Is AI Governance Consulting the Unauthorized Practice of Law?

Blog post description.

6/28/20265 min read

a group of purple cubes hanging from a metal bar
a group of purple cubes hanging from a metal bar

🚨 Is AI Governance Consulting the Unauthorized Practice of Law?

⚖️ The Answer Depends on What the Consultant Is Actually Doing.

AI governance consulting is not automatically the unauthorized practice of law.

But it can cross that line quickly.

That is the uncomfortable issue many lawyers, consultants, law firms, and businesses are not talking about enough. AI governance sounds like business consulting. It sounds operational. It sounds strategic. It sounds like helping an organization create rules, workflows, approvals, policies, and oversight.

And sometimes that is exactly what it is.

But AI governance can also involve privacy law, employment discrimination, cybersecurity, consumer protection, contracts, professional responsibility, board oversight, data protection, confidentiality, privilege, and regulatory compliance.

At that point, the question becomes harder:

Is the consultant helping the organization manage AI risk, or is the consultant giving legal advice?

That distinction matters.

🔍 Why AI Governance Creates Legal Risk

AI governance is a broad phrase.

It can include tool inventories, employee training, vendor review, AI use policies, risk assessments, internal reporting structures, board updates, incident response plans, and documentation systems.

Much of that work may be operational.

But the moment the consultant starts interpreting legal obligations or applying law to specific facts, the work may begin to look like the practice of law.

For example, there is a difference between saying:

“Your organization should have a process for reviewing AI tools before employees use them.”

And saying:

“Your company’s current AI hiring tool creates legal exposure under California employment law, and here is what you must do to comply.”

The first may be governance consulting.

The second sounds a lot like legal advice.

That does not mean lawyers cannot do it.

It means the role must be clear.

🧠 The Problem With “AI Compliance” Marketing

One of the biggest risks in this space is marketing.

Consultants are selling services with phrases like:

AI compliance
AI legal risk assessment
AI regulatory readiness
AI employment bias audit
AI privacy compliance review
AI board liability assessment
AI law firm ethics policy

Those phrases may attract clients.

They may also create legal problems if the person providing the service is not authorized to practice law or if the attorney involved has not structured the work properly.

A nonlawyer consultant who tells a business what the law requires may be crossing into unauthorized practice of law. A lawyer who partners with nonlawyers in a way that allows them to deliver legal conclusions may also create ethics problems.

The issue is not whether the phrase sounds impressive.

The issue is what the client is actually receiving.

💣 When AI Consulting Starts Looking Like Legal Advice

AI governance consulting may start looking like legal advice when the consultant does things like:

Interprets statutes, regulations, or ethics rules
Applies law to the client’s specific facts
Advises whether a company is compliant or noncompliant
Drafts legal policies tied to legal obligations
Assesses liability exposure
Advises a board on fiduciary duties
Reviews contracts for legal risk
Tells a law firm what attorney ethics rules require
Recommends legal steps to avoid lawsuits or regulatory action

That does not mean every AI governance project is legal work.

But these tasks are not just “strategy.” They involve legal judgment.

And legal judgment is where the unauthorized practice of law issue starts to breathe down everyone’s neck.

🛡️ Why This Matters for Attorneys

Attorneys entering AI governance have a major advantage.

They understand legal risk. They know how lawsuits happen. They understand confidentiality, privilege, regulatory exposure, professional responsibility, and documentation. They can spot problems a purely technical consultant may miss.

That is why attorneys are valuable in this space.

But that value comes with obligations.

A lawyer cannot hide behind the word “consultant” if the lawyer is actually providing legal advice. A lawyer also cannot casually lend legal credibility to a nonlawyer consulting company that is giving clients legal conclusions.

If the work is legal, structure it as legal.

If the work is consulting, make the boundaries clear.

If the work combines both, say so in the engagement agreement and document the scope carefully.

The danger is not offering AI governance services.

The danger is being vague.

🔐 Why This Matters for Clients

Businesses also need to understand the difference.

