FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatorylegallaw firmsABAEngagement letters

Engagement Letters and the AI Disclosure Section You Should Be Adding

By Basel IsmailMay 26, 2026

Engagement Letters and the AI Disclosure Section You Should Be Adding

If your engagement letters haven't been updated since before November 2022, they are almost certainly missing something material. The rapid integration of AI tools into professional services workflows has created a disclosure gap that most firms are only now starting to address, and some are addressing it badly.

The core issue is straightforward: if you are using AI tools in the delivery of client services, your engagement letter should say so. The client should understand what that means. And you should have a defensible consent posture before the work begins, not after someone notices a ChatGPT artifact in a deliverable.

Why Engagement Letters Specifically

Engagement letters define the scope of the relationship, allocate risk, and set expectations. They are the single document most likely to be scrutinized if something goes wrong. When AI tools are involved in client work, several traditional engagement letter assumptions break down.

First, confidentiality. Many AI tools involve transmitting data to third-party infrastructure. Even tools hosted on private instances may involve subprocessors. If your confidentiality clause promises that client information will only be accessed by firm personnel, you may already be in breach the moment someone pastes client data into a large language model.

Second, the standard of care. Courts and regulators are still working out what reasonable use of AI looks like in professional contexts, but the direction is clear. The ABA's Formal Opinion 512 (July 2024) confirmed that lawyers have a duty of competence that extends to understanding the AI tools they use, including their limitations. The Florida Bar issued Ethics Opinion 24-1 reaching similar conclusions. California's Proposed Rule 3.1.1 would require disclosure of generative AI use in court filings. These are not hypotheticals anymore.

Third, work product expectations. Clients hiring a professional services firm generally expect human judgment applied to their specific situation. If portions of the work are AI-generated or AI-assisted, that changes the value proposition in ways the client has a right to understand.

What the Disclosure Section Should Cover

A good AI disclosure section in an engagement letter addresses four things: the fact of AI use, the scope of AI use, the data handling implications, and the client's right to opt out or impose limitations.

Here is sample language you can adapt. This is illustrative, not a finished product for any specific jurisdiction or practice area.

Sample Disclosure Language

"In the course of providing services under this engagement, [Firm] may utilize artificial intelligence tools, including but not limited to large language models, document review platforms, and automated research tools ('AI Tools'). Such tools may be used to assist with research, drafting, data analysis, summarization, and other tasks related to the engagement.

All AI-generated or AI-assisted work product will be reviewed by qualified [Firm] personnel before delivery to Client. [Firm] retains full responsibility for the accuracy and quality of all deliverables.

Client data provided in connection with this engagement may be processed through AI Tools hosted by third-party providers. [Firm] maintains agreements with such providers that include confidentiality, data security, and data retention provisions consistent with [Firm]'s obligations under this engagement letter. A list of current AI Tool providers is available upon request.

Client may, at any time, request that [Firm] limit or exclude the use of AI Tools in connection with specific matters or categories of work. Such requests should be directed to [contact] in writing. Limitations on AI Tool use may affect the timeline and cost of deliverables, which [Firm] will communicate to Client promptly.

By executing this engagement letter, Client acknowledges and consents to [Firm]'s use of AI Tools as described herein, subject to Client's right to impose limitations as set forth above."

Key Design Choices in This Language

Affirmative disclosure, not buried terms. This should be a standalone section, not a clause tucked into the confidentiality provision. Regulators and courts will look at whether the client had meaningful notice.
Human review commitment. This is non-negotiable for most professional services contexts. The Texas State Bar's Ethics Opinion 690 (April 2024) specifically flagged the obligation to review AI-generated work. Promising human review also preserves your ability to charge professional rates for the engagement.
Opt-out mechanism. Giving the client the ability to restrict AI use is both good practice and a strong consent posture. It transforms the disclosure from a notification into a genuine choice.
Subprocessor transparency. Offering a list of AI tool providers on request mirrors the approach used in data processing agreements under GDPR and increasingly under state privacy laws. It avoids cluttering the engagement letter while preserving the client's ability to assess risk.
Cost impact disclosure. Being upfront that restricting AI may affect cost and timeline is honest and avoids disputes later. Some firms are already seeing 15 to 30 percent efficiency gains from AI-assisted document review (per Thomson Reuters' 2024 AI in Legal Survey), and clients who opt out should understand the tradeoff.

The Consent Posture Question

There are three basic consent postures for AI use in client work, and the right one depends on your risk tolerance, your regulatory environment, and your client base.

Opt-in: AI tools are not used unless the client affirmatively requests or approves their use. This is the most conservative approach. It is appropriate for highly sensitive matters, classified work, or clients with strict data handling requirements (think ITAR-regulated defense contractors or HIPAA-covered entities with BAA requirements that don't extend to your AI subprocessors).

Disclosed default with opt-out: AI tools are used by default, the engagement letter discloses this, and the client can restrict use. This is the sample language above. It works well for most commercial engagements and balances transparency with operational efficiency.

General notice: The engagement letter mentions that the firm uses technology tools, including AI, without specific consent mechanisms. This is where most firms are today, and it is the weakest posture. If a client later objects to AI use or a data incident occurs involving an AI subprocessor, the firm's position is significantly harder to defend.

For regulated industries, the disclosed default with opt-out approach is the minimum defensible position. Financial services clients subject to OCC or SEC examination, healthcare organizations under HIPAA, and educational institutions under FERPA all have legitimate reasons to care about where their data goes. Giving them the mechanism to control that, documented in the engagement letter, protects both sides.

Practical Implementation Notes

A few things worth flagging from firms that have already rolled this out:

Version your AI tool list. Maintain a dated list of AI tools and subprocessors. Update it when you add or change tools. This is your audit trail.
Train intake teams. The people sending engagement letters need to understand the AI disclosure section well enough to answer basic client questions. A confused response to "what AI tools do you use on my matters?" undermines the entire exercise.
Align with your data processing agreements. If you have DPAs with clients (and you should, for regulated clients), the AI disclosure in the engagement letter and the subprocessor provisions in the DPA need to be consistent. Contradictions between the two documents are a gift to opposing counsel.
Review annually at minimum. The AI tool landscape and the regulatory environment are both moving fast. Colorado's AI Act (SB 24-205, effective February 2026) will impose new obligations on "deployers" of high-risk AI systems. The EU AI Act's provisions are phasing in through 2027. Your engagement letter language needs to keep pace.

How FirmAdapt Addresses This

FirmAdapt's architecture was built around the assumption that regulated firms need to know exactly where client data goes and be able to document that chain for clients, auditors, and regulators. The platform maintains granular logs of which AI tools processed which data, making the subprocessor transparency described above straightforward to implement rather than a manual tracking exercise.

For firms adopting the disclosed default with opt-out consent posture, FirmAdapt supports matter-level AI tool restrictions. If a client opts out of AI processing for specific work, that restriction is enforced at the platform level, not just as a policy memo that someone might forget. The compliance controls are structural, which is the only way they reliably work at scale.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free