AI FOR LAW FIRMS

Build An AI-Powered Practice — Without Risking Compliance or your Ethics

Training, consulting, and tools for lawyers who want to use AI safely, profitably, and on their own terms. No hype, no fluff, no jargon.

Featured article

AI and Copyright, Part 2 — The Ross Intelligence Case

Amy Swaner

Jul 2026

Calculating...

TL;DR: The output from AI platforms is important. Guardrails must prevent AI tools from regurgitating copyrighted materials. But a case currently under consideration in the Third Circuit — Thomson Reuters v. Ross — is being fought at the ingestion stage. It’s about a copy made for training. And I expect the Third Circuit’s opinion to reflect that non-infringing outputs won't save a platform if it made copies of copyrighted materials, then used those to train on a competitor's proprietary data to build a head-to-head substitute.

Two years ago I wrote about who is actually on the hook when copyrighted work gets pulled into an AI model. I walked through the service providers, the users, and the model creators, and I closed by flagging one case that did not fit the comfortable pattern. I promised to revisit that case. Here is the promise I made in Part 1:

“[T]he recent case of Thomson Reuters Enterprise Centre GMBH v. Ross Intelligence Inc., gives us a glimpse into a situation where one party used copyrighted materials in a more significant way. But we’ll review that case in detail in Part 2 of this Article.”

This is Part 2. Ross has now gone from a Delaware courtroom to the Third Circuit, and is on track to be the first federal appeals argument in the country on whether training an AI system on copyrighted material qualifies as fair use. The Third Circuit heard argument on June 11, 2026 (No. 25-2153). I read the transcript so you don’t have to, and I read trial Judge Bibas’s opinion twice.

The Background

Ross Intelligence built an AI-powered legal research platform meant to compete with Westlaw. To train it, Ross wanted Westlaw’s headnotes. Thomson Reuters said no, because Ross was creating a direct competitor. So Ross went to a vendor, bought roughly 25,000 “bulk memos” created from those headnotes, and trained on them. In Thomson Reuters Enterprise Centre GmbH v. Ross Intelligence Inc., No. 1:20-cv-613-SB, 2025 WL 458520 (D. Del. Feb. 11, 2025), Judge Stephanos Bibas held the headnotes original and protectable, found direct infringement on 2,243 of them, leaving other headnotes and questions of copyright validity for a jury, and rejected Ross’s fair use defense. He decided Factors One (purpose and character of the use—was it transformative?) and Four (effect on the market) for Thomson Reuters and Factors Two (nature of the copyrighted work) and Three (the amount and substantiality of the portion used) for Ross, then certified the question for the interlocutory appeal now in front of the Third Circuit.

Note that this is an AI decision, but not a generative AI decision. Ross is not a chatbot. It does not write your brief or hallucinate a case citation for you. A lawyer asks a question in plain language and the tool returns quotes from real judicial opinions. As Ross’s counsel put it at argument, “[t]here’s no [Westlaw] headnotes in what we teach the public… [i]t’s just quotes from the judicial opinion.” That fact is at the heart of this decision.

Where Part 1 Holds Its Ground

In Part 1 I drew a line between mainstream, guard-railed, generative models on one side and copying that does real competitive damage on the other. That is exactly the line the Third Circuit spent the time arguing about.

Both advocates agreed on the boundary, which almost never happens. Ross’s lawyer told the Third Circuit panel, “you cannot just say AI.” Thomson Reuters’ lawyer, Dale Cendali, made the same point from the other direction, warning the court that “[y]ou can’t just say AI and have that just be across all fact patterns.” Judge Montgomery-Reeves pinned it down with Ross directly.

JUDGE MONTGOMERY-REEVES: … [Y]ours is not generative AI, right?

MR. DAVIES: It’s not generative AI, Your Honor…

A tool that copies a competitor’s editorial work to build a substitute for that same competitor is in a completely different category from a generative model trained on a vast and varied corpus. Judge Bove framed the stakes in plain terms near the end of the oral argument, calling the case one “about balancing what we have and where are the red lines.” The line is substitution, and Ross stepped over it. Bibas drew the same line in his district court opinion, pausing to clarify that “only non-generative AI is before me today.” In other words, he went out of his way to keep Gen AI out of this holding.

Where Part 1 Needs Sharpening

Bibas revised his own 2023 opinion in this very case, and he opened with a line I loved, that “[a] smart man knows when he is right; a wise man knows when he is wrong.”

In Part 1 I emphasized the idea that a copyright violation requires a “publication,” and I argued that feeding material into a model is not a publication because the information will not come out of the LLM in an exact replication, so there is no infringement in putting copyrighted material into an LLM. That framing may have been too generous to the model builders. Infringement turns on the exclusive rights in Section 106 of the Copyright Act, and the reproduction right under Section 106(1) stands on its own. According to District Court Judge Bibas, the copies made to assemble and ingest the training set are themselves the infringing acts. Distribution is a separate right, and you do not need it for liability to attach.

Look at how Ross actually lost. Ross never showed a copyrighted Westlaw headnote to a user; that would have clearly been publication and distribution. Instead the Ross search results were quotes from ‘non-copyright-able’ judicial opinions, and that clean output actually gained the Third fair-use Factor—the amount and substantiality of the portion used—for Ross, because Ross made no headnote “accessible to a public for which it may serve as a competing substitute.” But Ross lost anyway. The court found that the infringing copies were in the training data. LegalEase built roughly 25,000 bulk memos out of Westlaw headnotes, Ross trained on nearly all of them, and Bibas found actual copying and substantial similarity on 2,243 headnotes. Clean output did not cure the fact that a copy was made to put into the model.

Two corrections follow for anyone familiar with my earlier framework. First, as to copying, copyright infringement is largely a strict liability tort. I described creator liability as something that turns on a reckless or intentional state of mind, e.g. the builder who knowingly lets protected work leak back out. In fairness to my earlier statement, there’s an active academic debate about whether the overall structure including fair use and secondary liability is truly strict liability, but I should have qualified it. What matters here is that Ross had no such intent on the output side, and it did not matter. Ross argued innocent infringement to mitigate statutory damages; the court rejected that argument based on the presence of copyright notices.

Secondly, Part 1 cited Authors Guild v. Google, Inc., 954 F. Supp. 2d 282 (S.D.N.Y. 2013), and credited the holding to the Second Circuit. That reporter cite is the district court. The Second Circuit’s affirmance, the one Bibas himself relies on, is Authors Guild v. Google, Inc., 804 F.3d 202 (2d Cir. 2015). And that court’s reasoning helped Ross, especially in regard to the Third Factor, because Ross put no headnotes in front of the public. What beat Ross was Factor One and Factor Four, purpose and market effect.

Training vs. Copying

Key to AI and copyright protections is the knowing the difference between copying and training. Training is a purpose; copying is an act. The threshold question in copyright infringement —did you reproduce protected expression?—does not turn on purpose. Section 106(1) is strict liability, and making the copy is the violation. Purpose re-enters one step later, when one tries to use a fair use defense.

The first question is was protected expression reproduced at all? If a system ingests only facts or ideas, Section 102(b) and Feist Publications, Inc. v. Rural Telephone Service Co., 499 U.S. 340 (1991), say there is nothing to infringe. Second, if a copy was made, was it licensed or excused by fair use?

Was A Reproduction Made?

In considering whether a copy was made, it helps to separate the copies a copyright claim might target. Start with the original work; the book, article, magazine, image or piece of art. If a copy of it is made for ingestion by an AI model, as it was in Ross, that is the first copy. The second copy is the information residing in the model itself; whatever information is embedded in the model’s trained weights. Technically, those weights are a compressed, parametric representation of the training data, not literal page‑by‑page copies. Whether they qualify as a ‘copy’ for copyright purposes is contested. Some scholars argue they should be treated as compressed reproductions, others disagree.

An LLM does not store a clean copy of every work it learned from, and it usually cannot reproduce them verbatim—with the possibility of heavily duplicated works. Which leads us to the third copy; the output the tool hands back to a user. Guardrails and refinements in newer models make verbatim extraction much harder, and the best-defended systems resist it well. But even with all of that, verbatim output is still not impossible—the memorized text remains in the weights, and guardrails only filter what surfaces. As recently as 2026, researchers pulled large portions of copyrighted books—well over 70% of a single title from several production models, some without any jailbreak. Only one consumer model resisted almost entirely. Which helps the New York Times since that is the theory they maintain against OpenAI.

