Public Sector & Law

AI in public administration, the judiciary and the legal profession in 2026 sits between political pressure for digital government and a dense web of GDPR/state-privacy law, eIDAS, attorney-client privilege, the judge-reservation and the AI Act. This hub page shows which administrative and legal tasks realistically benefit from AI, where strictly personal duties must remain human and how productive setups in DACH agencies and law firms actually look. Deliberately without full-automation marketing — decisions, judgments and counsel remain human responsibility; AI is assistive.

Where does AI pay off in Public Sector & Law?

Citizen correspondence and request routing is the most common entry point. Incoming mails, contact-form requests and citizen letters are classified (application request, complaint, freedom-of-information request), prioritized and routed to the responsible desk. Sentiment detection flags urgent cases; the rest flows into standard queues. Realistic effect: 60–80 % less sorting effort at the intake desk and faster handling of routine requests. Important: AI sorts, the caseworker decides. The classification logic is reviewed quarterly for bias drift.

Multilingual decision drafts and explanatory materials is the second lever. DeepL Pro for accurate translation, Claude or ChatGPT for stylistic polish. Standard decisions, fact sheets and hearing letters become available in Turkish, Russian, Arabic, Ukrainian or Spanish — in DACH metros and US urban agencies often a real access factor. Prerequisite: a glossary of administratively relevant terms — mistranslations of “deadline”, “appeal” or “hearing” have legal consequences for the citizen.

Legal research support is the third area, especially in law firms and the courts’ research units. Perplexity or Claude with long context read 20–50 rulings, commentary excerpts and articles and produce structured research overviews. Legal judgement stays human, but pre-research compresses from days to hours. Prerequisite: source attribution and qualified-lawyer review — hallucination risk on statutes and case citations is real and especially dangerous because false citations in briefs trigger sanctions and malpractice exposure (Mata v. Avianca is the textbook cautionary tale).

Contract drafting is the fourth lever in law firms. From a client briefing and a template repository the LLM generates a first draft that the attorney reviews, edits and signs off. Consistency goes up, time per standard contract drops by an estimated 50–70 %. Important: client data is pseudonymized before LLM call or processed on-premise — attorney-client privilege is not negotiable, and the ABA Formal Opinion 512 requires explicit informed consent for AI use that involves client information.

Knowledge base and administrative FAQ is the fifth area. A RAG setup against administrative rules, internal directives and FAQ collections answers 60–70 % of recurring caseworker questions — from file-inspection requests to deadline calculations. Junior caseworkers become productive faster, without anyone relying on the model’s parametric knowledge of the legal posture.

File summarization and meeting minutes is the sixth lever. Long files are condensed into 1–2 page briefings; meeting audio is transcribed via Whisper and shaped into structured minutes via Claude. Effect: 40–60 % time savings in pre- and post-work for sessions and hearing preparation. Final review remains human because false summaries can compromise a fair procedure.

Practice examples from DACH and the US

Both setups follow the same pattern: AI assists in routing, translation, research and draft creation; decisions and counsel stay strictly human. The tool stack follows the supervisory posture and attorney-client privilege — on-premise or regional cloud hosting with a DPA is standard, US-cloud consumer tiers are excluded.

Vienna municipal agency (400 staff, citizen services). Claude in an EU-hosted variant with DPA and Austrian DPO sign-off. Use case: citizen-correspondence routing through the central inbox. Workflow: incoming mails are classified by Claude (application request, complaint, appointment request, multilingual or German), prioritized by urgency and forwarded to the responsible department. DeepL Pro translates non-German requests; the caseworker sees both versions. Effect after eight months: average handling time per inbound mail down from 6 to 2 minutes, share of correct first-time routing up from 78 % to 94 %. Stumbling block: in the early weeks the model classified nested multi-issue requests imprecisely. After introducing a “mark all issues separately” prompt plus a two-stage review step the misrouting rate dropped to 4 %. The works council was involved early; the co-determination agreement documents data flows; eIDAS-compliant signature paths remain untouched.

