Skip to content
§7216

Section 7216 AI consent: the rules and the template

Running client data through an LLM triggers §7216. Here's the consent language Treasury Reg §301.7216-3 actually requires, the Rev. Proc. 2013-14 §5.04 mandatory boilerplate most templates omit, and a vendor-by-vendor compliance tier for every AI tool a US tax preparer realistically uses.

AI Tax Practitioner Editorial

Published ·25 min read ·Last reviewed

When does §7216 trigger? — the AI-vendor decision flow

Step 1

Client TRI leaves your control

Paste, upload, API call, voice transcription — all disclosures under §301.7216-1(b)(5)

Step 2

§301.7216-2(d) doesn't cover LLMs

US-only geographic limit + 'substantive decision-making' line excludes generative AI

Step 3

§301.7216-3 consent + DPA = compliant

Knowing, voluntary, written, before disclosure, with Rev. Proc. 2013-14 §5.04 mandatory language

The 30-second answer

In a hurry? Jump straight to the consent template → Or read the seven facts a sole practitioner or small-firm partner needs in order to know whether their current AI use is defensible:

  • §7216 is criminal. Misdemeanor, up to $1,000 per violation, up to one year imprisonment, plus the costs of prosecution. The 2019 Taxpayer First Act raised the cap to $100,000 where a §6713(b) identity-theft predicate applies.
  • §6713 is the strict-liability civil twin. $250 per disclosure, $10,000 annual cap. No knowing or reckless standard. Exposure attaches on the act itself.
  • Disclosure is broad. Treas. Reg. §301.7216-1(b)(5) reaches “any manner whatever.” Email, paste-into-prompt, upload, API call, voice transcription — all are disclosures unless an exception applies.
  • The auxiliary-service exception is narrow. §301.7216-2(d) requires the provider to be “located in the United States” and limits the scope to processing, preparation, or e-filing. General-purpose LLMs almost certainly do not qualify.
  • Consent is the operative path. Knowing, voluntary, written, before the disclosure, with the Rev. Proc. 2013-14 §5.04 mandatory language verbatim, naming the specific vendor.
  • No vendor publishes a valid template. The AICPA Annual Tax Compliance Kit, Tom Gorczynski’s canonical analysis, and every named tax-AI vendor stop short. The full template appears in the “mandatory language” section below.
  • A consent generator is forthcoming. See Tool #2. Until it ships, the inline template here is configurable by hand.

What §7216 actually says

§7216 prohibits both disclosure and use of tax return information outside the preparation purpose. The two verbs do separate work — practitioners often think only disclosure creates exposure. Use without consent is independently a violation. The current framework traces to the 2008 final regulations (TD 9375) updated by the 2012 final regulations (TD 9608) and operationalized by Rev. Proc. 2013-14. Three definitions in §301.7216-1 do most of the work in any AI analysis.

Tax return information — “any information…furnished in any form or manner for, or in connection with, the preparation of a tax return.” The phrase in connection with sweeps in client emails about deductions, scanned receipts, K-1 narratives, IRS notice text, voicemail transcripts of advisory conversations, and bookkeeping data feeds. It is not limited to the four corners of the return.

Use — “any circumstance in which a tax return preparer refers to, or relies upon, tax return information as the basis to take or permit an action.” Feeding a K-1 narrative into ChatGPT to summarize the partner allocation is a use even if no human ever sees the prompt. The reliance for action is the trigger.

Disclosure — “the act of making tax return information known to any person in any manner whatever.” The operative phrase is any manner whatever. The §7216 analysis does not hinge on whether the vendor retains the data, trains on the data, or deletes the prompt immediately. The disclosure has already occurred the moment the data leaves your control.

This is the framework. Everything else is interpretation.

Why “the reg is from 2008” doesn’t get you out

The most common practitioner rationalization runs: these regs were drafted in 2008, AI tools weren’t envisioned, the auxiliary-service exception in §301.7216-2(d) covers software, an LLM is software, so the exception applies.

