As use of generative artificial intelligence (GenAI) tools in daily operations grows, organizations are creating new types of electronically stored information (ESI). Prior Litigation Minutes published by the firm covered whether AI-generated content is discoverable and whether GenAI interactions may be protected by the attorney-client privilege or work-product doctrine.1 Similarly important questions surround what steps organizations should take when they need to retain and preserve GenAI ESI for litigation or compliance purposes.
Understanding Your GenAI ESI
It is critical that organizations and their counsel understand the GenAI tools their employees are using (both approved and informal) and for what purpose, and confirm what data each tool keeps, where it lives, and how long it stays there, including any relevant vendors’ retention practices.
GenAI ESI (user prompts, outputs, uploaded documents, and usage logs) may not be saved by default. Some tools may auto-delete data quickly, overwrite it as users iterate, or keep it only in audit logs that administrators must affirmatively configure. That means an organization may lose information potentially relevant to litigation even before counsel realizes GenAI ESI is implicated.
As GenAI use grows, these issues will impact information governance, litigation, and compliance readiness. Organizations will need enterprise-level retention settings for approved tools, clear internal rules for using GenAI for business or legal decisions, and legal hold processes that can quickly identify and preserve relevant GenAI ESI.
Updating Your Retention Policies
In some cases, GenAI ESI can qualify as a business record with its own retention requirements, e.g., when employees rely on GenAI outputs or incorporate them into other business records, or when GenAI ESI supports certain audit or compliance activities. In regulated industries (such as financial services and healthcare), GenAI outputs that drive client communications, marketing, or operational decisions may trigger the same supervision, documentation, and audit requirements that apply to other ESI. Organizations should review their document retention policies and schedules to ensure all relevant types of ESI are addressed, with the content of a record, and not its format, determining whether it should be retained and for how long.
At the same time, overly broad retention practices can create unnecessary burden and risk. Data minimization remains a core principle of effective information governance, particularly in light of the volume of ESI that GenAI tools create. A well-drafted retention policy should clearly define what constitutes a business record and incorporate GenAI ESI into existing retention categories based on their content and business purpose, rather than creating entirely new classifications. Exploratory prompts and draft outputs that do not inform business decisions generally may not rise to the level of a business record and can be addressed through defensible disposition practices. That line can be difficult to draw, however, particularly where GenAI tools retain user interactions by default, making it important that policy requirements reflect the actual technical capabilities with which custodians can realistically comply in practice.
Because GenAI tools continue to rapidly evolve, retention policies should be periodically reviewed and considered, while drafted flexibly enough to remain effective without requiring constant revision.
Preserving GenAI ESI in Anticipation of Litigation
Under the Federal Rules of Civil Procedure and in most states, parties must preserve relevant ESI once they reasonably anticipate litigation. Unsurprisingly, recent case law confirms that relevant ESI can include GenAI ESI. When litigation is on the horizon, organizations should work quickly to identify custodians who use GenAI tools for activities related to the subject matters at issue, check the tools’ applied or default retention settings, and work with IT and information governance teams to suspend auto-deletion, preserve existing information, or turn on logging where needed. Organizations may also need to work with third-party providers to preserve interaction histories or usage data that may not otherwise be retained.
If a party fails to preserve relevant GenAI ESI, it faces the same risks as with other lost ESI. If the information cannot be restored or replaced through additional discovery and the loss prejudices another party, courts may order curative measures or sanctions. In some cases, GenAI ESI may reveal important decision-making considerations not discernable from final documents, which may increase the likelihood of finding prejudice in the event of loss. Moreover, if a court finds an intent to deprive another party of the information’s use, it may impose harsher remedies, including adverse inference instructions or case-ending sanctions.
Re-Considering Traditional Legal Holds
Traditional, custodian-focused preservation instructions may not work well for GenAI ESI, as GenAI tools, not employees, may store the relevant information. Telling employees not to delete potentially relevant GenAI ESI may not prevent loss if vendor or enterprise retention settings still allow overwriting or auto-deletion of interaction histories or audit logs.
Organizations should consider updating legal hold notices to explicitly cover approved GenAI tools and spell out what to preserve (e.g., prompts, outputs, and related metadata) and how to preserve it. IT or information governance teams should also confirm whether to pause overwriting or deletion settings or enable logging so relevant usage data is preserved.
Practical Considerations for Preserving GenAI ESI
Information Governance and Litigation Readiness
Plan Ahead
Make sure GenAI questions are asked during vendor due diligence and onboarding and clearly outlined in vendor agreements.
Investigate GenAI Usage
Identify what GenAI tools employees use (approved and informal) and what each tool retains, where, and for how long.
Publish GenAI Policies
Set clear rules for acceptable use, including limits on putting confidential, proprietary, or client information into third-party tools.
Review Document Retention Policies
Evaluate whether existing document retention policies appropriately address GenAI ESI and update if needed.
Train Employees
Make sure employees know GenAI inputs and outputs can be business records or discoverable ESI and that they must follow data management and retention requirements.
Monitor and Audit Use
Check compliance periodically to confirm that retention efforts are aligned with legal obligations and business goals. Also assess whether GenAI tools are saving sensitive or regulated information requiring extra safeguards.
Preservation and Legal Holds
Update Legal Hold Policies and Procedures
Refresh legal hold policies and procedures, including any templates, to cover GenAI ESI.
Implement Deletion-Suspension Processes
Implement technical or administrative processes to preserve GenAI ESI when preservation duties arise, including suspending applied or default auto-deletion.
e-Discovery Planning for Once Litigation Has Begun
Update e-Discovery Workflows
Update e-discovery protocols and outside counsel guidelines to address GenAI ESI, including data held by third-party vendors.
Incorporate GenAI into Case Strategy
Factor GenAI ESI into scope, proportionality, and burden decisions for collection, review, and production.
Protect Sensitive Information
Assess whether GenAI ESI includes personal data or creates privacy or cross-border transfer issues.
Looking Ahead
As GenAI becomes more a part of everyday business and legal work, preservation questions will more often arise in litigation and regulatory matters. Courts usually apply existing discovery and information governance rules to new technology, and GenAI likely will not be an exception. Organizations that understand how GenAI ESI is created, retained, and deleted—and that align those practices with records management and legal hold processes—will be better positioned to meet preservation duties and reduce spoliation risk. Now is the time to update retention policies and schedules so they clearly address GenAI ESI is now, before those policies get tested in a dispute or investigation.
1 Since February 2026 we have seen more courts weigh in on the privilege discussion. Most notably Morgan v. V2X, Inc., No. 25–cv–01991 (D. Colo. Mar. 30, 2026), holding that a pro se litigant can assert work product protection over mental impressions and materials created with the assistance of GenAI.
