For firms where professional secrecy (art. 60 of the Code of professional conduct of lawyers) does not tolerate cross-border processing.

Tonia runs document review inside your firm — the draft never leaves.

The Sovereign profile of Tonia pairs tonia with an on-site tonia: review of a discovery file, analysis of a draft contract, assisted case-law research — every request touching professional secrecy executes on-site, never cross-border. The Frontier profile routes the rest to a frontier-model provider with redaction, policy, and signed audit. You start on Frontier, you switch to Sovereign by adding on-site tonia; your audit log for the syndic carries over.

Assess my Loi 25 exposureRequest a free consultation
Regulatory framework

Loi 25 + sectoral duties

A Quebec law firm operates under two simultaneous regimes: Bill 25 (CQLR, c. P-39.1) like any private organization, and the Code of professional conduct of lawyers (CQLR B-1, r. 3.1), which imposes a professional-secrecy duty stricter than the cross-sector norm.

Bill 25, art. 5
the firm collects only the information necessary for the mandate; no more.
Loi 25, art. 17
any communication of personal information outside Québec requires a risk-factor assessment; in the absence of contractual and technical safeguards, the transfer is prohibited.
Bill 25, art. 18 + 18.3
a sub-processor hosting the information engages the firm's liability; the contract must name upstream sub-processors.
Code of professional conduct of lawyers, art. 60
the duty is absolute over any information entrusted by the client in the course of the mandate. Disclosure, even partial, without free and informed consent, exposes the lawyer to a complaint to the syndic.
Code of professional conduct of lawyers, art. 62
the lawyer must take all "reasonable" measures to protect the information; the standard evolves with available technology.
Code of professional conduct of lawyers, art. 78
prohibits indirect disclosure, which explicitly covers pasting a draft into a cloud service without prior consent.
Code of professional conduct of notaries
analogous duties for notarial acts.
Barreau du Québec guide — "Artificial intelligence in the firm"
not legally binding, but useful as a diligence reference for the art. 62 assessment.

The practical consequence is sharp: a lawyer pasting a draft contract or a client memo into ChatGPT communicates professional secrecy to a Delaware corporation subject to the CLOUD Act — without client consent, without an art. 17 assessment, without a contractual framework. This communication is, on its own, a potential breach of art. 60 and a non-compliant transfer under Bill 25 art. 17.

Use cases

Three typical AI use cases

01

Case 1 — First-draft writing

(contracts, memos, pleadings). The most common case. The Bill 25 / art. 60 friction is immediate: pasting a real draft — which carries the client's name, contact information, file facts — into ChatGPT communicates professional secrecy to a U.S. corporation. No client consent has covered this act.

02

Case 2 — Assisted case-law research

(decision summaries, precedent search). Less sensitive if the request carries no client identifier. Still problematic if the question wording reveals unique factual elements of the file — "my client, a Quebec auto manufacturer in a federal patent-infringement dispute for 18 months" identifies the case to a judgment.

03

Case 3 — Discovery / litigation document review

. This is the highest-economic-leverage case for commercial-litigation firms: review of large document volumes (often in English, often coming from the opposing party). It is also the highest-risk case — the mass transfer of potentially confidential documents to a U.S. cloud provider exposes the firm to a simultaneous breach of art. 17, art. 60, and art. 78.

Posture

What Tonia solves — and what it does not

Case 3 (document review) → Sovereign profile.

Sensitive categories execute on the on-site tonia installed in your firm. No document leaves. Bill 25 art. 17 does not apply, for lack of transfer. The locally signed audit log documents every request for the syndic's annual review.

Case 2 (case-law research) → Frontier profile.

The Frontier profile routes approved requests to a frontier-model provider with PII redaction (client names, file identifiers) and policy signed by the file's responsible partner. The exportable audit log answers the syndic's request in case of audit; redaction guarantees no identifier leaves Québec.

Case 1 (writing) → hybrid use by document classification.

Preliminary draft (standard contract template, general orientation memo) → Frontier profile. Active confidential document (contract with client facts, active litigation memo) → Sovereign profile. The firm switches from Frontier to Sovereign by adding on-site tonia; the audit log carries over, and Tonia keeps the same policy and history.

What Tonia does not solve

  • Tonia does not replace client consent. If the mandate does not cover AI use (consent opt-in, mention in the engagement letter), neither the Sovereign profile nor the Frontier profile will save the lawyer from a syndic complaint.
  • Tonia does not replace the art. 17 para. 2 assessment: the decision to enable the Frontier profile for a category remains that of the firm's Person in Charge of the Protection of Personal Information (PRPRP), documented in the ÉFVP.
  • Tonia does not replace legal advice: the Barreau guide is non-binding; best practices evolve; the PRPRP must track syndic and CAI communiqués.
Case study

Case study

Mid-sized commercial-litigation firm, federal and provincial practice, 12 lawyers + 8 support, deployed under Tonia — Sovereign profile in Q2-2026. Anonymization required absent written agreement. Barreau review for pre-publication deontology validation.

The firm had been running its discovery document review on a U.S. cloud service since 2023. The new Barreau administration and the 2026 update of the AI guide triggered a review of the setup. Internal Bill 25 audit in March: 4 categories non-compliant with art. 17, 1 category in potential non-compliance with art. 60.

Switch in Q2: on-site tonia installed in the firm's server room, policy configured by the PRPRP in collaboration with the managing partner, 2-h training of the 20 users. The Sovereign profile absorbs the full document review — 100% of discovery requests execute on-site. The Frontier profile remains enabled for case-law research (category classified as non-sensitive), with active PII redaction.

Metrics surfaced

  • monthly request count executed on-site
  • Frontier-route usage rate
  • document-time savings on discovery files
  • signed audit-log entries per month
  • BLOCK event count (PII patterns detected by the DLP engine)

Want to see how this applies in your firm?

Want to see how this applies in your firm? Start with the free Loi 25 audit, then request a 30-min consultation. We will review your three use cases, sector obligations, and on-site tonia sizing if your context calls for it.

Request a free 30-min consultationSee the compliance hub

Disclosure notice: this page is editorial and reflects Tonia's commercial position. Regulatory references are verifiable at the indicated links. Before acting, validate the obligations specific to your organization with your counsel.