The argument doesn’t survive contact with the reg.

Treasury Reg §301.7216-2(d) does permit disclosure to “another tax return preparer…for the purpose of preparing or assisting in preparing a tax return,” and the enumeration does include “software.” But the same provision imposes two constraints that disqualify most LLM use.

The geographic limit. §301.7216-2(d)(1) restricts the exception to providers “located in the United States (including any territory or possession of the United States).” Most consumer-tier LLMs route data through multi-region infrastructure including non-US regions by default. The geographic limit alone disqualifies ChatGPT Free, ChatGPT Plus, Claude Pro, consumer Gemini, and consumer Perplexity from the -2(d) safe harbor unless the practitioner has configured enterprise-tier data residency.

The “substantive decision-making” line. The Tax Adviser’s January 2024 analysis (Pittman, Williford, Becker) draws the canonical line: scan-only services are inside -2(d); services that involve “the service provider’s making substantive decisions related to the return” require consent under §301.7216-3. A generative LLM that summarizes, drafts, classifies, or reasons is making substantive decisions. It exits the -2(d) safe harbor.

The practitioner-canonical reading on this question is Tom Gorczynski’s “AI and the §7216 Disclosure and Use Rules” (Tom Talks Taxes, September 2024; republished at Compass Tax Educators). Gorczynski’s core argument: “When a tax return preparer enters tax return information into a third-party AI tool, that is a disclosure under Treas. Reg. §301.7216-1(b)(5).” On the auxiliary-services question specifically: “The use of ChatGPT, Claude, or another AI tool is unlikely to constitute an auxiliary service…however, there is no guidance from the IRS.”

The IRS has not issued any §7216 guidance specific to AI. The §7216 Information Center on irs.gov last linked guidance dated 2013. No notice, ruling, FAQ, or revenue procedure addresses LLM use. Practitioners are operating on the AICPA / Tax Adviser / Gorczynski reading — not on IRS rules. That is the gap. It is also the reason this article publishes the §5.04 mandatory language verbatim: the field needs an actionable reference until the IRS publishes guidance, which may or may not happen.

The narrow defense that survives the -2(d) test: firm-deployed AI tools running on dedicated-tenant infrastructure with no-train clauses, signed DPAs, US-only data residency, and contractual scope-limits to “the contracted services” plausibly fit within -2(d). Examples include Blue J, Hive Tax, TaxGPT Pro, Filed, Black Ore, Juno, and K1x. Even these defensible vendors typically recommend consent under -3 as a belt-and-suspenders measure. The clean position is to clear both gates.

§301.7216-3 sets four conditions a valid consent must satisfy.

Knowing and voluntary. The consent must be knowing and voluntary. Conditioning the provision of tax-prep services on the taxpayer’s furnishing the consent makes it involuntary and therefore invalid. The reg’s literal language: “Conditioning the provision of any services on the taxpayer’s furnishing consent will make the consent involuntary.”

Written and before the disclosure. “A tax return preparer may not disclose or use a taxpayer’s tax return information prior to obtaining a written consent.” The reg’s heading reads “No retroactive consent.” Pasting data into ChatGPT and then getting the consent signed later is not a thing.

Specific in content. Per §301.7216-3(a)(3)(i)(A)-(E), the consent must identify the name of the preparer, the name of the taxpayer, the intended purpose, the specific recipient, the specific tax return information to be disclosed, and must be signed and dated by the taxpayer. Vague “various AI tools” language fails this content test. Gorczynski is explicit on this point.

Separate documents for uses and disclosures. Per §301.7216-3(c)(1), for Form 1040 filers, “one written document must authorize uses and another separate written document must authorize disclosures.” Combining a use-consent and a disclosure-consent on the same page is not permitted. Two separate documents.

Business returns (1120, 1120S, 1065, 1041) operate under §301.7216-3(a)(3)(iii), which permits consent in any format including engagement-letter-embedded language. Individual 1040 filers cannot use that route — the consent must be a separate document.