Think of it this way. A lawyer can read Westlaw, internalize it, and write their own original headnotes -- no liability. A lawyer can learn from a book without infringing, but the infringement occurs if the lawyer photocopies the book to learn from it without a license or fair use, even if they discard the infringing photocopy afterward.

Was There a Justification for Making a Copy?

Ross’s argument was that it copied Westlaw’s materials only to reach the underlying, un-copyrightable law. That is the intermediate-copying rationale it used in trying to shelter that copying under the software reverse-engineering cases, where courts treated intermediate copying of computer code as fair use. Bibas called those cases “inapt.” They are about programs that “serve functional purposes,” and in each one the copying “was necessary” to reach unprotected functional elements. Sega Enterprises Ltd. v. Accolade, Inc., 977 F.2d 1510 (9th Cir. 1992); Sony Computer Entertainment, Inc. v. Connectix Corp., 203 F.3d 596 (9th Cir. 2000); Google LLC v. Oracle America, Inc., 593 U.S. 1 (2021).

Headnotes are not code, and as Bibas put it, “[t]here is nothing that Thomson Reuters created that Ross could not have created for itself or hired LegalEase to create for it without infringing.” In other words, copying does not earn a pass just because it happens during training. Headnotes are protected editorial expression, not functional code where copying is technologically necessary to reach unprotected elements.

A Market for the Data

The most consequential part of the ruling is what Bibas did with Factor Four. He recognized a market for AI training data itself, and he held that harm to that market counts, writing that “it does not matter whether Thomson Reuters has used the data to train its own legal search tools; the effect on a potential market for AI training data is enough.” He reached that market as a potential derivative one, the kind “creators of original works would in general develop or license others to develop.” Ross did not put forward enough evidence to show the market was not there.

This actually vindicates the economic point I made at the end of Part 1, that the authors’ real grievance is about a licensing market. Creators deserve to be rewarded for the content they create — that is the whole point of copyright law. The backup theory of unjust enrichment I suggested in Part 1 is perhaps the long way around, but I think it still holds legal weight.

The Generative AI Cases

While Ross was in process on its way to a decision in the Third Circuit, two California judges handed AI developers real wins, and those cases are instructive. They are discussed in greater detail in a separate article, but following is a short consideration to show how Gen AI must be considered differently than non-generative AI.

In Bartz v. Anthropic, PBC, No. 3:24-cv-05417 (N.D. Cal. June 23, 2025), Judge Alsup called training on lawfully acquired books “exceedingly transformative” and held it to be fair use, while ruling that downloading and warehousing millions of pirated books in a permanent library was not. In Bartz the infringing conduct was not the training itself but the downloading and warehousing of pirated books; training on lawfully acquired copies was fair use, so provenance was the catchpoint. In Kadrey v. Meta Platforms, Inc., No. 23-cv-03417-VC (N.D. Cal. June 25, 2025), Judge Chhabria handed Meta a fair use win on training, then went out of his way to say the plaintiff authors lost because they failed to develop a market-dilution argument, not because the law was on Meta’s side. He all but invited the next set of plaintiffs to make that argument.

Read the three together and what we learn is that generative training on a broad, lawfully obtained corpus has a strong transformativeness. Copying to build a head-to-head substitute does not. Provenance matters—hello data governance--because pirated inputs (copyright infringements) sank part of Anthropic’s defense. Market harm matters most of all, as noted by Chhabria.

The Substitution Line, and a Forecast

Put Ross, Bartz, and Kadrey on a continuum. On one end sits transformative use: generative training on a broad, lawfully acquired corpus, which Alsup called “exceedingly transformative.” On the other sits substitution: copying a competitor’s editorial work to build a head-to-head replacement for that same competitor, which is what sank Ross. Transformativeness (Factor One) and market harm (Factor Four) are not two questions, but one question asked in a different way, in practicality if not in court practice. The more a use substitutes, the less it transforms, and a substitution strains the market the original owner was going for. In other words, the more of one, the less of the other; they sit on a sliding scale rather than in separate boxes.

Here is my forecast, offered only as a prediction. I expect the Third Circuit to affirm on liability, and to do it narrowly. The panel worked hard at argument to fence generative AI out of the holding—Montgomery-Reeves pinned Ross’s counsel down that this “is not generative AI,” and Bove described the case as one about “where are the red lines.” A court that careful to box in its ruling is one I’m expecting to be a court preparing to rule against the copier while leaving the generative question for another day and another set of facts. If I am right, the opinion affirms on Factors One and Four, blesses a licensing market for training data, and expressly reserves the generative-AI question—handing the next set of plaintiffs--the Bartz and Kadrey authors--the market-dilution theory Chhabria all but invited.

If the Third Circuit affirms, this becomes the first appellate ruling squarely on AI training and fair use. And I feel the need to remind readers that these are not new principles created for a new technology. Current principles being applied to new technology is sufficient. Fair use has always asked about purpose and market. The courts are just applying that to machine training and output now.

The Bottom Line

This case is different than other AI copyright cases. Ross had clean output and still lost because it trained a competing product on the competitor’s own copyrighted work, and because it did not need that copyrighted material work to build its own product. Common sense. Data provenance and licensing are governance question now. If ignored they can become litigation questions later. If a licensing market for training data is real—and I believe that’s where we’re headed—then “we only trained on it” will keep losing in court. All of which brings me back to my catchphrase of the year, “Data governance is everything when it comes to AI.”

I will write a short follow-up when the Third Circuit rules. Until then, watch Factor Four.


© 2026 Amy Swaner. All Rights Reserved. May use with attribution and link to article.

The first federal appellate argument on AI training and fair use, and how it sharpens the framework I laid out two years ago

AI Resource

Quick Reference: Risk Mitigation Checklist for AI Notetaker & Transcription Bots

AI in Legal Practice

Jan 2026

Use this one page checklist to minimize risks for you and your clients when considering AI Notetaker and Transcription Bots.

This easy reference covers bots in meetings, and vendor selection.

Share directly with your clients.

Featured article

What the Musk?

Amy Swaner

May 2026

Calculating...

The Trial Started April 27, 2026

Elon Musk sued Sam Altman and OpenAI for actions that go back to the humble, non-profit beginnings of OpenAI. The filings contain some interesting, flashy gossip on the surface. But beneath the flashy gossip is a serious lesson.

The trial that started this week in Oakland is a vivid illustration of what happens when sophisticated organizations keep everything. Exhibits range from merely embarrassing to damaging — Greg Brockman’s 2017 personal journal, Elon Musk’s 2016 email calling Jeff Bezos “a bit of a tool,” internal communications about how to “control the narrative” around an investigation. These are all in the case for one reason-- nobody disposed of them.

Let's be honest. Law firms keep more, for longer, with less discipline than the Musk v. Altman defendants. Call it the “Just In Case” Rule of document retention and data governance. If your firm subscribes to that, this article shows you why you should rethink that.

What The Discovery Has Actually Produced

Hundreds of unsealed filings in Musk v. Altman have pried open the internal information practices of OpenAI, Microsoft, Meta, and Tesla. The court’s January 15, 2026 summary judgment order (docket; SJ order, 1/15/26) quotes directly from a September 2017 Brockman journal entry:

“This is the only chance we have to get out from Elon. … Financially, what will take me to $1B?”

An unsealed February 3, 2025 text exchange shows Mark Zuckerberg telling Musk that Meta’s teams were,

“on alert to take down content doxxing or threatening the people on your team” working on DOGE."

Internal OpenAI communications from March 2024 show then-communications chief of OpenAI, Hannah Wong, describing efforts to “control the narrative” around the WilmerHale investigation summary.

None of these were created as corporate records. Yet they are now central exhibits — preserved, accessible, and produced because they were relevant under Federal Rule of Civil Procedure 26 and within the corporation’s possession, custody, or control under Rule 34, That is the lesson. Discovery turns on relevance and on whether the producing party had the legal right or practical ability to obtain the material. Courts apply that test functionally. In re NTL, Inc. Securities Litigation, 244 F.R.D. 179 (S.D.N.Y. 2007). Where the corporation does not have control, Rule 45 third-party subpoenas reach the rest.

