Artificial intelligence is already part of modern tax practice. It shows up in research platforms, document review tools, drafting assistants, workflow software, and generative AI systems that can produce original text, summaries, and analysis in seconds.
That speed is useful. It is also exactly why the IRS released Issue Number 2026-19, titled Introductory Guidelines for Responsible AI Use in Federal Tax Practice.
The core message is simple: AI is allowed, but blind reliance is not. Tax professionals remain responsible for the accuracy of their work, the reasonableness of their advice, the fairness of their billing, and the protection of taxpayer information.
For firms, practitioners, and informed business owners, this guidance matters because it applies old rules to a new tool. The IRS is not creating a separate AI-only ethics code. It is reminding the profession that existing standards still apply in full.
Issue Number 2026-19 does not appear to create a new Internal Revenue Code provision, Treasury Regulation, or standalone AI penalty regime. Instead, it explains how existing rules apply when a practitioner uses generative AI.
Those existing rules already carry real consequences. The most important include:
So when the IRS talks about AI, it is not saying, "Here is a brand-new legal framework." It is saying, "Your existing professional responsibilities still apply when you use AI."
That is a serious point, especially for firms adopting AI quickly without formal policies.
The IRS is telling tax professionals four things at once:
If a practitioner uses AI to draft a memo, summarize a notice, produce legal research, suggest a filing position, or prepare a client communication, the practitioner remains responsible for the final product.
AI can help produce a draft. It cannot replace the signing professional.
One of the most important parts of the IRS guidance is Circular 230 § 10.22 - due diligence.
That rule provides that a practitioner must exercise due diligence in preparing or assisting in preparing, approving, and filing returns and other papers relating to IRS matters; in determining the correctness of oral or written representations made to Treasury; and in determining the correctness of oral or written representations made to clients with respect to IRS-administered matters. 31 C.F.R. § 10.22.
That language fits AI use directly.
If AI helps draft a client email, protest letter, penalty abatement request, tax memorandum, research summary, affidavit, or return disclosure statement, the practitioner still has the duty to determine whether the content is correct before it is sent.
Due diligence is not satisfied by a quick read for grammar and tone. In an AI-assisted workflow, due diligence means verifying substance.
That includes checking:
This matters because generative AI often writes in a confident tone even when its answer is incomplete, outdated, or wrong.
A good operating rule is this:
Treat AI output the way you would treat an unreviewed staff draft.
It may be useful. It may save time. It may improve organization. But it is not ready to send until a qualified professional reviews and approves it.
If AI states that a case supports a position, read the case.
If AI cites a regulation, verify the citation.
If AI calculates a tax effect, recompute it.
If AI assumes facts, confirm them from the file.
That is what due diligence looks like in practice.
The IRS guidance also highlights Circular 230 § 10.27(a), which states that:
"A practitioner may not charge an unconscionable fee in connection with any matter before the Internal Revenue Service." 31 C.F.R. § 10.27(a).
This matters because AI can reduce drafting and research time dramatically. A task that once took several hours may now take far less time to produce a first draft.
That does not mean a practitioner cannot charge for judgment, responsibility, expertise, review, responsiveness, or value. It does mean billing practices must remain fair and accurate.
The ethical concern arises when firms bill as though substantial manual work was performed when it was not, or when the invoice description creates a false picture of the labor involved.
Examples of problem areas include:
The IRS is not saying every use of AI must reduce every fee. It is saying that efficiency should not become a billing distortion.
The right question is not:
"Did AI help?"
The better questions are:
Different billing models raise different issues:
| Billing Model | Main AI Risk | Better Practice |
|---|---|---|
| Hourly billing | Inflated time entries | Record actual human time only |
| Fixed-fee billing | Fee may seem disconnected from time saved | Define deliverables and value clearly |
| Value billing | Client may misunderstand what they are paying for | Emphasize judgment, review, speed, and responsibility |
| Subscription/advisory | Reuse of generic AI output without sufficient customization | Document client-specific analysis and review |
A practitioner can absolutely use AI and still charge a proper fee. But the firm should avoid fictional labor descriptions and should align billing with actual work, agreed terms, and the value delivered.
Circular 230 § 10.35 requires a practitioner to possess the necessary competence to practice before the IRS, and competent practice requires the appropriate level of knowledge, skill, thoroughness, and preparation necessary for the matter. 31 C.F.R. § 10.35(a).
