Judges’ Public AI Bans During Discovery Zero in on Privacy Risk

Judges are increasingly using discovery orders to manage the risks of generative artificial intelligence in litigation. Two recent federal court decisions—Jeffries v. Harcros Chemicals, Inc. and Morgan v. V2X, Inc.— illustrate how judges are addressing generative AI.

Rather than resolving the more difficult and open questions that surround privilege and waiver, they focused on the practical implications of AI as a discovery-management and data-handling tool. These courts used protective orders to impose guardrails on how litigants may or may not use AI tools when handling material produced in discovery.

These decisions don’t prohibit AI use in litigation. But both courts concluded that confidentiality and data privacy risks associated with widely available, public AI tools justify targeted protective measures.

Jeffries recognizes that, when the facts so warrant, those risks will justify prohibiting litigants from uploading any produced documents into public AI tools. Morgan provides formal guidance on the minimum contractual terms necessary to protect confidential information and determined that the identity of a party’s AI tool is discoverable.

Together, these decisions signal that courts are willing to impose AI-specific restrictions through protective orders, and that counsel should expect judicial scrutiny of AI use in discovery.

Restrictions to foster AI as a discovery tool: The Jeffries court expanded the existing protective order to prohibit the parties from uploading any produced documents into public AI tools.

While its decision was fact-driven, Jeffries identified several functional risks the court viewed as warranting general application: potential difficulty of clawback once data has been incorporated into model training, uncertainty regarding storage and downstream use absent contractual protections, and the risk of public exposure of sensitive or regulated data. Because the court found those risks particularly acute on the facts, it imposed a blanket prohibition against all public AI tools.

Jeffries determined that imposing this restriction facilitated discovery because otherwise “parties may err on the side of under-producing potentially responsive documents or seek to make extensive redactions of irrelevant or non-responsive information.” This ruling “incentiviz[ed] more fulsome document production.”

In doing so, the court signaled that, in its view, such limitations function as enablers of, rather than obstacles to, open and efficient discovery between parties.

Vendor terms moving to the forefront: The decisions also confirm the importance of AI vendor terms and data-handling practices, matters previously resolved between parties without judicial intervention.

In Morgan, the court amended a protective order to prohibit disclosure of confidential information to AI tools that didn’t satisfy certain minimum requirements, including prohibiting use of inputs to train the large language model, restricting disclosure to third parties, and ensuring the ability to delete all confidential information upon request. The court further required the parties to retain documents to prove compliance.

Those requirements have practical consequences. Under standard terms, many widely used “open” AI tools wouldn’t satisfy Morgan’s minimum requirements, which likely limits the universe of permissible AI to enterprise or specially negotiated environments.

Yet, because there is no binding precedent on what minimum requirements or closed AI tools are acceptable per se, choosing a proactive vendor with the flexibility to meet the potentially changing standard of acceptability is critical. The selection of an AI tool with sufficient safeguards (as determined by the courts) may determine whether a party can use AI at all in the discovery context.

Skepticism of “open” AI systems: As Jeffries and Morgan exemplify, courts are concerned about the use of public, or “open,” AI tools. Courts are increasingly willing to restrict public AI tools through tailored or categorical protective measures. Morgan imposed contractual limitations; Jeffries prohibited it altogether. Each court reasoned that the public AI tools at issue posed sufficient confidentiality risk to a producing party’s data to warrant the imposed restrictions.

While the Morgan court recognized the equity concerns this creates for less-resourced and unrepresented litigants unable to afford enterprise-level AI tools, the court concluded that the risks associated with disclosure outweighed those access concerns.

AI use as a discovery issue: Beyond the privilege questions surfaced in Heppner, courts are now confronting a distinct issue: whether the fact of AI use is itself discoverable. Recent decisions signal that – at least with respect to its identity – the use of AI isn’t entirely off-limits to discovery. In Morgan, the court required a party to identify the AI tool used in connection with confidential materials, while declining to find a waiver of work product protection over substantive legal analysis.

While legal strategy may remain protected (as is the trend in civil cases thus far), the fact of AI use may be discoverable. Disputes are likely to determine what level of disclosure is necessary to alleviate a party’s legitimate confidentiality concerns without piercing work product protections.

Front-end governance, not after-the-fact remedies: The decisions also underscore the importance of addressing AI early. Courts appear increasingly likely to expect parties to raise AI-related issues in Rule 26(f) conferences and to incorporate appropriate provisions into protective orders.

Neither decision addresses the full range of consequences if a party violates an AI‑related protective order. Whether such conduct would result in sanctions, waiver, curative relief, or injunctive measures remains an open question, particularly given the uncertainty around whether traditional remedies (e.g., clawback) would be effective once AI training has occurred.

The emphasis should be on prevention and limiting exposure at the outset.

Open questions: Significant doctrinal questions remain unresolved. Because the courts proceeded by way of protective order, neither directly resolved when AI use waives privilege or work product. The fundamental legal debate—whether an AI tool is a “third party” (Heppner) or simply a “tool” Warner)—remains unsettled. These rulings reflect a practical workaround, not resolution of the privilege issue.

Counsel must continue to supervise AI use in litigation to ensure compliance with protective orders and preserve privilege and work product protection arguments where relevant.

Control and accountability: Jeffries and Morgan reflect a pragmatic judicial approach: Regardless of unresolved privilege or waiver issues, courts will regulate generative AI in litigation through protective orders that emphasize control, prevention, and accountability.

The message isn’t that AI is impermissible, but that courts will increasingly demand that its use, especially regarding produced discovery materials, be transparent, controlled, and documented.

Until clearer doctrinal rules emerge, parties should assume that AI use in discovery will be scrutinized and should plan accordingly.

The cases are Jeffries v. Harcros Chems. Inc., D. Kan., No. 25-2352-KHV-ADM, 3/25/26 and Morgan v. V2X, Inc., D. Colo., No. 25-cv-01991-SKC-MDB, 3/30/26.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law, Bloomberg Tax, and Bloomberg Government, or its owners.

Author Information

Darryl Graham is a litigation and commercial disputes partner at Akerman.

Interested in writing? Review our author guidelines, and submit pitches to Insights@bloombergindustry.com.