Our Take
The profession spent two decades making document review auditable, then abandoned that rigor for generative AI; the report correctly identifies this as the gap courts will eventually force firms to close.
Why it matters
Three years of AI deployment in law have shifted from capability questions to accountability ones. Clients and regulators are demanding proof—not accuracy, but documented methodology—and firms without cross-system governance pipelines cannot yet provide it.
Do this week
General counsel: audit your firm's AI orchestration layer (the pipeline connecting strategy, process, validation, and client acceptance) before your next client AI questionnaire arrives, so you can answer without revealing gaps.
The shift from experimentation to accountability
Legal IT Insider published its third annual report on generative AI in legal practice on 16 June. The first two reports were descriptive: they catalogued what was happening as AI entered law firms. This one is prescriptive. After three years of deployment, client pressure, and vendor consolidation, the question has changed from "What can the technology do?" to "What can a firm defend in court, to whom, and on what evidence?"
The report frames AI governance as a four-layer chain: strategy, process, forensic validation, and client acceptance. These are not parallel workstreams. Failure upstream cannot easily be corrected downstream. The core finding is that governance is no longer a brake on the work; it has become the infrastructure that makes the work possible.
The forensic gap is the unfinished business
The profession spent two decades building defensible technology-assisted review (TAR) workflows. Almost none of that rigor crossed into generative AI. The gap is not primarily one of accuracy. It is evidential: an AI output cannot be defended in court unless it came through a documented, validated method—whether or not the output happens to be correct.
The validation problem generative AI raises is different in kind from TAR. TAR compared documents against a training set with known parameters. Generative AI synthesizes across shifting context. No court-accepted methodology for validating that synthesis exists yet. That is an open question for the next few years.
Meanwhile, clients are moving faster than regulators. Major corporate buyers now issue AI procurement questionnaires that demand more than the SRA, ABA, or Law Society has published. These questionnaires function as de facto regulation. When client demands contradict each other and a firm has no cross-system enforcement layer, the firm cannot comply with either.
Build the unglamorous layer first
The report identifies five market positions for the orchestration layer that sequences AI tasks, human checkpoints, and system-of-record updates into one auditable pipeline: dedicated middleware, consolidated legal-AI platform, horizontal productivity platform, agentic operating system, and vertical professional-services platform. None yet owns the cross-system enforcement piece.
The precondition almost every firm is deferring is data architecture. It is the part most likely to surface later as the explanation for an expensive forensic failure. Model capability is commoditising. Governed workflow is not. Governance lowers the marginal cost of supervised AI deployment and turns into a moat that deepens as the models improve. Without it, capability is a liability.