Skip to main content
Try Lexiel for freeTry now →
EU AI Act and Lawyers in Spain: Obligations, Risks and Compliance in 2026
Compliance10 minEquipo Lexiel

EU AI Act and Lawyers in Spain: Obligations, Risks and Compliance in 2026

EU AI Act compliance guide for Spanish lawyers and law firms: AI tool risk classification, user and provider obligations, sanctions and compliance checklist.

EU AI ActAI regulation Europelegal AI compliance SpainRegulation 2024/1689AI law firm obligations

# EU AI Act and Lawyers: Compliance Guide for Spanish Law Firms

Regulation (EU) 2024/1689, the EU AI Act, is the world's first comprehensive AI regulation. In force since 1 August 2024, its obligations roll out in phases. Spanish lawyers have a dual role: as users of AI systems and sometimes as operators or providers of AI solutions for clients.

Application timeline

  • 2 February 2025: Prohibition of unacceptable AI systems

  • 2 August 2025: GPAI model obligations
  • 2 August 2026: Full obligations for high-risk systems
  • 2 August 2027: Obligations for Annex I high-risk systems

Risk classification for legal AI tools

Prohibited AI (unacceptable risk): subliminal manipulation, real-time biometric identification in public spaces. Unlikely for law firms to use directly.

High-risk AI: systems assisting judicial authorities in fact-finding or law application (Annex III, point 8). Standard legal AI drafting/research tools are generally not high-risk as they assist the professional rather than making autonomous decisions.

Limited risk: chatbots and client portals with AI. Obligation: transparency; the user must know they are interacting with AI.

Lawyer obligations as AI users

Lawyers using AI tools are "operators" under the Regulation. Key obligations:

  1. Use per provider instructions: do not use AI beyond its intended scope
  2. Human oversight: always review AI output before signing or filing any document
  3. Client transparency: inform clients when AI is used to prepare their documents
  4. Data protection: AI systems processing client data must comply with both AI Act and GDPR

Deontological obligations

Spain's Bar Code of Conduct (2019) applies: professional competence (Art. 3), independence (Art. 4), and confidentiality (Art. 5) all govern AI use.

Sanctions

  • Prohibited systems: up to €35M or 7% of global turnover
  • High-risk non-compliance: up to €15M or 3%
  • Incorrect information to authorities: up to €7.5M or 1%

Compliance checklist for law firms

  • [ ] Identify all AI tools used by the firm
  • [ ] Classify each by EU AI Act risk level
  • [ ] Verify providers are preparing compliance
  • [ ] Implement mandatory human review before submitting any AI output
  • [ ] Update privacy policy and client contracts to mention AI use
  • [ ] Train staff on responsible AI use

Learn more about security at Lexiel →

Try Lexiel free · 28 days

Use code LEX-BLOG for double the standard trial period. Cancel anytime, no commitment.

LEX-BLOG
Get started free

Weekly legal updates

Legislative changes, relevant case law, and Lexiel news. No spam. Unsubscribe anytime.

GDPR compliant. We never share your email with third parties.