§7216 Decision Framework, What Triggers Consent for AI-Assisted Tax Work

Purpose. A component-by-component breakdown of IRC §7216 / §6713 and Treas. Reg. §301.7216-1, -2, -3, built to answer one question: for a given AI use, do I need written taxpayer consent, or does it fit a permissible-use exception? Because §7216 predates AI and names no AI-specific rule, the classification of AI uses is inference applied to the existing framework, every inference below is flagged [INFERENCE]. The statutory and regulatory components are quoted from primary source and flagged [VERIFIED].

Educational analysis for practitioner review, not legal advice. The licensed professional is the reviewer of record and must verify before relying (SSTS §1.4). Companion to Regulatory Foundation and Guardrails.

The decision at a glance

flowchart TD S(["Client tax-return info going into an AI tool?"]):::start --> G1{"Does the data leave your device or server?"} G1 -->|"No: local / self-hosted model"| L["§7216 disclosure NOT triggered. Internal use; data stays on-premises. See the local-models guide for safe setup."]:::safe G1 -->|"Yes: it goes to a third-party tool"| G2{"Is the AI doing substantive tax analysis? (applying law to the client's facts)"} G2 -->|"Yes: substantive"| CON{"Valid §7216 written consent on file?"} G2 -->|"No: ministerial / auxiliary (OCR, summarize, organize, draft)"| G3{"U.S. vendor, no offshore access, under a confidentiality agreement / DPA?"} G3 -->|"Yes"| AUX["Auxiliary-service exception may apply (§301.7216-2(d)). May proceed without separate §7216 consent. WISP and confidentiality duties still apply."]:::safe G3 -->|"No: offshore, or no agreement"| CON CON -->|"Yes"| OK["May proceed. Rev. Proc. 2013-14 consent on file; separate use and disclosure documents."]:::safe CON -->|"No"| STOP["Stop. Get consent first, or anonymize the facts, or keep it U.S.-only and non-substantive. No client data in the tool until then."]:::stop classDef start fill:#1f5a6b,stroke:#16414e,color:#ffffff; classDef safe fill:#eafaf0,stroke:#1f7a44,color:#14141b; classDef stop fill:#b3247a,stroke:#8a1a5e,color:#ffffff;

How to read it: teal is where you start, the lavender diamonds are decision points, green is a permitted path, and magenta means stop until you act. Each branch is explained and cited in the components below. Note that the DPA/confidentiality check and the §7216 consent check are separate layers: a confidentiality agreement/DPA addresses your AICPA confidentiality and FTC Safeguards duties, while a §301.7216-2 exception or written consent is what §7216 itself requires. A missing DPA is a confidentiality problem to fix, not by itself a §7216 criminal exposure.

Verification record (what was pulled and confirmed)

Source	Used for	Verified
26 CFR §301.7216-1	Definitions: preparer, TRI, use, disclosure	✅ quoted below
26 CFR §301.7216-2	Permissible uses/disclosures without consent; paragraph (a)–(o) structure	✅ quoted below
26 CFR §301.7216-3	Consent mechanics	✅ quoted below
Rev. Proc. 2013-14 (PDF unparseable; confirmed via JofA + IRS §7216 center)	Mandatory consent language	✅ language confirmed; ⚠️ confirm §5.04 wording verbatim against the IRS PDF before adopting
26 U.S.C. §7216 · §6713	Penalty 2×2 + §6713 strict liability + $100k attribution	✅ primary text pulled, see Component 2 + Regulatory Foundation
AICPA ET §1.150.040 (notify) / §1.300.040 (supervise) / §1.700.040 (protect)	Parallel third-party-provider rules; clerical carve-out (Component 4)	✅ all three numbers + substance corroborated multi-source (JofA AICPA-authored quotes §1.700.040 verbatim; Tax Adviser; CPA Journal); AICPA PDF not machine-readable, confirm verbatim before client-facing use
AICPA SSTS §1.4.2 / §1.4.8	AI expressly a "tool"; tools don't supplant judgment	✅ corroborated (Tax Adviser); confirm exact wording vs. published SSTS
Circular 230 §10.22 · §10.35 · §10.37	Reviewer-of-record / reliance presumption (cross-ref)	✅ primary text pulled

Component 1, The gate: is it "Tax Return Information" (TRI)?