No governance lever makes existing relevant material vanish once litigation is reasonably anticipated. There is one lever that genuinely reduces what exists to be discovered, and it operates entirely before any preservation duty attaches--defensible disposition under a written retention schedule. Yep, part of one of my favorite topics: Data Governance.

Why This Is A Law Firm Problem

The instinct in most firms is to keep everything. Closed matter files, drafts, internal memos, deposition prep, conflict-check workpapers, engagement letters, billing narratives, KM databases, marketing CRMs — and now AI-tool outputs. Copilot drafts, transcription archives, redline histories, intake-bot logs. The rationales for keeping all of it are familiar: malpractice tail risk, future citation, fee disputes, the possibility a former client will ask for something. None justifies indefinite retention. Most justify defined retention with documented disposition at the end of it.

Three reasons the law firm exposure is worse than the Musk v. Altman defendants’:

Volume and surface area. Firms hold work product, strategic thinking, candid attorney communications, and client confidences for hundreds or thousands of matters at once. Each matter is its own discovery and breach surface.

Confidentiality runs indefinitely. ABA Model Rule 1.6 applies to client information after the representation ends, with no expiration. Indefinite retention extends the duration of that confidentiality risk. Every additional year a closed file sits on a server is another year it can be breached or subpoenaed.

Breach risk is asymmetric. When a tech company is breached, its own information is exposed. When a law firm is breached, the privileged information of dozens or hundreds of unrelated clients is exposed simultaneously. The ABA’s 2024 Cybersecurity TechReport and the steady cadence of firm ransomware incidents (Mossack Fonseca, the 2023 Orrick breach affecting hundreds of thousands of clients, the 2024 Houser LLP incident) drive the point home.

What the Rules Actually Permit

Ostensibly law firms cling to the "Just in Case" Rule mainly in fear of spoliation. We can all agree, however, that routine, good-faith disposition under a written schedule, applied consistently before any duty to preserve attaches, is not spoliation. The 2015 amendments to Federal Rule of Civil Procedure 37(e) tightened the spoliation framework. Sanctions for lost ESI now require that the party failed to take reasonable steps to preserve, that the information cannot be restored or replaced, and — for the most severe sanctions — that the party “acted with the intent to deprive another party of the information’s use in the litigation.” Negligence and even gross negligence will not support an adverse inference. Applebaum v. Target Corp., 831 F.3d 740, 745 (6th Cir. 2016). Conformance in good faith to a valid retention policy, before any duty to preserve arises, does not itself demonstrate the requisite intent to obstruct or deprive. Arthur Andersen LLP v. United States, 544 U.S. 696 (2005).

The Sedona Conference Commentary on Legal Holds and Commentary on Information Governance treat consistent disposition under a written schedule as the foundation of defensible practice. That’s beautiful framing – the foundation of a defensible practice. The duty to preserve attaches when litigation is reasonably anticipated, and the schedule must be suspended at that point — but disposition that occurred before that point is protected. The professional rules are aligned, not in tension. I highly recommend reading the Sedona Commentary if you're hanging on to files "just in case."

ABA Formal Op. 471 (2015) addresses what lawyers owe clients on termination of representation, surveys the split between the entire-file and end-product approaches, and confirms that lawyers are not required to retain every file indefinitely. The Federal Civil Rules and the Professional Rules of Conduct all permit defensible disposition. The “just in case” instinct is a malpractice-aversion habit that can actually be turned against you if you let it supercede good data governance.

What a Defensible Schedule Looks Like — Pick Your Model

Most firms cannot realistically tag every document inside a matter file by sub-category and apply category-specific disposition. A schedule that requires that level of operational sophistication is one most firms will not actually follow. Two simpler models are defensible and implementable; pick the one that fits your needs and infrastructure.

Model 1 — Matter-level Disposition

The entire matter file is treated as a single bucket and disposed of on one schedule triggered by matter close, with a small number of carve-outs handled separately. This is the simpler model and works for solo, small-firm, and many mid-sized practices that do not have document-level tagging in their DMS.

Matter file (all working materials, drafts, correspondence, end-product, internal memos): Retain for the period set by the longest-required category that applies to the matter — typically seven to ten years from matter close for general civil and transactional work, longer for trusts and estates, longer where statute-of-repose or active malpractice exposure requires.

Trust account records (separate): Retain for the period your jurisdiction requires — five years under ABA Model Rule 1.15(a). Check your jurisdiction specifically.

Original client documents (separate): Wills, deeds, executed instruments, and other originals returned to the client at matter close. Get into the habit of returning originals promptly whenever possible. Otherwise, you must babysit them, which comes with a resource drag.

Email (separate, system-level): Three-year default retention on routine business email, with matter-relevant emails captured into the matter file at matter close.

Marketing and CRM (separate): Three years from last contact.

Model 2 — Two-tier Disposition

The matter file is split into two tiers, each with its own disposition schedule. This is the realistic outer limit of category-specific disposition for firms without sophisticated data governance infrastructure.

  • End-product file (final pleadings, executed contracts, recorded instruments, opinion letters, closing binders): Retain for 7 - 10 years from matter close, or longer where the practice area requires; returned to the client at close where the entire-file approach applies.

  • Working file (drafts, internal memos, attorney work product, correspondence, research, deposition prep, billing detail): Retain for 3 - 5 years from matter close, with carve-outs for matters under active or threatened malpractice claim, ongoing investigation, or open ethics issue.

  • Trust account records (separate): As above — 5 years under Model Rule 1.15(a).

  • Email (separate): Three-year default; matter-relevant communications migrated into the working file or end-product file based on substance. •

  • Marketing, CRM, and AI-tool outputs (separate): As below.

Both models — the AI category AI-generated artifacts (copilot drafts, transcription archives, redline histories, intake-bot logs) are records subject to the same retention discipline as their human-authored equivalents, but live mostly outside the matter management system.

Maintain an inventory of AI tools in use, push vendor retention defaults into counsel’s hands (“indefinite” and “use for training” are the common defaults and both are unacceptable), and build AI accounts into legal-hold tooling.

Whichever model you pick, the schedule must be written, applied consistently, suspended on hold triggers, and audited. Selective enforcement — applied to associates but waived for the managing partner — is the signature failure mode.

When the Clock Starts

If agentic AI has taught me anything it’s that a schedule is only as good as its trigger. “Seven years from matter close” means nothing if “matter close” is undefined and as nebulous as morning fog. What that comes down to is pinning down in writing. Perhaps that sounds like an oversimplification, but here's why it's not. It shows a stable, consistent, measurable rule. You need that if you are going to defend a disposition decision years later.

  1. Define "Matter Close" as a Specific Event. "Matter close" cannot be an instinct if it is to stand up to scrutiny. A workable definition combines final invoice issued and paid (or written off), closing letter sent to the client, file marked closed in the practice management system, and any retained originals returned. Always document the event with a date.

  2. Trust Account Records run from termination of the representation, not matter close. ABA Model Rule 1.15(a) (many states have a similar rule) runs from termination. Usually the same date as matter close, but not always. Calendar these separately if needed.

  3. Statutes of Limitation and Repose Run on Separate Clocks. A schedule that disposes of a matter file before the malpractice statute of repose has run is a problem. Build a practice-area lookup into the schedule and trigger disposition at the later of the schedule or the applicable repose period, whichever is longer. Once you close the matter, run both clocks in parallel: the schedule cadence (eg, seven years from matter close) and the repose period, which usually predates close (eg, five years from the act). You dispose of the file when the later of the two has run.

Best Practices

I love data governance, and if you have a hammer, well, everything is a nail. But objectively, a lot of this is just good ‘ole data governance and data hygiene.

  1. Inventory what you retain and where it lives — including personal devices, AI tools, and vendor systems. You cannot govern what you cannot see.

  2. Apply the schedule consistently across the firm, including to founders and named partners. Selective enforcement defeats the doctrine and raises your liability.

  3. Suspend the schedule on legal hold and confirm holds reach AI accounts and personal devices. A schedule that doesn't pause for litigation is not a defensible schedule.

  4. Implement a written communications policy that addresses the use of personal devices and ephemeral messaging, including for senior lawyers.

  5. Review vendor retention and AI-training defaults before procurement. Indefinite retention and "use for training" defaults are common, but unacceptable. These are legal issues that shouldn't be left to the IT department.

