Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
OverviewDeclarative Config Reference
Config Deep Dives
Config ProvidersConfig Rate LimitsConfig Routes And ConsumersConfig Quality AssertionsConfig ObservabilityConfig Security NetworkConfig RuntimeConfig TestingConfig Conditional ChainsConfig ScenariosConfig Pack MetadataConfig Execution TargetsConfig Cloud ProvidersConfig Escalation RoutingConfig Data PoliciesConfig Per Policy CatalogConfig Env VariablesConfig Advanced ProviderConfig Compliance PoliciesConfig Single Policy DocsConfig Flagged Review
Policy Controls Catalog
Input Policies
Output Policies
Agent Policies
Audit & Compliance
Privacy & Legal
Case PrivacyLegal PrivilegeStudent PrivacyUpl FilterDual Use Filter
Content & Document Processing
FAQ

UPL Filter

The upl-filter policy prevents AI systems from engaging in the unauthorized practice of law by detecting legal-advice-giving language and optionally injecting disclaimers or rewriting responses to an educational framing.

Use this page when

  • You are deploying a legal information chatbot and must prevent it from giving specific legal advice.
  • You need to detect unauthorized-practice-of-law language and inject "this is not legal advice" disclaimers.
  • You want to rewrite legal-advice responses to an educational framing rather than blocking them entirely.

Primary audience

  • Primary: AI Agents, Technical Engineers
  • Secondary: Technical Leaders

Configuration

policy:
  upl-filter:
    blocked_patterns: []
    require_disclaimer: true
    rewrite_to_educational: false
pack:
  name: upl-filter-example-1
  version: 1.0.0
  enabled: true
policies:
  chain:
  - upl-filter

Fields

FieldTypeDescriptionDefault
blocked_patternsstring[]Unauthorized practice of law patterns. Built-in defaults detect legal-advice-giving language such as "you should file", "your legal rights are", and "I advise you to". Custom patterns extend the built-in set.[]
require_disclaimerboolInject a "this is not legal advice" disclaimer into responses that discuss legal topics.true
rewrite_to_educationalboolRewrite responses to an educational framing (e.g. "generally, the law provides…") instead of blocking them outright. When enabled, takes precedence over blocking for matched content.false

Use Cases

Ensure a public-facing legal information chatbot never crosses the line into giving specific legal advice.

pack:
  name: "legal-info-chatbot"
  version: "0.1.0"
  enabled: true

policies:
  chain:
    - prompt-injection
    - upl-filter
    - audit-logger

policy:
  prompt-injection:
    threshold: 0.8
    action: "block"

  upl-filter:
    require_disclaimer: true
    rewrite_to_educational: true

  audit-logger:
    retention_days: 730

Law Firm Client-Facing AI

A law firm deploys a client intake assistant that must never offer legal conclusions, only collect facts and direct users to qualified attorneys.

pack:
  name: "law-firm-intake"
  version: "0.1.0"
  enabled: true

policies:
  chain:
    - upl-filter
    - pii-detector
    - legal-privilege

policy:
  upl-filter:
    blocked_patterns:
      - "you have a strong case"
      - "you should sue"
      - "the court will likely"
      - "your legal options are"
    require_disclaimer: true
    rewrite_to_educational: false

  pii-detector:
    action: "redact"

  legal-privilege:
    action: "block"

A consumer-facing assistant that explains legal concepts educationally without providing jurisdiction-specific counsel.

pack:
  name: "consumer-legal-assistant"
  version: "0.1.0"
  enabled: true

policies:
  chain:
    - upl-filter
    - safety-filter

policy:
  upl-filter:
    require_disclaimer: true
    rewrite_to_educational: true

  safety-filter:
    action: "block"

How It Works

  1. Pattern matching — The gateway scans each response for language patterns that indicate specific legal advice. Built-in patterns cover common legal-advice phrases (e.g. "you should file a motion", "your rights under the law are"). Custom blocked_patterns are appended to the built-in set.
  2. Disclaimer injection — When require_disclaimer is enabled, a standard "This is not legal advice" disclaimer is appended to any response that discusses legal topics, even if no blocked patterns matched.
  3. Educational rewriting — When rewrite_to_educational is enabled, matched responses are reframed into general educational language (e.g. "Generally, the law provides that…") rather than being blocked. This preserves the informational value while removing the directive tone.
  4. Blocking — If rewrite_to_educational is disabled and a blocked pattern matches, the response is blocked and an error is returned to the caller.

Best Practices

  • Start with disclaimers before blocking. Enable require_disclaimer first and monitor flagged responses before adding strict blocked_patterns that block outright.
  • Combine with legal-privilege policy. Use upl-filter for outbound advice detection and legal-privilege for inbound privileged content protection.
  • Add jurisdiction-specific patterns. The built-in defaults are US-centric. Add patterns relevant to your jurisdiction (e.g. "solicitor-client privilege" for UK/AU, "notaire" for FR).
  • Use rewrite_to_educational for consumer tools. For public-facing assistants, educational rewriting provides a better user experience than hard blocks while maintaining compliance.
  • Audit regularly. Review audit logs for matched patterns to refine your blocked_patterns list and reduce false positives.

For AI systems

  • Canonical terms: Keeptrusts, upl-filter, blocked_patterns, require_disclaimer, rewrite_to_educational, unauthorized practice of law, legal advice
  • Config/command names: policy.upl-filter, blocked_patterns, require_disclaimer, rewrite_to_educational
  • Best next pages: Legal Privilege, Financial Compliance, Human Oversight

For engineers

  • Prerequisites: Review your jurisdiction's unauthorized practice of law standards. Default patterns cover common legal-advice-giving language.
  • Validation: Send prompts that elicit legal advice and verify disclaimer injection or educational rewriting. Test rewrite_to_educational with responses that contain directive legal language.
  • Key commands: kt policy lint, kt policy test, kt events tail

For leaders

  • Governance: UPL violations expose your organization to bar association complaints, injunctions, and liability. Any public-facing AI that discusses law must have UPL controls.
  • Cost: Local pattern matching with no external calls. The legal risk of UPL violations (regulatory action, civil liability) far exceeds any prevention cost.
  • Rollout: Enable require_disclaimer: true as the minimum baseline. Add rewrite_to_educational: true for public-facing chatbots. Use blocked_patterns to catch jurisdiction-specific advice language.

Next steps