[VERIFIED] §301.7216-1 definition of tax return information:

"Any information, including, but not limited to, a taxpayer's name, address, or identifying number, which is furnished in any form or manner for, or in connection with, the preparation of a tax return of the taxpayer." It also includes information the preparer "derives or generates" from that information, and statistical compilations of it.

Three things to absorb:

It's broad, and the "but-for" test sets the edge. Not just SSNs and names, any information furnished in connection with preparing the return, including amounts, documents, and facts. [VERIFIED] Information counts as furnished "in connection with" preparation if the taxpayer "would not have furnished it but for" the intended or actual engagement. So the test isn't "is it sensitive?", it's "would I have this but for preparing their return?" If yes, it's TRI.
Derived data counts. A schedule, a calculation, a summary you generate from the return data is still TRI. This is why "I only pasted my own notes, not the client's W-2" usually fails.
It is the gate. If no TRI enters the tool at all, §7216 is not implicated, full stop. This is the single most important lever for AI use (see Use-Case 5 and 6 below).

[VERIFIED] tax return preparer is broad too, anyone "engaged in the business of preparing or assisting in preparing tax returns" or auxiliary services. This matters because it's how a vendor (or its AI) can itself become a preparer subject to §7216 (Component 3).

Component 2, The two regulated acts: "use" and "disclosure"

[VERIFIED] Use (§301.7216-1):

"Any circumstance in which a tax return preparer refers to, or relies upon, tax return information as the basis to take or permit an action."

[VERIFIED] Disclosure (§301.7216-1):

"The act of making tax return information known to any person in any manner whatever."

The operative consequences:

Putting client TRI into a third-party AI tool is a disclosure to that vendor, [INFERENCE], but a strong one: "making TRI known to any person in any manner whatever" plainly reaches transmitting it to a SaaS vendor that can access it. (The IRS OPR webinar treats uploading client info into AI tools as a disclosure, see REGULATORY-FOUNDATION.)
A fully self-hosted/in-firm model that no outside party can access is arguably not a disclosure at all, it's an internal use by firm personnel. [INFERENCE] This is why local/self-hosted setups sit in the cleanest lane.
"Use" is separate from "disclosure" and is regulated independently, which is why the consent rules require separate documents for each (Component 5), and why a vendor that trains on your data creates a distinct "use" problem even if the disclosure to it was permissible.

Why an accidental paste still matters [VERIFIED]: the criminal charge (§7216) needs "knowingly or recklessly," but the civil penalty (§6713) has no mental-state requirement, $250 per disclosure/use, up to $10,000/yr ($1,000/$50,000 in identity-theft cases; the $100,000 figure is the §7216 criminal fine, not §6713). So a staffer dropping a client W-2 into a consumer chatbot by habit can trigger civil exposure with no intent at all. This is the strongest practical argument for a default-deny tool policy, not just training.

[VERIFIED] Full paragraph structure (the exceptions), in order:

¶	Topic
(a)	Disclosure pursuant to other provisions of the IRC
(b)	Disclosures to the IRS
(c)	Disclosures or uses for preparation of a taxpayer's return ← within-firm
(d)	Disclosures to other tax return preparers ← preparer-to-preparer, contractors, auxiliary
(e)	Related taxpayers
(f)	Court/administrative order, subpoena, summons
(g)	Securing legal advice, Treasury investigations, court proceedings
(h)	Certain disclosures by attorneys and accountants
(i)	Corporate fiduciaries
(j)	Disclosure to taxpayer's fiduciary
(k)	State/local return prep or audit; foreign-country tax obligations
(l)	Payment for tax preparation services
(m)	Retention of records
(n)	Lists for solicitation of tax return preparation business
(o)	Producing statistical information

The three paragraphs that do the work for AI:

(c), Within-firm, for preparing this taxpayer's return

[VERIFIED] Officers/employees/members of the same preparer, located in the United States, may use/disclose TRI "for the purpose of performing services that assist in the preparation" of the return. Offshore breaks it: if the person is "located outside of the United States... the taxpayer's consent... prior to any disclosure is required."