  6. Document disposition, holds, and policy updates. Undocumented practice is indefensible practice.

  7. Calendar an annual review to address new tools, new practice areas, and new authorities. Boring advice, but it makes a big difference.

Bottom Line

Exponentially reduce the risk of that candid attorney communication by exercising good data governance. The work product, the strategic thinking, the candid attorney communications, and the client confidences sitting on your firm’s servers could turn out to be someone else’s exhibits in a future trial, or someone else’s data breach, someone else’s malpractice case, and someone else’s bar complaint. You’re keeping that file “just in case.” But really, it is unmanaged risk.

Records disposition is not the only factor at work in this case — channel discipline, privilege design, and platform governance also do real work — but it is the most concrete, the most actionable, and the most under-used.

Editorial note: this article is hardly dispositive or in-depth. Consider doing additional research.

Recommended Reading: Sedona Conference Commentary on Legal Holds, and Commentary on Information Governance

© 2026 Amy Swaner. All Rights Reserved.  May use with attribution and link to article.

Musk v. Altman Can Teach Lawyers A Lot About the “Just In Case” Rule of Document Retention

AI Resource

Quick Reference: Risk Mitigation Checklist for AI Notetaker & Transcription Bots

AI in Legal Practice

Jan 2026

Use this one page checklist to minimize risks for you and your clients when considering AI Notetaker and Transcription Bots.

This easy reference covers bots in meetings, and vendor selection.

Share directly with your clients.

Real-World Knowledge

Real-World Knowledge

Steeped in legal and AI expertise, we offer actionable strategies and expert training to help law firms confidently navigate AI's complexities.

Steeped in legal and AI expertise, we offer actionable strategies and expert training to help law firms confidently navigate AI's complexities.

Lawyer to Lawyer

Lawyer to Lawyer

Legal expertise paired with cutting-edge AI strategy to decode compliance, ethics, and complexity — from someone who has practiced.

Legal expertise paired with cutting-edge AI strategy to decode compliance, ethics, and complexity — from someone who has practiced.

Attorney Decides

Attorney Decides

No tool affiliations, no empty theories. Our products and guidance keep the attorney in the decision seat — AI flags, you decide.

No tool affiliations, no empty theories. Our products and guidance keep the attorney in the decision seat — AI flags, you decide.

AI-powered client intake

Engage Gives You Your Time Back.

Let AI do what AI does best, so you can do what you do best. Our flagship product is an AI-powered intake assistant built around the Model Rules. 24/7 client conversations, automatic conflict screening, customized to your practice areas, and white-labeled to your firm.

24/7 Client Intake

Automatic Conflict Checks

White-label to your Firm

From $75 / Attorney / Month

Expert Guidance for your firm

Customized Solutions to Transform your Practice

Our AI consulting services help law firms thrive in the modern legal landscape. Whether you're integrating AI tools into your workflows or building smarter, safer processes, we deliver solutions tailored to your firm.

Engagements typically run 4-12 weeks and start with a one-day AI readiness audit.

AI for Lawyers

A Working Toolkit for AI in Law

Free, lawyer-written resources on the latest AI developments — privilege, confidentiality, vendor due diligence, bar-rule mapping, and the practical questions every firm is now facing. Long-form articles, working templates, and a glossary built for legal professionals.

AI in Legal Practice

Calculating...

TL;DR:

Trump’s June 2, 2026 AI Executive Order is the most carefully drafted of his three AI EOs I’ve written about. It is also the most architecturally significant. It builds a federal channel for pre-release access to the most capable AI models — run by NSA, on a classified benchmark — but disclaims any mandatory authority. The architecture will outlive this administration. Whoever holds the switch next decides whether it stays voluntary. The deeper problem is one I have written about three times now: we keep governing AI by presidential signature rather than by statute. A regime that exists by signature dies by signature. Frontier developers, critical-infrastructure operators, and our allies cannot build durable strategy on rules that vanish with the next election.

This is the third Trump-administration AI executive order I’ve written about. In January 2025, it was Executive Order 14179, “Removing Barriers to American Leadership in Artificial Intelligence,” and I warned DOGE was about to hollow out the National Institute of Standards and Technology (NIST) and the new U.S. AI Safety Institute (AISI). In December 2025, it was Executive Order 14365, “Ensuring a National Policy Framework for Artificial Intelligence,” and I argued that pursuing nationwide uniformity through executive directive — a litigation-and-leverage strategy aimed at states — would create more uncertainty than it cleared. Both critiques still stand.

Article content

On June 2, 2026, Trump signed Promoting Advanced Artificial Intelligence Innovation and Security. The December Order looked outward, at states. This one looks inward — at federal systems — and outward at the small handful of companies building the most capable AI models on the planet.

Why the Better-Drafted Order Worries Me More

To be fair, the June Order is better drafted, better staffed, and aimed at a real problem in a way the December Order was not. It addresses cybersecurity threats from advanced AI by setting up a clearinghouse and CISA directives. The express disclaimer of mandatory licensing in Section 3(c) is a meaningful guardrail. If I were grading executive orders on craft, the June Order would receive a higher grade than December’s.

That makes the concern about it harder to articulate, and easier to overlook. What concerns me is the architecture the Order leaves behind — a classified federal evaluation channel for the most powerful AI models, designed under one administration and inheritable by every administration that follows. And it is the deeper pattern, which has now repeated three times: we keep governing the most consequential technology of our time by presidential signature rather than by statute.

A regime that exists by signature dies by signature. The first Trump AI EO revoked two of Biden’s on Day 1. A successor administration — of either party — can revoke this one with a stroke of the pen, then build something new in its place. Frontier developers, critical-infrastructure operators, and our allies cannot build durable strategy on rules that vanish with the next election. They are doing so anyway, because they have no alternative.

Consider what happens when we rely entirely on this kind of ad hoc, “honor-system” governance. In April 2026, Sullivan & Cromwell apologized to a federal bankruptcy judge for an emergency motion containing roughly forty AI-generated errors — fabricated citations, wrong volume numbers, and quotations attached to cases that did not contain them. The firm acknowledged it had internal AI policies that were not followed.

If one of the most elite firms in the country, operating under written policies and decades of partner experience, can produce a filing like that, the limits of voluntary compliance are clear. Honor systems fail without structural, verified enforcement. The same logic applies at the federal level. Voluntary frameworks built by executive order have the same limits.

Hold that thought as you read what the Order actually does.

What the Order Actually Does

Four things, in plain English:

Hardens Federal Defenses: Hardens federal civilian, the Department of Defense (given the second name by Donald Trump of “Department of War”), and National Security Systems against AI-enabled cyber threats. CISA, NSA, OMB, OPM, Treasury, and DOJ lead, mostly on 30- and 60-day clocks.

Launches a Cybersecurity Clearinghouse: Creates a Treasury-led “AI cybersecurity clearinghouse” to coordinate vulnerability discovery and patching across industry and critical infrastructure — voluntarily.

Establishes a Pre-Release Gate: Creates a classified NSA benchmark for when an AI model becomes a “covered frontier model,” and invites developers of those models — voluntarily — to give the federal government access for up to 30 days before public release.

Prioritizes Criminal Enforcement: Directs DOJ to prioritize criminal enforcement under 18 U.S.C. § 1028, § 1030, and § 1343 against actors who use AI to break into systems or commit fraud.

Subscribe to receive analysis, information, and best practices on AI for lawyers.

The Silent Pivot Away From NIST

To me, the most consequential thing about this Order is something it does not announce. Federal AI policy now runs through the intelligence community rather than the standards community.

In January 2025 I worried that DOGE-driven cuts at NIST and AISI would hollow out the government’s capacity to evaluate frontier AI. The June Order does just that — though not the way I expected. The administration did not need to defund NIST. It simply routed around it.

Under Biden’s Executive Order 14110, NIST’s U.S. AI Safety Institute was the federal interface with frontier developers. Labs signed voluntary agreements to share access for safety evaluation. The framing was open: bias, dual-use risks, civil rights, safety. The methodology was public. NIST’s counterparts at the U.K. AISI and the EU AI Office could coordinate with it.

Trump revoked EO 14110 on his first day back in office. The June Order is the realization of his transition. NIST, once considered the gold standard, is named only as a consultant. National Security Administration (NSA) leads, with Cybersecurity and Infrastructure Security Agency (CISA), the National Cyber Director, and the Department of War a/k/a the Department of Defense. The benchmark is classified. The threshold for what counts as a “covered frontier model” will be set inside the IC — never published, never peer-reviewed.