The duration default per §301.7216-3(b)(5): if the consent does not specify a period, it is effective for one year from the date the taxpayer signed. A §7216 AI-vendor consent obtained January 15, 2026 with unspecified duration expires January 15, 2027.

The Rev. Proc. 2013-14 mandatory language

The four §301.7216-3 conditions are necessary but not sufficient. Any consent obtained on or after January 14, 2013 must also contain the verbatim mandatory language specified in Rev. Proc. 2013-14 §5.04 (summarized for practitioners in the Journal of Accountancy’s March 2013 piece and the CPA Journal’s December 2019 §7216 explainer). Most AI consent drafts circulating in practitioner forums do not include this language. A consent that satisfies the §301.7216-3 content requirements but omits the §5.04 mandatory language is not a valid §7216 consent.

The verbatim mandatory language for Form 1040 disclosures:

Federal law requires this consent form be provided to you. Unless authorized by law, we cannot disclose your tax return information to third parties for purposes other than the preparation and filing of your tax return without your consent.

If you consent to the disclosure of your tax return information, Federal law may not protect your tax return information from further use or distribution.

The format requirements: 8.5” × 11” paper, minimum 12-point type for paper consents; readable matching-or-larger text size for electronic consents; signed and dated by the taxpayer; copy provided to the taxpayer at the time of execution.

Critical: do not use a single blanket “various AI tools” consent. Each vendor must be named. When you add a new AI tool to your stack, you need a new signed consent — or an updated consent if the existing one’s term still runs.

For state-specific consent (California Business and Professions Code §17530.5; New York Tax Law §32), separate state-compliant consent language is required in addition to the federal form. The two regimes have overlapping but distinct content requirements — California’s “how the information will be used” specification is more granular than federal, which means an AI consent that says “tools used in tax preparation” is plausibly federal-compliant but California-deficient.

A configurable consent template generator that handles vendor selection, state overlays, and engagement-letter formatting is forthcoming as Tool #2 on this site.

Vendor by vendor — which AI tools you can use with what paperwork

The matrix below sorts every AI tool a US tax practitioner realistically uses into three compliance tiers. The §7216 standard turns on whether the disclosure has been made. Most vendor marketing focuses on training, but no-training is necessary, not sufficient — the disclosure occurred the moment the data left your possession. The question is whether the disclosure falls inside a permitted-purpose exception OR is covered by a signed consent under §301.7216-3.

AI vendor §7216 compliance matrix — May 2026
ToolTierPractitioner priceNotes
ChatGPT FreeDIRTYFreeNo DPA. Training on by default. Not §7216-defensible for client TRI.
ChatGPT PlusDIRTY$20/moNo DPA. Training on by default; opt-out exists but no paperwork chain.
Claude FreeDIRTYFreeNo DPA.
Claude ProDIRTY$20/moNo DPA. Consumer tier.
Google Gemini consumerDIRTYFree / $20gemini.google.com without Workspace. No DPA.
Perplexity Pro consumerDIRTY$20/moNo DPA at consumer tier.
Blue JCLEAN~$1,198/yr/userTax-research positioning; US-only AWS; 24-hr file auto-deletion; supplementary no-training contracts with OpenAI + Google.
TaxGPT ProCLEAN~$1,600–$2,000/yrSOC 2 Type II; US hosting; DPA available.
Hive Tax AICLEAN$1,199/yr soloTax Return Analysis tool zero-storage; other tools require DPA request.
JunoCLEAN~$30–$45/returnExplicit “IRS Section 7216 Compliant” statement on trust page; CPA-founder-led.
Black Ore Tax AutopilotCLEANEnterpriseSOC 2 Type II; closed-loop processing.
ChatGPT TeamCLEAN$25–$30/user/mo (annual)No-training by default; DPA available; SOC 2 Type II.
ChatGPT EnterpriseCLEANCustomAdds Zero Data Retention addendum and EU data residency option.
ChatGPT APICLEANUsage-basedNo-training by default; ZDR available for sensitive workflows.
Claude TeamCLEAN$25/user/mo (annual)Anthropic terms: “may not train models on Customer Content”; 7-day API log retention; ISO 42001:2023.
Claude EnterpriseCLEANCustomAdds ZDR.
Anthropic APICLEANUsage-basedNo-training default.
Microsoft 365 CopilotCLEAN$30/user/mo + M365The cleanest large-LLM enterprise option. Prompts and responses not used to train foundation models; data stays within M365 service boundary; inherits existing Microsoft EDP.
Google Gemini Workspace EnterpriseCLEANPer Workspace tierInherits Google Cloud DPA; FedRAMP High; configurable data residency.
Perplexity Enterprise ProCLEANEnterpriseZDR available.
Thomson Reuters CoCounselCLEAN~$3,400/user/yrEnterprise-tier; “private eyes-off processing”; no cross-client contamination.
CCH Axcess Expert AICLEANBundled add-onPrivacy-by-design architecture; zero model training on client data.
Intuit Tax Assist / Drake AI / UltraTax CS AICLEANBundled with engineInside existing tax-engine master agreement; AI module treated as inside permitted-purpose service.
GruntWorxEXCEPTIONPer-form pricingThe only mass-market vendor that publishes an explicit “not required to have clients sign a written consent” position under §301.7216-2(d)(1). US-employee-only access; Drake-controlled environment.
FiledEXCEPTIONMid-firm enterpriseMost aggressive §7216-routing claim in market — argues PII-anonymization before processing means no TRI disclosure has occurred. Defensible but not yet tested in audit or court.

