Is a 7216 consent required for AI tools like Claude or ChatGPT the same way it's not required for practice management software?
The group had no settled answer. The prevailing view among some was that practice management systems don't require 7216 consent, and that AI tools used responsibly could be treated similarly, provided the vendor is SOC 2 Type II compliant and other responsible security practices are followed. However, a counterargument raised was that AI tools like Claude and ChatGPT are different because they are not merely ancillary to providing tax services — they can be a core part of the tax work itself, unlike software that just performs mechanical tasks. One participant noted AI is fundamentally a new kind of technology because, by its nature, it can provide advice whether you want it to or not, which is why there's no clear existing guidance — this scenario has never existed before. Given the ambiguity, the safer practical approach discussed was to err on the side of obtaining client consent. It was also noted that SOC 2 compliance/security is a separate issue from the 7216 consent requirement — both need to be addressed independently.
The full answer is members-only
Membership is free. Apply and get this answer, the recording, and the rest of the library.
Apply to joinAlready a member? Sign in