What topics does Aurora publish insights on?

Aurora publishes technical insights on private AI infrastructure — including GPU cluster deployment and management, S3-compatible object storage architecture, data residency and regulatory compliance for AI workloads, sovereign AI deployment, managed Kubernetes for AI, and the economics of operating AI outside hyperscaler platforms.

Who writes Aurora's technical content?

Aurora's content is produced by its engineering team — the same team that designs, deploys, and operates private AI infrastructure for enterprises, telcos, and governments. Aurora's engineering leadership includes one of the original architects of IPFS and Filecoin, joined by an EU-based team with decades of combined experience across data center builds, global infrastructure deployments, and sovereign AI systems.

What is the Aurora perspective on hyperscaler AI infrastructure?

Aurora's position is that hyperscaler infrastructure was designed to serve the hyperscaler's business model — not the organization running workloads on it. Egress fees, proprietary APIs, shared compute, and centralized data routing create structural constraints on AI economics, data sovereignty, and regulatory compliance. Private AI infrastructure is an architectural response to those constraints — not a political position.

What is sovereign AI and why does it matter?

Sovereign AI refers to AI infrastructure and workloads that operate within a defined jurisdiction — under local data residency requirements, local regulatory frameworks, and organizational control over encryption keys and access. It matters because regulations such as GDPR, the EU AI Act, and NIS2 create specific obligations around where data is processed and who can access it. Hyperscaler default architectures route data in ways that are difficult to constrain to a single jurisdiction. Private, in-region AI infrastructure is the practical solution for organizations with sovereignty requirements.

What are the economics of private AI infrastructure versus hyperscalers?

Private AI infrastructure delivers 50 to 80 percent lower total cost than hyperscalers at production scale. GPU pricing on Aurora runs 2 to 7 times below AWS, GCP, and Azure rates. Aurora Storage is priced at $5.99 per TiB per month with no egress fees — hyperscaler object storage generates additional billing events for every data movement to compute. At PB-scale data volumes and regular training or inference workloads, the cost difference between private and hyperscaler infrastructure is decisive, not marginal.

Do law firms have a confidentiality obligation when using AI tools on client data?

Yes. Rule 1.6 of the ABA Model Rules of Professional Conduct, and its equivalents across jurisdictions, require lawyers to make reasonable efforts to prevent the inadvertent disclosure of client information. The confidentiality obligation does not have a carve-out for AI tools — it applies to every system that touches client data. Law firms using public AI services for client work are, in most cases, transferring client data to a third party without explicit client consent, under terms that may not satisfy their professional confidentiality obligations, on infrastructure that is subject to foreign government access.

What GDPR obligations apply when a law firm uses a public AI service?

Law firms using public AI services to process client personal data face several GDPR questions. First, whether there is a lawful basis for transferring the data to the AI provider — client consent for legal work does not automatically extend to processing by a third-party AI service. Second, whether the firm has a data processing agreement with the AI provider that satisfies GDPR Article 28 requirements. Third, whether the data is transferred outside the EEA — most major AI providers process data in the US, which requires an adequacy decision or appropriate safeguards under GDPR Article 46. Fourth, what the AI provider's data retention period is — GDPR requires data to be kept no longer than necessary, and most public AI service terms are vague on this point.

What is the CLOUD Act and why does it matter for law firm AI infrastructure?

The CLOUD Act is a US law that allows US government access to data stored by US companies regardless of where the servers are physically located. For law firms using public AI services — most of which are US-headquartered — this means that client data processed on those services may be subject to US government access requests even if the servers are located in the EU or another jurisdiction. This creates legal exposure for firms with data residency obligations or clients subject to professional secrecy protections that conflict with foreign government access.

What infrastructure does a law firm need to use AI responsibly with client data?

Responsible legal AI infrastructure requires five elements. Private deployment: AI models run on infrastructure dedicated to the firm, not shared with other organizations, so client data does not leave the firm's environment during processing. In-jurisdiction hosting: infrastructure hosted within the EEA for EU firms, or within the relevant national jurisdiction where data residency requirements apply, so data is not subject to foreign government access. No data retention by the AI provider: unlike public AI services, private infrastructure does not retain processed data for model training. Full audit logging: every access to client data is logged with timestamp, identity, and action, supporting professional responsibility compliance and AI Act documentation requirements. Encryption key control: the firm holds its own encryption keys, so the infrastructure provider cannot access client data without the firm's authorization.

