Your scientists were so preoccupied…

Ian Malcolm’s line in Jurassic Park (1993) is the perfect analogy for regulatory thinking in American pop culture: “Your scientists were so preoccupied with whether or not they could, they didn’t stop to think if they should.”

The model race by Google, X, OpenAI, Anthropic is a can problem. CPA and law firms have a should problem. They deal with liability. When a model hallucinates a tax citation or a case law reference, the model company's terms of service protect them. The partner's license and malpractice policy do not.

Regulatory Environment is No Longer Optional

The legal landscape is catching up and organizations must now actively govern AI. In 2026:

• The Texas Responsible AI Governance Act (TRAIGA) took effect January 1, 2026, establishing a comprehensive framework banning certain harmful AI uses and requiring disclosures when health care providers and government agencies use AI interacting with consumers.

• The EU AI Act's high-risk system rules are likely to take effect in August 2026. Kasowitz LLP

• California has multiple AI laws already in effect as of January 2026, including Frontier Model Transparency Requirements under SB 53. Additional they updated in April the CCPA rules demainding formal AI oversight.

• Regulators are now reviewing models before they release even as the current administration is pursuing federal AI legislation. It has released a national AI legislative framework.

What You should do right now

1. Declare an AI Posture

Not a policy doc. A posture. Every partner needs to answer: are we using AI, evaluating AI, or prohibiting AI for each service line. Ambiguity is liability. Without defined guidelines, law firms risk confidentiality breaches, ethical missteps, and loss of client trust. Prohibition drives usage underground; clear policies bring it into the open where it can be supervised.

1. Ban Public AI for Client work now

Using public AI tools for client work without human-in-the-loop verification is now a clear ethical violation. Firms should implement company-wide AI acceptable use policies that strictly prohibit inputting confidential data into public, non-enterprise AI models. Your organization should have a paid plan if you are using AI. Pick one.

1. Update Engagement Letters and Client Disclosures

Firms must address when and how to inform clients about AI use including updating engagement letters. Disclose that the firm uses AI tools to enhance efficiency while maintaining human oversight and confidentiality. This builds trust and covers Human-in-the-loop.

1. Build the Governance Layer (not just a Policy PDF)

Companies deploying AI in high-stakes decision-making should prioritize building compliance infrastructure now. For CPA and law firms, every AI-assisted work product needs a decision trail: what tool, what prompt, what human reviewed it, what they changed, when.

It is not optional anymore for any client deploying AI in a regulated workstream. The question a client’s audit committee will ask in the third quarter is no longer “do you have an AI policy?” It is “who validated the results and is the trail defensible?”

CPA and law firms that build the governance layer now own the market position in 18 months, when the firms that didn't are dealing with the first wave of AI-related malpractice claims and bar complaints. The model companies are playing a volume game and not worry about whether they should.

Hammond wanted the park open. Malcolm wanted the park reviewed. Both were right about something but only one of them survived the movie. Which side of that conversation is your firm on this year?