About 52% of tax firms that use AI are using consumer tools, according to recent survey data. ChatGPT, Claude, and similar general-purpose assistants rather than purpose-built tax software. I understand why. The purpose-built tools cost $1,500 to $3,000 per year. The consumer tools are $0 to $20 a month and they're genuinely capable.
But there's a compliance question that most practitioners I talk to haven't fully worked through: when you paste a client's return data into a cloud AI tool, does that constitute a disclosure under IRC §7216? And does it matter whether the vendor promises not to train on your data?
The answer to the first question is probably yes. The answer to the second is: the training policy does not resolve the disclosure question.
The IRS §7216 information center is the clearest place to start. IRC §7216 is the criminal provision: it makes it unlawful for a tax return preparer to knowingly or recklessly disclose or use return information for any purpose other than preparing, assisting in preparing, or obtaining or providing services in connection with preparing a tax return. Violation is a misdemeanor, up to a year in prison, up to a $1,000 fine per violation.
IRC §6713 is the civil counterpart. It does not require intent. The penalty is $250 per unauthorized disclosure or use, up to a $10,000 cap per calendar year. Strict liability, no knowledge requirement.
"Return information" is defined broadly: it includes any data furnished to the IRS in connection with a return, and any information derived from that data. In practice, that covers most of what a preparer would type into an AI prompt about a client's tax situation.
The FTC Safeguards Rule, which applies to tax preparers as "financial institutions" under its updated definition, adds a data security layer on top of this. You're required to have a Written Information Security Plan (WISP) and to document how you handle client financial data. An AI tool that touches return information is part of that picture.
Here's the part many preparers miss. The typical mental model is: "I'm using my own API key, the vendor promised no training on my data, so I'm fine."
That reasoning conflates two different things. The "no training" promise means the vendor says it won't use your data to improve its model. That's a contractual representation about what happens to the data after it arrives. But the data still arrives. Your prompt, which contains your client's return information, travels over the internet to the model provider's servers, gets processed there, and a response comes back. The transmission happened. The provider received the data.
Under §7216, "disclosure" means furnishing tax return information to any person. A model provider's servers are operated by a person (a legal entity). The data went there. Whether the provider then trains on it is a separate question from whether the disclosure occurred in the first place.
"No training on your data" means the vendor won't use your data to improve their model. It does not mean the data never left your machine. Those are different facts.
§7216 does provide for consented disclosures. A preparer can disclose return information with the taxpayer's written consent, in a form that meets the regulatory requirements. So there is a path for using cloud AI tools with client data, but it runs through consent management, and most preparers would rather not track per-tool consent forms for every client.
The IRS has published specific requirements for §7216 consent forms. They must identify the recipient of the information, describe what information will be disclosed, state the purpose of the disclosure, and meet other formatting and content requirements. Blanket consents don't work; the consent has to be specific enough to be meaningful.
In theory, you could have every client sign a §7216 consent for each AI tool you use. In practice, this creates an administrative overhead that most small and solo practices find impractical, especially across multiple AI tools. It also creates a documentation and audit trail obligation. If you're ever examined, you'd need to produce those consent forms.
The simpler path, for practitioners who want to use AI for client work without managing per-tool consent forms, is to use a setup where the disclosure never happens in the first place.
A local model, one running entirely on your own hardware, changes the architecture of the problem. When the model runs locally, your prompt never leaves your machine. There is no API call to an external server. There is no third party receiving the data. There is no disclosure under §7216 to manage, because the data stayed in your possession throughout.
This is different from a BYOK setup where you supply your own API key. With BYOK, you're still routing your prompt to Anthropic, OpenAI, or whoever holds the key. Your key, not the tool vendor's key. But the provider still receives your client's data. The §7216 question is the same.
Only a local model removes the third-party transmission entirely. Tools like Ollama make this tractable on a modern laptop or desktop. You're running an open-weight model locally, and nothing crosses the network boundary for the AI inference itself.
A significant fraction of small and solo CPA and EA practices run Drake, which as of mid-2026 ships with no generative AI features at all. If you're a Drake shop and you want AI for your practice, you're building your own stack. Your vendor is not going to solve this for you.
For Lacerte and ProSeries users, Intuit Assist is bundled at no extra cost. It's a capable planning tool. But it runs on Intuit's cloud, pulls data from your client's return in ways that route through Intuit's AI infrastructure, and its training policy on uploaded data has been described as "unclear" in the public materials I've read. Using it for advisory conversations is a different §7216 posture than using a local model.
The WISP angle is worth one paragraph here. The FTC Safeguards Rule requires you to assess risks to client information and implement reasonable safeguards. "I use ChatGPT Plus for client data" is a difficult answer to a Safeguards Rule audit. "I run a local model that never transmits client data" is a much cleaner answer. Your WISP should document whichever approach you take.
In practice, a §7216-clean workflow for a solo or small-firm preparer looks something like this:
This is not a hypothetical. A small but real community of solo CPAs and EAs is already running Ollama or similar local models for exactly this reason. No commercial product has productized that workflow with profession-specific templates until recently.
Advisor Prep Hero is built to work this way. You connect it to a local model and your AI requests never leave your machine, or you bring your own API key and understand clearly that the cloud provider receives your prompt. The tax workflow templates were built with input from practicing CPAs and EAs and include CP2000 response templates, §7216 consent form starters, and WISP documentation starters. The local model setup guide walks through the Ollama connection so you can verify for yourself that nothing is transmitted. If you're evaluating alternatives, here's how Advisor Prep Hero compares to Intuit Assist for the client work that Intuit's bundled tool doesn't cover.
The §7216 question has a clean answer. It just requires using a setup where the disclosure never happens, rather than relying on contractual promises about what a third party does with data after it arrives.
This is informational, not legal or tax advice. IRC §7216 and §6713 analysis depends on the specific facts of your practice and the tools you use. Verify your compliance posture with your own counsel or a tax compliance specialist before making changes to your practice.