Munich law firm (60 staff, business and IP law). Claude in an on-premise variant via a German cloud provider, plus a local Whisper installation for transcription. Use case: contract drafts and client-correspondence preparation. Workflow: from a client briefing and an internal template repository Claude generates a first contract draft that the responsible attorney reviews, edits and signs off. Whisper transcribes client meetings, Claude produces a structured file-note draft from the transcript. Effect after six months: time per standard contract down from 4.5 to 1.8 hours, file-note creation 70 % faster. Important: client consent to AI use is part of the engagement letter, every client can opt out (in which case work runs purely manually). The §43a BRAO-compliant secrecy architecture was reviewed by the Bar’s data-protection advisory office.

Risks & compliance — the five pillars

Public sector and law are particularly dense regulatory fields because sovereign action and criminally protected confidentiality duties combine. These five pillars are preconditions for any rollout.

GDPR / state privacy law in the public sector: §3 BDSG gives public bodies special rules; §22 BDSG covers special categories. The professional secrecy duty under §203 of the German criminal code is criminally enforceable — breach is an offense, not a mere data-protection issue. A DPIA is practically always mandatory for AI use with citizen/client data. Right to erasure extends to AI logs and generated drafts. Sub-processor list must be reviewed — a single US sub-processor is enough to make the transfer Schrems-II-problematic. In the US, FOIA and state public-records laws complicate AI logs in unexpected ways.

eIDAS and electronic government: Decisions need legally valid signatures — a qualified electronic signature (QES) for sovereign acts, an advanced one for standard correspondence. AI may prepare content; the signature stays strictly personal. Trust-service providers are regulated under eIDAS, AI tools are not — an AI that signs by itself or suggests signatures is effectively impermissible. The US ESIGN Act and UETA cover similar ground.

Attorney-client privilege: §43a BRAO and §2 BORA in Germany, the ABA Model Rules 1.1, 1.6 and Formal Opinion 512 in the US, plus equivalent canton-level rules in Switzerland require comprehensive secrecy that criminal/professional law backs up. Cloud LLMs without explicit client consent are excluded; with consent only under strict technical safeguards (regional hosting, DPA/BAA, no-training, pseudonymization). The 2024 BRAK/ABA guidance forms the baseline. Practically: on-premise LLM or a regional provider is the safe default; cloud-US is the sensitive exception.

EU AI Act + judiciary and democratic processes: Annex III classifies AI for judicial assistance and asylum/migration pre-screening as high-risk. Required: conformity assessment, risk management, logging, human oversight (Art. 14), transparency. The judge-reservation under Art. 92 of the German Basic Law remains untouched — judgments are strictly personal. Penalties up to EUR 35 million or 7 % of global turnover.

Sector-specific procedural rules: Tax law (AO §88, §93 on evidence gathering), social law (SGB X on the duty to investigate), administrative-procedure law (VwVfG §24 on official inquiry) require the agency itself to clarify the facts — AI may assist, but the official inquiry stays human. Asylum and immigration law has especially strict reasoning and hearing duties that bound AI autonomy. In the US, the APA and agency-specific rulemaking impose similar constraints.

What does NOT work: Offering AI legal advice without attorney sign-off (UPL — unauthorized practice of law). Issuing decisions from a pure AI draft without caseworker review — appealable, often void in social and tax cases. Relying on AI-cited statutes without verification against official sources — hallucination risk on citations is real and expensive. Using consumer-tier plans for client data — a criminally enforceable confidentiality breach under §203 StGB and analogous privilege rules.

Related topics

Foundations: Bias & Fairness explains discrimination risks, bias audits and fairness metrics — important for civil servants and lawyers evaluating tools. The comparison ChatGPT vs. Claude shows which generalist suits long legal texts and context-rich files better (Claude tends to lead on long context and conservative answer behavior under oversight). Related use cases: Healthcare & Medicine for the compliance-sister area with similar criminally enforced secrecy, Finance & Economy for the regulatorily dense relative, and Customer Support & Service for multilingual citizen hotlines.

The “Mata risk” of AI-fabricated precedent and ten further AI risks are summarised in the AI Risks guide. Routing citizen inquiries through internal knowledge bases and AI-assisted file research are technically RAG setups — with special requirements around source attribution, permission models and audit-grade logging. RAG plus self-verification also reduce the Mata v. Avianca risk of fabricated case numbers — patterns in the Prompt Engineering guide. The COMPAS algorithm illustrates how algorithmic discrimination plays out in justice — covered in Bias & Fairness.