Legal Advice with ChatGPT: Opportunities and Limitations for Swiss SMEs

The idea of having legal support at the push of a button sounds appealing. Many Swiss SMEs see potential in Artificial Intelligence that goes beyond simple translations or correspondence. However, a chatbot, no matter how eloquently phrased, is not a lawyer. That's the sober reality.

The euphoria surrounding tools like ChatGPT is immense, with 52% of Swiss SMEs already using AI for translations and another 47% for correspondence. This shows broad acceptance and practical utility in daily business. But when it comes to legal matters, the limits are quickly reached. The question isn't whether AI *can* help, but precisely *where* this help ends and risk begins.

Especially in Switzerland, with its specific legal system and the strict data protection regulations of the revised Data Protection Act (revDSG), companies need to know exactly when they can trust an algorithm – and when consulting a specialised legal professional is indispensable. A well-founded assessment here is not a luxury, but a necessity.

Which Legal Use Cases are Suitable for AI Tools like ChatGPT in Swiss SMEs?

AI tools are useful assistants for repetitive, information-based tasks, but not for actual legal advice. Swiss SMEs can effectively use ChatGPT and similar systems to create efficiency in certain preliminary legal work. This primarily concerns tasks based on analysing large volumes of text or requiring the generation of standard texts.

Consider information preparation. An SME managing director often needs a quick overview of a specific legal situation. ChatGPT can serve as an intelligent search and summarisation service here. It can identify relevant sections from the revDSG or other Swiss laws, provided they are available as data, and summarise them in understandable language. This saves valuable time that would otherwise be spent on manual research.

Another area is standard formulations or contract drafts. For simple, non-contentious documents like Non-Disclosure Agreements (NDAs), basic service agreements, or General Terms and Conditions (GTCs), AI can provide an initial draft. It is crucial here that the AI has been trained on specific, already reviewed templates or can use them as a reference (keyword RAG – Retrieval Augmented Generation). The AI can then insert parameters such as party names, addresses, or specific service descriptions. This is a significant relief for initial document creation and can reduce the effort for lawyers in fine-tuning.

Analysing contracts for specific clauses is also a suitable field. For instance, if a company needs to search all contracts for a specific termination clause or a limitation of liability, AI can perform this task in fractions of a second. The AI scans the documents and highlights the relevant passages. This is particularly helpful during due diligence processes or when preparing for compliance audits. It's about extracting data, not evaluating it legally.

Furthermore, AI tools can be helpful in translating legal texts. Given Switzerland's multilingualism and international business relationships, this is a frequent use case. Even though a legally flawless translation often still requires human review, AI can provide a solid foundation that is then refined by a specialised translator or legal professional. The efficiency gains in these areas are real and measurable. They relieve employees of repetitive tasks, allowing them to focus on more complex, value-adding activities.

How Can Swiss SMEs Ensure that the Use of AI in the Legal Field Complies with Data Protection Regulations (e.g., revDSG)?

Compliance with the revDSG is non-negotiable when using AI in the legal field and requires a proactive strategy. The revised Data Protection Act (revDSG) imposes high demands on the handling of personal data, especially when it comes to particularly sensitive data, as is often the case in legal contexts. Blind trust in external AI services is playing with fire here.

The first step is a comprehensive Data Protection Impact Assessment (DPIA), similar to what is required for high-risk applications under the EU AI Act and mandatory in certain cases under the revDSG. A DPIA following the standard 8 steps helps to identify and assess potential risks early on. This involves analysing what type of data is processed, who has access, and what the consequences of a data breach would be. The MoSCoW method can help prioritise requirements, clearly separating mandatory ("Must") and optional ("Should", "Could", "Won't") requirements. Data protection is a "Must".

Data storage is crucial. For Swiss SMEs, this ideally means using Swiss infrastructure. Services that operate their servers in Switzerland offer greater legal certainty and trustworthiness regarding the revDSG. However, many large AI models process inputs on servers abroad, often in the USA. This is problematic for sensitive Swiss data, as the data could then be subject to the US CLOUD Act. One solution is to use models that run either locally (on-premise) or on dedicated Swiss cloud infrastructure where data sovereignty is maintained.

Another essential point is the anonymisation or pseudonymisation of data. When using AI tools for document analysis or text generation, identifiable personal data must not be transmitted to the AI unprotected. Customer-specific requests should never be used directly for AI training unless you have explicit consent or the data is fully anonymised. Techniques like Retrieval Augmented Generation (RAG) can help here, where the AI only accesses internal, controlled, and anonymised knowledge databases instead of operating "freely" on the internet or with external training data.

