Can You Use ChatGPT for Client Tax Returns? What the AICPA Says
It is the middle of tax season, and a staff accountant pastes a client's W-2 straight into ChatGPT to save twenty minutes on a return. That scene plays out in accounting firms every single week.
The question of whether you can use ChatGPT for client tax returns sounds like a productivity debate. It is really a compliance one. A criminal statute sits behind that paste, alongside duties from the AICPA and the FTC that most “AI for accountants” articles never mention.
The short answer
It depends, and the line is sharper than most articles admit. Yes, you can use ChatGPT for general tax research, drafting, and explaining concepts. No, you cannot paste a client's actual return information into the consumer app without a valid IRC Section 7216 written consent. That is a criminal disclosure, not a gray area.
THE PRIVACY-FIRST SHORTCUT
Elephas is a privacy-friendly AI knowledge assistant for Mac. Its built-in local LLM models run fully on your machine, so a sensitive return never has to reach a third party at all. When you do use a cloud model, Elephas redacts client identifiers on-device first. Smart Redaction is on every plan, and Elephas starts at $9.99/month. Try Elephas free →
What “tax return information” actually covers
ChatGPT, built by OpenAI, is a generative AI tool: a large language model that drafts text from a prompt. CPAs reach for it during busy season to speed up tax preparation and automate routine, tax-related workflow steps.
The trouble starts with what counts as protected data. Under Section 7216, “tax return information” is far broader than a Social Security number. It covers K-1 partner names, EINs, income figures, bank details, and anything a client furnished to prepare the return.
Consumer chats are also less private than they feel. In January 2026, a federal judge ordered OpenAI to hand over 20 million de-identified ChatGPT logs to the New York Times, holding that users had voluntarily submitted their chats to OpenAI (ABA Journal, 2026-01-08).
De-identification plus a protective order, not deletion, was deemed enough. For a preparer, the takeaway is direct: data pasted into the consumer tool can resurface in litigation. Whether this matters to you depends on which of these you are: someone worried about the worst case, someone trying to make AI work in your practice, or someone writing your firm's AI policy.
What the AICPA, IRS, and FTC rules actually say
Three rules decide the answer, and almost no ranking article names all three.
IRC Section 7216
Disclosing return information to a third-party AI vendor is a “disclosure” that generally needs prior written taxpayer consent. Without it, you face criminal exposure plus a separate Section 6713 civil penalty. A consent with no stated duration expires one year after signing (Section 7216 Information Center).
AICPA SSTS 1.3 and 1.4
The data protection and reliance-on-tools standards require members to safeguard taxpayer data and to use due care when relying on any tool, with AI named explicitly (The Tax Adviser, 2026-04-30). The tool never transfers your professional responsibility for the work.
FTC Safeguards Rule
Tax preparers are “financial institutions” with a duty to vet and oversee service providers that touch client information. An unvetted AI vendor can fail that duty on its own.
The real line is between general work and a specific client's file. General, hypothetical work that is not built from a client's return is fine to run through ChatGPT:
- Explaining a complex tax code provision or how a deduction works
- Drafting boilerplate client communication, engagement letters, and email templates
- Researching a tax-law question that is not tied to a particular client
- Brainstorming general tax planning approaches with made-up numbers
What you cannot safely do is paste a client's actual return information into the consumer app: source documents, real names, SSNs, EINs, or a full return, whether you use the free version or a paid version of ChatGPT.
Stripping the identifiers off a real client's file does not clear it either. Under Section 7216, data derived from a client's return stays protected even when it can no longer be tied to that taxpayer.
There is a serious argument that enterprise ChatGPT with a no-training data processing agreement clears the bar, and proponents point to zero-retention business tiers as proof.
The honest rebuttal is that “won't train on your data” is not the same as “won't retain it.” Sub-processors still touch it, and a Section 7216 consent or genuine de-identification is still required.
“Both AICPA and IRS standards require tax professionals to protect privileged tax information. Prompting the bot with privileged client information may inadvertently result in divulging this information in future prompts.”
It depends on who you are
If you're worried about the worst case, anchor on the criminal exposure. A single uncontrolled prompt can be a Section 7216 disclosure. Because you own the FTC Safeguards duty, a retained SSN can trigger breach-notification duties: notice to the FTC, and under state law, letters to the affected clients.