→ [INFERENCE] A tool used only by U.S. firm staff to prep that client's return (including a self-hosted model) is the strongest no-consent lane, it looks like internal firm use.

(d), To other preparers / contractors / auxiliary services

[VERIFIED] A preparer may disclose to another preparer in the U.S. "for the purpose of preparing or assisting in preparing a tax return... so long as the services provided are not substantive determinations or advice affecting the tax liability." Permitted examples include transferring information to and computing the tax liability "by means of electronic, mechanical, or other form of tax return processing service" and disclosure to an Authorized IRS e-file Provider.

[VERIFIED] Contractors / auxiliary services (§301.7216-2(d)): disclosure to contractors "in connection with the programming, maintenance, repair, testing, or procurement of equipment or software used for purposes of tax return preparation only to the extent necessary." Two critical conditions:

The preparer must ensure those receiving TRI "receive a written notice that informs them of the applicability of sections 6713 and 7216."
"Contractors receiving tax return information... are tax return preparers under section 7216 because they are performing auxiliary services."

→ [INFERENCE] An AI software/processing vendor processing TRI to support prep is analyzable as exactly this kind of auxiliary-service contractor, if U.S.-located, if bound by the written §6713/§7216 notice (in practice, the DPA), and if it is not making substantive determinations. The reg was written for service bureaus and software vendors; applying it to AI SaaS is reasonable but not spelled out. The contractor exception is conditional, not automatic.

(m)/(n)/(o), The preparer's own downstream uses

[VERIFIED] (m) retain and reuse TRI for that client's other returns/exams; (n) build a solicitation list (limited fields; usable only to offer tax-prep services; not transferable except with sale of the business); (o) statistical compilations only if anonymous and not drawn from fewer than ten returns.

→ [INFERENCE] Feeding client TRI into a system that builds cross-client analytics, training data, or a "firm brain" must live inside (o)'s anonymity + 10-return floor, or it's a new, non-permitted use.

Component 4, The crux line: "substantive determination" vs. non-substantive

This is the hinge the whole AI question turns on, and the reg gives an actual definition.

[VERIFIED] (§301.7216-2(d)):

"A substantive determination involves an analysis, interpretation, or application of the law."

The permissible preparer-to-preparer/auxiliary lane is expressly limited to services that are NOT substantive determinations. So the line is:

Non-substantive (fits the exception)	Substantive (falls OUTSIDE it)
Mechanical, clerical, processing, computational, formatting	Analysis, interpretation, or application of the law
"Transfer information and compute the tax liability... by mechanical/electronic processing"	Deciding a filing position, characterizing income, applying a Code section to facts
OCR, data entry, organizing, summarizing source documents	Choosing a deduction treatment, a §199A conclusion, nexus analysis

→ [INFERENCE] This maps cleanly onto AI: an AI doing clerical/processing work on TRI stays inside the auxiliary lane; an AI analyzing, interpreting, or applying tax law to the client's facts is making (or materially feeding) a substantive determination and falls outside the no-consent auxiliary exception. That's the single most useful inference in this document, and it's grounded in the reg's own definition, not invented.

⚠️ Where the line genuinely blurs: expense classification and "summarize and flag issues" sit near the boundary, categorizing a transaction can shade into applying tax characterization rules. Treat borderline cases conservatively (Component 6).

A second source draws the same clerical/substantive line, the AICPA. [VERIFIED, multi-source authoritative; AICPA Code PDF not machine-readable, confirm verbatim before client-facing use] AICPA ET §1.150.040 (the client-notification facet of the third-party-provider rules, codified in parallel at §1.150.040 / §1.300.040 / §1.700.040) requires you to tell the client a third-party provider may be used, except where the provider is used "only for administrative support", naming record storage, software-application hosting, and authorized e-file transmittal. That carve-out is the ethics-side mirror of the §7216 auxiliary lane: a tool doing pure storage/hosting/ e-file mechanics sits in the safe zone; a tool doing analytical work does not. Two independent regimes (Treasury reg + AICPA Code) drawing the line in the same place strengthens the inference that clerical AI is defensible and analytical AI is not.

