Your associates are already using generative AI. The question a managing partner now has to answer is whether they are using it in a way that would survive a complaint to the Law Society. In March 2026 the Ministry of Law gave that question a reference point: the Guide for Using Generative AI in the Legal Sector.
The short version. Singapore’s GenAI legal guide is a non-binding reference published by the Ministry of Law (MinLaw) on 6 March 2026, verified on mlaw.gov.sg. It does not create new law. It sets out how existing professional duties, competence, confidentiality, and honesty with clients, apply once a lawyer uses generative AI, and it gives a five-step framework for adopting the technology without breaching those duties.
This piece covers what the guide is, what part of it actually binds you, the three principles it turns on, and the first thing a small firm should do about it.
What Singapore’s guide is, and whether it binds you
The guide runs to about fifty pages. It builds on the IMDA Model AI Governance Framework for Generative AI, complements the Singapore Courts’ guide for court users, and sits under National AI Strategy 2.0. It is written for a wide audience: lawyers in private practice, in-house counsel, allied professionals like paralegals and legal technologists, alternative legal service providers, and the vendors who build legal AI tools.
On its own terms the guide is non-binding. That word does more work than it looks. The duties the guide describes are binding. Under the Legal Profession Act, a lawyer is responsible for their work product regardless of how it was produced. Rule 5 of the Professional Conduct Rules imposes duties of honesty, competence, and diligence. Rule 6 imposes the duty of confidentiality. The guide is the map from those old duties to the new tool. Ignoring the map does not move the duties.
principles the guide turns on: professional ethics with human oversight, confidentiality, and transparency with clients
MinLaw, Guide for Using Generative AI in the Legal Sector, 2026
The three principles it turns on
You stay accountable, and you keep a human in the loop
The guide is blunt that generative AI hallucinates and can carry bias, and that neither of those transfers your responsibility to the model. It asks lawyers to develop enough AI literacy to know when output is reliable and when it is not, to take ultimate responsibility for every work product, and to apply oversight proportionate to the risk.
That last point has a shape worth learning, because it is the test a court or a client will apply. The guide sorts tasks by the consequence of an error. Anything with legal, financial, or reputational weight, a court submission, a commercial contract, legal advice, gets human-in-the-loop review: a lawyer checks the facts, citations, and reasoning before the output is used. Low-risk, reversible tasks can run on human-on-the-loop oversight, meaning supervisory checks or sampling after the fact. The guide even prints the test to run before you rely on anything: can you explain how the output was verified, if asked? If the answer is no, the oversight was not enough.
Match the tool to the confidentiality of the matter
This is the principle most firms are quietly failing today. Rule 6 does not ban generative AI any more than it banned email, but it does demand that confidential client information stays protected. The guide sets out a hierarchy of tools by how much protection they give, from least to most: free-to-use consumer tools, enterprise commercial software with safety features, and in-house or private systems.
For confidential client matter, the guide points firms toward enterprise or private tools, and lists what to check: that the provider’s terms contractually prohibit training on your input, that you can meet client data-residency needs, and that the system carries real controls like encryption, audit logs, access restrictions, and independent certifications such as SOC 2 Type II or ISO 27001. Free tools are not forbidden, but only for anonymised or non-sensitive input, with retention and training switched off. Pasting a live client contract into a personal chatbot account fails this principle on every count.
Be ready to tell the client
Rule 5’s duty of honesty extends to how you use AI. The guide says to consider disclosing generative AI use to clients, and names three situations where it becomes advisable: when AI is used substantially in producing the work product, when it changes what the client is charged, and when the tool’s data handling could conflict with the client’s preferences. In practice that means a line in the letter of engagement, a plain explanation of how output is verified, and an option for the client to opt out. The annexes to the guide include a sample engagement-letter clause for exactly this.
The five steps the guide lays out
The back half of the guide is an implementation framework, mapped to three adoption stages that run from basic tools to custom-built systems. The five steps are worth keeping as a checklist:
- Build a framework. Write internal and external AI-use policies, appoint an AI lead or committee, classify your data by sensitivity, and set an incident-response process aligned with PDPC breach rules.
- Diagnose needs. Identify where AI actually helps, and score each use case on confidentiality, risk, cost, and readiness before buying anything.
- Evaluate tools with due diligence. The guide gives a vendor checklist covering data security, capability, model performance, and track record. It reminds you that you have the right to ask a vendor to demonstrate its safeguards before you subscribe.
- Implement and train. Pilot, roll out in stages, add guardrails for sensitive data, and train staff. The guide is pointed that training should build junior lawyers into competent practitioners, not just tool operators.
- Review continuously. Measure against the objectives you set, and keep the policy current as tools and rules change.
The guide ships sample templates in its annexes: an internal governance policy, an employee-handbook section, the engagement-letter clause, and a vendor evaluation checklist. A firm does not have to write these from a blank page.
What a firm should do first
Read against the guide, the exposure most firms carry is not that they are behind on AI. It is that AI is already in the building, on personal logins, with no policy, no tool standard, and no record of what was verified. The guide’s own logic points to the fix: one reviewed workflow on a system the firm controls, a written policy, and a lawyer’s sign-off on anything that leaves.
That is the same order of work whether you are a twelve-lawyer practice or a hundred. If you want to see where your firm currently sits against the three principles, our how an engagement works page walks through the diagnostic, and why AI projects fail covers the part the guide only gestures at: making the capability stick after the tool is installed. The cost of that work, and the grant that offsets it, is in what AI consulting costs in Singapore.
Common questions
Is the MinLaw generative AI guide legally binding?
No. It is non-binding guidance published by the Ministry of Law on 6 March 2026. But it interprets duties that are binding: Rule 5 and Rule 6 of the Legal Profession (Professional Conduct) Rules 2015, and a lawyer's responsibility for their work product under the Legal Profession Act. Treating the guide as optional does not make those duties optional.
Does the guide ban lawyers from using ChatGPT?
No. It bans no tool. It asks you to match the tool to the confidentiality of the data. Free-to-use tools are for anonymised or non-sensitive input only, with data retention and training switched off. Confidential client matter belongs in an enterprise or in-house system whose provider is contractually barred from training on your data.
Do we have to tell clients we use AI?
The guide says to consider it, and names three situations where disclosure is advisable: when generative AI is used substantially in the work product, when it changes what the client is charged, and when the tool's data handling could conflict with the client's preferences or data-residency needs. Many firms handle this in the letter of engagement and offer an opt-out.
What is the difference between human-in-the-loop and human-on-the-loop?
Human-in-the-loop means a lawyer reviews and verifies the output before it is used, which the guide expects for anything with legal, financial, or reputational consequence. Human-on-the-loop means supervisory checks or sampling after the fact, which it treats as enough for low-risk tasks whose output is easily reversed.