A founder sends a shareholder agreement drafted with ChatGPT to their solicitor. The solicitor finds three problems before the first page is done: California law governs a UK-only deal, a clause references legislation repealed in 2022, and the liability cap is worded so broadly it ceases to function as a cap at all. None of the errors are obvious without legal training. The document looked polished. That is precisely the problem.
Taylor Walton Solicitors, who regularly review AI-drafted commercial contracts for UK SMEs, report seeing these patterns consistently: wrong jurisdictions, fabricated clauses, statutory provisions missing or outdated because generative models do not reliably interpret recent UK legislation and case law. The AI produces fluent, confident prose. That confidence is part of the risk.
The question for founders is which documents AI can safely help with, and what the decision rests on.
The choice you’re actually making
Over 40 per cent of UK SMEs now use AI for document drafting, often via free tools with little oversight, according to Be the Business. CBI and TechUK pilots found 30 to 50 per cent time savings on internal documents. The saving is real. The risk sits alongside it. Startup Networks, drawing on dispute lawyers at Capital Law, describes AI legal outputs as giving founders false confidence that surfaces only when a dispute arises.
The choice is about which documents carry consequences that make the time saving irrelevant, and which ones do not.
Generative AI providers confirm this in their own usage policies. OpenAI, Anthropic, and Google each warn business users not to treat their models as a substitute for professional advice in law, tax, or finance. The warnings come with explicit acknowledgement that outputs may be inaccurate or incomplete. These are accurate descriptions of how the models work, and they matter for how you approach any legal or financial document your business produces.
When AI is a reasonable drafting tool
AI works reliably on documents where errors have low consequences and a knowledgeable person checks the output before it reaches a client, counterparty, or regulator. That zone covers internal process notes, policy outlines before legal review, board-level performance narrative built from CFO-approved numbers, standard commercial emails, and the preparatory thinking that helps you get more from a solicitor meeting.
For finance, the same principle applies to descriptive content: summarising management accounts for an internal presentation, drafting non-promotional FAQs about invoicing terms, preparing the narrative structure of a board pack before the numbers go in. Osprey Approach, which advises SME law firms on AI strategy, recommends mapping lower-risk use cases first, specifically internal policies and knowledge management, before applying AI to anything client-facing or legally consequential. Elite Business Magazine reports that tech-sector firms increasingly see commercial value in human-machine collaboration, where AI handles the speed work and professionals handle bespoke risk allocation.
Two disciplines make this zone work. Document that AI was used and that a named person reviewed the output. Keep what you paste into AI tools to what is strictly needed, using public-facing details or anonymised information rather than client data or deal terms that carry confidentiality obligations.
When professional oversight is non-negotiable
The line is drawn by impact, regulation, and error tolerance. Any document that materially affects equity, cash flow, control, or legal rights, or that feeds into a regulated activity, sits outside the zone where AI can work without professional review. For legal documents, that covers shareholder agreements, complex NDAs, employment settlement agreements, and key commercial contracts where the terms determine your liability if something goes wrong.
The FCA’s position on financial documents is unambiguous. Firms remain fully responsible under the Consumer Duty for AI outputs in advisory, promotional, or disclosure contexts, and must ensure AI does not create foreseeable harm, mis-selling, or misleading content. Any content that could be considered investment advice, a financial promotion, or a required regulatory disclosure, such as investment risk statements, credit agreements, or regulated product terms, needs professional oversight. The FCA’s 2024 discussion paper with the Bank of England confirmed that boards remain responsible for AI adoption decisions and must assess AI tools that affect customer outcomes as critical third-party services.
For privacy notices and data-processing agreements, the ICO is equally clear. Organisations using generative AI must ensure outputs are accurate and not misleading where people will rely on them, and must implement human review for high-risk decisions under UK GDPR’s accountability and fairness principles. A privacy notice is a legal commitment. Errors in it create regulatory exposure.
What it costs to get the call wrong
The financial downside of skipping professional review on a high-impact document is large enough to eliminate any time saving. Law Society data puts a typical commercial contract dispute for an SME at £50,000 to £200,000 in solicitor fees, before damages or settlement costs. That figure can eliminate the value of years of AI-assisted drafting in a single dispute, and it tends to arrive at a moment that is already under pressure.
Insurance is a second exposure. Taylor Walton and UK legal indemnity brokers both flag that if a dispute stems from an AI-drafted contract never reviewed by a solicitor, insurers may decline cover under professional indemnity or business insurance. The argument they make is that the firm failed to take reasonable professional steps, placing the document outside covered professional services. An uninsured contractual dispute at a critical point in the business can be company-threatening.
Regulatory risk adds a third dimension. The ICO’s enforcement action against Experian in 2020 for opaque automated profiling, and the FCA’s sanctions on Banco Santander UK (£107.8 million in 2018) and NatWest (£264.8 million in 2021) for failures in automated monitoring systems, both show that regulators treat technology-enabled control failures as serious breaches. The 2023 Mata v Avianca case, in which US lawyers were sanctioned after submitting ChatGPT-invented case law, is now widely cited by UK practitioners as a warning on what unsupervised AI legal drafting costs in professional credibility.
What to ask before you decide
Four questions, applied to any document type, give you a reliable pre-decision filter. The answers do not require elaborate research: a short list of the document types your firm regularly produces, with each one run through the questions, produces a working map of where AI assistance is defensible and where professional oversight is required.
Does this document materially affect cash flow, equity, control, or legal rights? Shareholder agreements, key supplier contracts, loan guarantees, and employment settlement agreements all meet this test. If yes, treat AI as a preparation and thinking tool, not the drafter. Have it identify the clauses worth asking about, then take that into a professional meeting.
Is the content part of a regulated activity? Legal advice to clients, investment advice, consumer credit, financial promotions, and anything involving personal data under UK GDPR trigger professional obligations regardless of whether AI was involved. The SRA confirms that providing tailored legal advice is a reserved activity. AI outputs used by non-lawyers must not reach clients as legal advice without professional validation.
Who will rely on this document, and what is the error tolerance? Internal process notes carry far higher tolerance for imperfections than customer-facing legal terms or financial product disclosures. Where a misstatement triggers a contract dispute, an ICO complaint, or FCA enforcement, the tolerance is close to zero.
Is confidential or personal data involved? Pasting client data, deal terms, or personal information into a public AI tool may breach UK GDPR and confidentiality obligations before the output is even read. Enterprise tools with data-processing agreements change the calculus. Free consumer tiers generally do not.
Run those four questions once across your regular document types. The result is a clear, stable policy: AI in one column, professional review in the other. If you would like to think through where your firm sits on that map, book a conversation.