If a use/disclosure is not covered by a §301.7216-2 exception, you need valid written consent. [VERIFIED] Requirements:

Knowing and voluntary (§301.7216-3(a)(1)).
Before the use/disclosure (§301.7216-3(b)(1)): "A taxpayer must provide written consent before a tax return preparer discloses or uses the taxpayer's tax return information."
Signed and dated by the taxpayer (paper or qualifying electronic).
Separate documents for use vs. disclosure (§301.7216-3(c)(1)): "one written document must authorize the uses and another separate written document must authorize the disclosures."
Specific (§301.7216-3(a)(3), (c)(1)): must identify the intended purpose and the specific recipient, and must specifically and separately identify each use or disclosure where there are several. No blanket/open-ended consent, and no lumping.
Offshore + SSN (§301.7216-3(b)(4)): a U.S. preparer "may not obtain consent to disclose the taxpayer's social security number... to a tax return preparer located outside of the United States", unless an "adequate data protection safeguard" is used per IRS guidance.
Voluntariness trap [VERIFIED]: conditioning your tax-prep services on the client signing the consent generally makes the consent involuntary, and therefore invalid, outside a narrow exception (disclosure to another preparer for prep/auxiliary services). You can't bundle "sign the AI consent or I won't do your return."
Form/content is set by the Secretary via Rev. Proc. 2013-14 (and 2013-19) for Form 1040-series. 1040 vs. non-1040 [VERIFIED]: for 1040-series clients, follow Rev. Proc. 2013-14 closely (mandatory language, separate document, signature/date). For non-1040 taxpayers, the consent may be in any format that satisfies §301.7216-3(a)(3)(i), including an engagement-letter provision. (A generic "we may use AI" engagement-letter line does not satisfy the 1040 rules.)

[VERIFIED, language confirmed; verify §5.04 verbatim] Mandatory statements (1040 series) include, among others:

"Federal law requires this consent form be provided to you."
"You are not required to complete this form to engage our tax return preparation services."
"Unless authorized by law, we cannot disclose your tax return information to third parties for purposes other than the preparation and filing of your tax return without your consent."
"If you consent to the disclosure of your tax return information, Federal law may not protect your tax return information from further use or distribution."
A TIGTA contact statement (1-800-366-4484 / complaints@tigta.treas.gov).

Use the project's §7216 consent template and confirm wording against the live Rev. Proc.

The decision tree (apply in order)

GATE 1, Is any TRI entering the tool (incl. derived data)?
   NO  → §7216 not implicated. Proceed. (Still verify any tax-law output, GUARDRAILS Rule 3.)
   YES → continue.

GATE 2, Is it a disclosure (third-party tool can access it) or only internal use
        (fully self-hosted, U.S. firm staff only)?
   Internal use only → §301.7216-2(c) lane; no consent for preparing this client's return.
   Disclosure to a vendor → continue.

GATE 3, Does the use fit a §301.7216-2 exception?
        Specifically (d): U.S.-located, contract/notice-bound auxiliary/processing vendor,
        doing NON-substantive work (no analysis/interpretation/application of law)?
   YES → permissible without separate §7216 consent. (Still owe FTC Safeguards/WISP +
         AICPA Confidentiality Rule, see below.)
   NO  → continue.

GATE 4, Outside every exception (substantive determination, offshore access, vendor
        trains on/reuses data, cross-client use beyond §o anonymity).
   → Get valid written §7216 consent (Rev. Proc. 2013-14), or DON'T put TRI in, anonymize.

Always-on, even when no §7216 consent is required (these are separate obligations, see REGULATORY-FOUNDATION): FTC Safeguards Rule/WISP vendor vetting + DPA + encryption; AICPA Confidentiality Rule (ET §1.700.001) consent-or-confidentiality-agreement; for a GA CPA, Rule 20-12-.11. And you are always the reviewer of record (SSTS §1.4).

AI use-case classification (the payoff)

Posture key: 🟢 generally no separate §7216 consent · 🟡 fact-dependent / conservative review · 🔴 consent-or-don't. All postures assume a firm-approved, U.S., contract-bound, no-training tool; a consumer/public account flips most 🟢→🔴 because the disclosure isn't defensible.

