Executive Summary
Legal teams are under enormous pressure to adopt AI tools. The pressure is justified — these tools deliver measurable efficiency gains in document review, legal research, drafting, and client communication. But adoption velocity cannot come at the cost of foundational due diligence.
Too many firms treat vendor evaluation as a feature-comparison exercise supplemented by a checkbox security questionnaire. The result: foundational questions about data governance, model training, and exit rights surface only after implementation begins — when they become expensive problems rather than informed procurement decisions.
"Where is our data stored? Is our data used to train models? What happens to our data when we leave?"
— Colin Levy, Three Questions Every Legal Team Should Ask
The Regulatory and Ethical Landscape
Before evaluating any individual vendor, practitioners must understand the converging regulatory frameworks that now govern the use of AI in legal practice. What was once a matter of best practices has become a web of mandatory obligations spanning ethics rules, federal and state legislation, and international regulation.
ABA Formal Opinion 512: The National Baseline
On July 29, 2024, the ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 512 — its first formal guidance on generative AI in legal practice. The opinion maps existing Model Rules to specific AI-related obligations.
| Model Rule | AI Vendor Due Diligence Obligation |
|---|---|
| Rule 1.1 (Competence) | Understand the capabilities and limitations of AI tools used; maintain ongoing technological competence; verify AI outputs independently. |
| Rule 1.4 (Communication) | Disclose AI usage to clients when material to representation; secure informed consent for AI-assisted work beyond routine applications. |
| Rule 1.5 (Fees) | Ensure fees reflect actual value delivered; do not bill clients for time spent learning generally-applicable AI tools. |
| Rule 1.6 (Confidentiality) | Assess vendor data handling before inputting client information; secure informed consent for self-learning tools; implement safeguards against disclosure. |
| Rules 3.1 & 3.3 (Candor) | Guard against AI hallucinations forming the basis of claims or representations to tribunals; independently verify all AI-generated citations. |
| Rules 5.1 & 5.3 (Supervision) | Establish firm-wide AI usage policies; train both attorneys and non-attorney staff; ensure outsourced AI work complies with professional obligations. |
EU AI Act
GPAI transparency obligations effective August 2025 — requiring providers to publish training data summaries and demonstrate copyright compliance.
California AB 2013
Effective January 1, 2026 — mandates public disclosure of AI training datasets, creating a disclosure standard likely to influence vendor practices nationwide.
CCPA/CPRA
Data portability and deletion rights that apply to personal information held by AI vendors — obligations that persist after the vendor relationship ends.
The Three Foundational Questions
These inquiries should function as threshold evaluations — not afterthoughts buried in an RFP appendix.
Where Is Our Data Stored?
Where does our data physically reside, what are your data residency options, and can you contractually guarantee geographic restrictions?
Geography is not an abstraction in legal practice. Data subject to GDPR cannot be stored wherever is operationally convenient for the vendor. State bar opinions increasingly address cross-border data flows. Some clients require data to remain in specific jurisdictions as a condition of engagement.
Yet legal teams routinely discover mid-implementation that their vendor defaults to multi-region cloud storage without offering jurisdictional alternatives, or that multi-region options carry premium pricing that was never disclosed during sales.
What to Ask
- ☐What cloud infrastructure hosts our data (AWS, Azure, GCP, proprietary)?
- ☐In which geographic regions is our data stored at rest and in transit?
- ☐Do you offer dedicated single-tenant environments or data residency guarantees?
- ☐What sub-processors handle our data, and where are they located?
- ☐Can you provide a current SOC 2 Type II report and data processing agreement?
- ☐How quickly are we notified of changes to data storage locations?
Red Flags
- ⚠Vendor cannot specify data center locations or names evasive sub-processors
- ⚠No SOC 2 Type II certification, or the most recent report is more than 12 months old
- ⚠Vendor reserves unilateral right to change data storage locations without notice
Is Our Data Used to Train Your Models?
Does any client data we input contribute to model training, fine-tuning, or improvement — and if so, is opt-out automatic, retroactive, and permanent?
The business models underlying legal AI vendors vary dramatically. Some vendors explicitly covenant that customer data never touches model training pipelines. Others train on customer data by default, requiring affirmative opt-out. A few offer zero-data-retention (ZDR) configurations, but only for enterprise-tier customers.