The rebrand reflects more than rhetoric. It signals a fundamental shift in how the administration views this technology. By passing the core responsibilities from a civilian standards agency like NIST to an intelligence agency and a defense department explicitly focused on warfare, the administration is effectively treating advanced AI less as a commercial platform and more as a national-security asset.

This is part of the fragile architecture of EO’s I’m describing. The AI Security Institute (AISI) was a Biden-era institution built by signature. The June Order sidelines it by signature. Whatever NSA builds in its place will be built by signature. None of these rests on a statute. Likewise, none of these has to survive 2029.

The real costs to the shift, beyond the by-signature problem:

Measuring success will be hard if not impossible. This plan includes a classified benchmark. But a classified benchmark cannot be peer-reviewed, replicated by independent researchers, or used to drive system-wide commercial standards.

The U.S. can’t speak with allies about methods. The U.S. position at the OECD, the G7, the UN, and the Seoul/Bletchley network of AI safety institutes is instantly weaker, because the lead U.S. agency cannot speak publicly about its methods.

Conflict of interest. NSA both develops offensive AI cyber capabilities and now defines what counts as a powerful AI model. That’s a massive concentration of authority for governing a powerful technology, and it desperately deserves congressional oversight.

Voluntary Today, Mandatory Tomorrow?

The most architecturally significant thing the Order does is build a federal channel for pre-release access to the most capable AI models — and then disclaim it.

Section 3(b) tells NSA, Treasury, and CISA to design a voluntary framework: developers can engage the government to determine whether a model qualifies as “covered,” can provide pre-release access for up to 30 days, and can collaborate on selecting trusted early-access partners. (Earlier drafts apparently called for 90 days; the 30 was the compromise that got the Order signed.) Section 3(c) then expressly disclaims any mandatory licensing or preclearance regime.

If you’ve ever drafted a contract that started “For the avoidance of doubt, nothing herein shall…,” you already understand Section 3(c). You don’t disclaim a power you didn’t nearly create.

This is the second piece of that architecture. The Section 3(b) channel will exist whether the next President favors red, blue, or something none of us have heard of yet. Building the channel is the hard part. Flipping the switch from “voluntary” to “mandatory”? That’s easy. The disclaimer in Section 3(c) holds only as long as the Order itself holds — and executive orders do not always hold for long, just as former President Biden.

Note that this is not a partisan observation. It would be equally true if a Democratic president had built this architecture. Once the pipeline exists, the next time a frontier model is implicated in a major cyber incident — or in election interference, or in a critical-infrastructure attack — the political pressure to make participation mandatory will be enormous.

A Frontier Lab’s Dilemma

Consider what happens to a frontier lab — OpenAI, Anthropic, Google DeepMind, xAI, or Meta — preparing a major release in late 2026. Under the Order, the lab is invited (voluntarily) to engage NSA early to determine whether the model qualifies as “covered.” If it does, the lab is invited (voluntarily) to provide 30 days of pre-release access under confidentiality, cybersecurity, insider-risk, and IP terms as yet undefined.

Counsel has to advise on at least:

The Upside: Goodwill with the intelligence community, a public claim of responsible release, and possibly some real technical value if the NSA finds genuine vulnerabilities.

The Downside: 30 days of lost release-cycle time, exposure of pre-release internals to an agency with its own offensive cyber mission, and an institutional precedent that may be cited against the lab later.

The Confidentiality Terms: Stronger protection from public disclosure than a NIST agreement offered, but weaker protection from intra-government use of the lab’s proprietary information.

The Cost of Declining: Officially nothing. But, the lab might be the only one without a public answer when the next congressional hearing asks who is “participating in the President’s voluntary framework.”

These questions will be answered model by model, lab by lab, with very little public visibility. That is the practical effect of a “voluntary” federal regime backed by classified evaluation — and created entirely by signature.

Geopolitical Fallout

In my January 2025 article I flagged that a U.S. retreat from structured AI governance — the Paris AI declaration, the U.K.’s decision to delay its AI rules to align with the U.S. — would fragment international standards and complicate compliance for U.S. companies operating abroad. The June Order deepens that retreat.

The new Digital Omnibus on AI Regulation (successor to the EU AI Act) requires transparency, documentation, and systemic-risk evaluation for general-purpose AI models, through open civilian standard-setting. The U.S. counterpart is now a classified NSA benchmark that by definition cannot be cross-walked to the EU regime in any public way. A U.S. lab participating in the federal voluntary framework gains no portable credit toward EU AI compliance, and an EU regulator cannot independently verify what the U.S. benchmark measures. Our allies are governing AI by legislation. We are governing it by directive.

Best Practices

For lawyers advising clients in the wake of the June Order, best practices depend heavily on who you represent:

For Frontier Developers: If your client could plausibly develop a “covered frontier model,” (first, be thankful for a well-funded client, and then) start negotiating the confidentiality, insider-risk, and IP terms for any voluntary access arrangement. The classified threshold is not public, but the population of likely candidates is small and well-known.

For Critical Infrastructure Operators: If your client runs critical infrastructure — hospitals, community banks, utilities, water systems, or telecom infrastructure — track the forthcoming CISA Binding Operational Directives and the Treasury clearinghouse. Both could change vendor diligence, incident-response obligations, and indemnification posture.

For Multinational Clients: Maintain separate compliance tracks. Assume U.S. and EU AI frameworks will not align in this administration. Do not assume U.S. participation in any voluntary federal framework provides an ounce of credit toward EU AI Act or U.K. obligations.

For General Corporate Compliance: Document everything. Voluntary federal evaluations that produce no public record can still produce private liability — and the next administration may treat “participated” and “did not participate” very differently.

For Litigators: Keep monitoring state AI laws. The December Order’s litigation-and-leverage strategy has not cleared the field. Until Congress acts, state laws remain the most likely source of binding obligations for most clients.


Article content

The Role of Congress

For those of us who write about AI governance, the June Order is the third reminder in eighteen months that the United States still does not have a coherent statutory framework for the most consequential technology of our time — as if any of us needed a reminder. We have a December EO pressuring states. We have a June EO inviting frontier developers into a classified evaluation channel. We have a National Cyber Strategy, an AI Action Plan, the Genesis Mission, an AI export framework, an anti-“woke AI” directive, and a pediatric-cancer-AI directive.

And yet, we still do not have a federal statute.

If lawyers and policymakers want a national AI framework that will outlast the next election, the answer is the one I have written each of the last three times. Congress should debate and enact a durable AI framework. And courts should remain the backstop, not the engine, of AI governance.

The June 2026 EO, well-drafted, well-staffed, narrowly scoped, is still an executive order at the end of the day. It can quickly be undone by the next person who occupies the desk.

© 2026 Amy Swaner. All Rights Reserved. May use with attribution and link to article.

President Trump’s Most Recent AI Executive Order Is More Concerning Than His Last Two

Data Privacy and Ethics

Calculating...

Privacy Problems with Generative AI 

Renown AI and privacy expert Daniel J. Solove recently published a paper discussing Generative AI in regard to privacy concerns. 1 Generative AI, while transformative, presents significant privacy challenges.  Solove identified three specific areas of concern: personal data being used by AI, potentially misleading information created by AI, and AI’s ability to undermine fairness and due process.  His paper made me re-think our approach to AI regulation and privacy laws. 

DATA RECONSTITUTION 

Most people using AI presumably understand that privacy concerns are inextricably linked with AI developments—these concerns are widely discussed, recognized, and written about.  But far fewer people are aware of the subtle ways they may inadvertently share personal identifying information (PII) when using AI tools, even with supposedly 'anonymized' data. One of the primary concerns is AI’s generation of new personal data through inferences. GenAI consumes personal data, but it also produces additional data, and can link several sources of private information, often revealing sensitive details that were not initially evident, or were not evident when they were used individually but together are identifiable.  I call this data reconstitution. So even if you are confident you are not sharing personal details, you might still be inadvertently sharing information that can be “reconstituted” to reveal confidential information.  This blurring of lines between data collection and processing circumvents traditional privacy protections and leaves individuals with little control over the information organizations can infer about them.  Even when consumers and individuals have the opportunity to opt out of data collection, there is no way for us to opt out of data inference. 

