
[EDRM Editor’s Note: The opinions and positions are those of the author.]
I have asked Are Protective Orders Limiting Upload to AI of Documents Produced by an Opponent in Discovery Becoming the Standard of Care? (May 26, 2026).
Not always. Unicorn Rejects A.I. Protective/Confidentiality Order – Order Entered in Criminal Case (Jun. 4, 2026).
But the naysayers seem to be in the minority. For example, in Orechovesky v. BNY Administrative Svcs., LLC, 2026 WL 1725149 (S.D.N.Y. Jun. 15, 2026), the court wrote that:
The parties having agreed to the following terms of confidentiality, and the Court having found that good cause exists for issuance of an appropriately tailored confidentiality order governing the pre-trial phase of this action, it is therefore hereby ORDERED…
15. A receiving party shall not load, import, submit, or otherwise transfer Discovery Material to any Large Language Model (“LLM”) or Artificial Intelligence (“AI”) platform without agreement of the Parties. Should a receiving party want to load, import, submit, or otherwise transfer Discovery Material to any LLM or AI platform, such LLM or AI platform must meet the following security requirements:
a. Does not use, retain, or incorporate produced data to train, fine-tune, or otherwise improve any AI model or system;
b. Operates within a closed, private, limited, secure universe including enterprise versions of web-based systems;
c. Maintains appropriate data isolation at the organization, user, and workflow levels to prevent access to or commingling of data across users, matters, or organizations;
d. The technology provider for the platform must agree to maintain confidentiality, undergo regular third-party penetration testing and security audits, and the system must regularly purge data uploaded to the system based upon a known schedule or at the time of final disposition;
e. Employs industry-standard encryption and security protocols (such as AES-256 encryption at rest and TLS 1.2 or higher in transit), data confidentiality protections, and system reliability standards;
f. Maintains security certifications or controls consistent with industry standards for legal technology (such as SOC2 compliance and maintaining ISO / IEC 27001, 27017, 27018, 27701 certifications); and
g. Tracks all information in the system, including access.
16. The Parties agree that Relativity’s aiR Platform and WestLaw’s CoCounsel are acceptable industry standard tools that may be used by all Parties as long as data produced by the producing party is not used to train AI systems or platforms and thereby do not require disclosure if there is intended use by the receiving party.
17. The Parties agree that Gemini for Google Workspace (Enterprise or Business editions), as integrated within Plaintiff’s counsel’s email and firm communication environment, is an acceptable industry-standard tool that may be used by all Parties as long as data produced by the producing party is not used to train AI systems or platforms and thereby do not require disclosure if there is intended use by the receiving party.
18. To the extent a receiving party intends to use any other LLM or AI platform, the receiving party shall disclose the specific LLM or AI platform(s) it intends to use and verify its compliance with subsections 15(a) through (d) above. The producing party reserves the right to request additional information to confirm compliance with subsections 15(a)–(d). If the producing party has concerns regarding compliance with this provision, it may seek appropriate relief from the Court.
a. The platform and its use must otherwise comply with this Protective Order. Any LLM or AI models, AI inputs, and AI outputs developed using Confidential Material will be deemed Confidential Material and will not be used for any purpose other than prosecuting or defending this matter.
To similar effect, in Pujas v. BDO USA, P.C., 2026 WL 1724307 (S.D.N.Y. Jun. 15, 2026), an stipulated order stated:
Absent the prior written consent of the producing Party or an order of the Court, no receiving Party shall upload, submit, disclose, quote, feed, or otherwise provide any Confidential Material to any artificial intelligence, machine learning, language model, generative text, or similar technology or service (collectively, “AI Tool”) unless that AI Tool:
(a) is an enterprise-grade platform that the receiving Party (or its counsel) has licensed;
(b) is subject to a binding written agreement that (1) requires the provider to keep all user-supplied data strictly confidential, and (2) expressly prohibits the provider from using such data for training, fine-tuning, product improvement, or any purpose other than providing the contracted-for services; and
(c) employs technical and organizational security measures reasonably designed to prevent any unauthorized access, disclosure, or use of Confidential Material. The obligations and restrictions of this paragraph apply even where the data or the Confidential Material has been anonymized.
These types of agreed orders are becoming common-place. See, e.g., Velez, v. OnePlus Technology (Shenzhen) Co., Ltd., 2026 WL 1734645, at *2-3 (S.D.N.Y. Jun. 16, 2026)(comprehensive agreement with inadvertent disclosure clause).
Assisted by GAI and LLM Technologies per EDRM’s GAI and LLM Policy.

