For Saudi audit, law & professional firms
What does SOCPA's client-confidentiality duty mean for using AI on client data?
SOCPA-licensed accountants carry a professional duty to keep client information confidential, and that duty applies to AI tools just as it applies to any other disclosure. Pasting client financials into a public AI service hands the data to a third party outside your control. The safer approach: treat AI like any other third-party disclosure, keep sensitive data on systems you control, and keep evidence of how you handled it.
The confidentiality duty every SOCPA-licensed accountant carries
SOCPA-licensed accountants and auditors carry a professional confidentiality duty over the information they obtain during client engagements — financial statements, working papers, payroll data, ownership structures, and anything else a client shares to get their books audited or their taxes filed. This is one of the core obligations of practicing under a SOCPA license, alongside independence and technical competence. In general terms, the duty means client information is used only for the purpose the client shared it for, and disclosed only to people who need it to do the work — not shared, exposed, or handed to outside parties without the client's knowledge or a clear professional basis for doing so. The duty was written before generative AI existed, but it doesn't carry a carve-out for it. It applies to how a firm handles client data, full stop, regardless of the tool involved.
Why pasting client data into a public AI tool is a problem
When someone at a firm pastes a client's trial balance, a draft financial statement, or a working paper into a public AI chat tool to save time, the client's information leaves the firm's control and goes to a third party the client never agreed to. Even if the AI vendor's terms promise not to misuse the data, the firm no longer knows exactly where the data is processed, how long it is retained, or who at the vendor — or which of the vendor's own subprocessors — could access it. In substance, that is a disclosure to a third party, not so different from mailing client files to an unrelated company. It may be entirely well-intentioned, since the accountant just wanted a faster way to summarize a report, but good intentions don't change what actually happened to the data.
This is also why the real question isn't whether AI is good or bad. Most firms have entirely legitimate, low-risk uses for AI: drafting an internal memo, summarizing public regulatory updates, writing routine email text. The confidentiality duty is only in tension with the narrow slice of AI use that touches actual client data.
The real distinction: keeping control vs. handing data to a third party
The confidentiality duty isn't a blanket ban on technology. Firms already use cloud accounting software, email, and outsourced IT support, all of which involve some third party touching client data under contract. What matters is whether the firm keeps control of the data and can account for where it went, or whether the data left the firm's control with no way to track or restrict it.
Two questions worth asking before any client data touches an AI tool:
- If the client asked exactly what happened to their data, could the firm answer specifically — not "we used a well-known AI tool," but which system, which server, for how long?
- If the data is sensitive — client financials, national ID or Iqama numbers, IBANs, VAT or commercial registration numbers — is it processed somewhere the firm controls, or somewhere it doesn't?
A firm that runs AI on infrastructure it owns and controls, with records of what happened, is in a materially different position than a firm pasting client files into a public chatbot with no logging and no contract governing that specific use.
Practical steps a SOCPA-licensed firm can take
- Classify data before it goes anywhere near AI: separate what's genuinely sensitive (client financials, working papers, personal identifiers) from what isn't (public regulatory text, internal admin drafts).
- Keep sensitive client data on infrastructure the firm controls — on-premise or a private environment the firm manages — rather than pasting it into public AI tools.
- Restrict public and cloud AI tools to non-confidential work only, and make that restriction an explicit, written policy staff are trained on, not an unspoken assumption.
- Keep records of how AI was used on client engagements, so the firm can reconstruct — matter by matter — what was processed and where, if a client or reviewer ever asks.
- Review any AI vendor's data-handling terms the same way the firm would review an outsourcing contract, before letting client data anywhere near it.
Confidentiality evidence: turning a duty into a demonstrable practice
The confidentiality duty is something firms have always had to satisfy quietly, largely on trust. AI changes that calculus because it introduces a new, fast-moving category of third-party data handling that clients increasingly ask about directly. Firms that can show — matter by matter, not just as a general policy statement — what happened to a client's data are in a stronger position than firms that can only assert it happened.
That's why a record kept at the point of use matters: not a policy document describing intentions, but an actual account of each time client data was processed and where. Producing that kind of evidence on request is one of the more concrete ways a firm can demonstrate diligence to a client, to a partner reviewing a file, or to a professional-standards reviewer — and it protects the firm's own licence and reputation, not just the client's data.
How Ithbat fits in
Ithbat is built around exactly this distinction. It installs on hardware the firm already owns and classifies every prompt before processing it for Saudi-specific sensitive data — national ID/Iqama numbers, IBANs, VAT and commercial-registration numbers, client financial details, and related Arabic and English keywords. Prompts that touch sensitive data are kept and processed on the firm's own hardware and are never offered to any cloud AI provider. Prompts that don't touch sensitive data can still be routed to a frontier cloud AI, such as Claude or ChatGPT, on the firm's own account — so everyday AI use isn't cut off; only the confidential slice of it stays local.
Every inference, local or cloud-routed, produces a tamper-evident, hash-chained record, and only that record's metadata — never the prompt or response content, never API keys — reaches the firm's dashboard. That record is what turns "we handled your data carefully" into something a firm can actually show, matter by matter, which is the practical core of meeting a confidentiality duty rather than just intending to.