In the AI context, competence has two parts:
This does not mean every practitioner must become a software engineer. It does mean a practitioner should understand the limits of the tools being used.
A practitioner should understand, at minimum:
A polished answer is not the same thing as a reliable answer. Competence requires knowing the difference.
This is one of the most important parts of the IRS guidance because AI is increasingly used to draft:
The standards that govern a properly structured tax research memo apply in full whether a human or an AI produced the first draft.
Under Circular 230 § 10.37, written advice concerning federal tax matters must be based on reasonable factual and legal assumptions, must reasonably consider relevant facts and circumstances, must use reasonable efforts to identify and ascertain relevant facts, must not rely unreasonably on representations or projections, must relate applicable law and authorities to facts, and must not take into account the possibility that a return will not be audited or that an issue will not be raised on audit. 31 C.F.R. § 10.37(a).
AI may generate advice that:
That is exactly why AI output cannot be adopted without review.
Before any AI-assisted written advice goes to a client, the practitioner should confirm:
The final advice has to be the practitioner's advice, not the machine's untested text.
For firm leadership, Circular 230 § 10.36 is central.
That rule requires any individual with principal authority and responsibility for overseeing a firm's federal tax practice to take reasonable steps to ensure the firm has adequate procedures for compliance with Circular 230. 31 C.F.R. § 10.36(a). It also provides for discipline where such an individual, through willfulness, recklessness, or gross incompetence, fails to establish or enforce those procedures or fails to correct a known pattern of noncompliance. 31 C.F.R. § 10.36(b).
The IRS guidance applies this concept directly to AI.
AI compliance is not just a staff training issue or a software issue. It is a firm-governance issue.
A responsible tax firm should know:
If a firm has no policy, no review standard, no training, and no documentation, it is difficult to say the firm took reasonable steps.
A workable internal AI policy should address:
Good intentions are not enough. The firm needs controls that people can actually follow.
The IRS guidance correctly emphasizes privacy, confidentiality, and data protection. For many tax firms, this is the single biggest AI risk.
IRC § 6713 imposes a civil penalty for unauthorized disclosure or use of tax return information by certain preparers and persons providing services in connection with return preparation. The penalty is generally $250 per disclosure or use, subject to an annual cap, with enhanced penalties in certain identity-theft-related cases.
IRC § 7216(a) provides that a return preparer who knowingly or recklessly discloses or uses tax return information for a purpose other than preparing or assisting in preparing the return is guilty of a misdemeanor, subject to fines, imprisonment up to one year, or both, except as otherwise provided.
Under Treas. Reg. § 301.7216-1(b)(3), tax return information is defined broadly and includes information such as a taxpayer's name, address, identifying number, and other information furnished in any form or manner for, or in connection with, the preparation of a return.
That means the risk is not limited to uploading a full tax return PDF. It can extend to many kinds of taxpayer-specific information.
This can include:
The right question is not, "Can the AI summarize this quickly?" The right question is, "Are we permitted to place this information into this environment?"
One of the more difficult parts of the IRS discussion is that the terminology itself is still unsettled.
Tax professionals now regularly hear phrases such as:
The problem is that the IRS has not formally defined these terms in a way that creates a clear compliance standard for federal tax practice. As a result, these labels remain open to interpretation.
That means practitioners should be careful not to treat any of these terms as automatic legal conclusions or built-in safe harbors. Simply calling a tool "secure," "private," or "enterprise" does not by itself answer whether its use is appropriate under Circular 230, IRC § 6713, or IRC § 7216.
At this stage, terms like "closed" or "enterprise" often function more like product descriptions, vendor language, or industry shorthand than precise legal categories.
For example, a "closed" AI tool could mean very different things depending on the provider. It could refer to:
Those are not the same thing, and each raises different confidentiality and control questions.
The same is true for terms like "proprietary," "private," and "secure." A proprietary tool can still retain prompts, involve third-party subprocessors, permit some level of vendor access, or have contract terms that are not appropriate for taxpayer information. A product described as secure may still require close review of retention policies, deletion rights, logging practices, training use, and access controls.
Because the IRS has not yet provided precise definitions for these AI terms, firms have to operate using best judgment grounded in existing authority.
That means the real compliance question is not whether the tool sounds sophisticated or carries an "enterprise" label. The real question is whether the practitioner or firm has reasonably evaluated the tool for the intended use.