FAKES AND DEEP FAKES 

Another vein of privacy concern centers around GenAI’s potential for creating malevolent material. GenAI can generate misleading or harmful content, such as deepfakes or false information, which can be used to deceive and manipulate individuals. This capability exacerbates existing privacy concerns by facilitating the spread of misinformation and enabling malicious activities.  For example, AI can be wrongfully used to skillfully recreate the voice of someone we recognize, spewing out hate speech, or being used for malicious political gains.

To date, there is no comprehensive federal law (or state law for that matter) that provides adequate protection to individuals against such fakes and deep fakes. Moreover, the dynamic and opaque nature of Generative AI algorithms poses significant transparency challenges. Understanding these algorithms requires access to the training data, which is often inaccessible or incomprehensible to the general public. This lack of transparency makes it difficult for regulatory bodies to oversee AI systems, and comparably difficult for individuals to trust AI systems. 

DUE PROCESS AND FAIRNESS 

Finally, Generative AI can undermine due process and fairness. AI-generated decisions often lack meaningful avenues for individuals to challenge them. This can lead to situations where people are subjected to decisions that significantly impact their lives without adequate recourse to seek redress or challenge the accuracy and fairness of those decisions. 

This issue can have profound implications across various sectors, including criminal justice, employment, and finance. For example, in the criminal justice system, AI-powered risk assessment tools are increasingly being used to inform decisions about bail, sentencing, and parole. A notable case is the use of the COMPAS (Correctional Offender Management Profiling for Alternative Sanctions) system in several U.S. states. 

In 2016, an investigative report by ProPublica found that the COMPAS system, which predicts the likelihood of a criminal reoffending, was biased against Black defendants. The system was more likely to falsely flag Black defendants as future criminals, wrongly labeling them as high risk nearly twice as often as white defendants. Conversely, white defendants were more likely to be incorrectly labeled as low risk. 

This case highlights several critical issues: 

  1. Opacity: The algorithmic decision-making process was not transparent, making it difficult for defendants to understand or challenge the assessments. 

  1. Bias: The AI system appeared to perpetuate and potentially amplify existing societal biases. 

  1. Lack of due process: Defendants had limited ability to contest these AI-generated risk scores, which significantly influenced their treatment in the justice system. 

  1. Far-reaching consequences: These AI-driven decisions had profound impacts on individuals' lives, affecting their liberty and future prospects. 

The COMPAS case underscores the urgent need for safeguards and oversight in AI systems, especially those used in high-stakes decision-making processes. It highlights the importance of transparency, fairness, and the right to contest AI-generated outcomes. 

To address these concerns, policymakers and AI developers must work towards creating systems that are not only accurate but also fair, transparent, and accountable. This could involve regular audits of AI systems, diverse representation in AI development teams, and clear mechanisms for individuals to challenge AI-driven decisions that affect them. 

Moreover, there's a growing call for "algorithmic impact assessments" - systematic evaluations of AI systems before their deployment to identify potential biases and negative impacts. Such assessments could help prevent unfair outcomes and ensure that AI systems enhance, rather than undermine, principles of due process and equal treatment under the law.2

Regulations Solove Suggests and Their Rationale 

Solove emphasizes the need for comprehensive reforms in privacy law to address the unique challenges posed by Generative AI. He argues against "AI exceptionalism," suggesting that privacy issues related to AI should be tackled as part of broader privacy law reforms. This holistic approach ensures that privacy protections are robust and effective across various contexts, not just AI-specific scenarios. 

One of Solove's key recommendations is to reduce the burden on individuals to manage their privacy. Currently it feels to me like the entire burden of protecting my personal information rests squarely on my shoulders, and I am responsible for protecting my information, with very little power or control, and without knowing the rules.  A standout example of this is Meta’s decision to use all of our personal photos, images, and content on Instagram and Facebook for training their AI models.  For those under the egis of the GDPR they can opt out.  It is unnecessarily difficult, but at least there is a possibility of an option.   With those not covered by the GDPR, such as myself and all people living in the United States and many others, we have no option to opt out.  And it is not clear at all how these images and information will be used. Solove critiques this traditional model of privacy self-management, where individuals are expected to make informed decisions about their data. Instead, he advocates for placing more responsibility on organizations, mandating significant obligations to mitigate risks and ensure accountability. This makes a great deal of sense to me, since those very companies are the ones best placed and most incentivized to exploit my information.  It would also put us in better alignment with the GDPR laws and regulations. 

Critics worry that this will have a chilling effect on technological innovation.  However, Solove also supports adopting a harm and risk-based approach to AI regulation. This involves identifying and addressing potential harms and risks associated with AI, both before and after AI tools are deployed. By balancing preventive (ex-ante) and reactive (ex-post) regulatory measures, policymakers can protect privacy without stifling innovation. 

Transparency and accountability are crucial elements of Solove's regulatory framework. He calls for improved mechanisms to ensure that organizations provide clear and accessible information about their AI systems and maintain robust internal and external accountability measures. This helps build trust and ensures compliance with privacy laws. 

Involving diverse stakeholders in the development and regulation of AI is another important recommendation. Solove emphasizes the need to include voices from underrepresented and marginalized communities to ensure that AI systems are fair and equitable. This inclusive approach helps address biases and ensures that the concerns of all affected parties are considered. 

At present, we cannot make our own sweeping changes to privacy laws, or lack of privacy laws.  We can, however, be certain to use best practices when dealing with PII or any sensitive data. 

Best Practices for Using AI in the Workplace 

As lawyers and legal professionals using Generative AI we can follow several best practices to mitigate privacy risks and ensure responsible use of the technology, including the following: 

1. Transparency and Disclosure: Provide clear and accessible information about AI systems, including data sources, training data, and decision-making processes to those in our firm, and to our clients. Transparency builds trust and helps individuals understand how their data is being used. 

2. Minimize Data Collection and Use.  Practice data minimization by collecting only the necessary data for specific purposes. Implement purpose limitations to ensure data is used only for stated objectives and avoid excessive data collection.  For example, if you need a client’s annual income, but you ask for and receive a copy of their entire form 1040 tax return, you are collecting far more personal information than needed.  

3. Obtain Genuine Consent: Ensure informed consent by providing clear, understandable privacy notices to our potential clients. Individuals should be aware of and agree to how their data will be used, including for AI applications. Therefore, before we even undertake representation of clients, we should inform them of how, why, and when their information will be used, and what we are doing to actively protect their data. 

4. Incorporate Privacy by Design. Integrate privacy considerations into the development and deployment of AI systems that we use in our offices, and all other cloud-based technology that we use in our firms, since AI systems are no more vulnerable than any other cloud-based system.  Accordingly, we should use privacy-enhancing technologies and practices, such as anonymization, encryption, and secure data storage. 

5. Implement Accountability Measures: Establish strong internal and external accountability mechanisms.  Have an AI use policy—more on that in my next article. Conduct regular audits, assessments, and impact analyses to identify and mitigate privacy risks. Be prepared to demonstrate compliance with privacy laws to your clients, your insurance carrier, and potentially to a judge or other decision-making body. 

6. Address Bias and Discrimination: Proactively identify and mitigate biases in AI systems.  Bias is implicit in generative AI tools because they are a reflection of the data used to train them, and that data contains various biases.  We need to be uncompromising and unapologetic for our monitoring of discriminatory output, and also discriminatory input. AI can save us as lawyers a great deal of time, but that is only beneficial if we make the effort to regularly test for discriminatory outcomes and implement corrective measures to avoid perpetuating or amplifying existing inequalities and biases. 

8. Enhance Due Process and Remedies: Provide clear avenues for individuals to challenge AI decisions and seek redress for privacy harms. Ensure that individuals' rights are protected and that they have meaningful ways to contest AI-generated outcomes. 

By following these best practices, our law firms can responsibly harness the power of Generative AI while safeguarding privacy and building trust with our clients, and with the courts.  Since so much is dependent on our reputations, responsible use of AI is a baseline action, not an added measure, to ensure we maintain the highest standards of professional integrity and client trust.  

We as a society are impatiently waiting for comprehensive laws to guide GenAI use, and data privacy.  Until those laws are implemented, these measures aligns with Solove's broader recommendations for comprehensive privacy law reforms and effective regulatory frameworks to manage the complexities of AI. 