Aurora MarketingApr 20, 2026 4:39:36 PM8 min read

AI Confidentiality and Data Privacy in Legal Practice

9:10

Legal AI is moving faster than legal infrastructure.

The legal sector's adoption of AI has accelerated sharply. Contract analysis, legal research, document review, due diligence, regulatory monitoring, and drafting assistance have all moved from experimental to operational in most large firms and many mid-size ones. The productivity case is clear. AI-assisted legal work is faster, more consistent, and increasingly more thorough than manual processes at scale.

The infrastructure question has not kept pace with the adoption rate. Most law firms and legal departments deploying AI tools are doing so on public cloud services operated by third parties — feeding client data, privileged communications, and confidential work product into pipelines that run on infrastructure the firm does not control.

Three problems follow from that. They are not theoretical. They are active risks that legal professionals, compliance teams, and clients are beginning to surface.

Problem one: client confidentiality and the data you do not control

The professional obligation of confidentiality is foundational to legal practice. Rule 1.6 of the ABA Model Rules of Professional Conduct, and its equivalents across jurisdictions, require lawyers to make reasonable efforts to prevent the inadvertent disclosure of client information. Most bar associations have issued guidance, or are in the process of doing so, on what 'reasonable efforts' means in the context of AI tools.

The core question is straightforward: when a lawyer uses an AI tool to analyze a client document, draft a brief, or research a legal question, where does the client's data go? Who has access to it? Under what terms can the AI provider use it? What happens if the provider is subject to a government access request under the law of a foreign jurisdiction?

For most public AI services, the answers to those questions are uncomfortable. Data is processed on shared infrastructure. Terms of service typically include provisions allowing the provider to use inputs for model improvement — though the enforceability of those provisions varies. Providers are subject to the legal jurisdiction of the country in which they operate, which for most major AI providers means US law, including the CLOUD Act, which allows US government access to data stored by US companies regardless of where the servers are physically located.

The confidentiality obligation does not have a carve-out for AI tools. It applies to every system that touches client data.

The practical implication is that law firms using public AI services for client work are, in most cases, transferring client data to a third party without explicit client consent, under terms that may not satisfy their professional confidentiality obligations, on infrastructure that is subject to foreign government access.

Several major firms have already concluded that this exposure is not manageable within their professional responsibility frameworks and have restricted public AI services to internal work only — explicitly prohibiting their use for anything involving client data. That position is increasingly difficult to sustain as AI becomes central to legal productivity, and it creates a two-tier problem: firms that restrict AI to protect client confidentiality lose the productivity benefit, while firms that allow it may be accumulating professional responsibility exposure they have not fully mapped.

Problem two: privilege and the waiver risk

Attorney-client privilege protects confidential communications between a lawyer and client made for the purpose of obtaining or providing legal advice. Work product doctrine protects material prepared by a lawyer in anticipation of litigation. Both protections are foundational to legal practice — and both can be waived through disclosure to third parties who do not share the privilege.

The question of whether feeding privileged material into a public AI service constitutes disclosure to a third party — and therefore a waiver of privilege — has not been definitively resolved in most jurisdictions. Some courts have begun addressing it. The direction of travel is not favorable for firms that have been cavalier about what they feed into public AI tools.

The disclosure argument:

When privileged material is processed by a third-party AI service, it is disclosed to the service provider. The provider is not the client, not the lawyer, and does not share the privilege. Disclosure to a third party who does not share the privilege has historically been treated as a waiver, at least in the US. The counterargument — that the AI service is merely a tool, like a word processor — has some merit but is untested in the context of cloud-hosted AI services with independent data retention and use policies.

The practical risk:

Privilege waiver is not just a theoretical risk in litigation contexts. It affects transactional work, regulatory matters, and internal investigations. A firm that has routinely processed privileged communications through a public AI service may have difficulty sustaining privilege claims if an opposing party discovers that practice and challenges it. The risk is asymmetric: the productivity gain from the AI tool is incremental; the privilege waiver, if it occurs, can be catastrophic to the matter.

Problem three: data breach, GDPR, and regulatory exposure

Law firms are high-value targets for data breaches. They hold client financial information, M&A deal data, litigation strategy, regulatory correspondence, and personal data about individuals involved in matters. A successful breach of a law firm's systems can expose all of it simultaneously.

