Back to blog
Data SovereigntyAI Strategy

AI for Law Firms and Notaries in Luxembourg: 5 Concrete Use Cases That Respect Professional Secrecy

Private AILuxembourgGDPRSME PackagesRegulatory Monitoring
Nessim Medjoub
Avocat luxembourgeois relisant dossier client assistant IA secret professionnel


In brief

  • 5 concrete AI use cases for law firms and notary offices in Luxembourg, calibrated from least to most sensitive under professional secrecy.
  • Article 458 of the Criminal Code: breach of secrecy punishable by 8 days to 6 months in prison and 500 to 5,000 euros fine (source: DLA Piper).
  • CCBE Guide of 2 October 2025: generative AI is a support tool, never an autonomous decision-maker, with systematic human supervision.
  • 3 technical safeguards to require: documented EU hosting, no-training clause, provider outside the Cloud Act.

Introduction: why law firms still hesitate

You run a law firm or a notary office in Luxembourg and you reject AI out of deontological reflex: AI in a law firm cannot coexist with professional secrecy. That reflex is partly wrong.

Patrick Mischo (Allen & Overy Luxembourg) states in Paperjam that Harvey, deployed since November 2022, saves around two hours per week per lawyer.

This article lays out the 5 concrete use cases that respect secrecy (article 458 of the Criminal Code and article 35 of the law of 10 August 1991), with the conditions for each one to be compliant.

1. What professional secrecy allows and what it forbids

The Luxembourg criminal framework

A lawyer's professional secrecy is protected by two cumulative texts. Article 458 of the Criminal Code punishes any breach with 8 days to 6 months in prison and 500 to 5,000 euros fine (source: DLA Piper, Legal Professional Privilege Luxembourg). Article 35 of the law of 10 August 1991 regulating the legal profession enshrines this secrecy as public order, general, absolute and unlimited in time (source: Luxembourg Bar).

What is structurally forbidden

Feeding client file data into a consumer AI tool that retains prompts to retrain its model is incompatible with professional secrecy. This applies to consumer ChatGPT, Gemini and Copilot by default. For notaries, the rule is identical: the Chamber of Notaries groups 36 offices in Luxembourg (source: notariat.lu) and authentic acts require the same rigour.

What is allowed under conditions

The usage becomes compatible with article 458 when five conditions are met: documented European hosting, no-training clause, logical isolation between clients, access logging, provider outside the Cloud Act. See our use case protect your data with a private AI and, for the articulation of GDPR, Cloud Act and AI Act, our legal comparison.

💡 Good to know: a US AI provider with a data center in Frankfurt is still subject to the Cloud Act. A US authority can compel the disclosure of data hosted in the EU, based on the provider's nationality. A critical specificity for a firm where secrecy is criminally sanctioned.

2. The 5 concrete use cases that hold up to professional secrecy

Use case 1. Multilingual case law research

Professional secrecy criticality: low (public data). AI aggregates Luxembourg and European case law in French, English and German, proposes summaries and points to the relevant decisions. The Luxembourg legaltech Alizé positions itself explicitly on this ground (source: Paperjam). At Allen & Overy Luxembourg, Harvey has been used in this register since November 2022.

Use case 2. Extraction and structuring of contractual clauses

Criticality: medium (client data). AI parses contracts, leases, statutes and deeds to extract key clauses (duration, exit, guarantees, jurisdiction) and produces a summary table. Extraction and comparison account for 60 to 70 percent of contract review time according to observations of the Luxembourg legaltech market (source: 20more.lu, IA and Legal Tech Luxembourg guide 2026). This use case requires a private AI. See our use case AI document processing.

Use case 3. Summary and mapping of long case files

Criticality: high (secrecy engaged). AI produces summaries of expert reports, pleading notes and case file compositions. For a notary, it summarises a complex estate file or a business transfer. Impossible with a consumer cloud AI; possible on a private architecture hosted in the EU with strict isolation. Systematic human supervision.

Use case 4. Drafting assistance (assisted, never autonomous)

Criticality: high (drafting on behalf of a client). AI proposes preliminary clause versions, suggests rephrasings, checks the internal consistency of a draft deed. The lawyer keeps the pen and the responsibility. This framework is explicitly set by the CCBE guide of 2 October 2025: this is assistance, not autonomous generation.

Use case 5. AI phone receptionist and conflict-of-interest filtering

Criticality: low to medium (pre-case intake). An AI phone agent answers outside office hours, qualifies the request, filters potential conflicts of interest and proposes an appointment. As long as the person is not yet a client, secrecy stricto sensu is not engaged. See our use case AI phone receptionist and our article on the AI phone agent and the data path.

Use case

Secrecy criticality

Private AI required?

1. Case law research

Low

Recommended

2. Clause extraction

Medium

Mandatory

3. Long case file summary

High

Mandatory

4. Drafting assistance

High

Mandatory

5. Phone receptionist and filtering

Low to medium

Recommended

The 5 AI use cases in law firms and notary offices, ranked from least to most sensitive to professional secrecy, from case law research to phone receptionist.

The 5 AI use cases ranked by professional secrecy criticality.

3. What the Luxembourg Bar and the CCBE say

The Conférence du Jeune Barreau de Luxembourg organised on 20 November 2025 an Artificial Intelligence Day in Luxembourg Law with a roundtable on lawyer deontology in the face of AI (source: cjbl.lu, bulletin n°05 2025-2026). CF Avocats recalls the four preserved principles: professional secrecy, independence, quality of advice, professional responsibility (source: cf-avocats.lu).