1Artificial Intelligence and Privacy, GWU Legal Studies Research Paper No. 2024-36, Daniel J. Solove


The Evolution of Privacy Law in the Age of AI, and Best Practices for Using AI in Your Workplace

AI Tools and Techniques

Calculating...

Executive Summary

AI tools are here to stay. Understanding their distinct "personalities" is essential to competent and strategic use. This article explores how AI personalities—shaped by training data, model architecture, and developer intent—impact legal outcomes, from drafting style to ethical reasoning. Drawing comparisons among leading AI tools such as ChatGPT, Claude, Gemini, Perplexity, Grok, and open-source models, the article offers practical guidance for matching the right AI to the right legal task. By recognizing and leveraging these differences, legal professionals can enhance accuracy, creativity, compliance, and client satisfaction—while mitigating the risks of over-reliance or misalignment. AI is no longer a one-size-fits-all assistant; choosing wisely is now a matter of legal judgment.

_________________________________________________________

At the end of a recent presentation on AI to a group of local government officials, I was asked, "what is the best AI tool?" My lawyer training kicked in and I immediately responded: "It depends." This wasn’t evasion—it was precision. In the precision-driven world of legal work, allAI tools are not created equal. What separates one large language model from another isn't merely technical capability—it's personality by design. These distinct AI "personalities" can produce dramatically different legal work products: from risk-averse contract language to creative settlement frameworks, from meticulously cited research to persuasive argumentation. The difference can impact case outcomes, client satisfaction, and even ethical compliance.

The differences in LLMs manifest as personalities that directly influence drafting style, risk tolerance, and analytical approach. Understanding these nuances isn't just interesting—it's becoming essential to competent representation in an AI-augmented legal landscape. This article examines how AI personalities emerge from architecture, training, and design intent, and provides practical guidance for selecting the right digital assistant for your specific legal tasks.

Why AI Tools Differ: Data, Algorithms, and Purpose

Three core factors shape every generative AI model. I’ve discussed these three factors in several other articles, so I’ll keep it short here.

Training Data The information used to train the model, in other words, what the model "learns" from, affects everything from legal knowledge to tone. Some tools are trained on broad internet data; others include specialized legal, academic, or scientific texts. This data forms the foundation of the AI's knowledge base and influences the accuracy and relevance of its outputs.

Underlying ArchitectureIn an LLM, the algorithm is the set of mathematical procedures and rules that govern how the model processes inputs and generates outputs. It’s the engine behind the tool’s ability to understand language, reason about it, and produce coherent, context-appropriate responses.The model's algorithm affects reasoning ability, hallucination rates, and how it balances creativity with caution. Some algorithms are optimized for long-context memory or symbolic reasoning, while others are optimized for speed and resource efficiency.

Design Intent and Safety ProtocolsGuardrails, default prompts, and content filters all shape how the AI behaves in practice. A model designed for creative brainstorming will act very differently than one tuned for precision research or ethical deliberation.

Behind the scenes, every model runs on hidden instructions—called system prompts—that set the tone, priorities, and boundaries of an AI tool.

  • Safety filters: These limit what the model is allowed to say—especially about controversial or high-risk topics. Case in point: DeepSeek being prohibited from discussing topics that the Chinese Government would find uncomfortable.

  • Voice and persona: Some tools (ChatGPT, Claude) are designed to be personable; others (Perplexity) are intentionally minimal.

  • Governance objectives: Anthropic programs Claude to follow a constitutional “code of conduct.” xAI’s Grok minimizes restrictions to promote expressive freedom.

Together, these elements give rise to what many users describe as an AI tool’s "personality."

AI Personality as a Reflection of Vision

Even though AI models are not sentient and have no emotional self-awareness, users regularly perceive them as having distinct personalities. This isn't accidental. It's a result of deliberate decisions by developers about how the tool should behave. Each major AI tool essentially expresses its creator’s vision for what AI should be, and those visions diverge meaningfully.

OpenAI (ChatGPT):

We continue to believe that the best way to make an AI system safe is by iteratively and gradually releasing it into the world, giving society time to adapt and co-evolve with the technology, learning from experience, and continuing to make the technology - Sam Altman

OpenAI's mission centers on ensuring that AGI benefits all of humanity. ChatGPT reflects this in its design: helpful, friendly, cautious, and broadly capable. It aims for alignment with user intent while maintaining a highly moderated, safety-first posture. It strives to be a reliable assistant in almost any context, but sometimes hesitates in nuanced or high-risk domains.

Anthropic (Claude):

The vision of AI as a guarantor of liberty, individual rights, and equality under the law is too powerful a vision not to fight for. — Dario Amodei

Claude is built with "Constitutional AI," a framework that encourages the model to reason ethically and transparently. This gives Claude a reflective, principled tone. It often feels like a thoughtful counselor—ideal for lawyers working on ethical dilemmas, AI policy, or complex compliance matters. Its design is shaped by Anthropic's belief that AI should be fundamentally safe, interpretable, and grounded in human values.

Google DeepMind (Gemini):

For a long time, we’ve been working towards a universal AI agent that can be truly helpful in everyday life. - Demis Hassabis

Gemini reflects Google's legacy as a search and information company. Its personality is efficient, structured, and knowledge-driven. Gemini often avoids embellishment or speculation, favoring clean, fact-based responses. While it may feel less personal or imaginative, it excels at surfacing relevant data quickly—especially when integrated with Google’s suite of tools. Gemini is best understood as a highly competent knowledge worker: focused, fast, and efficient.

Perplexity:

“The journey of Perplexity began with a leap of faith. We built the platform prioritising accuracy and transparency.” - Aravind Srivanas

Purpose-built as an "answer engine," Perplexity is pragmatic and direct. It doesn’t engage in creative dialogue or philosophical reflection. Instead, it returns clear answers with citations, acting more like a high-speed research librarian than an assistant. This utilitarian ethos reflects a belief that transparency and speed are paramount.

xAI (Grok):

The good future of AI is one of immense prosperity where there is an age of abundance; no shortage of goods and services.” - Elon Musk

Grok, developed by Elon Musk’s xAI and integrated into X (formerly Twitter), presents a more irreverent, edgy personality. It is designed to be humorous, bold, and occasionally provocative—emphasizing freedom of expression and fewer content restrictions. Grok feels more like a contrarian intern than a polished assistant, which may appeal to users seeking unfiltered dialogue. However, this tone is less suited to professional or regulated legal work unless handled with great care.

These different visions shape not only what the tools can do, but also how they feel to use. And that feeling matters, especially in legal work that demands both trust and precision. So how do the tools apply to legal work, here is a general guide, based on my personal observations and investigation.

AI Tool Personalities: A Guide for Legal Professionals

1. OpenAI (ChatGPT) _______________________________________

Core Personality Traits:

  • Friendly, careful, helpful, versatile

  • Balanced between creativity and caution

  • Polite with visible hedging or disclaimers

  • Conflict-avoidant and generally neutral in tone

Implications: OpenAI wants its models to be general-purpose assistants: safe for everyday users but capable enough for professionals. It's walking a fine line between helpfulness and containment. This results in a personality that is measured, moderate, and neutral unless fine-tuned otherwise (e.g., via custom GPTs).

Best Legal Uses:

  • Creative brainstorming (marketing content, slogans)

  • General legal drafting (with custom instructions)

  • Client communication templates

  • Reviewing contracts and identifying red flags

  • Summarizing discovery or deposition transcripts

2. Anthropic (Claude)______________________________________

Core Personality Traits:

  • Ethical, reflective, deferential, emotionally intelligent

  • More philosophical than productivity-focused

  • Prioritizes moral consistency and safety reasoning

  • Measured, thoughtful, and nuanced in responses

Implications: Claude is designed to avoid manipulation, deception, and misuse by grounding its responses in a visible set of principles. Its personality reflects moral agency, sometimes at the expense of assertiveness or creativity. It's ideal when you want an AI that prioritizes safety before cleverness.

Best Legal Uses:

  • Ethical guidance and AI policy brainstorming

  • Drafting internal firm policies or compliance materials

  • Client communications requiring emotional intelligence

  • Creative brainstorming with ethical nuance

  • Creating CLE presentations or legal training materials


    3. Google DeepMind (Gemini)________________________________

Core Personality Traits:

  • Efficient and information-rich

  • Integrated and context-aware

  • Neutral and guarded in tone

  • Less personality-driven, more utilitarian

  • Fact-based with structured outputs

Implications: Gemini reflects Google's legacy as a search and information company. Its personality is efficient, structured, and knowledge-driven. It excels at surfacing relevant data quickly—especially when integrated with Google's suite of tools. Gemini is best understood as a highly competent knowledge worker: focused, fast, and efficient.