Tier definitions:

  • DIRTY — no DPA available. Training-on-data on by default or opt-out only. No §7216-defensible paperwork chain exists. Do not use for client tax return information.
  • CLEAN with §7216 consent + DPA — SOC 2 attested, no-training contract language, DPA available. Practitioner needs a signed §301.7216-3 consent naming the specific vendor.
  • EXCEPTION (architectural or explicit §7216 claim) — vendor argues either auxiliary-services exception (GruntWorx, on -2(d)(1) tax-preparer-to-tax-preparer grounds) or no-disclosure architecture (Filed, on PII-anonymization grounds). Warrants practitioner-level diligence before relying on the vendor’s claim.

The economic gap between DIRTY and CLEAN-WITH-PAPERWORK is real. A solo on ChatGPT Plus ($240/yr) who upgrades to a full CLEAN stack — ChatGPT Team ($300/yr/seat), Blue J ($1,198/yr), Microsoft 365 Copilot ($360/yr/seat) — moves from $240/yr to about $1,858/yr per seat. At a solo doing 200–400 returns at $300–$600 per return ($60K–$240K annual revenue), the $1,600 incremental cost is 0.7 to 3.0 percent of revenue. Justifiable. The friction is the annual commit, not the dollar amount.

Pricing data current as of May 2026. Vendor pricing changes frequently. Verify on the vendor’s site before procurement.

Where most firms get this wrong

The most-cited data point on practitioner AI use comes from the joint Blue J / CPA.com AI Tax Research Solution Outlook Report (September 2025; covered by Accounting Today): 54.4 percent of practitioners report personal AI use; 33.1 percent report formal firm adoption. The survey drew on responses from more than 150 tax practitioners across firm sizes. Twenty-one points of practitioners are using AI without firm sanction — primarily ChatGPT Plus paid from personal money, primarily in solo and 2-10 person firms, primarily without a signed §7216 consent specific to the tool.

The shadow-AI gap is structural, not marginal. The math is brutal: a personal ChatGPT Plus subscription with default training-on-data, a client K-1 pasted in to summarize the partner allocation, no signed consent — that is a §7216 disclosure outside a permitted-purpose exception. The plausible practitioner violation rate is 30 to 50 percent. The published IRS criminal enforcement rate for AI-specific §7216 referrals is zero.