In practice, that means looking at issues such as:
For tax-practice purposes, "enterprise-approved" should not be understood to mean the most expensive subscription, the highest-tier product, or a particular brand-name platform.
A better practical meaning is this:
The firm has reviewed the tool and approved it for a defined use case based on its own diligence regarding confidentiality, access controls, retention, vendor terms, and data-use restrictions.
That is a firm-governance decision, not a marketing label.
A high-end commercial AI platform is not automatically appropriate for taxpayer information simply because it is sold as an enterprise product. On the other hand, a less prominent but tightly controlled private environment may be more appropriate if the safeguards are stronger and the use case is narrower.
Since the IRS has not definitively defined these terms, firms should avoid asking:
"Is this an enterprise AI product?"
The better question is:
"Given what we know about this tool, have we exercised sound judgment in vetting it, limiting its use, and documenting why it is appropriate for this type of tax work?"
That is the more defensible standard until clearer guidance emerges.
Until the IRS or OPR gives more precise definitions, firms should treat AI terminology cautiously. Labels like "secure," "closed," "private," and "enterprise" can be helpful starting points, but they are not substitutes for diligence, internal approval, and professional judgment.
What matters most is not what the vendor calls the tool. What matters is whether the firm has reasonably evaluated the tool and decided that its use is appropriate for the task and the data involved.
The IRS guidance discusses fake citations and fabricated authorities, and it is right to do so.
AI hallucinations are especially dangerous in tax practice because they often look legitimate. A false case citation, a nonexistent Revenue Ruling, or a fabricated quotation may appear entirely real to a rushed reviewer.
That creates serious professional risk in:
A hallucinated citation is not just a software problem. Once a practitioner repeats it without checking, it becomes a professional problem.
That is why due diligence under Circular 230 § 10.22, competence under § 10.35, and written-advice standards under § 10.37 all matter so much here. A hallucinated authority in a technically complex area — such as the rules governing Section 199A aggregation for the QBI deduction — can lead a practitioner to an incorrect filing position before anyone realizes the cited source never existed.
Never rely on an AI-generated authority until you have independently confirmed:
This applies equally to procedural and timing matters. If AI drafts client guidance about IRS refund timing, the practitioner should verify the current IRS position rather than accepting the AI's output at face value.
The IRS issue also notes that states and professional organizations are developing their own AI guidance and governance frameworks.
That matters because the federal tax rules are only the baseline.
Depending on the practitioner and the firm, AI use may also implicate:
So the compliance question is broader than federal tax law alone. A firm's AI policy should be built with that in mind.
The IRS guidance is best understood not as a ban on AI, but as a demand for controlled use.
A responsible AI workflow should include the following:
Do not allow staff to input client-related tax data into random public systems.
AI-generated content should never be treated as final without human review.
Check every case, Code section, regulation, ruling, notice, and quoted passage.
AI often fills factual gaps with assumptions. Those assumptions must be tested.
Do not accept AI-generated math without independent verification.
Do not enter return information into unvetted or unauthorized tools.
Staff need to understand hallucinations, bias, confidentiality, and review standards.
If AI materially contributed to a deliverable, the file should show how it was checked.
Pricing should reflect actual work, value, and engagement terms.
The firm should have a response plan for data exposure, incorrect AI output, or workflow failure.
If your firm is already using AI, now is the time to formalize the process.
A practical first-step checklist includes:
These are not technology extras. They are the controls that connect AI use to actual professional compliance.
IRS Issue Number 2026-19 sends a clear message:
AI can improve tax practice, but it does not lower the professional standard.
Due diligence still applies. Fees still must be fair. Competence still matters. Written advice still must be grounded in verified facts and actual authority. Taxpayer information still must be protected. Firm leaders still must establish procedures that work.
At Bizora, we think that is exactly the right framework.
AI should make tax work faster, more organized, and more useful. It should not make it less careful.
Bizora helps firms and professionals understand how AI fits into real tax workflows without losing sight of accuracy, confidentiality, Circular 230 obligations, and professional judgment. See how we have helped advisors like Herbert Kyles at Farther Finance and in a complex cross-border fund matter build compliant, AI-ready workflows.
If your team is using AI for research, drafting, review, or client communication, this is the right time to build a disciplined process around it.
Because in tax practice, AI can be a powerful assistant. It cannot be the professional who signs the work.
Related articles