There are currently no official guidelines from the Luxembourg Bar regarding the use of generative AI tools by lawyers, particularly in relation to professional secrecy. However, the National Commission for Data Protection (CNPD) — Luxembourg's independent authority responsible for ensuring compliance with data protection laws — issued general recommendations in February 2025 that apply to lawyers. These include avoiding the input of personal or confidential data into online AI tools, especially those not compliant with European standards such as the General Data Protection Regulation (GDPR). The CNPD also advises against using non-European AI tools, encourages the use of GDPR-compliant systems and stresses the importance of staff awareness and data security.

In the absence of specific national rules, Luxembourg Attorneys must rely on the general principles of professional secrecy under Luxembourg law, apply the CNPD's recommendations as a minimum standard and draw on European and international guidance. Among these, the Union Internationale des Avocats (UIA) directives are particularly relevant. According to the UIA, lawyers must preserve confidentiality when using AI systems by reviewing the terms of use, choosing tools that do not retain or misuse input data, anonymizing identifiable information and avoiding the disclosure of sensitive content. Lawyers must also maintain transparent communication with clients about their use of AI, ensure that case strategy and execution remain under their own professional judgment, and must obtain client consent if their data is to be used for AI training.

Therefore, while professional secrecy is protected under Luxembourg law, this protection can be compromised if lawyers use insecure or noncompliant AI tools. In the current legal landscape, lawyers must adopt a cautious and compliant approach, guided by GDPR principles, CNPD recommendations and international best practices.