The dominant rationalizations and why each one fails under a literal §7216 read:

“I never paste PII.” §7216 covers tax return information, which is a broader category than personally identifiable information. A K-1 narrative that describes the partner’s share of qualified business income is tax return information even when the partner’s name and SSN are stripped. The “in connection with…the preparation of a tax return” definitional sweep is the operative breadth.

“I anonymize first.” Anonymization removes names and identifiers but does not necessarily remove tax return information. Structural facts — the specific deduction at issue, the dollar amount, the entity type — remain tax return information whether or not the taxpayer is named. The exception works only when the anonymization is architectural (the vendor never sees the unredacted data, as in Filed’s claim) — not when the practitioner pastes unredacted data and trusts a downstream redaction step.

“I close the tab.” §7216 turns on disclosure, not retention. The disclosure occurred at the moment of transmission. What happens to the data afterward — retention, deletion, training — affects the practitioner’s exposure under the FTC Safeguards Rule and the proposed Circular 230 §10.35 technological-competency rule, but it does not unwind the §7216 disclosure that has already occurred.

“It’s just for the email draft, not the return itself.” Tax return information in §301.7216-1(b)(3)(i) extends to information “furnished in any form or manner for, or in connection with, the preparation of a tax return.” A draft client email explaining a deduction position is in connection with the preparation. Derivative work products carry the same §7216 restriction.

The verbatim practitioner discourse on r/taxpros captures the awareness gap precisely. One recurring formulation: “If you’re typing client SSN into ChatGPT, you’re committing a crime under §7216.” Another, from r/tax: “Why on earth would you ever give personal information to a LLM.” A third, from an EA on r/tax: “I asked ChatGPT tax questions, pressed it for more information, then eventually it just told me I would go to jail.”

The awareness exists. The compliance follow-through doesn’t.

The §10.22 due-diligence and Mata v. Avianca parallel

§7216 is one of seven regulatory regimes that touch AI use on client data. The penalty stack compounds.

A single act of pasting a client K-1 narrative into free ChatGPT can trigger:

  1. §7216 criminal misdemeanor exposure (up to $1,000 / 1 year per violation)
  2. §6713 strict-liability civil exposure ($250 per disclosure, $10,000 annual cap)
  3. Circular 230 §10.22 due-diligence violation
  4. The proposed Circular 230 §10.35 technological-competency violation (REG-116610-20, comment closed February 2025; not yet finalized as of May 2026)
  5. FTC Safeguards Rule (16 CFR Part 314, Cornell LII) violation — up to $53,088 per violation under 15 USC §45(m)(1)(A) inflation-adjusted (FTC press release, February 11, 2025), plus $10,000 personal liability for officers and directors under GLBA
  6. AICPA SSTS 1.4 reliance-on-tools breach (binding on AICPA-member CPAs since January 1, 2024; AI is expressly named in the SSTS 1.4 definition of “tool” — see the Tax Adviser’s September 2025 explainer on SSTS 1.4 and the Tax Adviser’s February 2024 piece on generative AI ethics)
  7. State overlays — California §17530.5 is itself a misdemeanor

Circular 230 §10.22(a) sets the operative standard: a practitioner must “exercise due diligence…in preparing, approving, and filing tax returns, documents, affidavits, and other papers relating to Internal Revenue Service matters.” §10.22(b) permits reliance on others’ work product only when the practitioner uses “reasonable care in engaging, supervising, training, and evaluating the person.” An AI tool is “others’ work product” in the §10.22(b) sense. The companion Circular 230 and AI article on this site covers the due-diligence interaction in depth; see also Tool #1, the Circular 230 §10.22 checklist.

The federal-court analog is Mata v. Avianca, Inc., 678 F. Supp. 3d 443 (S.D.N.Y. June 22, 2023). Plaintiff’s counsel submitted a brief opposing Avianca’s motion to dismiss that contained six fabricated case citations generated by ChatGPT. When Avianca’s counsel could not locate the cases, the court ordered the lawyer to produce them. The lawyer returned to ChatGPT, which “confirmed” the cases existed and produced fabricated text. Judge Castel imposed $5,000 in Rule 11 sanctions. The operative reasoning: “There is nothing inherently improper about using a reliable artificial intelligence tool for assistance,” but the lawyer’s personal duty to verify cited authority is non-delegable.