Defining clear responsibilities within AI governance is also essential. Who is responsible for the data entered into the AI? Who reviews the results? An AI governance board or ethics committee, as I often see in larger companies, can set strategic guidelines and approve critical AI decisions. For SMEs, this might sound excessive, but the principles remain the same: clear rules on who can do what and who bears responsibility are fundamental. The Data Protection Officer plays a central role here in monitoring compliance.

What Risks Do AI-Powered Legal Advisory Tools Pose to Swiss SMEs, and How Can They Be Mitigated?

The biggest risks are hallucinations, lack of context, and absence of liability – these can only be mitigated through human oversight and clear processes. AI tools like ChatGPT learn from vast amounts of data available on the internet. However, this data is not always current, correct, or relevant to the Swiss legal landscape. This leads to several critical problems.

Perhaps the best-known phenomenon is "hallucination." AI models are trained to generate plausible answers. If they cannot find relevant information, they simply invent facts, legal articles, or precedents that sound convincing but are entirely false. In the legal field, such misinformation can have catastrophic consequences. An SME relying on a legal basis invented by AI risks not only financial losses but also reputational damage and legal repercussions. There is no "second opinion" from the AI to correct errors.

Another problem is the lack of context and the nuances of Swiss legislation. The Swiss legal system is specific and complex. An AI primarily trained on Anglo-American or EU law will struggle to correctly interpret the subtleties of Swiss Code of Obligations, labour law, or specific industry regulations. The AI does not understand the "spirit" of a law; it merely processes patterns in texts. It cannot judge how a court would decide in a specific case or provide strategic recommendations based on current case law and the SME's individual situation.

The absence of liability is a serious drawback. If a lawyer provides incorrect information, they are liable for it. An AI tool or its developers generally do not assume this liability. An SME relying on faulty AI advice is left to bear the consequences alone in case of damage. There is no insurance to cover the "AI error," and no contact person to take responsibility for the outcomes. This is a fundamental difference from professional legal advice.

How can these risks be mitigated? The key lies in combining AI efficiency with human expertise. AI should always be understood as a tool and never as a substitute for human judgment. Every legal document generated by AI or any advice provided must be reviewed and approved by a qualified legal professional. This is not an option, but a mandatory requirement.

SMEs should also establish internal policies for the use of AI in the legal field. Who is allowed to use which tools? For which tasks? Which review steps are mandatory? A risk matrix that assesses the probability of occurrence and the impact of AI errors can help identify critical applications. An error in internal research has different implications than an error in an external contract. Frameworks like the NIST AI Risk Management Framework offer valuable guidance for systematically managing risks.

Lukas Huber, founder of schnellstart.ai, repeatedly emphasises the need for transparency. Companies must know how the AI works, what data it uses, and what its potential weaknesses are. Only then can they make informed decisions and maintain control. The use of AI in the legal field requires a high degree of sensitivity and responsibility.

The use of existing AI tools like ChatGPT is recommended by the SATW as a way to minimise risk for SMEs, but always with the implicit understanding that these tools serve as support and not as an independent authority for complex decisions. It's about leveraging AI's potential without relinquishing control or exposing yourself to unnecessary risks.

In summary, AI in the legal field is a double-edged sword for Swiss SMEs. It offers immense efficiency potential for routine tasks and information gathering. At the same time, it carries significant risks if used without human oversight and legal expertise. The key to success lies in intelligent, risk-aware application that leverages AI's strengths while compensating for its weaknesses with human expertise.

Digitalisation is not stopping at the legal sector. Those who want to seize the opportunities must know the rules of the game and master the risks. This means investing in knowledge, defining clear processes, and maintaining human control as an indispensable filter.

✅ AI as an Efficiency Booster: Use AI for research, standard documents, and text analysis to save time and relieve employees.

✅ Data Protection as a Foundation: Ensure revDSG compliance through DPIAs, Swiss hosting, and consistent data anonymisation.

✅ Human Expertise as Control: Every AI-generated legal information must be reviewed and approved by a qualified legal professional. Using AI in critical legal matters without human oversight is negligent.

Would you like to learn more about how to implement AI safely and efficiently in your Swiss SME without incurring legal risks? Contact us for a non-binding initial consultation. We will support you in developing the right strategies and implementing the appropriate tools. Get in touch.