Are AI Prompts Discoverable? What Legal Teams Need to Know About GenAI Evidence
Information governance programs were built around a familiar set of data types: email, chat messages, shared drives, and collaboration platforms. Generative AI tools do not fit neatly into that structure, and many legal and IT teams have quietly assumed a chatbot prompt is too informal or transient to count as a business record. Recent court rulings say otherwise.
AI prompts and the outputs they generate are electronically stored information (ESI), and in most circumstances they are discoverable under the same relevance and proportionality standards that apply to any other form of ESI. That single fact changes how legal operations, compliance, and information governance teams need to think about collection, retention, and review.
Why This Question Is Surfacing Now
Generative AI tools have moved from experimental use to daily workflow inside collaboration platforms, customer service systems, and internal chat tools. As adoption has accelerated, courts have started treating the prompts behind AI-generated content, along with outputs and conversation histories, as records carrying the same evidentiary weight as an email or a Slack message. AI-generated data is now considered discoverable ESI under existing discovery rules. Organizations that have not yet extended their digital communications governance policies to cover these tools face a gap between what is being created and what is being captured.
What the Courts Have Said So Far
Prompts Are Being Treated Like Any Other ESI
The clearest signal has come out of AI copyright litigation, where courts have had to decide how to handle prompt data at scale. In Concord Music Group, Inc. v. Anthropic PBC, a federal court ordered production of five million prompt-output pairs, drawn equally from pre-suit and post-suit data and randomly selected, and a later order in the same case required production of non-lawyer employee prompts, subject to standard proportionality limits. Prompts are simply being folded into existing discovery principles: irrelevant prompts stay out of scope, but relevant ones are fair game.
Work Product Protection Has Limits
Not every AI prompt is treated the same way, and the line depends on who created it and why. When a lawyer crafts AI prompts in furtherance of litigation strategy, courts have found the prompts and outputs can be protected as opinion work product because they reflect counsel's mental impressions, a conclusion reached in Tremblay v. OpenAI and reaffirmed the following year in a ruling involving Anthropic. Prompts generated by employees outside that litigation-strategy context generally do not receive the same protection.
For information governance leaders, the takeaway is that GenAI activity cannot be governed with a single blanket policy. Who created the prompt, in what tool, and for what purpose all affect whether it is protected, discoverable, or both.
What This Means for Information Governance Programs
A modern information governance framework needs to account for AI-generated content the same way it already accounts for email and chat:
- Extending data maps to GenAI tools. If a chatbot, copilot, or AI assistant is embedded in a collaboration platform, it needs to appear in the data inventory alongside that platform. Onna's framework for governing AI-generated content in collaboration platforms is a useful reference for scoping that inventory.
- Treating prompts and outputs as a linked record. A prompt without its corresponding output, or vice versa, tells an incomplete story and can raise completeness questions during review.
- Updating legal hold notices. Custodians should be reminded that AI tool usage, including prompts and generated content, falls within the scope of a hold. Onna's guide to designing a legal hold process across dozens of SaaS applications outlines how to extend that notice across every connected tool.
- Revisiting retention schedules. Many AI tools default to short retention windows or user-controlled deletion, which can conflict with broader retention obligations.
Onna's guidance on preserving AI-generated content in collaboration platforms walks through how to close this gap before a dispute or investigation forces the issue.
Building an eDiscovery-Ready Approach to GenAI Data
Preparing for AI-related discovery requests is less about predicting every ruling and more about building a repeatable process now:
- Inventorying every AI tool in use, including sanctioned deployments and tools embedded inside existing platforms.
- Capturing prompts, outputs, and metadata together, so timestamps, user identity, and tool version are preserved alongside the content.
- Standardizing eDiscovery collections so AI-generated content is pulled into review with the same defensible chain of custody applied to other ESI, rather than a manual, ad hoc export.
- Training custodians on what counts as a business record in AI-assisted work, since many employees still view prompts as disposable.
Onna's overview of how to collect AI-generated content for legal review covers the collection mechanics in more detail, and the companion piece on what counts as evidence when AI wrote it addresses the evidentiary questions that come up once that content reaches review.
The Compliance and Risk Angle
Beyond litigation, the same gaps create exposure in regulatory investigations and internal compliance reviews. A regulator asking whether AI was used to draft a communication or generate a report will expect an organization to answer with evidence, not recollection. Organizations that cannot produce that record face two risks: an incomplete factual record, and the appearance that GenAI use was left ungoverned by design rather than oversight. Frameworks like the Information Governance Reference Model, covered in more detail on Onna's blog, offer a starting structure for bringing AI-generated content into an existing governance program.
Practical Next Steps
Legal operations, compliance, and IT leaders do not need to wait for a subpoena to act. A reasonable starting point includes:
- Confirming which AI tools are connected to core collaboration and communication platforms.
- Aligning legal, IT, and compliance on a shared definition of what constitutes an AI-generated record.
- Testing whether current eDiscovery collections processes can actually reach prompt and output data end to end.
- Building AI-specific language into legal hold and retention policies before the next matter requires it.
Getting ahead of this now is far less costly than reconstructing an AI usage record after a request has already landed.
If your organization is working through how to bring AI-generated content into your information governance and eDiscovery collections process, Onna's team can walk through your current setup and identify the gaps. You can also see the platform in action by requesting a demo.
Subscribe to our newsletter
Get Complete Visibility into Your Unstructured Data, Today
Complete initial setup and first collection in one business day. No lengthy implementations. No IT backlog. Just full visibility into your collaboration data when you need it most.

