Skip to main content
Compliance9 min read · June 2026

Is It Illegal to Put Client Tax Returns Into ChatGPT? (What IRC §7216 Actually Says)

It can be a federal crime. A paid tax preparer who pastes a client's return into a general-purpose tool like ChatGPT may be making a "disclosure" of tax return information under IRC §7216, and the law treats the moment the data leaves your control as the violation, not anything the tool does next. The safe path is to either get the client's written consent first or keep the data inside a system where it never leaves your control at all. This is general information, not legal or tax advice.

EA

Edward Ahrens

Co-Founder, W&S Consulting

This question comes up the moment a tax preparer realizes how much faster AI could make the work. Summarize a 40-page return. Draft the client email. Pull the figures out of a stack of 1099s. The instinct is to open ChatGPT and paste. And the right instinct, right behind it, is to stop and ask: am I allowed to do that with someone else's tax data? For a paid preparer the answer is governed by a specific federal statute, and most people selling you AI tools have never heard of it.

A note before we go further. I am the co-founder of W&S and a technical builder, not a CPA and not an attorney. What follows is a plain reading of the public statute and regulations with the sources named, so you can take it to a credentialed professional and get a real opinion for your facts. Treat it as a map of the terrain, not a legal conclusion.

What is IRC §7216?

IRC §7216 is a federal criminal statute that makes it an offense for a tax return preparer to knowingly or recklessly disclose, or use, any information a client furnished in connection with preparing their return, unless an exception applies. It is paired with §6713, which adds a civil penalty for the same conduct. The implementing regulations live at 26 CFR 301.7216-1 through -3. This is not a state rule, an industry guideline, or a vendor's terms of service. It is a criminal law specific to the people who prepare returns for compensation.

The reason it matters for AI is the definition of "disclosure." Under 26 CFR 301.7216-1, a disclosure is making tax return information known to any person in any manner whatever. That phrase is doing all the work. Sending a client's return to an outside system that you do not control is, on a plain reading, making that information known to another person. Whether a specific tool and a specific data path actually cross that line is a judgment for your tax counsel, but the framing the statute uses is broad, not narrow.

So is pasting a return into ChatGPT illegal?

For a paid preparer, doing it without an applicable exception is the conduct §7216 is built to reach. The core problem is timing. The potential violation is the disclosure itself, and the disclosure happens the instant the data leaves your control and lands on a server you do not own. It does not wait for the AI to answer. It does not depend on whether a human reviews the output afterward. By the time you read what ChatGPT wrote back, the event the statute cares about has already occurred.

This is the part that trips people up. They assume that because a person checks the AI's work before anything goes to the client, the workflow is safe. Human review is genuinely important, and we build everything around it, but it does not cure a §7216 disclosure, because the disclosure was the act of sending the data out in the first place. The horse is already gone when you review the draft.

There is a second, separate trap worth naming. ChatGPT and other consumer AI tools are not the same product as a commercial API, and they carry weaker data guarantees. Consumer tools may use what your team types to improve their models depending on the settings and the plan. The word "may" is doing real work there, because the terms vary and change, but "a vendor might be learning from my clients' tax data" is exactly the exposure you do not want to be guessing about.

What are the penalties under §7216?

§7216 is a criminal misdemeanor. A conviction carries a fine of up to $1,000, up to one year in prison, or both, per violation, plus costs of prosecution. The companion civil penalty under §6713 is $250 per unauthorized disclosure or use, capped at $10,000 in a calendar year. There is also a heightened tier: where the disclosure is connected to identity theft, the civil penalty rises substantially, up to $100,000. Across a full book of clients, a habit of pasting returns into an outside tool is not one violation, it is potentially one per client whose data was sent.

The dollar figures are not really the point for most small firms. The point is that this is the kind of exposure that ends a relationship with a client and follows a preparer's name around. It is worth a few minutes of care to avoid.

Are there exceptions that make AI on tax data okay?

Yes, and this is where a real tax professional earns their fee. The regulations contemplate a couple of paths, and which one fits depends on your facts.

The first is written client consent. Under the framework in 26 CFR 301.7216-3 and Rev. Proc. 2013-14, a preparer can disclose or use tax return information if the client signs a specific, compliant consent first. The consent has formatting and content requirements that are easy to get wrong, which is why the document itself should come from your CPA or tax attorney, not from a software vendor.

