AI head Simon Newcomb shares practical steps the firm took to ensure that AI use meets standards
Clayton Utz has reportedly become the first Australian law firm to secure the ISO/IEC 42001:2023 certification – the first certifiable standard in the world centred on AI governance.
The certification recognises the firm’s implementation of a comprehensive AIMS that is in line with international best practices such as formal governance structures, clearly defined accountability for AI systems, and strong risk management processes to identify, evaluate and manage potential harms linked to AI use.
According to Clayton Utz AI head Simon Newcomb, the certification is indicative of the increasing maturity in the firm’s AI use.
“We know that AI is fundamentally changing the business of law. Our clients want us to be using AI — they're very keen to get the benefits of us using AI and they want us to do it safely and responsibly”, he told Australasian Lawyer. “We're increasingly being asked by our clients how we are managing the risks of AI. And this certification is part of our answer to that question, which is that we've had our governance arrangements vetted by an external auditor against an objective standard, and found to operate at the highest levels of best practice that entitles us then to be certified under this standard”.
The firm looked to the AI ethics principles established by the federal government to develop its risk management approach. The principles were adapted to the law firm context; from there, Clayton Utz generated specific action points, KPIs and a governance framework.
“One of the principles is reliability and safety. We know that AI can generate content very easily, but it makes mistakes. The business of law is all about precision — it's critically important to our clients that our advice is correct”, Newcomb explained to Australasian Lawyer.
He outlined the firm’s policy around grounding queries in reliable data sources, checking citations, being responsible for output and communicating any AI use internally. Global firm Pinsent Masons had been slammed just last month over the presence of AI hallucinations in filings drafted by a junior lawyer that were not reviewed by the firm’s partner and solicitor.
Newcomb indicated that maintaining the ISO 42001 certification was an ongoing process of discipline and enhancement.
“One of the principles that we have in our ISO objectives is improvement, which says we improve how we use AI systems by critically assessing feedback and experience and by being curious to learn new skills and knowledge”, he told Australasian Lawyer. “It's not static — we will continuously improve our approach to AI governance and we'll continue to update our ISO 42001 documentation as we learn”.
In addition to the ISO 42001, Clayton Utz also holds the ISO 27001 certification for information security management – a certification it has maintained for 11 years.
