Maintaing Confidentiality of AI Inputs: Lessons from Recent Protective Orders

by John Jenkins

July 8, 2026

One of the risks that businesses face when using AI tools is the potential inability to keep information they input into that tool confidential. These issues extend to the use of those tools in connection with litigation, and this recent Nelson Mullins blog says that two recent protective orders issued by US Magistrate Judges identify those aspects of certain AI tools that may negatively affect the ability to maintain the confidentiality of those inputs, and establish requirements and prohibitions for parties seeking to use those tools.  The blog says these protective orders provide guidance for businesses beyond the narrow confines of litigation.

One protective order noted the problematic nature of “open” or “public” AI tools, and imposed conditions on the use of AI tools for the parties to the case that essentially mandated the use of “closed” or “secured” AI tools. The blog describes these conditions as follows:

  • Give other parties notice and an opportunity to object

  • Ensure the AI tool is used in a secure environment and that Confidential Information is not used to train or improve any AI Tool except a model used exclusively in that case

  • If an AI Tool is trained or improved using Confidential Information, that information is destroyed at the end of the litigation and is not made accessible to anyone not authorized to have access to Confidential Information; and

  • Ensure that all Confidential Information is deleted at the end of the litigation.

A second protective order provided guidance on the type of AI tools that fit within the “closed” or “secured” category:

  • private enterprise implementations of AI tools,

  • self-hosted language models,

  • secure document-review platforms incorporating AI functionality, or

  • HIPAA-compliant environments configured to prevent disclosure or model training using Confidential Material.

The blog recommends that businesses consider the security requirements and use limitations laid out in these protective orders, as well as the “permitted systems” they describe, as a starting point for the due diligence process necessary in choosing an appropriate AI tool or contracting with a vendor for AI-related services.