For legal practice, this is not merely a preference — it is an ethics obligation. Using client data to train a commercial AI model typically requires informed client consent, and ABA Formal Opinion 512 is explicit that boilerplate engagement letter provisions will not satisfy this requirement.
Major AI infrastructure providers retain API inputs and outputs for abuse monitoring — typically for 30 days — even when data is not used for model training. Enterprise customers can negotiate zero-data-retention, but this typically requires direct sales engagement and is not available through self-service tiers.
What to Ask
- ☐Does our data train, fine-tune, or otherwise improve your AI models in any way?
- ☐If yes, is opt-out automatic at our subscription tier, or must we request it?
- ☐Is opt-out retroactive (purging previously ingested data) or only prospective?
- ☐What is your default data retention period for inputs and outputs?
- ☐Is zero-data-retention (ZDR) available, and at what tier and cost?
- ☐Can you provide written certification that client data will not be used for training?
- ☐Do you maintain separate model training pipelines from customer data pipelines?
Red Flags
- ⚠Vendor uses customer data for training by default and requires manual opt-out per account
- ⚠Opt-out is prospective only — previously ingested data remains in training sets
- ⚠Vendor cannot articulate the boundary between customer data and model training infrastructure
- ⚠ZDR is listed as a "future roadmap" item rather than a current capability
What Happens to Our Data When We Leave?
When the vendor relationship ends, what is the complete lifecycle of our data — from export through deletion — and can you certify completion?
Vendor relationships end. Better tools emerge. Budgets shift. Companies get acquired. When that transition occurs, the attorney's ongoing duty to protect client confidentiality does not pause. If a vendor retains client data indefinitely in backup systems or makes data export prohibitively difficult, the firm faces continuing exposure to confidentiality breaches long after the commercial relationship has terminated.
What to Ask
- ☐What data export formats are available (JSON, CSV, native document formats)?
- ☐Is there an automated export tool, or does export require manual intervention?
- ☐What is the timeline from termination notice to complete data deletion?
- ☐Do you provide written deletion certificates upon completion?
- ☐What data persists in backup systems after deletion, and for how long?
- ☐Is data deletion verified by a third party or only self-certified?
- ☐What are the financial and operational costs associated with data export?
- ☐In the event of vendor acquisition, what contractual protections survive assignment?
Red Flags
- ⚠Vendor retains data for extended periods citing "backup obligations" without specifying duration
- ⚠Data export requires custom engineering work or premium professional services fees
- ⚠No deletion certificate is available, or deletion is only self-certified
- ⚠Contract includes broad data retention rights that survive termination without clear sunset
Beyond the Three Questions
Model Transparency
When an AI tool produces a legal research memo that informs case strategy, the attorney must be able to understand how the tool arrived at its conclusions. Black-box outputs that cannot be interrogated are inconsistent with the duty of competence under Model Rule 1.1.
Hallucination Guarantees
Vendors should articulate their approach to accuracy — including RAG, source citation, or grounding techniques. Ask for published accuracy benchmarks on legal-specific tasks relevant to your practice area.
Insurance & Indemnification
Many vendors cap liability at fees paid during the prior 12 months — trivial relative to malpractice exposure from faulty AI output. Evaluate E&O insurance and whether indemnification covers AI-specific failures.
Firm-Wide Governance
Vendor due diligence is not a one-time procurement exercise. It must integrate into ongoing governance systems that include periodic re-evaluation, usage auditing, and staff training updates as tools evolve.
Vendor Evaluation Scorecard
Score each dimension on a 1–5 scale. Any score of 1 or 2 in Data Residency, Training Data Usage, or Data Exit Rights should be treated as a potential disqualifier.
| Dimension | Key Inquiry | Weight |
|---|---|---|
| Data Residency | Location, SOC 2, sub-processors | Critical |
| Training Data Policy | Opt-out, ZDR, isolation | Critical |
| Data Exit Rights | Export, deletion, certification | Critical |
| Model Transparency | Explainability, RAG, sourcing | High |
| Accuracy & Hallucination | Benchmarks, grounding, testing | High |
| Regulatory Compliance | EU AI Act, CCPA, state bars | High |
| Security Posture | Encryption, access controls, MFA | High |
| Liability & Insurance | Indemnification, E&O, caps | Medium |
| Contract Flexibility | Assignment, term, termination | Medium |
| Training & Support | Onboarding, documentation, SLA | Medium |
Implementation: A 90-Day Framework
- 1. Draft or update firm AI usage policy addressing all six ABA Formal Opinion 512 obligation areas.
