FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatorylegallaw firmsABACalifornia bar

California Lawyers, the State Bar AI Practical Guidance, and the Compliance Picture

By Basel IsmailMay 27, 2026

California Lawyers, the State Bar AI Practical Guidance, and the Compliance Picture

On November 16, 2023, the State Bar of California issued its Practical Guidance for the Use of Generative Artificial Intelligence Tools in the Practice of Law. It landed without the force of a formal ethics opinion, which is worth noting upfront. The guidance is exactly what it says: practical guidance. It does not create new rules. But if you read it carefully, it draws a tight line between existing obligations under the California Rules of Professional Conduct and the specific risks that generative AI introduces. And that line has real teeth, because the duties it references are already enforceable.

If your firm operates in California and anyone on staff is using ChatGPT, Copilot, Claude, or any other generative AI tool for client work, this guidance is the compliance baseline you should be building from right now.

What the Guidance Actually Says

The document is structured around the duties California lawyers already owe under the Rules of Professional Conduct and the Business and Professions Code. It maps generative AI use onto five core obligations:

Duty of Competence (Rule 1.1): Lawyers must understand the capabilities and limitations of the AI tools they use. You cannot treat generative AI output as reliable without verification. The guidance explicitly flags hallucinations, fabricated case citations, and outdated legal analysis as known failure modes that competence requires you to account for.
Duty of Confidentiality (Rule 1.6): Inputting client information into a generative AI tool may constitute disclosure of confidential information. The guidance calls out the risk that prompts containing client data could be used to train models or be accessible to third parties. This is the one that should keep CISOs up at night.
Duty to Supervise (Rules 5.1 and 5.3): Partners and managing attorneys must ensure that lawyers and nonlawyer staff using AI tools comply with professional obligations. If a paralegal pastes a client's medical records into a public AI tool, the supervising attorney owns that problem.
Duty of Candor (Bus. & Prof. Code Section 6068(d)): Lawyers must not deceive courts. AI-generated content submitted to a tribunal must be verified for accuracy. The guidance does not mandate disclosure that AI was used, but it makes clear that submitting AI-generated hallucinations is a violation of existing candor obligations.
Billing Integrity: If AI dramatically reduces the time required for a task, billing the client as if the work were done manually raises ethical issues under Rule 1.5 (fees) and the general duty of honesty.

None of this is hypothetical. We have already seen courts sanction attorneys for AI-generated fabricated citations. The most prominent example, Mata v. Avianca, Inc. (S.D.N.Y. 2023), resulted in sanctions against two attorneys who submitted a ChatGPT-generated brief containing six fabricated case citations. That was a federal case in New York, but California's guidance makes clear the same conduct would violate California's own rules.

The Implementation Gap

Here is where it gets interesting for compliance teams. The guidance tells lawyers what their obligations are, but it says very little about how to operationalize those obligations at the firm level. That gap between "you must do X" and "here is how to do X across a 200-person firm" is where most of the risk lives.

A solo practitioner can decide to never put client data into an AI tool and enforce that policy personally. A mid-size or large firm cannot rely on individual discipline. You need systems.

Step 1: Establish a Firm-Wide AI Use Policy

This is table stakes, but the policy needs specificity. It should define which AI tools are approved, what categories of data can and cannot be entered as prompts, and what verification steps are required before AI-generated work product is used. The State Bar guidance specifically recommends that firms develop written policies. A generic "use AI responsibly" memo does not satisfy the supervisory duties under Rules 5.1 and 5.3.

Step 2: Classify Data Before It Touches AI

Rule 1.6 confidentiality obligations mean you need a data classification framework that distinguishes between information that can be processed by AI tools and information that cannot. Client-identifying information, privileged communications, protected health information (if you handle healthcare matters under HIPAA), and financial records all need explicit handling rules. The policy should specify whether the firm permits use of public AI tools at all, or restricts use to enterprise deployments with contractual data protections.

Step 3: Build Verification Workflows

The competence and candor duties require that AI output be reviewed before it is relied upon or submitted. This means building review checkpoints into your workflow. For litigation teams, that could mean a mandatory citation verification step for any brief that involved AI assistance. For transactional teams, it might mean a senior review of AI-drafted contract language against current statutory requirements. The key is making verification structural, not optional.

Step 4: Audit and Log AI Usage

If the State Bar or a court ever asks whether your firm complied with its professional obligations in a specific matter, you want a record. Logging which tools were used, what prompts were entered (or at minimum, what categories of information were processed), and what review steps were taken creates a defensible compliance trail. This is also critical for responding to client inquiries. Sophisticated clients, particularly in financial services and healthcare, are increasingly asking outside counsel about their AI practices in RFPs and engagement letters.

Step 5: Train Continuously

The State Bar guidance emphasizes that competence under Rule 1.1 includes understanding AI's limitations. A one-time CLE session is not sufficient. AI tools change rapidly, and the risks shift with each model update. Firms should implement recurring training that covers new tool capabilities, recent enforcement actions, and updates to the firm's own AI policy. The guidance also notes that competence may require consulting with technology professionals, which means your IT and information security teams should be part of the training ecosystem, not siloed from it.

Step 6: Address Client Communication and Consent

The guidance raises the question of whether client consent is needed before using AI on their matters. It does not give a definitive answer, but it leans toward transparency. Under Rule 1.4 (communication), clients are entitled to information about significant developments in their representation. If AI use is material to how their work is being performed, particularly if it involves processing their confidential data through third-party systems, the safer course is to disclose and obtain informed consent. Some firms are already adding AI disclosure provisions to their engagement letters.

The Broader Regulatory Context

California's guidance does not exist in isolation. The ABA issued Formal Opinion 512 in July 2024, addressing generative AI under the Model Rules. Several other state bars, including Florida, New York, and Texas, have issued their own guidance or are developing it. Courts are also moving independently; as of early 2025, over a dozen federal district courts and several state courts have adopted standing orders requiring disclosure of AI use in filings.

For firms operating across multiple jurisdictions, the compliance picture gets complicated quickly. California's guidance is among the more detailed, but it is not necessarily the most restrictive. You need a framework that can accommodate the strictest applicable standard across all jurisdictions where you practice.

How FirmAdapt Addresses This

FirmAdapt's architecture is built around the exact problems the California guidance identifies. The platform processes data within controlled environments that prevent client information from being exposed to public model training or third-party access, directly addressing Rule 1.6 confidentiality requirements. Data classification, access controls, and audit logging are built into the platform rather than bolted on after the fact, which means the supervisory and documentation obligations under Rules 5.1, 5.3, and the broader compliance framework are handled at the infrastructure level.

For firms that need to demonstrate compliance across California and other jurisdictions simultaneously, FirmAdapt provides a single platform that can be configured to meet the most restrictive applicable standard. The audit trail capabilities give firms a defensible record of AI usage and review steps, which is precisely what you want if a bar inquiry or malpractice claim ever requires you to show your work.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free