the concern is well-founded: open AI systems in their standard configurations retain submitted data, may use it for model training, and do not guarantee that the information will remain confidential or be deleted on request. The practical effect of submitting a client document to such a system may be indistinguishable, from a confidentiality standpoint, from publishing it online.
The consequences the tribunal identified are threefold. First, the conduct constitutes a breach of client confidentiality — the foundational professional obligation of every regulated legal professional in England and Wales, whether a solicitor governed by the Solicitors Regulation Authority or a barrister governed by the Bar Standards Board. Second, it waives legal privilege — the protection that shields legally privileged communications from compelled disclosure in proceedings. Once privilege is waived, it cannot be restored; the information enters the public domain, and no subsequent assertion of privilege over the same material will succeed. Third, the tribunal specifically directed that such a breach must be reported to the relevant regulator and to the Information Commissioner’s Office — the UK’s data protection authority — reflecting the parallel personal data obligations that arise when client data is exposed through an AI platform.
The tribunal also provided an explicit safe harbour: closed-source AI tools that do not place information in the public domain, with Microsoft Copilot offered as an example, are available for tasks such as summarisation without these risks. This open/closed distinction aligns with the framework that American courts have simultaneously been developing in cases like Jeffries v. Harcros and Morgan v. V2X.
The Principle Established
The Munir ruling is significant for several reasons beyond its immediate application to immigration practice in England and Wales. It is the first time a UK tribunal has explicitly stated that using an open AI tool for legal work waives privilege — a proposition with sweeping practical implications for every area of practice, not merely immigration.
The ruling also makes explicit a chain of consequences that many practitioners have been vaguely aware of but have perhaps not fully confronted. It is not merely that open AI tool use is risky or inadvisable. On the tribunal’s analysis, it is a breach of confidentiality, a waiver of privilege, a reportable event to the professional regulator, and a matter requiring consultation with the data protection authority. This is a spectrum of consequences that goes well beyond a gentle caution to be careful. It is, in effect, a warning that the conduct constitutes professional misconduct that must be self-reported.
The global resonance of this reasoning cannot be overstated. Common law jurisdictions worldwide — including India, Australia, Canada, Singapore, and the various Caribbean jurisdictions that follow English legal traditions — share the foundational principles of legal professional privilege and advocate confidentiality that underpin the tribunal’s analysis. While the specific regulatory consequences will vary by jurisdiction, the core proposition that open AI tool use with client documents constitutes a confidentiality breach and privilege waiver translates directly across common law systems.
The India Angle
The Munir tribunal’s analysis has direct and immediate implications for Indian advocates. The Indian legal system is deeply rooted in English common law tradition, and the principles of legal professional privilege and advocate confidentiality that the tribunal applied derive from the same jurisprudential foundations as their Indian counterparts under Sections 126 to 129 of the Indian Evidence Act, 1872. An Indian advocate who uploads a client’s letter, a court order, or any other privileged document to ChatGPT or a similar open AI tool is, on the Munir reasoning, committing a breach of professional confidentiality and potentially waiving the privilege that attaches to those documents.
The regulatory consequences in India differ from those in England and Wales, but they are no less serious. The Bar Council of India Rules on professional standards prohibit advocates from disclosing client information. A breach may attract disciplinary action under the Advocates Act, 1961. In parallel, under the Digital Personal Data Protection Act, 2023, client documents submitted to an open AI platform constitute personal data processing — without the client’s knowledge or consent — by an entity outside the advocate’s control. The DPDPA’s framework requires that data be processed only for specified purposes, with appropriate safeguards, and with the data principal’s awareness. None of these requirements are met when a document is uploaded to an open AI tool in the course of legal work. Indian advocates would be well advised to treat the Munir warning as directly applicable to their practice: use only closed, enterprise-configured AI tools for client-related work, maintain a record of the data protection commitments made by any AI provider used, and ensure that clients are not left exposed by the advocate’s own choice of technology.
Case Details
| Case Name | R (Munir) v Secretary of State for the Home Department |
| Court | Upper Tribunal (Immigration and Asylum Chamber), England and Wales |
| Decision Date | 17 November 2025 |
| Key Observation | Uploading client letters or Home Office decision letters to an open AI tool (e.g. ChatGPT) places information in the public domain, breaches client confidentiality, and waives legal privilege |
| Consequence | Regulated legal professionals must report the breach to their regulator and consult the Information Commissioner’s Office |
| Safe Harbour | Closed-source AI tools (e.g. Microsoft Copilot) that do not place information in the public domain are permissible for tasks such as summarisation |
| Significance | First UK tribunal ruling that open AI tool use with client documents constitutes a privilege waiver and confidentiality breach requiring mandatory self-reporting; directly applicable across common law jurisdictions including India |