- 2. Circulate the vendor evaluation scorecard to all stakeholders involved in procurement.
- 3. Issue formal due diligence questionnaires to shortlisted vendors covering all three foundational questions.
- 4. Review and update engagement letter language to address AI-assisted legal work and client consent requirements.
- 1. Score vendor responses using the evaluation scorecard; disqualify vendors failing critical thresholds.
- 2. Conduct pilot testing with non-client data to evaluate accuracy, workflow integration, and usability.
- 3. Negotiate contract terms addressing data residency, training exclusions, exit rights, and liability provisions.
- 4. Obtain written vendor certifications on data handling, training exclusions, and deletion protocols.
- 1. Conduct all-staff training covering ethical obligations, practical usage guidelines, and verification workflows.
- 2. Deploy with monitoring enabled; establish usage logging and periodic audit schedule.
- 3. Schedule 90-day post-deployment review to evaluate vendor performance, compliance, and staff adoption.
- 4. Establish annual vendor re-evaluation cadence aligned with SOC 2 report renewal cycles.
Conclusion
The attorneys who will thrive in the AI-augmented legal landscape are not those who adopt fastest — they are those who adopt most deliberately. Vendor due diligence is not an obstacle to AI adoption; it is the foundation that makes responsible adoption sustainable.
These three foundational questions — where is our data, who trains on it, and what happens when we leave — are not bureaucratic formalities. They are the questions that separate vendors who understand the professional obligations of legal practice from those who view law firms as another vertical to monetize. Ask them early, demand specificity, and treat evasive answers as the disqualifiers they are.
AI Disclaimer: This content was human-reviewed but may contain AI-generated elements. Readers should conduct their own research and remain skeptical of factual errors. This guide is provided for educational purposes and does not constitute legal advice. Consult qualified counsel for jurisdiction-specific compliance obligations.
Essential Reading for the AI Era

A Brief History of Intelligence
by Max Bennett
For me, A Brief History of Intelligence wasn't just another science book — it was the most inspiring read of 2025. Max Bennett doesn't merely explain evolution and AI; he illuminates the arc of our cognitive journey from the simplest organisms to the complex minds we carry today and links that journey to the future of artificial intelligence in a way few authors have managed.
Reading this book felt like a conversation with a brilliant guide who makes both neuroscience and AI feel vivid, urgent, and deeply meaningful. As someone immersed in law and technology, I found Bennett's insights not just informative but transformative — reminiscent of discussions at the Dartmouth Conference itself.
Praise from Visionaries
"I found this book amazing. I read it through quickly because it was so interesting, then turned around and read much of it again."
— Daniel Kahneman
Nobel Laureate in Economics
"I've been recommending A Brief History of Intelligence to everyone I know. A truly novel, beautifully crafted thesis on what intelligence is and how it has developed since the dawn of life itself."
— Angela Duckworth
Author of Grit

The Singularity Is Nearer
by Ray Kurzweil
Ray Kurzweil is not just a futurist — he's a prophet of exponential change. A student of Marvin Minsky, one of the founding minds behind the Dartmouth Conference, Kurzweil has been thinking about this moment longer than most institutions have been around.
If you don't know Ray Kurzweil, you should. The Singularity Is Nearer makes one thing clear: the future isn't coming slowly — it's arriving all at once.
Praise from Visionaries
"A fascinating exploration of our future, which raises the most profound philosophical questions."
— Yuval Noah Harari
Historian
"Ray Kurzweil is the greatest oracle of our digital age. The Singularity Is Nearer is more than just a book—it's a survival guide for the technological renaissance we're about to experience."
— Peter H. Diamandis, MD
Futurist & Entrepreneur

The Coming Wave
by Mustafa Suleyman & Michael Bhaskar
This isn't a hype book about shiny tools. It's a sober, urgent examination of what happens when powerful technologies scale faster than our institutions, laws, and social norms. Suleyman's core message is simple but uncomfortable: the future is not something that merely happens to us. It requires participation.
The coming wave of AI and biotechnology will not be safely "managed" by a small group of technologists or regulators alone. Containment, governance, and alignment demand broad engagement across professions, industries, and communities. Sitting on the sidelines is not a neutral position. Non-participation is still a choice, and usually a costly one.
