What §203 StGB governs — and why it applies to AI tools
§203 StGB (Violation of private secrets) makes it a criminal offence for professionals bound by confidentiality to disclose without authorisation a secret entrusted to them. Lawyers are explicitly named in the list of addressees of the provision — alongside physicians, tax advisors and auditors. The penalty range: imprisonment of up to one year or a fine. Unlike a GDPR fine, this sanction does not hit the firm as an organisation but you personally.
„Disclosure“ here does not mean only actively passing information on. It is enough to give a third party the possibility of taking note. Anyone who enters a draft pleading containing client data into a cloud AI tool whose operator can technically access the inputs creates precisely this possibility — regardless of whether any human ever reads the data.
Since the 2017 reform, §203 para. 3 StGB has expressly permitted involving „other participating persons“ — including external IT service providers. But only under one condition: the service provider must be bound to confidentiality, and the engagement must be necessary. For lawyers, §43e BRAO spells out these requirements: a written agreement, an express confidentiality obligation on the service provider, and particular care where there is a cross-border element.
Key takeaway: Legally, an AI provider is nothing other than an IT service provider within the meaning of §203 para. 3 StGB. Use is in principle permissible — but only if the provider has been formally bound to confidentiality. That is exactly the commitment the standard terms of ChatGPT, Claude.ai and the like do not offer.
What actually happens to client data in ChatGPT and Claude.ai
The free and Plus versions of ChatGPT, as well as the Claude.ai web interface, are consumer products from US companies. For use in a law firm, this raises three structural problems:
- Server location and jurisdiction: Processing takes place on infrastructure controlled by the provider — typically in the US or at least under US jurisdiction. The US CLOUD Act obliges US companies to hand over data on official order, regardless of the physical storage location.
- Training and access: In the consumer versions, inputs may — depending on the account settings — be used to train the models. In addition, providers reserve the right for staff to review conversations for abuse monitoring.
- No suitable contract: For free accounts there is no Data Processing Agreement. The business plans (e.g. ChatGPT Team/Enterprise) do offer a DPA and in part EU data hosting — but regularly no confidentiality commitment tailored to §203 StGB of the kind that §43e BRAO requires for professionals bound by confidentiality.
Key takeaway: The problem is not the model, but the operation. Client data in the ChatGPT web version is an unauthorised disclosure under §203 StGB and at the same time a GDPR violation, for lack of a suitable legal basis for the data processing. Both can be solved through the right operating model — not through being careful when prompting.
The three conditions for legally sound use
1. Data Processing Agreement under Art. 28 GDPR
As soon as an AI tool processes personal data, the provider is a data processor. Art. 28 GDPR requires a written contract (DPA) which, among other things, governs: processing only on documented instructions, a confidentiality obligation on personnel, technical and organisational measures, an approval requirement for sub-processors, and deletion after the contract ends. Without a DPA, every entry of client data is a data protection violation — entirely independent of §203 StGB.
2. Data processing exclusively within the EU
Both levels are decisive: the storage of your data (documents, chat histories, configuration) and the AI inference itself. An „EU data centre“ on the marketing page is not enough — ask specifically where the prompts are processed, whether data is stored for training purposes, and which sub-processors sit in the chain. The lower the US CLOUD Act exposure of the entire chain, the more robust your documentation towards clients and supervisory authorities.
3. Supplementary agreement under §203 StGB
The most common mistake: law firms review the DPA and consider the matter settled. But the DPA only covers data protection. §203 StGB additionally requires that the provider, as a „participating person“, be formally bound to confidentiality — including being put on notice of the service provider's own criminal liability in the event of a violation. Only a few providers actively offer this supplementary agreement. If your preferred provider dodges the question when asked, that is the answer.
