Foreign AI, Pakistani Courts: Building Smart Courts Without Surrendering Judicial Data

By Harris Jamil Alam Khan

There is a temptation in every delayed system to treat technology as salvation. Pakistan’s courts are no exception. The pressure is real. The Law and Justice Commission of Pakistan recorded 2,270,584 pending cases nationwide as of 30 June 2025. That figure alone explains why artificial intelligence will find its way into judicial administration. It can assist in research, transcription, translation, file management, cause-list preparation, case clustering and administrative scrutiny. None of this is objectionable in itself. The objection lies elsewhere. It lies in the question of control. 

The issue is not whether Pakistani courts should use AI. The issue is whose AI, hosted where, trained on what, governed by whom, and answerable to which legal system. A court does not process ordinary information. It handles pleadings, evidence, witness statements, medical records, financial disclosures, criminal allegations, family disputes, identity documents and state correspondence. Judicial data is not clerical data. It is the legal memory of the State.

Pakistan has already accepted the policy direction of AI. The Federal Cabinet has approved the Artificial Intelligence Policy 2025, which describes itself as a national roadmap for ethical, inclusive and innovative AI adoption. The same policy speaks of a secure AI ecosystem, cybersecurity protocols, transparency frameworks, AI infrastructure, national compute resources, centralised datasets and public trust. These are not decorative phrases. In the judicial context, they must become conditions precedent. 

The Supreme Court’s decision in Ishfaq Ahmed v. Mushtaq Ahmed, PLD 2025 SC 582, has been understood as allowing AI to assist judicial work, while preserving the essential role of human adjudication. The safer reading is simple: AI may support the court, but it cannot become the court. It may assist research and administration, but the act of judging must remain human, reasoned and constitutionally accountable. 

This is where foreign-hosted AI platforms create a hidden cost. The risk is not only that data may be used for model training. In fact, serious providers have moved to address that concern. OpenAI states that data sent to its API is not used to train or improve its models unless the customer opts in. But the same documentation also states that abuse-monitoring logs may contain prompts, responses and metadata, and may be retained by default for up to 30 days unless specific controls apply. 

Data residency also requires careful reading. OpenAI’s ChatGPT data residency is presently listed for regions such as Australia, Canada, Europe, India, Japan, Singapore, South Korea, the UAE, the UK and the United States. Pakistan is not presently among the listed regions. More importantly, data residency is not always the same as inference residency. OpenAI’s own help material states that inference residency for ChatGPT is currently available only in Europe and the United States, and that certain categories of data, including transient processing steps and workspace metadata, may be stored outside the selected region. 

Google’s enterprise position is also more protective than ordinary consumer use. Gemini for Google Cloud states that prompts and responses are not used to train its models. Vertex AI similarly states that Google will not use customer data to train or fine-tune AI models without prior permission or instruction. But even there, the documentation recognises limited retention and logging scenarios, including prompt logging for abuse monitoring and 30-day storage for certain grounding features. 

These protections are meaningful. They should not be dismissed. But judicial data requires a higher sovereign standard than ordinary enterprise data. The legal question is not only whether a vendor trains on the material. The legal question is whether Pakistan retains control over storage, processing, retention, deletion, audit logs, encryption keys, metadata, subcontractors, lawful disclosure and breach response. A court system cannot run on trust alone. It requires verifiable control.

China offers a useful comparison, not as a constitutional model to copy, but as an infrastructure lesson to study. China’s Supreme People’s Court issued a court-led strategy requiring Chinese courts to develop a competent AI system by 2025 to support legal services and justice. The same policy sets a 2030 objective for AI to support the wider judicial process through improved rules and application systems. This is not casual adoption. It is institutional planning. 

China has also pursued blockchain integration in the judicial field, including dispute resolution, litigation services, trials, enforcement and judicial administration. Its Supreme People’s Court has framed these technologies as part of a wider smart courts programme. As recently as April 2026, China’s top court was reported to be drafting further guidelines for disputes involving AI, data rights and AI-generated content. The point is not that Pakistan should replicate China’s political structure. It should not. The point is that judicial technology must be court-led, state-supervised and nationally coordinated. 

Pakistan’s own draft data protection framework points in the same direction. The Personal Data Protection Bill 2023 remains draft legislation on the Ministry’s website, but it already recognises critical personal data and proposes that such data shall only be processed in servers or digital infrastructure located within Pakistan. Even before enactment, the principle is important: if critical public data requires territorial protection, judicial data requires at least the same discipline. 

The answer is not to reject foreign technology altogether. That would be impractical and unnecessary. The answer is to classify judicial data and build a layered model. Public judgments and non-sensitive legal research may be treated differently from pleadings, evidence, sealed records, identity documents, medical records, family files, criminal material and internal court correspondence. Not all data carries the same risk. But the highest-risk data should not be entered into public or uncontrolled AI systems.

Pakistan should therefore proceed in stages. First, no confidential judicial material should be entered into consumer AI tools. Secondly, any AI used by courts must be procured through contracts that clearly define data residency, retention, deletion, audit logs, encryption, subcontracting, breach reporting and access rights. Thirdly, a locally hosted judicial AI layer should be developed under the supervision of the Supreme Court, High Courts, Law and Justice Commission and National Judicial Policy Making Committee. Fourthly, AI should begin with administrative support, translation, research assistance and case management, not decision-making. Fifthly, every AI output used in judicial work must remain reviewable by a judge or authorised officer.

The risk is not innovation. The risk is careless innovation. Pakistan can build smart courts, but smart courts cannot be built on surrendered data, invisible processing and foreign dependency. The judiciary may borrow tools. It cannot outsource trust.