What makes this book especially relevant for LegalTek.ai is its insistence that responsibility must scale with capability. Lawyers, operators, founders, and leaders cannot outsource judgment to systems or defer hard questions to later. The work is now: designing guardrails, rethinking institutions, and choosing to engage rather than react. Participation is the point.
Praise from Visionaries
"A fascinating, well-written, and important book."
— Yuval Noah Harari
Historian
"One of the most important books of the year. Suleyman is one of the few people who truly understands both the promise and peril of AI."
— Eric Schmidt
Former CEO of Google

Competing in the Age of AI
by Marco Iansiti & Karim R. Lakhani
Marco Iansiti and Karim R. Lakhani's Competing in the Age of AI is not a book about tools. It is a book about power, structure, and survival in an economy where software, data, and algorithms increasingly define competitive advantage. The central thesis is simple but unsettling: companies do not become AI-powered by sprinkling models on top of legacy processes. They must reorganize themselves around AI as a core operating logic.
An AI-First organization treats data as infrastructure, not exhaust. Data lakes are not passive storage systems; they are living strategic assets continuously fed by operations, customers, and markets. The firms that win are those that design feedback loops where data improves models, models improve decisions, and decisions generate more data. This flywheel compounds faster than any traditional efficiency play.
The book is particularly sharp on disruption. AI does not merely automate tasks; it collapses coordination costs. Entire layers of management, intermediaries, and professional gatekeepers become vulnerable when prediction and decision-making move closer to real time. This is why AI-driven firms tend to scale faster, operate with fewer humans per dollar of revenue, and exert outsized pressure on incumbents.
Equally important is the authors' treatment of ethics and governance. AI systems embed values, whether intentionally or not. Bias, accountability, transparency, and trust are not compliance checkboxes; they are strategic concerns. Organizations that fail to govern AI responsibly risk regulatory backlash, reputational damage, and internal breakdowns of trust.
Why this matters for LegalTek.ai: law, regulation, and professional services are precisely the kinds of industries ripe for AI-driven reconfiguration. Firms that treat AI as a bolt-on tool will fall behind. Firms that rethink workflows, data ownership, trust, and human judgment alongside AI will define the next era. If you are building, advising, regulating, or investing in the future of legal and professional services, this book belongs on your desk.
Praise from Visionaries
"A compelling vision for how companies must transform to thrive in an AI-first world."
— Satya Nadella
CEO of Microsoft
"Essential reading for any leader trying to understand how AI will reshape industries and competitive dynamics."
— Reid Hoffman
Co-founder of LinkedIn

Nexus
by Yuval Noah Harari
Nexus by Yuval Noah Harari is a foundational text for anyone trying to understand how information systems shape power, institutions, and human behavior—especially as we enter an AI-driven era. Harari reframes history not as a story of tools or even ideas, but as a story of networks: who controls information flows, how trust is manufactured, and how coordination scales.
For LegalTek.ai, this book matters because law is itself an information network. Courts, statutes, contracts, evidence, compliance regimes, and now AI models are all nodes in a living system that governs behavior at scale. Harari makes one idea uncomfortably clear: technology does not just make systems faster—it reshapes who holds authority and how legitimacy is created.
He explores how information networks drift toward concentration, how automated decision systems can harden power asymmetries, and how societies repeatedly mistake efficiency for wisdom. These themes map directly onto modern legal technology questions around AI-assisted decision-making, automated compliance, algorithmic evidence, and the risk of opaque systems replacing human judgment.
Key insights: First, information systems always encode values—neutral tools do not exist. This reinforces the need for explicit governance, auditability, and human oversight in legal AI. Second, scale changes ethics—what works for a small network can become dangerous when automated and deployed broadly. Third, institutions lag technology—law historically reacts after power has already shifted.
Nexus supports a core LegalTek.ai principle: AI in law must be human-centered, transparent, and institutionally aware. The future of legal technology is not about replacing lawyers—it is about redesigning legal systems so that intelligence, whether human or artificial, serves fairness, legitimacy, and trust at scale. Highly recommended for anyone building, regulating, or relying on AI-driven legal systems.
Praise from Visionaries
"Harari has done it again. Nexus is a sweeping, thought-provoking exploration of how information has shaped human history—and how AI might reshape our future."
— Bill Gates
Co-founder of Microsoft
"A masterful synthesis of history, technology, and human nature. Essential reading for understanding where we're headed."