That the question is actively occupying the professional bodies is also shown by the FAQ catalogue on AI use from the German Federal Chamber of Tax Advisors (Bundessteuerberaterkammer, January 2026): for tax advisors — who are subject to the same §203 StGB — the same review logic is laid out there. What this means in concrete terms for tax firms, we have set out in a dedicated article on ChatGPT for tax advisors.
What alternatives are there? The honest spectrum
There is no single right solution — rather three operating models with different trade-offs:
On-premise and open-source models
Maximum control: the model runs on your own hardware, no data leaves the firm. In return, you bear procurement, operation and security yourself, you need IT staff — and the freely available models usually do not reach the quality of the large commercial models for legal texts. For firms with their own IT department an option; for a five-person firm rarely realistic.
German and European SaaS providers
Providers such as Langdock, meinGPT or DeutschlandGPT operate multi-model platforms with a DPA and in part ISO 27001 certification. That solves the GDPR problem — but not automatically the §203 problem: an express confidentiality commitment under §203 StGB is not part of the standard contract for most of them. Ask explicitly before signing and have the sub-processor chain disclosed.
Managed operation: a frontier model on EU infrastructure
The third path combines the model quality of the large providers with EU data hosting and a §203 contract. This is how ClapNClaw works: Claude (Anthropic) is connected via AWS Bedrock in Frankfurt (eu-central-1) — Anthropic gets no access to your data and does not use it for training. All persistent data (documents, histories, user accounts) sits in a dedicated, isolated container at Hetzner in Frankfurt. The DPA under Art. 28 GDPR is in place from day one; the compliance tier (€59 per user/month) includes the §203 supplementary agreement as a fixed part of the contract. Which variant suits your firm depends on size, IT resources and risk appetite — a broader classification of all options can be found in our guide: using AI in a GDPR-compliant way.
Checklist: before your firm introduces an AI tool
- Immediate measure: No client data into the free web versions of ChatGPT, Claude.ai, Gemini & co. — not even „just quickly to draft something“.
- Check the DPA: Is there a Data Processing Agreement under Art. 28 GDPR? Are all sub-processors named?
- Obtain the §203 commitment: Has the provider committed in writing to confidentiality under §203 StGB (cf. §43e BRAO)?
- Document data residency: Where is data stored, where does the inference take place? Obtain written confirmation.
- Training exclusion: Have it contractually guaranteed that inputs are not used for model training.
- Internal AI policy: Define who may use which tools with which data — and train the team.
- Update the records of processing: Record the new tool under Art. 30 GDPR; involve your data protection officer, if you have one.
- Review client information: Supplement the firm's privacy notices with the AI-assisted processing.
Frequently asked questions
Can I use ChatGPT for fully anonymized texts?
Yes. If a text allows no inference back to the client, neither §203 StGB nor the GDPR applies. Be careful: simply removing the name is often not enough — case file numbers, factual details or location data can make a person identifiable again. When in doubt, the content counts as mandate-related and does not belong in a consumer tool.
Is a Data Processing Agreement (DPA) alone sufficient?
No. The DPA under Art. 28 GDPR only covers data protection. §203 StGB additionally requires that the service provider, as a „participating person“, be expressly bound to confidentiality. Without this supplementary agreement, the criminal-law gap remains open — even with a perfect DPA.
Is Claude better than ChatGPT for law firms?
The decisive question is not the model, but the operation. Claude via the claude.ai web interface raises the same problems as ChatGPT. The same model run via AWS Bedrock in Frankfurt, with a DPA and a §203 commitment, is by contrast a legally sound foundation for the work of a law firm.
What are the concrete consequences of a §203 StGB violation?
Imprisonment of up to one year or a fine — and that for you personally, not for the firm. On top of that come professional-law consequences up to and including disbarment, possible GDPR fines from supervisory authorities, as well as civil liability towards the client.
AI for your firm — §203-compliant from day one
Claude in your own container in Frankfurt, a DPA under Art. 28 GDPR and the §203 supplementary agreement included. See how ClapNClaw works for law firms.
See ClapNClaw for law firms