Hoag Law.ai LogoHoag Law.ai
Contact
California’s SB 37: Your AI Chatbot Is Your Ad. You Own it. Act Like It.
Back to Blog

California’s SB 37: Your AI Chatbot Is Your Ad. You Own it. Act Like It.

March 4, 2026
Marc Hoag
California’s SB 37: Your AI Chatbot Is Your Ad. You Own it. Act Like It.

Questions this article answers

California SB 37 classifies law-firm AI chatbots as attorney advertising. Lawyers are strictly liable for automated outputs under the state's advertising rules.

What does California SB 37 do?

California SB 37 classifies law-firm AI chatbots as attorney advertising. Any automated response an AI chatbot generates is treated as an ad the firm owns, which means attorneys are strictly liable for chatbot outputs under California's existing attorney-advertising rules. Firms deploying AI-powered intake, triage, or client-facing chat need supervision, disclaimers, and review protocols.

Are law firms liable for AI chatbot responses in California?

Yes. Under SB 37, any AI chatbot deployed by a California law firm is treated as attorney advertising, and the firm is strictly liable for its outputs. Hallucinations, unauthorized legal advice, or misrepresentations by the bot expose the firm to discipline and malpractice risk.

What should a California law firm do before deploying an AI chatbot?

Audit the chatbot for advertising compliance, add explicit disclaimers that no attorney-client relationship is formed, disable or heavily guardrail legal-advice outputs, log all interactions for review, and assign human supervision. Hoag Law.ai advises firms on SB 37 chatbot compliance.

This is educational material and does not constitute legal advice nor is any attorney/client relationship created with this article, hence you should contact and engage an attorney if you have any legal questions.

California’s SB 37 took effect January 1, 2026, and if you’re a California attorney with an AI chatbot on your website, you’re already in the highest-risk category under the new law.

SB 37 is about attorney responsibility in outsourced influence. It doesn’t matter whether your marketing vendor wrote it, your intake platform generated it, or your chatbot spit it out.

If it markets your firm, you own it.

The chatbot problem most attorneys haven’t thought through

AI chatbots on law firm websites sit at the intersection of two distinct compliance obligations, and most attorneys are only thinking about one of them.

The first is SB 37: your chatbot’s responses are advertising. They need to comply with California’s attorney advertising rules, so no misleading claims, no implied guarantees, proper identification of a responsible California-licensed attorney.

The second is privilege. This one is urgent right now, because of a case that just dropped two weeks ago.

In United States v. Heppner (SDNY, Feb. 17, 2026), Judge Rakoff held that a criminal defendant’s conversations with the consumer version of Claude — used independently, without attorney direction — were not protected by attorney-client privilege or the work product doctrine. The reasoning: Claude isn’t a lawyer, and Anthropic’s consumer ToS expressly permits review and disclosure of user inputs. No confidentiality, no privilege. (Beyond the ruling’s text, I should clarify that this is almost certainly true even if training is toggled off, and even on paid consumer plans. Only enterprise plans, and even then, optimally, with ZDR policies in place, are sufficiently safe not to waive privilege.)

While this is obviously a NY-only ruling for the moment, it stands to reason that other states will follow suit. So that ruling has a direct implication for your intake chatbot. If a prospective client starts describing their legal situation to your AI chatbot before they’ve engaged you, that conversation may be discoverable. Likewise, if your client — or potential client — use an AI chat bot powered by a consumer-tier AI with permissive data handling terms, you’ve compounded the problem.

How I implemented live chat on my site

I recently set up a live chat tool (Crisp.chat if you’re curious; one nice thing, they’re EU-based in France so it makes GDPR compliance a breeze) for my own law practice website — not an AI bot, just a standard live chat widget — and I set it to auto-open on the first page load with this:

“Please do NOT share any private or otherwise confidential information here as there is no attorney/client privilege between us unless and until we sign an Engagement Letter. In the meantime, please do NOT discuss any legal issues with a public AI tool like ChatGPT, Claude, Grok, Gemini, etc., as this may waive any attorney/client privilege that might otherwise exist between us.”

That’s not legalese for its own sake. It’s a direct response to Heppner and to the data handling realities that SB 37 now forces you to confront.

For the record, I have mixed feelings on the direction the law is trending:

First, although I agree with the technical reality that an AI chat both is entirely different to a cloud storage provider, I question the practical reality, and thus, whether it should be considered a third party disclosure.

And second, I find it exceedingly hard to reconcile the recognition that more than 1 billion people world wide now use ChatGPT for discussing their most private, personal, and confidential matters, while we steadfastly maintain that there is no expectation of privacy in such discussions. These two conclusions seem absolutely, undeniably, mutually exclusive to me.

A practical checklist

Before your next client intake conversation happens through your website chatbot — whether it’s an AI bot or simple “dumb chat box,” ask yourself:

  • Does my chatbot identify a responsible California-licensed attorney?
  • Are its responses reviewed by an attorney before going live?
  • Do I know where those conversations are being sent and stored?
  • Am I warning visitors not to share privileged information?
  • If it’s AI-powered, what are the underlying platform’s data retention and disclosure terms?

If you can’t answer all five confidently, you have work to do.

Back to all posts

This site uses cookies for live chat (Crisp). No analytics cookies. Privacy details