AI use case	TRI?	Substantive?	Posture	Basis / reasoning
Generic tax research, no client facts	No	,	🟢	Gate 1: no TRI → §7216 not implicated. `[VERIFIED]` Still verify cites.
Proofreading a non-client-specific email/template	No	No	🟢	Gate 1. (OPR webinar: harmless proofreading ≠ disclosure.)
OCR / data extraction from client source docs	Yes	No	🟢 `[INFERENCE]`	§(d) "mechanical/electronic processing"; auxiliary, non-substantive.
Summarizing source documents for this return	Yes	No	🟢 `[INFERENCE]`	Auxiliary/clerical support for prep; not analysis of law.
Classifying / categorizing expenses	Yes	Borderline	🟡 `[INFERENCE]`	Mostly mechanical, but categorization can shade into tax characterization. Conservative review.
Drafting a client email that contains the client's TRI	Yes	No	🟡 `[INFERENCE]`	Drafting is non-substantive, but it's a disclosure to the vendor, needs the §(d) lane (approved tool); generic draft w/o TRI = 🟢.
Substantive position analysis (apply Code/regs to client facts: §199A, deduction treatment, nexus, characterization)	Yes	Yes	🔴 `[INFERENCE, strong]`	§(d) lane excludes "substantive determinations... analysis, interpretation, or application of the law." Outside the exception → consent or anonymize.
Offshore / non-U.S. access to TRI (incl. foreign remote access to U.S. server)	Yes	any	🔴 `[VERIFIED]`	§(c)/§(d) require U.S. location; offshore disclosure needs consent; SSN can't be consented offshore absent adequate-safeguard rule.
Vendor trains on / reuses / shares your prompts & data	Yes	any	🔴 `[INFERENCE, strong]`	Becomes a separate "use" beyond preparing this taxpayer's return; outside auxiliary exception → consent or prohibit.
Building a cross-client "firm brain" / analytics from TRI	Yes	any	🔴/🟡 `[INFERENCE]`	Must fit §(o) statistical-compilation limits (anonymous, ≥10 returns) or it's a new non-permitted use.
Fully self-hosted model, U.S. staff only, this client's return	Yes	even substantive	🟢 `[INFERENCE]`	Arguably internal use, not third-party disclosure, §(c) lane. Cross-client training still raises a separate "use" issue.

Devil's advocate (the weakest links in the above)

"AI vendor = auxiliary-service contractor" is the load-bearing inference. The reg's contractor language targets "programming, maintenance, repair, testing, or procurement of equipment or software", arguably about building/servicing tax software, not an AI that processes the data itself. A regulator could read the auxiliary exception more narrowly than we do. Mitigant: pair it with the §(c) internal-use framing and the "mechanical/electronic processing service" language, which is squarely on point.
The substantive/non-substantive line is fuzzier in practice than on paper. A "summary" that flags deduction opportunities has begun to apply the law. When AI output influences a position, assume it's closer to substantive.
"Disclosure" on transmission may be unavoidable even with ZDR. Zero-retention limits the vendor's use, but the disclosure arguably completes the instant TRI is transmitted, so ZDR strengthens defensibility without removing the need for an exception basis (REGULATORY-FOUNDATION).
No IRS guidance squarely applies these paragraphs to generative AI. The cleanest authority is the OPR webinar treating public-AI uploads as disclosures, directional, not a reg. Treat the green cells as defensible, not blessed.

Bottom line

The framework reduces to four questions, in order: (1) Is TRI going in? (2) Is it a disclosure or internal use? (3) Does a §301.7216-2 exception fit, U.S., contract-bound, non-substantive? (4) If not, consent or anonymize. The reg's own definition, "a substantive determination involves an analysis, interpretation, or application of the law", is the line that separates the clerical AI work you can do under the auxiliary exception from the analytical AI work that needs consent (or anonymized facts). Everything past that line is inference, clearly marked, and should be read conservatively until the IRS speaks to AI directly.

Research for practitioner review. The reviewer of record must verify against primary source and sign off. AI is not the source of law; this is not delivered tax advice until a licensed professional adopts it.