The second is the auxiliary-services route. The regulations allow some disclosures to a contractor that provides services in connection with preparing the return. People reach for this to argue a cloud AI vendor is just such a contractor. The catch, and current practitioner commentary leans hard on this, is that a general-purpose large language model is unlikely to qualify as an auxiliary service in the regulatory sense, so this path is not a reliable shield. The safer reading is to treat signed consent as the real exception, not the contractor argument.

One more distinction the statute draws that surprises people: even with the disclosure problem handled, §7216 separately restricts use. Running AI across your existing tax book to find cross-sell opportunities is a restricted use that needs its own consent, regardless of where the computation happens. Disclosure and use are two different questions.

The structural answer: data that never leaves

Here is the cleaner way to think about it. The §7216 disclosure analysis is triggered when tax return information is made known to another person, which in practice means when the data leaves your control. If the data never leaves, there is nothing made known to anyone, and the disclosure analysis is never reached in the first place. You are not relying on an exception, you are staying outside the trigger.

That is the logic behind running AI on hardware inside your own office rather than through a public cloud tool. If the model runs locally, on a machine on your network, and client data is processed on that box instead of being sent to an outside AI provider, the data is not transmitted out to be disclosed. This is the offer we are building toward at W&S: a private AI worker, installed on a machine on your own network, where a person on your team approves every send and the system enforces that gate so it physically cannot send on its own.

I am going to be straight with you about where that stands, because the honest version is the only one worth your time. The local, in-your-office configuration is the design, and the plan at install is to verify the data path on that specific machine, document how we verified it, and hand you a runbook your own IT person can re-run any time. The default version of our current engine reaches Anthropic's Claude models through OpenRouter, which is a cloud gateway and therefore a subprocessor in that data path. So "the data never leaves your building" is true of the on-prem install once we have verified egress on that specific box, and it is not automatically true of a cloud-routed setup. W&S does not train any models on your data, and we will name every subprocessor in the data path in writing before any of your data is processed, so you can vet them yourself. Anyone who tells you a cloud AI tool keeps your tax data in your building is selling you a sentence the architecture does not support.

Does on-prem AI make my firm "compliant"?

No, and be wary of anyone who says it does. Keeping data in your building neutralizes the §7216 disclosure question, but it does not make a firm compliant by itself. The use restriction still applies. Your obligations under the FTC Safeguards Rule and the written information security plan required by IRS Publication 4557 still apply no matter where your computers physically sit. No statute requires a firm to run AI on-prem, and we do not claim one does. What on-prem changes is one specific, important thing: whether client tax data is transmitted out of your control at all.

The reason we are careful here is that "makes you compliant" is a claim a credentialed professional gets to make for your facts, and a software vendor does not. We sell the engineering and the documented data path. The legal conclusion about your firm belongs to your CPA or tax attorney, who carries the credential and the professional liability to stand behind it.

What should a tax preparer actually do?

A practical sequence, in plain order. First, stop pasting client returns into consumer AI tools as a default habit, because that is the exact conduct §7216 is built to reach. Second, decide your path with a credentialed professional: either a compliant written consent under Rev. Proc. 2013-14, drafted by your CPA or attorney, or a setup where the data never leaves your control so the disclosure analysis is never triggered. Third, whatever you choose, write down where client data actually goes across your email, storage, and tools today, because most firms have never mapped it and are surprised by the answer.

You can use AI on tax work. Plenty of firms do it carefully. The difference between careful and criminal is almost entirely about where the data goes and who consented to it going there, not about how good the model is.

The short version

For a paid preparer, putting a client's tax return into ChatGPT without an applicable exception is the conduct IRC §7216 is built to reach, and the disclosure happens the instant the data leaves your control, before anyone reviews anything. Penalties run up to $1,000 and a year per violation under §7216, with a $250 civil penalty per disclosure under §6713 and a heightened tier up to $100,000 for identity-theft-related cases. The two clean ways through are a compliant written consent from the client or a setup where the data never leaves your control. On-prem AI addresses the disclosure trigger, it does not make a firm "compliant," and the legal call belongs to your CPA or attorney, not to whoever sold you the tool. This is general information, not legal or tax advice.

See where your client data actually goes.

15 minutes. We'll walk through how a private AI worker drafts on your own data with a person approving every send, and what it takes to keep client tax information from leaving your control. No compliance promises, just the data path in plain terms.