— Daniel Kahneman
Nobel Laureate in Economics

Supremacy
by Parmy Olson
Parmy Olson's Supremacy is the book I wish every lawyer, regulator, and founder would read before making their next move in AI. Winner of the Financial Times and Schroders Business Book of the Year 2024, this is not another breathless hype piece about what AI might do someday. It is a meticulously reported account of what has already happened — and what it means for power, competition, and control.
Olson, a Bloomberg columnist and author of We Are Anonymous, brings a journalist's rigor and a storyteller's instinct to the AI arms race between OpenAI and Google DeepMind. She traces how a small number of researchers, executives, and investors are making decisions that will reshape every industry on earth — including law. The central tension is not technical; it is human: ambition versus caution, open research versus commercial secrecy, safety versus speed.
What makes this book essential for LegalTek.ai readers is its unflinching examination of concentration risk. The foundation models that power legal AI products are controlled by a handful of companies. Olson documents how acquisitions, talent wars, and compute monopolies are narrowing the field in ways that should concern anyone building on top of these platforms. If you are a legal technology founder or an enterprise buyer evaluating AI vendors, this book provides the geopolitical and corporate context you cannot afford to ignore.
Supremacy reinforces a core LegalTek.ai principle: understanding AI is not optional for legal professionals. The race for AI supremacy is not happening in a vacuum — it is reshaping the infrastructure of knowledge work itself. Lawyers who understand the forces Olson describes will be better positioned to advise clients, evaluate tools, and navigate the regulatory landscape that is still being written.
Praise from Visionaries
"Astonishing... Olson has exclusive access to a network of high-level sources and she uses it to devastating effect."
— Financial Times
Business Book of the Year 2024
"A deeply reported, utterly gripping account of the most consequential technology race of our time."
— Tony Fadell
Creator of the iPod, Author of Build

Sapiens: A Brief History of Humankind
by Yuval Noah Harari
Sapiens is the book that rewired how I think about everything — law, technology, institutions, and human cooperation itself. Yuval Noah Harari doesn't just survey 70,000 years of human history; he dismantles the stories we tell ourselves about why civilization works. His central insight is deceptively simple: humans dominate the planet not because we are the smartest or strongest, but because we are the only species that can cooperate flexibly in large numbers — and we do it through shared fictions.
For anyone in law or legal technology, this idea should hit like a thunderbolt. Laws, contracts, corporations, courts, constitutions — these are all shared fictions. They work because enough people believe in them. Harari forces you to see the scaffolding behind the systems we take for granted, and once you see it, you cannot unsee it.
As AI begins to reshape how we create, interpret, and enforce these shared fictions, Sapiens becomes even more essential. If you want to understand where legal systems came from — and why they are so vulnerable to disruption — start here. This is the foundation that makes Nexus, The Coming Wave, and every other book on this list hit harder.
Praise from Visionaries
"Interesting and provocative... It gives you a sense of how briefly we've been on this earth."
— Barack Obama
44th President of the United States
"I would recommend this book to anyone interested in a fun, engaging look at early human history... You'll have a hard time putting it down."
— Bill Gates
Co-founder of Microsoft

How to Think About AI: A Guide for the Perplexed
by Richard Susskind
Richard Susskind has spent four decades thinking about the future of professional work, and How to Think About AI is the distilled vocabulary every lawyer needs for the decade ahead. This is not a tactical book about prompts or tools — it is a structured way of thinking about what AI is, what it is becoming, and what it implies for the institutions that depend on human judgment.
The chapter that most repays a careful read is Susskind's framing of the four long-run scenarios for the human–AI relationship: AI takeover, merger, peaceful coexistence, and shut-off. He treats each seriously, not as prediction but as the realistic shape of the possibility space. His argument is that any serious conversation about AI policy or professional practice has to hold all four open at once — and most public debate collapses prematurely into one.
For Ohio attorneys orienting around the COUNSEL Framework, this book pairs naturally with ABA Formal Opinion 512 and the Ohio Supreme Court's AI Task Force Report. The opinions tell you what your duties are. Susskind helps you decide what you believe about where the technology is headed — and that belief shapes every governance and oversight choice that follows.
Praise from Visionaries
"Susskind is the world's leading authority on the future of legal services and one of the most lucid writers on AI for non-specialists."
— The Times (London)
Review
"An indispensable guide for anyone who wants to think clearly about what AI means for their work, their profession, and their life."
— Daniel Susskind
Author of A World Without Work
