Key Takeaways
- Address AI use early with your client, e-discovery counsel, e-discovery vendor, in Rule 26(f) discussions, and discovery planning, including negotiating both a Protective Order and ESI Order. Do not wait for a dispute to arise before negotiating AI-specific terms.
- Define whether confidential discovery material may be uploaded to AI tools, and if so, under what conditions and verify what protections are in place with an AI tool.
- Prohibit use of public or mainstream AI tools for confidential material unless the provider’s terms contractually prohibit retention, training on, and third-party disclosure of inputs.
- Include Rule 502(d) and clawback language as a safety net against inadvertent privilege waiver in AI-assisted workflows, but do not treat it as a substitute for substantive AI restrictions.
Generative AI tools are now widely available to employees, litigants, counsel and litigation support teams. That creates a practical problem for discovery: confidential materials produced under protective orders can be uploaded to an AI platform in seconds, and public AI providers’ terms of service often permit retention, training and third-party disclosure of user inputs. Federal courts have begun addressing this gap, and the results show that protective orders and ESI protocols must now explicitly address generative AI use.
Litigants who do not raise these issues early risk having confidential information processed by AI platforms with no contractual duty to protect it or being subject to court-imposed restrictions they did not negotiate that could prevent parties from leveraging AI to assist with discovery.
Courts Are Building AI Restrictions into Protective Orders
Courts are handling AI-related risks through the same discovery protections litigants already use, including protective orders, ESI protocols and clawback provisions. However, there are diverging views among federal courts that will likely continue to evolve.
For example, a federal court in Minnesota entered a protective order that expressly barred uploading or disclosing confidential data to generative AI platforms such as ChatGPT. See Fiorito v. Metropolitan Council, No. 25-CV-213 (DSD/DJF), 2025 WL 1806612 (D. Minn. July 1, 2025). Thus, the Fiorito decision imposed an absolute bar on generative AI platforms with no exceptions and fails to distinguish between public consumer platforms and secure enterprise platforms that may contractually prohibit retention, training and third-party disclosure of user inputs.
In Morgan v. V2X, Inc., 2026 WL 864223 (D. Colo. Mar. 30, 2026), the court amended the protective order to bar use of mainstream AI tools — including standard ChatGPT, Claude and Gemini — for confidential information unless the AI provider is contractually prohibited from storing or using inputs for training and from disclosing them to third parties, and that the provider afford the ability to delete all inputs on demand.
Both orders restrict the use of AI with confidential material, but they take different approaches. Fiorito imposes a blanket ban on using generative AI platforms with confidential information. Morgan allows AI use only if the provider has agreed, in writing, not to train on the inputs, disclose them to third parties or prevent deletion. In practice, that means most free or low-cost public AI tools likely will not qualify, while secure enterprise tools are more likely to meet the required protections.
Notably, a blanket prohibition on AI use can be especially burdensome in large-scale e-discovery matters because it prevents parties from using AI tools to help manage the very tasks that become most expensive and time-consuming such as identifying key documents, analyzing voluminous documents, summarization, privilege review support and deposition preparation. For this reason, parties should address AI use expressly in protective orders and ESI protocols. A practical order can prohibit use of public AI tools for confidential material while allowing secure enterprise tools that meet defined confidentiality, retention, training and disclosure requirements. That approach protects confidential information without unnecessarily preventing parties from using AI to manage large-scale discovery in a proportional and cost-effective way.
Discovery into AI Use Must Be Proportionate and Avoid AI “Fishing Expeditions”
Courts are also pushing back on overbroad requests to discover an opposing party’s AI use. In Warner v. Gilbarco, Inc., 820 F. Supp. 3d 629 (E.D. Mich. 2026), the court rejected an unsupported motion to compel records of a pro se plaintiff’s ChatGPT interactions and cautioned against AI-use “fishing expeditions” when there is no evidence that confidential material was actually uploaded to the platform. This is consistent with the proportionality requirements of Federal Rule of Civil Procedure 26(b)(1). The court even told the defendants their “preoccupation with Plaintiff’s use of AI needs to abate.”
However, where a party does place its AI investigation at issue, then production may be required, but only on a narrow basis. In Concord Music Group, Inc. v. Anthropic PBC, 2025 WL 3677935 (N.D. Cal. Dec. 18, 2025), the court ordered production of prompts and outputs from a post-suit AI investigation that plaintiffs intended witnesses to testify about, but it declined a broader waiver of pre-suit materials and emphasized that any production must be closely tailored to what was actually placed at issue.
Thus, discovery into an opposing party’s AI use should be tied to specific evidence of misuse, waiver, or relevance—not speculation that AI may have been used. Litigants should also address AI use and AI prompts during ESI protocol negotiations to make clear whether those materials are actually relevant to the claims and defenses, helping avoid later disputes over speculative or disproportionate discovery into a party’s internal use of AI.
Rule 502(d) Orders as a Complementary Safeguard
Parties should also consider Federal Rule of Evidence 502(d) orders alongside AI-specific protective-order provisions. A 502(d) order allows a court to direct that disclosure of privileged material does not constitute a waiver — providing a safety net if privileged or work-product-protected material is inadvertently processed through an AI platform.
However, a 502(d) order should not be viewed as permission to use public AI tools with privileged or confidential material. It is a backstop, not an authorization. The better practice is to prohibit public AI use for protected materials in the first instance through the protective order and ESI protocol, and to use a 502(d) order as an additional layer of protection against inadvertent disclosure — particularly given the volume of ESI that litigation teams now handle with AI-assisted workflows.
For more information or with questions, contact Tim O’Shea.