The tax-court analog is Gary Thomas v. Commissioner, No. 10795-22 (T.C. Order October 23, 2024), where the U.S. Tax Court struck a pretrial memorandum containing four case citations, three of which did not exist (covered by Bloomberg Tax). The closest tax-specific analogue to Mata as of May 2026. A 2026 case, United States v. Heppner (S.D.N.Y. February 10, 2026), held that documents generated through consumer-tier Claude were not protected by attorney-client privilege or work-product doctrine (analysis by Gibson Dunn) — meaning pasting client tax return information into a consumer-tier LLM may not only be a §7216 disclosure but may also waive any §7525 federally-authorized-tax-practitioner privilege that would otherwise apply.

The proposed Circular 230 §10.35 codifies the Mata logic at the regulatory level. The proposed rule’s preamble: a practitioner must understand “the benefits and risks associated with relevant technology used by the practitioner.” A practitioner who treats ChatGPT output as if it were a junior associate’s work product, without supervision-and-evaluation, falls outside the §10.22(b) safe harbor and is exposed to §10.22(a) directly.

The Office of Professional Responsibility has not published a disciplinary action specifically tied to AI use as of May 2026. The OPR’s National Tax Forum 2024 presentation referenced “use of artificial intelligence tools” within the broader Circular 230 framework, and the proposed §10.35 signals the direction of travel. There is no operative public OPR quote on AI under §10.22 as of this writing — a gap the field is watching.

State overlays — California, New York, and the multi-state question

California Business and Professions Code §17530.5 is the most-restrictive state overlay. The disclosure of taxpayer information without consent is itself a misdemeanor under California law — separate state-criminal exposure from the federal §7216 misdemeanor. The state consent must be in a “separate document” (parallels the federal §301.7216-3 separation rule), must state to whom disclosure will be made and how the information will be used, permits electronic signature, and reaches internal disclosures within the same firm for non-tax-prep purposes. California’s “how the information will be used” specification is more granular than federal. A practitioner-firm consent that says “tools used in tax preparation” is plausibly federal-compliant but California-deficient. The California consent should name the specific AI vendor.

New York Tax Law §32 and 20 NYCRR Part 2600 establishes the state preparer-registration regime and standards-of-conduct rules (NY Department of Taxation and Finance regulations index). Disclosure standards mirror the federal §7216 framework with state-discipline exposure layered on. The New York Department of Taxation and Finance can suspend or cancel a preparer’s registration for violation.

Other states largely default to the federal §7216 standard. Maryland (§13-401 of Tax-General Article), Oregon (ORS 673.640 under the Oregon Board of Tax Practitioners), and Connecticut (§12-790a) impose preparer-registration regimes but do not add §7216-equivalent state-disclosure rules. Illinois has no state-specific tax-preparer disclosure statute equivalent to California — federal §7216 controls.

Practitioner-firm consent templates should default to a federal-compliant base with a California-compliant rider when the firm has California clients. A multi-state firm consent that covers federal plus California plus New York with state-specific elements layered in is the operationally cleanest path.

The audit trail — what to retain, how long, why

A §7216 audit trail does three things: it proves consent existed before the disclosure, demonstrates §10.22 due diligence on the AI output, and supports FTC Safeguards Rule §314.4 compliance.