Best Legal Uses:

  • Legal research requiring factual citations

  • Fast factual queries about legal matters

  • Reviewing contracts for specific data points

  • Information extraction from complex documents

  • Integration with existing Google Workspace documents

4. Perplexity ______________________________________________

Core Personality Traits:

  • Direct, concise, no-frills, source-focused

  • Utilitarian and pragmatic in approach

  • Minimal speculation or creative embellishment

  • Citation-driven and transparent

Implications: Perplexity's personality is shaped by its goal to replace or augment search engines, not your assistant. It doesn't try to sound empathetic or chatty; it tries to show its work. That utilitarian approach results in a personality that feels more like a high-speed research librarian.

Best Legal Uses:

  • Legal research requiring extensive citations

  • Fast factual queries with minimal verbosity

  • Finding relevant case law and precedents

  • Due diligence research on companies or individuals

  • Gathering evidence-based information quickly

5. xAI (Grok)______________________________________________

Core Personality Traits:

  • Irreverent, edgy, bold, occasionally provocative

  • Humorous and contrarian in tone

  • Fewer content restrictions than competitors

  • Resembles a contrarian intern more than a polished assistant

Implications: Grok's personality may appeal to users seeking unfiltered dialogue or creative brainstorming outside conventional boundaries. However, this tone is less suited to professional or regulated legal work unless handled with great care. It presents higher reputational risks in formal settings.

Best Legal Uses:

  • Brainstorming unconventional legal strategies

  • Generating alternative perspectives on legal problems

  • Informal research or exploration

  • Testing arguments against potential counterpoints

  • Internal creative sessions (with appropriate oversight)


Open Source Models

1. Mistral/LLaMA __________________________________________

Core Personality Traits:

  • Lean, powerful, and unopinionated (unless fine-tuned)

  • Minimalist engineering ethos

  • Highly customizable based on implementation

  • Generally neutral without specific personality defaults

Corporate Vision: Open-source models reflect the minimalist engineering ethos of their communities: lean, powerful, and unopinionated—unless fine-tuned. They prioritize flexibility, customization, and community-driven development.

Implications: These models allow for maximum customization to specific legal needs but require more technical expertise to implement effectively. They provide greater control over data privacy and can be deployed in air-gapped environments for sensitive legal work.

Best Legal Uses:

  • Self-hosted solutions for confidential legal matters

  • Custom-tuned applications for specific practice areas

  • Integration into existing legal workflow systems

  • Situations requiring full control over AI training and usage

  • Specialized legal document analysis with custom training

2. DeepSeek ______________________________________________

Core Personality Traits:

  • Academic and research-oriented

  • Methodical and precise in reasoning

  • Strong technical foundation with mathematical capabilities

  • Balanced between helpfulness and caution

  • Generally neutral and objective in tone

Corporate Vision: DeepSeek aims to "seek truth from facts" with a mission focused on advancing frontier AI research while making powerful models accessible. Founded by former researchers from top AI labs, DeepSeek emphasizes both cutting-edge capabilities and responsible deployment of AI technology.

Implications: DeepSeek's personality reflects its research origins, making it particularly well-suited for technically complex legal work requiring methodical reasoning. Its approach balances innovation with responsibility, producing responses that are technically precise while maintaining appropriate professional boundaries. The model excels at tasks requiring systematic thinking and technical accuracy.

Best Legal Uses:

  • Analysis of complex regulatory frameworks

  • Patent law research and technical documentation

  • Reasoning through intricate legal problems step-by-step

  • Financial and tax law applications requiring mathematical precision

  • Research-intensive legal projects requiring methodical approaches

Hallucination Rates and Legal Accuracy

The tendency to "hallucinate" (generate plausible but factually incorrect information) varies significantly across AI platforms, with critical implications for legal work:

Hallucination Risk Comparison:

  • Claude: Generally exhibits lower hallucination rates when discussing legal principles, due to its constitutional AI framework that encourages epistemic humility. Claude typically acknowledges uncertainty rather than inventing details, making it slightly safer for preliminary legal analysis.

  • ChatGPT: Shows higher variance in hallucination rates depending on the version used. GPT-4o demonstrates improved reliability over earlier versions but still occasionally fabricates case citations or statute numbers, particularly when pushed beyond its knowledge boundaries.

  • Gemini: Tends toward lower hallucination rates when discussing factual legal information within its training corpus but may struggle with jurisdiction-specific nuances. Its integration with Google's search capabilities can mitigate some risks.

  • Perplexity: By combining generative AI with search functionality, Perplexity reduces hallucination risks for recent legal developments. However, its synthesis of multiple sources can occasionally create misleading impressions of legal consensus where genuine disputes exist.

_________________________________________________________

Best Practices and Risk Mitigation Strategies:

  1. Require AI tools to provide specific citations for all legal claims.

  2. Cross-verify AI-generated legal information across multiple platforms (eg, use Gemini to check Claude’s output).

  3. Keep the Human in the loop; Use AI outputs as starting points rather than authoritative sources.

  4. Verify every legal citation, even if you are using a legal-specific tool. AI tools—even legal-specific ones—are not experts in nuance. Make certain that the cited case is a real case, and actually stands for the proposition you’re citing it for.

  5. Develop prompt techniques that explicitly discourage speculation in areas of uncertainty.

_________________________________________________________

Choosing the Right Tool for the Task

With this context in mind, lawyers can make smarter choices about which tool to use based on the task at hand. Below is a quick reference guide:

Conclusion: Know the Tool, Know the Task

In the same way lawyers choose the right precedent or statute for a given case, choosing the right AI tool can dramatically improve outcomes. Rather than asking which AI is “best,” we should be asking: Best for what?

Distinct AI "personalities" represent more than a quirk of engineering—it offers a strategic advantage for lawyers who understand how to leverage these differences. Just as a skilled attorney selects the right specialist for different aspects of a case, tomorrow's legal professionals must develop fluency in matching AI tools to specific legal tasks. And the most important tool — your professional judgment. The ultimate responsibility for legal work remains with the attorney.

Personality by Design: Matching AI Tools to Legal Tasks

Master AI at your own pace

On-Demand Training for Professionals

Comprehensive, self-paced training for lawyers and executives. Covers AI risk management, Model-Rule-compliant use of AI tools, and governance frameworks for AI-enabled firms.

CLE-eligible in select jurisdictions

Free Monthly Newsletter

Stay Current.

Stay Current.

Transform your legal practice with AI—sign up for our free emails and gain exclusive, actionable insights designed for lawyers and law firms.

Transform your legal practice with AI—sign up for our free emails and gain exclusive, actionable insights designed for lawyers and law firms.

AI training, consulting and tools for law firms. Built by lawyers, engineered for legal ethics.

Lexara Consulting, LLC · Iowa · © 2026

Lexara provides legal-adjacent consulting, training, and software. Engaging Lexara does not create an attorney–client relationship, and the services described on this site are not the practice of law. See Iowa R. Prof'l Conduct 32:5.7.

AI training, consulting and tools for law firms. Built by lawyers, engineered for legal ethics.

Lexara Consulting, LLC · Iowa · © 2026

Lexara provides legal-adjacent consulting, training, and software. Engaging Lexara does not create an attorney–client relationship, and the services described on this site are not the practice of law. See Iowa R. Prof'l Conduct 32:5.7.

AI training, consulting and tools for law firms. Built by lawyers, engineered for legal ethics.

Lexara Consulting, LLC · Iowa · © 2026

Lexara provides legal-adjacent consulting, training, and software. Engaging Lexara does not create an attorney–client relationship, and the services described on this site are not the practice of law. See Iowa R. Prof'l Conduct 32:5.7.

AI training, consulting and tools for law firms. Built by lawyers, engineered for legal ethics.

Lexara Consulting, LLC · Iowa · © 2026

Lexara provides legal-adjacent consulting, training, and software. Engaging Lexara does not create an attorney–client relationship, and the services described on this site are not the practice of law. See Iowa R. Prof'l Conduct 32:5.7.