Back to Home

Introduction

1. We, Donny & Ong (“the Firm”) embrace the responsible use of artificial intelligence (“AI”) and generative AI (“GenAI”) tools to deliver efficient, high-quality legal services. While AI is excellent for processing bulk documents and drafting initial memoranda, our decade-long experience and professional judgment remain our most irreplaceable assets.
2. This Policy is informed by the following regulatory and professional frameworks:
   1. the professional circulars issued by the Malaysian Bar Council on the use of generative AI in legal practice, which recognise that AI may be used for early-stage workflows such as initial drafting, ideation and structuring legal output, subject to appropriate safeguards;
   2. the National Guidelines on AI Governance and Ethics (“AIGE”), a voluntary non-binding framework issued by the Ministry of Science, Technology and Innovation (“MOSTI”) in September 2024, with which the Firm is committed to complying where appropriate;
   3. the Personal Data Protection Act 2010 (“PDPA”) and the Legal Profession Act 1976; and
   4. the Guide for Using Generative AI in the Legal Sector, published by Singapore’s Ministry of Law on 6 March 2026. While the Singapore Guide is not binding in Malaysia, it is treated as a useful reference point for regional best practices in the legal profession.
3. This Policy should be read together with our Privacy Policy and Engagement Terms, which are published on our website.

Scope

4. This Policy applies to all members of the Firm, including partners, legal associates, paralegals, administrative staff, and any external collaborators (including associate firms, consultants and interns) performing work on behalf of or under the supervision of the Firm.
5. For the purposes of this Policy, “AI tools” includes standalone generative AI platforms, AI features embedded within productivity software, and any future AI-powered tools adopted by the Firm.

Our Commitment

6. AI assists; lawyers are accountable. Every piece of work product that leaves this Firm — whether AI-assisted or not — carries the professional responsibility of the lawyer who signs off on it. The use of AI does not delegate or diminish that accountability.

How We Use AI

7. The Firm uses AI tools across the following areas, subject to the safeguards in this Policy:
   1. Legal research and analysis — provided all AI-generated research is verified against primary sources before reliance;
   2. Drafting and document preparation — provided all drafts are reviewed and refined by the responsible lawyer before circulation;
   3. Administrative and operational tasks — summarising meetings, formatting documents and other operational matters;
   4. Client communications and publications — provided all legal statements are verified for accuracy before publication.

Client Confidentiality

8. This is the Firm’s most critical safeguard. No client-identifiable data, confidential information or privileged communications may be entered into any public AI tool. This prohibition is absolute.
9. When using AI tools for client-related work, all prompts must be anonymised by:
   1. replacing all names with generic placeholders (e.g., “Party A”, “the Company”);
   2. removing transaction values, dates and identifying details; and
   3. framing queries as hypothetical or general legal questions.
   Note: Anonymised content may still be identifiable with sufficient context. When in doubt, err on the side of caution.
10. The Firm does not upload client documents to third-party AI servers. AI providers may process, store or use input data to train their models — this risk reinforces the strict anonymisation requirement above.

Data Classification

11. The following classification guides what information may be used with AI tools:

Classification	Description	AI Tool Permitted
Public	Material authorised for publication (e.g., newsletters, website content)	Yes — public AI platforms
Internal	Proprietary information for internal use (e.g., research summaries, admin tasks, anonymised legal scenarios)	Yes — public AI platforms, with anonymised prompts
Confidential	Client-identifiable data, privileged communications, financial records, court filings	No — prohibited from all public AI tools

Accountability and Verification

12. AI-generated output is a starting point, not a final product. The responsible lawyer must verify and refine all AI-assisted work before it is relied upon, filed or sent to a client.
    1. Research — all statutes, regulations and case law cited by AI must be verified against official gazettes and primary legislation. AI is known to generate plausible but non-existent citations (“hallucinations”);
    2. Drafting — all AI-generated clauses must be reviewed for internal consistency, Malaysian law compliance and commercial appropriateness;
    3. Advice — AI must not substitute professional legal judgment. Where a position is nuanced or unsettled, the lawyer must apply their own analysis.
13. Greater scrutiny is required when using AI in areas outside the user’s subject matter expertise. When in doubt, consult a more experienced colleague or established commentary.

Prohibited Uses

14. The following are strictly prohibited:
    1. entering client-identifiable information or privileged communications into any AI tool;
    2. uploading client documents to AI platforms;
    3. relying on AI-generated research or citations without independent verification;
    4. sending AI-generated client communications without review by the responsible lawyer;
    5. using AI to provide legal advice without human review; and
    6. any use that would breach the Firm’s duties under the Legal Profession Act 1976 or applicable rules of professional conduct.
15. Any misuse of data through generative AI tools — including but not limited to the disclosure of client-confidential information in breach of this Policy — constitutes wrongful misconduct and may subject the relevant individual to immediate dismissal.

Transparency and Client Disclosure

16. The Firm is committed to transparency in its use of AI. Clients are entitled to know that AI tools may form part of our workflow and that all AI-assisted work is subject to the same professional review and accountability as any other work product.
17. Clients may request that AI tools not be used in connection with their matter. Where a client exercises this option, the Firm will comply and conduct the engagement using traditional methods, noting that this may affect turnaround time.

Intellectual Property

18. All work product generated with the assistance of AI tools in the course of the Firm’s engagements shall be the property of the Firm, subject to the terms of the relevant client engagement. Members of the Firm must not use AI tools to reproduce third-party copyrighted content.

Governance

19. AI governance at the Firm is overseen and trained by our partner, Gillian Chew, who is responsible for policy direction, approval of new AI tools, monitoring compliance with this Policy and coordinating team training.
20. Any uncertainty about whether a particular use of AI is permitted under this Policy should be referred to the AI Governance Lead before proceeding.
21. Incidents involving potential breaches of this Policy — including accidental disclosure of confidential information to an AI tool — must be reported immediately. The Firm will assess the incident and take remedial steps, which may include notifying the affected client.

Review and Updates

22. This Policy will be reviewed at least annually, or more frequently if warranted by technological developments, regulatory changes or incidents — including any future guidance issued by the Malaysian Bar Council and the enactment of the anticipated AI Governance Bill. Updates will be communicated to all members and published on our website.

Contact

23. If you have any questions about this Policy or the Firm’s use of AI, please contact:

Last Updated: 9 April 2026