The retention spec:

  • Signed consents — retain for at least three years past the later of the return filing date or the consent expiration date, mirroring the standard §6694 statute-of-limitations preservation. For California practitioners, longer retention may be advisable given the state-criminal classification.
  • Vendor DPAs — retain for the life of the engagement plus three years.
  • AI prompt-and-response logs — capture sufficient detail to demonstrate the practitioner’s review-and-verification step. For research workflows (Blue J, Hive Tax Research, Stanford Tax) the citation set returned by the tool is the relevant artifact. For drafting workflows (ChatGPT Team for email, CoCounsel for memos) the prompt + output + the practitioner’s edited-final-version chain is the relevant artifact.
  • Firm WISP — must explicitly cover AI vendor risk assessment, AI prompt logging, and AI-vendor §7216 consent procedures. The IRS Pub 4557, Pub 5293, and Pub 5708 WISP templates do not contemplate AI as a category. Practitioners adding AI tools need to bolt on the AI-vendor risk-assessment component themselves. IRS Pub 1345, the e-file Provider Handbook, references §7216 as the operative legal regime for TRI handling but offers no AI-specific guidance.

The proposed Circular 230 §10.35 technological-competency requirement will, if finalized, formalize the documentation expectation. The current operative standard is §10.22(b)‘s “reasonable care in engaging, supervising, training, and evaluating” — which an audit-defensible audit trail demonstrates.

Per §301.7216-3(b)(5), a consent that does not specify a duration is effective for one year from the date the taxpayer signed. A §7216 AI-vendor consent obtained January 15, 2026 with unspecified duration expires January 15, 2027.

Practitioners have three options.

Annual renewal at the engagement-letter cycle. Most operationally clean. The §7216 AI-vendor consent rolls with the annual engagement letter. New consent each year, signed before the first AI-tool use in that tax year. Adds approximately five minutes per client to the annual onboarding cycle.

Multi-year duration (specified). The consent can specify a longer effective period under §301.7216-3(b)(5). A three-year consent is workable. A perpetual-until-revoked consent is legally permissible but practitioner-credibility-fragile — clients reading it tend to push back.

Vendor-change renewal. Whenever the practitioner adds a new AI tool to the stack, a new signed consent is required (or an updated consent if the existing one’s term still runs). The vendor list cannot be silently extended.

For Form 1040 filers, the consent must be a separate document. For business returns (1120, 1120S, 1065, 1041), §301.7216-3(a)(3)(iii) permits engagement-letter-embedded consent. Most multi-entity firms maintain separate templates for the two filing categories.

Enforcement reality — zero published actions is not the same as compliance optional

A search of IRS Criminal Investigation press releases 2022–2026 produces zero §7216 criminal referrals specifically tied to AI tool use. No OPR public censure, suspension, or disbarment tied to AI use has been located. No state-board AI-specific disciplinary action has surfaced.

This is the comfort-blanket read: the IRS has not enforced this; compliance is optional. It is also the anxiety-vector read: the first case will be a Mata-level shock that flips the field overnight.

Both reads are partially correct.

The latent liability is real. Twenty-one points of practitioners are using AI without firm sanction; most are paying for ChatGPT Plus personally; most have not signed a §7216 consent specific to that tool. The §7216 statute is criminal. The §6713 civil twin is strict-liability. The proposed Circular 230 §10.35 is moving toward finalization. E&O carriers are signaling restrictive direction in 2025-2026 — Wiley’s 2025 State AI Laws analysis and companion 2026 bills tracker document the direction of travel: most proposed AI exclusions are written near-absolute in scope, and while they are not yet standard in the marketplace, insurers are incorporating them with more expected to follow. CAMICO, Gallagher Affinity, and AXA XL have not published AI-exclusion endorsements as of May 2026 — but the policy-language drift is unmistakable.

The first published §7216 criminal referral against an AI-using preparer will function as the “Mata moment” for the tax-AI field. When that case lands, the published-violation-rate-zero comfort-blanket disappears. Firms that have built clean consent infrastructure will absorb the moment as confirmation of their existing practice. Firms that have been operating on shadow AI will absorb it as an emergency procurement and policy retrofit.

The clean path is the same either way: sign the consents now, move the firm’s AI stack from DIRTY to CLEAN-WITH-PAPERWORK, update the WISP to cover AI vendor risk assessment, and document the audit trail for every AI-assisted output.

FAQ

Does §7216 apply if I’m a sole practitioner with no firm policy?