If you're trying to make this work, build the safe lane. Keep client-specific data on-device with a fully offline tool, or get a signed consent before it reaches a cloud model. Hold AI to general research and drafting, and document the use cases. The standards permit AI use when you safeguard the data.
If you're trying to understand the nuance, separate the tool from the tier. The problem is sharpest with the consumer app. An enterprise agreement changes the data terms but not your Section 7216 consent duty, and state-board positions are still moving.
What this means for your practice
The real problem underneath the question is keeping client data off third-party servers without losing the speed that made AI tools like ChatGPT appealing. That is a tooling decision, not a willpower one.
For preparers who still want a leading cloud model, Elephas adds a second layer through automatic PII redaction. Before a prompt reaches ChatGPT 5.5, Claude Opus 4.7, Gemini, Grok, Perplexity, or any other cloud model, Elephas strips names, emails, SSNs, EINs, and identifiers on your Mac.
The cloud model only sees the sanitized text, and the redacted fields are reassembled locally when the answer returns, so client identifiers never leave the device. Elephas pairs this with zero data retention: content never trains AI models, never sits on a vendor's server, and never passes through a third-party reviewer's screen.
Put plainly: sensitive data is automatically detected and redacted before anything reaches a cloud AI model, your content is never used to train AI models, and nothing passes through a third-party reviewer's screen.
Where Section 7216 is concerned, the cleanest position is Elephas's built-in local LLM models. They run fully on your Mac, so nothing reaches a third party and there is no disclosure to consent to, the same footing as local tax software.
For client-specific work on a cloud model, redaction lowers your exposure but does not by itself remove the Section 7216 consent duty, because figures derived from a client's return can still be tax return information. Treat it as a safeguard to pair with a signed consent, not a replacement for it.
Smart Redaction is available on every plan, including the Free tier. Elephas starts at $9.99/month, and you can try Elephas for free.
- For skeptics: the conservative read is no raw client data in consumer ChatGPT without a current Section 7216 consent (IRC §7216; Treas. Reg. §301.7216-3).
- For advocates: the cleanest path is a fully offline, on-device tool, since nothing reaches a third party. On a cloud model, get a signed Section 7216 consent and use redaction as a safeguard, not a substitute. The AICPA standards let you use AI when you safeguard the data (The Tax Adviser, 2026-04-30).
- For neutral evaluators: monitor what is unsettled, especially OpenAI's retention posture after the 2026 logs ruling (ABA Journal, 2026-01-08) and your state board's stance.
Related questions
Can ChatGPT prepare or file a tax return?
No. ChatGPT cannot access e-file systems, cannot sign a return, and a hallucination can drop wrong figures or outdated tax rules into an answer. Unlike dedicated tax software, the chatbot works as a drafting and research assistant, not a preparer, so human judgment and a review against current tax guidance keep it accurate.
Is it safe to put client tax information into ChatGPT?
Not in the consumer app. Pasting client data is governed by Section 7216 and AICPA SSTS 1.3, and the consumer tool offers no zero-retention guarantee. De-identify the data first, or use a tool that redacts identifiers locally before anything reaches the cloud model.
Does entering client tax data into ChatGPT violate IRS Section 7216?
It can. Sending return information to a third-party AI vendor is treated as a disclosure that needs prior written taxpayer consent. Without valid consent, the disclosure carries criminal exposure plus a Section 6713 civil penalty, and generic e-file consent language usually will not cover it.
What does the AICPA say about using AI like ChatGPT for tax work?
The AICPA's Statements on Standards for Tax Services apply directly. SSTS 1.3 requires you to safeguard taxpayer data, and SSTS 1.4 requires due care when relying on any tool, AI included. Using ChatGPT never shifts responsibility for the work product away from you.
What do I need before letting staff use ChatGPT on returns?
Put a short written AI-use policy in place: a de-identification rule, approved use cases such as research and drafting only, a current Section 7216 consent or a tool that keeps data local, and an AI-vendor entry in your written information security program. Train staff on the line before, not after.
Keep the speed without the disclosure
Elephas is a privacy-friendly AI knowledge assistant for Mac. It redacts client identifiers on your machine before any cloud call, so you keep the AI workflow without handing tax return information to a third party.
Try Elephas free