Skip to main content
Try Lexiel for freeTry now →
EU AI Act and Lawyers in Spain: Obligations, Risks and Compliance in 2026
Compliance10 minEquipo Lexiel

EU AI Act and Lawyers in Spain: Obligations, Risks and Compliance in 2026

EU AI Act compliance guide for Spanish lawyers and law firms: AI tool risk classification, user and provider obligations, sanctions and compliance checklist.

EU AI ActAI regulation Europelegal AI compliance SpainRegulation 2024/1689AI law firm obligations

# EU AI Act and Lawyers: Compliance Guide for Spanish Law Firms

Regulation (EU) 2024/1689, the EU AI Act, is the world's first comprehensive AI regulation. In force since 1 August 2024, its obligations roll out in phases. Spanish lawyers have a dual role: as users of AI systems and sometimes as operators or providers of AI solutions for clients.

Application timeline

  • 2 February 2025: Prohibition of unacceptable AI systems

  • 2 August 2025: GPAI model obligations
  • 2 August 2026: Full obligations for high-risk systems
  • 2 August 2027: Obligations for Annex I high-risk systems

Risk classification for legal AI tools

Prohibited AI (unacceptable risk): subliminal manipulation, real-time biometric identification in public spaces. Unlikely for law firms to use directly.

High-risk AI: systems assisting judicial authorities in fact-finding or law application (Annex III, point 8). Standard legal AI drafting/research tools are generally not high-risk as they assist the professional rather than making autonomous decisions.

Limited risk: chatbots and client portals with AI. Obligation: transparency; the user must know they are interacting with AI.

Lawyer obligations as AI users

Lawyers using AI tools are "operators" under the Regulation. Key obligations:

  1. Use per provider instructions: do not use AI beyond its intended scope
  2. Human oversight: always review AI output before signing or filing any document
  3. Client transparency: inform clients when AI is used to prepare their documents
  4. Data protection: AI systems processing client data must comply with both AI Act and GDPR

Deontological obligations

Spain's Bar Code of Conduct (2019) applies: professional competence (Art. 3), independence (Art. 4), and confidentiality (Art. 5) all govern AI use.

Sanctions

  • Prohibited systems: up to €35M or 7% of global turnover
  • High-risk non-compliance: up to €15M or 3%
  • Incorrect information to authorities: up to €7.5M or 1%

Compliance checklist for law firms

  • [ ] Identify all AI tools used by the firm
  • [ ] Classify each by EU AI Act risk level
  • [ ] Verify providers are preparing compliance
  • [ ] Implement mandatory human review before submitting any AI output
  • [ ] Update privacy policy and client contracts to mention AI use
  • [ ] Train staff on responsible AI use

Learn more about security at Lexiel →

Try Lexiel free · 28 days

Use code LEX-BLOG for double the standard trial period. Cancel anytime, no commitment.

LEX-BLOG
Get started free

Weekly legal updates

Legislative changes, relevant case law, and Lexiel news. No spam. Unsubscribe anytime.

GDPR compliant. We never share your email with third parties.

EU AI Act and Lawyers in Spain: Obligations, Risks and Compliance in 2026 : Lexiel