Yes. §7216 binds every “tax return preparer” as defined in §301.7216-1(b)(2). Solo status does not change the analysis. The absence of a firm policy means the practitioner is personally responsible for the consent process — there is no firm framework to fall back on.

What if I only use AI for the client email, not the return itself?

§7216 reaches information furnished “in connection with…the preparation of a tax return” per §301.7216-1(b)(3)(i). A client email explaining a deduction position or summarizing a return finding is in connection with the preparation. The consent requirement applies to derivative work products as well as to the return itself.

Does §7216 cover voice transcription tools that capture client meetings?

Yes. A voice-transcription tool capturing a client advisory conversation about deductions, entity structure, or planning strategies is processing tax return information. The §7216 consent requirement applies. Practitioners using Otter, Fireflies, or similar tools on client meetings need a signed consent specifying the tool and the purpose.

Can I rely on my tax-prep software’s built-in AI features without a separate consent?

The implicit framing of Intuit Tax Assist, Drake’s AI features, UltraTax CS AI, and CCH Axcess Expert AI is that the AI module is internal to the tax-engine service the practitioner has already engaged the vendor for. The §7216 disclosure analysis treats the vendor as inside the permitted-purpose exception under the firm’s existing master agreement. Most firms running on these stacks proceed without a separate AI-specific consent. The conservative position is to add an AI-specific rider to the master agreement and obtain an annual consent reflecting the AI tools in use — particularly when the practitioner uses third-party AI alongside the bundled features.

Does anonymization satisfy §7216?

Architectural anonymization that happens before the data leaves the practitioner’s possession (as Filed’s claim describes) plausibly works — no tax return information has been disclosed. Procedural anonymization that the practitioner performs by hand before pasting into a prompt is unreliable: structural facts (deduction amounts, entity types, transaction descriptions) may remain tax return information after names and SSNs are stripped.

Is there any safe harbor for research-only questions where I’m not pasting client facts?

If the practitioner asks an LLM a generic tax question without referencing client-specific information (“What’s the holding period rule under §1202 post-OBBBA?”), no tax return information has been disclosed and §7216 is not triggered. The line is crossed at the moment client facts enter the prompt.

What’s the consequence of a §7216 violation that the IRS doesn’t catch?

Even absent IRS enforcement, the §6713 strict-liability civil penalty is available to the IRS at any time within the §6501 statute of limitations. The Circular 230 §10.22 exposure persists. State boards retain disciplinary authority. The practitioner has signed a Form 8867 attesting to due diligence on the return — a §7216 violation in the preparation chain can support a misrepresentation theory under §6694 or Circular 230 §10.51. The no-published-enforcement comfort is one regulatory cycle from changing.

Should I be worried about the §10.35 proposed rule?

The technological-competency rule (REG-116610-20) is still in proposed form as of May 2026. Comment closed February 2025; finalization expected but not yet on the record. The rule, if finalized, will formalize what §10.22 due diligence already implies — that practitioners using AI tools must understand the tool’s risks (hallucination, data-handling, citation accuracy). The clean path under §10.22 is the same path that will satisfy §10.35.

Sources and citations

All 37 URLs verified live as of 2026-05-11. The article was assembled from primary regulatory, vendor-disclosure, and practitioner-discourse layers — every claim is sourced inline. Categories below.

Federal statute and regulations:

IRS guidance and publications:

Proposed Circular 230 update and OPR:

FTC Safeguards Rule and GLBA:

AICPA standards and AI resources:

Practitioner-canonical analysis:

Practitioner adoption and survey data:

State overlays:

Case law:

Insurance and professional liability:

Last reviewed: 2026-05-11. Published by AI Tax Practitioner Editorial. A reference, not legal advice. Your firm’s compliance posture should be confirmed with counsel and updated as IRS guidance and state-specific rules evolve.

Notice an outdated citation or broken link? Email [email protected] — every source is reviewed at minimum quarterly and updated when underlying authority changes.