Choosing Legal AI Software — A Practical Buyer's Guide

A practical guide to evaluating legal AI tools before you commit. The right questions to ask vendors about data handling, client confidentiality, and professional responsibility.

The Core Concerns with Legal AI

• Data training: Is your input used to train or improve the vendor's model?
• Data residency: Where does your client's data go when processed?
• Third-party access: Does the vendor share data with sub-processors?
• Accuracy and hallucination: Can the AI invent case citations or legal authorities?

Security Evaluation Criteria

• Is client data encrypted in transit and at rest?
• Does the tool process data outside your jurisdiction?
• Is your data used for model training without explicit consent?
• Does the vendor have access to documents processed through the tool?
• Has the vendor published a sub-processor list?

Cloud AI vs. Local AI for Legal Work

Cloud AI: Useful for general research, scheduling, and non-sensitive drafting. Data leaves your network for processing. Vendor has access. Training policies vary.

Local AI: Required for sworn statements, witness evidence, privileged communications, and any document with evidential weight. Data never leaves your device or network. No vendor access. No training risk.

10 Questions to Ask Any Legal AI Vendor

1. Is my input data ever used to train or fine-tune your models?
2. Where is my data processed, and in which jurisdiction?
3. Can your staff or contractors access my documents?
4. Do you use sub-processors? Can you provide a complete list?
5. How do you prevent AI hallucination in legal citations?
6. What happens to my data if I cancel my subscription?
7. Can I run your tool in an air-gapped environment?
8. Have you completed a formal DPIA for legal document processing?
9. Is the tool covered by your professional indemnity insurance?
10. What is your data breach notification process and SLA?