At European level, the Council of Bars and Law Societies of Europe (CCBE) published on 2 October 2025 a Guide on the Use of Generative AI by Lawyers. This document identifies three risks (data retention, hallucinations, breach of duty of confidentiality) and lays down a core principle: generative AI is a support tool, never an autonomous decision-maker, with systematic human supervision (source: ccbe.eu). The French Conseil National des Barreaux adopted in March 2026 a comparable guide (source: cnb.avocat.fr).

4. The 3 technical safeguards to demand from a provider

Three non-negotiable conditions must appear in the contract and in the proposed architecture.

Safeguard 1. Documented EU hosting

Require the exact location of the data centers (country, operator) and the legal entity signing the contract. European hosting by an operator whose parent company is non-European is not enough: the Cloud Act applies to provider nationality, not physical location.

Safeguard 2. No-training clause and isolation

The contract must state explicitly that the firm's data is never used to train or fine-tune a shared model. It must specify logical isolation: no mixing with another client's data, even temporarily.

Safeguard 3. Provider outside the Cloud Act

Favour a European provider, with headquarters, capital and effective control in the EU. A European subsidiary of a US group remains structurally exposed. To explore a vertical AI offering, see our law firms and notaries page.

The 3 technical safeguards of a private AI compliant with professional secrecy: EU hosting, no-training clause, provider outside the Cloud Act.

The 3 technical safeguards of a compliant private AI.

5. Funding the rollout: SME Package AI

The SME Package AI is a Luxembourg aid scheme accessible via guichet.public.lu for SMEs, including law firms and notary offices. The scheme reimburses up to 70 percent of eligible projects in a range of 3,000 to 25,000 euros excluding tax (source: guichet.public.lu). It is cumulative with the SME Package Digital on distinct project scopes. Support is requested at the House of Entrepreneurship.

6. Where to start

Action 1. Map the AI uses already present, including shadow IT: a staff member using consumer ChatGPT with file excerpts is already a risk. See our article on ChatGPT at the office and business risks.

Action 2. Start with the two lowest-criticality use cases: case law research (use case 1) and phone receptionist (use case 5). Both generate a measurable gain without immediate secrecy exposure.

Action 3. Plan the evaluation of a private AI for use cases 2, 3 and 4 before 2 August 2026 (full applicability of the AI Act high-risk regime). See our AI Act SME Luxembourg guide.

AI in a law firm or notary office in Luxembourg is compatible with professional secrecy, provided the right tool is chosen for each use case.

📞 Discuss your use case with our team, or explore our offer for law firms and notary offices.

FAQ: your questions about AI in law firms and notary offices

1. Can a Luxembourg lawyer use ChatGPT to work on a client file?

No, not in the consumer version. Consumer ChatGPT retains prompts to retrain its model, which exposes data covered by article 458 of the Criminal Code (8 days to 6 months in prison and 500 to 5,000 euros fine). The usage becomes possible on a private architecture hosted in the EU, with a no-training clause and a provider outside the Cloud Act.

2. Which AI uses are allowed for a notary in Luxembourg?

Five uses with an adapted architecture: case law research, extraction of deed clauses, summary of long case files (estates, transfers), drafting assistance for deeds (never autonomous) and phone receptionist with conflict-of-interest filtering. The Chamber of Notaries groups 36 offices in Luxembourg, all bound by the same rigour.

3. Does the CCBE guide of 2 October 2025 authorise generative AI for lawyers?

Yes, under strict conditions. The CCBE guide frames generative AI as a support tool, never an autonomous decision-maker, with systematic human supervision. It identifies three risks: client data retention, factual hallucinations, breach of duty of confidentiality. These three risks are neutralised by a private AI architecture with contractual safeguards.

4. What is a private AI for law firms?

An AI system deployed for a firm with five cumulative guarantees: documented EU hosting, no-training clause, logical isolation from other clients, access logging, provider outside the Cloud Act. These guarantees make the usage compatible with article 458 of the Criminal Code and article 35 of the law of 10 August 1991.

5. How much time can AI save in a Luxembourg law firm?

Patrick Mischo (Allen & Overy Luxembourg) cites in Paperjam a gain of around two hours per week per lawyer with Harvey since November 2022. On contract review, extraction and comparison account for 60 to 70 percent of the automatable time (source: 20more.lu). Public orders of magnitude: the real gain depends on the activity mix and adoption.

Discover our other articles

Dirigeant PME luxembourgeois arbitrant AI Act Cloud Act RGPD IA entreprise
Data Sovereignty·

AI Act, Cloud Act, GDPR: which law actually applies to your business AI in Luxembourg?

Three laws govern your business AI in Luxembourg. AI Act, Cloud Act, GDPR: which one applies when? A clarification guide for SME executives.

Read more
Dirigeant d'une PME luxembourgeoise consultant un dashboard d'agent téléphonique IA souverain dans un bureau du Kirchberg
Data Sovereignty·

AI phone agent in 2026: why sovereignty becomes the decisive criterion again

OpenAI commoditised voice AI on 7 May 2026. For a Luxembourg SME, model sovereignty, recordings jurisdiction and professional secrecy become the real choice criteria.

Read more
Dirigeante de fiduciaire luxembourgeoise consultant un dashboard IA souveraine pour choisir sa solution en 2026
Data Sovereignty·

Choosing AI for Your Luxembourg Accounting Firm: 7 Criteria in 2026

How to choose AI for your Luxembourg accounting firm in 2026 without compromising professional secrecy, EU hosting and AI Act compliance by 2 August 2026.

Read more
View all articles