Our use of cloud technologies and AI models

As a law firm, Elvinger Hoss Prussen is subject to strict confidentiality rules under Luxembourg law and the professional rules of the Luxembourg Bar. We designed our internal IT tool procurement policy in accordance with the professional rules of the Luxembourg Bar and more specifically with the requirements outlined in the Bar’s Circular on the infrastructure of law firms. The policy applies across all IT services and tools used by our firm and includes specific requirements for cloud technologies, including AI models, where appropriate.

Before selecting and deploying IT tools that use cloud or AI models, we ensure that they undergo the same rigorous checks. For each new IT project, we conduct a thorough review of all aspects of the tool before it can go into production, including full compliance assessment of security, confidentiality and contractual arrangements. This involves checking notably confidentiality obligations, encryption in transit and at rest, if applicable, access restrictions, data storage and processing locations (the EU whenever possible) and outsourcing terms.

We disclose client related information only in the circumstances provided for in the law, in accordance with our professional regulations, or upon the instruction of the client. Our policy prohibits sharing confidential client data for the purposes of training, testing, or creating external AI models without client consent. Otherwise, we only run tools using AI models that do not retain input and output data, in the framework of a documented security and confidentiality assessment.