IA
The dramatic rise of generative artificial intelligence is transforming professional practices, particularly in the use of AI for accounting and legal professions. Since late 2022, tools such as ChatGPT, Copilot, Claude and Llama have become embedded in everyday use. They make it possible
Reading time:
6 min
The dramatic rise of generative artificial intelligence is transforming professional practices, particularly in the use of AI for accounting and legal professions. Since late 2022, tools such as ChatGPT, Copilot, Claude and Llama have become embedded in everyday use. They make it possible to draft, analyse, summarise and automate numerous tasks.
But one question is becoming increasingly pressing: what happens to sensitive data when it is used in these systems? Where is it stored? Who can access it? Is it used to train the models?
To address these concerns, the Académie des Sciences et Techniques Comptables et Financières published in April 2025 its Notebook No. 43: “Generative AI and data protection: confidentiality, GDPR, professional secrecy”. This document is the result of collaborative work by experts, in which Mirabile Avocat took part.
The objective is clear: to provide legal and practical safeguards to govern the use of generative AI, in particular within professions subject to strict confidentiality obligations (AI and accounting professions).
If you would like to engage an AI lawyer, contact me!
Generative AI is based on a simple principle: ingesting vast volumes of data to produce new content (text, code, images, etc.). Its effectiveness is undeniable, but it raises a paradox: the more powerful it is, the more it relies on the use of data that is often sensitive.
In the daily work of accounting professionals and lawyers, use cases are multiplying: – A chartered accountant tests ChatGPT to analyse accounting entries. – A finance department submits a cash flow statement to an AI tool to obtain an instant forecast. – A lawyer uploads a contract in order to obtain a summary or a clause review.
These practices raise fundamental questions:
In reality, generative AI does not create data-related risks. Rather, it acts as an accelerator, as it encourages the use of powerful tools that often fall outside the control of organisations.
The use of generative AI gives rise to a series of legal and organisational risks that directly affect regulated professions and businesses handling sensitive data.
The General Data Protection Regulation (GDPR) strictly governs the processing of personal data. Using an AI tool often involves:
For example, submitting an accounting file containing information about employees or clients may constitute a breach of the GDPR if the tool does not comply with security and transfer obligations.
Beyond the GDPR, the protection of confidential data and trade secrets is at stake. Uploading strategic information (cost price, commercial negotiations, restructuring plan) into a chatbot could, in the absence of safeguards, expose that data to a third party or even to uncontrolled reuse (AI and the accounting profession).
Professions subject to professional secrecy (lawyers, chartered accountants, statutory auditors) face an additional challenge:
A concrete example: a lawyer who uses ChatGPT to analyse an employment dispute file. If the data entered is stored and reused, this may constitute a breach of professional secrecy under Article 226-13 of the Criminal Code.
In response to these challenges, the Académie des Sciences et Techniques Comptables et Financières published a reference document in April 2025: Notebook No. 43.
The Notebook was drafted by a multidisciplinary group, bringing together legal professionals, lawyers, chartered accountants and academics. Among the contributors: Mirabile Avocat, long committed to issues relating to digital matters (AI and accounting professions).
The publication answers very concrete questions:
One central message emerges: generative AI does not create confidentiality problems, but it amplifies them. This calls for heightened vigilance, particularly for professions subject to professional secrecy (AI and accounting professions).
Let's discuss your needs over 15 minutes!
Notebook No. 43 does not stop at observations. It provides practical recommendations that firms and businesses can implement immediately.
Avoid uploading into a generative AI tool documents containing:
More and more businesses are creating usage charters to govern the use of AI by their staff. These charters define:
Businesses must include specific contractual clauses in their agreements with AI providers and their subcontractors:
A periodic audit makes it possible to verify:
Raising staff awareness is essential. The Notebook stresses the importance of internal training so that everyone understands:
To learn more
The use of generative AI by accounting and legal professionals raises questions of confidentiality and professional secrecy. Notebook No. 43 of the Académie des Sciences et Techniques Comptables et Financières proposes legal safeguards to reconcile innovation and data protection.
Notebook No. 43, published in April 2025 by the Académie des Sciences et Techniques Comptables et Financières, addresses generative AI and data protection: confidentiality, GDPR and professional secrecy. Mirabile Avocat took part in this collaborative work by experts.
This is a central concern. The questions relate to where the data is stored, who can access it and whether it may be used to train the models. Notebook No. 43 aims to provide legal safeguards to protect professionals' sensitive data.
The use of generative AI tools must comply with the GDPR, in particular as regards the personal data processed. Notebook No. 43 examines these issues and proposes a framework to reconcile the innovation these tools offer with data protection requirements.
Tools such as ChatGPT, Copilot, Claude and Llama have become embedded in everyday use since late 2022. They make it possible to draft, analyse and automate tasks, but their use raises questions of confidentiality and the protection of sensitive data.
Chartered accountants and legal professionals handle sensitive data covered by professional secrecy. The use of generative AI creates a risk to the confidentiality of this data, which is why legal safeguards are important to govern these practices.
The objective is to provide legal safeguards enabling professionals to use generative AI while protecting sensitive data, in compliance with the GDPR and professional secrecy. It thereby reconciles innovation and confidentiality.
A lawyer helps accounting and legal professionals govern the use of generative AI, protect sensitive data and comply with the GDPR and professional secrecy. This support makes it possible to reconcile innovation and confidentiality.
Still have questions?
Our team is available!
Have a question?

Ressources
Aller plus loin