AI infrastructure expands the attack surface. Every system that ingests client data — and AI tools ingest substantial volumes of it — is a potential breach point. Public AI services add a third-party dependency that the firm cannot directly audit, monitor, or control. If a breach occurs at the AI provider level, the firm's client data may be exposed through a system the firm does not operate.

GDPR exposure

Most law firm client files contain personal data. Names, addresses, financial information, health records in some practice areas, and other information that falls squarely within GDPR's definition of personal data. GDPR requires that personal data be processed only in ways that are lawful, fair, and transparent, and that appropriate technical and organizational measures are in place to protect it.

Feeding client personal data into a public AI service raises several GDPR questions that most firms have not fully answered:

Is there a lawful basis for transferring the data to the AI provider? Client consent for legal work does not automatically extend to processing by a third-party AI service.
Does the firm have a data processing agreement with the AI provider that satisfies GDPR Article 28 requirements for processors?
Is the data transferred to a country outside the EEA? Most major AI providers process data in the US, which requires an adequacy decision or appropriate safeguards under GDPR Article 46.
What is the retention period for data processed by the AI provider? GDPR requires data to be kept no longer than necessary — most public AI service terms are vague on this point.

The AI Act layer

The EU AI Act introduces additional obligations for legal AI systems, particularly those used in high-stakes contexts. AI systems used to assist in legal research, contract analysis, or advice in litigation or regulatory matters may be classified as high-risk under the Act, triggering requirements for technical documentation, human oversight, data governance, and auditability.

Firms that are not currently thinking about AI governance in terms of the AI Act's classification framework will need to do so. The Act's requirements for high-risk AI systems are substantive, and they require infrastructure that supports the necessary documentation, logging, and audit trail — which public AI services, by design, do not provide to third-party users.

GDPR, the AI Act, and professional conduct rules are converging on the same infrastructure requirement: control over where client data goes.

What a responsible legal AI infrastructure looks like

The three problems outlined above — confidentiality, privilege, and regulatory exposure — all point toward the same infrastructure requirement: AI systems that process client data should run on infrastructure that the firm controls, where the data does not leave the firm's jurisdiction, and where access is fully auditable.

This does not mean law firms need to build data centers. Private AI infrastructure has become significantly more accessible. The key requirements are:

Private deployment: AI models run on infrastructure dedicated to the firm, not shared with other organizations. Client data does not leave the firm's environment during processing.
In-jurisdiction hosting: infrastructure hosted within the EEA for EU firms, or within the relevant national jurisdiction where data residency requirements apply. Data is not subject to foreign government access requests.
No data retention by the AI provider: unlike public AI services, private infrastructure does not retain processed data for model training. Client data is processed and remains under the firm's control.
Full audit logging: every access to client data by AI systems is logged with timestamp, identity, and action. This supports both professional responsibility compliance and AI Act documentation requirements.
Encryption key control: the firm holds its own encryption keys. The infrastructure provider cannot access client data without the firm's keys.

The proportionality argument

Some firms will object that private AI infrastructure is disproportionate to their AI workload. That objection deserves a direct response.

The cost of private AI infrastructure has declined significantly. Storage at $5.99 per TB per month with no egress fees. GPU compute at $2.50 to $3.00 per hour for H100 instances — a fraction of public cloud rates. Deployment on existing infrastructure in two to four weeks. The infrastructure cost is not the barrier it was two years ago.

The proportionality question runs the other way. A single privilege waiver in a major litigation matter. A GDPR enforcement action resulting from a client data breach via an AI provider. A bar complaint arising from a failure to protect client confidentiality. The cost of those outcomes — financial, reputational, and professional — is disproportionate to the cost of the infrastructure that prevents them.

Where the legal sector goes from here

The legal sector's AI adoption will continue regardless of infrastructure concerns. The productivity gains are too significant for firms to opt out. The question is whether the sector gets ahead of the infrastructure problem or responds to it after the first significant confidentiality or privilege incident makes the risk concrete.

The firms that will be best positioned are the ones that treat AI infrastructure as a professional responsibility question — not just an IT procurement decision — and build the controls now, before the regulatory and case law landscape firms up around them.

That means private deployment. In-jurisdiction hosting. Full audit logging. Encryption key control. Not because regulators or courts have definitively required it yet — they have not, in most jurisdictions — but because the professional obligations that have always governed legal practice already do.

Aurora Marketing