A company may hire an AI governance consultant thinking it has received legal guidance. Then later, when a regulator, employee, customer, investor, or opposing counsel challenges the company’s AI practices, the company may discover that the consultant was not providing legal advice at all.

That can create several problems.

The company may not have privilege.
The consultant may not have been qualified to interpret the law.
The recommendations may not be legally sufficient.
The company may have relied on advice that was really just business guidance with legal-sounding packaging.

That is not a small misunderstanding.

That is a governance failure wearing a nice font.

⚠️ The Nonlawyer Consultant Problem

There are excellent nonlawyer AI consultants.

Some understand data governance, cybersecurity, model risk, procurement, technical systems, and operational workflows far better than most lawyers do.

This is not about lawyers pretending they are the only adults in the room.

Good AI governance often requires a team.

But nonlawyer consultants need to be careful when their services move from operational guidance into legal interpretation. They can explain technical risk. They can help map workflows. They can support implementation. They can help design training and accountability systems.

But telling a business what the law requires is different.

That is where lawyers must be involved.

And if lawyers are involved, they need to be involved in a way that preserves professional independence, protects confidentiality, avoids improper fee-sharing, and clearly defines who is responsible for legal advice.

📌 How to Stay on the Right Side of the Line

The best protection is clarity.

AI governance engagements should define the role, scope, and limits of the work from the beginning.

The engagement should answer:

Is this legal advice, consulting, or both?
Who is providing the legal analysis?
Who is responsible for final recommendations?
Are nonlawyers involved?
Is attorney-client privilege intended to apply?
What jurisdictions are being addressed?
Are clients being told what the law requires, or only receiving general education?
Are disclaimers clear and consistent with the actual work?

This should not be buried in fine print.

Clients should understand what they are buying.

Lawyers should understand what they are selling.

Consultants should understand where their lane ends.

🧭 AI Governance Is Not Just a Tech Issue

AI governance is often treated like a technology project.

That is a mistake.

AI governance involves people, data, decisions, accountability, documentation, vendors, employees, customers, regulators, and sometimes courts.

A company may think it is simply choosing an AI tool.

But the real questions are bigger:

What data is being used?
Who is affected by the decision?
Could the tool create bias or discrimination?
Who approved the vendor?
What did the contract say?
Was confidential information protected?
Was the board informed?
Was the risk documented?
Who is responsible if something goes wrong?

Those are not just technical questions.

Some are legal questions.

That is why AI governance needs both operational and legal judgment.

🎯 Final Answer: AI Governance Consulting Can Become the Practice of Law

AI governance consulting is not automatically the unauthorized practice of law.

But it can become legal advice when the consultant interprets laws, applies legal rules to specific facts, assesses compliance, drafts legal policies, evaluates liability, or tells a client what it must do to avoid legal consequences.

For attorneys, this means the opportunity is real, but the structure matters.

For nonlawyer consultants, this means legal lines should be respected.

For businesses, this means they should understand whether they are buying consulting, legal advice, or both.

AI governance is too important to be handled with vague titles, fuzzy disclaimers, and wishful thinking.

The future belongs to professionals who can work across disciplines without pretending the ethics rules are optional.

And in AI governance, the smartest question may not be, “Can we do this?”

It may be:

“Who is legally authorized to tell us how?”

About Angeli Raven Fitch

Angeli Raven Fitch is an attorney, speaker, and AI Legal Strategist who helps organizations, law firms, executives, boards of directors, and business leaders navigate the opportunities and risks of artificial intelligence.

Her work focuses on AI governance, ethics, compliance, risk management, and responsible AI adoption.

🔗 Connect with Angeli Raven Fitch on LinkedIn.

🔔✨ Follow me for more legal AI insights and courtroom chaos.

📝 Legal stuff: This article is provided for informational purposes only and does not constitute legal advice or create an attorney-client relationship.

CONNECT WITH ME ON LINKEDIN!

JOIN THE 20k PLUS FOLLOWERS AND GROWING FOR WEEKLY INSIGHTS ON AI

STAY IN TOUCH

angeli@ailegalstrategist.com

© 2025. All rights reserved.