Legal AI Due Diligence Checklist for Law Firms

A vendor that passed your evaluation in January 2025 is not automatically safe in 2026. Training practices change. Subprocessors get swapped. Pricing models shift in ways that quietly alter data access rights. Professional guidance in 2026 is unambiguous: AI vendor due diligence is an ongoing governance requirement, not a one-time task (ABA, 2026).

The failure mode most firms ignore is model drift. A general-purpose language model that produced tolerable citation accuracy last year may have been retrained on new data this year with a higher hallucination rate. For context: specialized legal tools like CoCounsel produce hallucination rates below 1 percent on citation tasks, while general-purpose models reach 18 percent on the same benchmark (Thomson Reuters, 2026). That 17-point gap is the difference between reliable output and a malpractice exposure.

Keep a dedicated vendor file for every AI tool in use. That file must contain a completed risk assessment, data processing agreement, business associate agreement where relevant, SOC 2 Type II report, and current subprocessor list. Sign and date it. A responsible partner should own it. Perform a full refresh annually and trigger an ad-hoc review any time the vendor announces a material change to its model, data practices, or ownership structure.

Do not accept a vendor's security claims at face value. Require documentation. The baseline for any firm handling client matters is SOC 2 Type II, and firms operating under GDPR or CCPA obligations should also require ISO 27001 certification and explicit data residency guarantees (IAPP, 2026).

Four specific questions to put in writing before signing:

Does the vendor operate a zero-retention policy? Any AI tool that retains query data beyond the session creates a confidentiality risk under Rule 1.6. Retention policies must be contractually defined, not just described on a marketing page.

Is client data used to train models? This is the single most common undisclosed practice in legal AI. If the answer is anything other than a clear contractual prohibition, walk away.

Is each firm's data isolated from other tenants? Shared model fine-tuning across a multi-tenant environment means one firm's confidential matter data can influence outputs delivered to a competitor's lawyers. Demand written confirmation of tenant isolation.

What encryption standards apply? Enterprise-grade encryption at rest and in transit is baseline. Ask for the cipher standards in writing.

Casero, for example, operates with strict client-matter segregation, enterprise-grade encryption at rest and in transit, and a contractual prohibition on using client data to retrain AI models. Its security whitepaper is available on request during pilot onboarding. SOC 2 and ISO 27001 certifications are on its roadmap, which is a gap worth tracking if your firm requires those certifications before deployment.

Security infrastructure and contractual data handling are different things. A vendor can have impressive infrastructure and still hold contractual rights to use your data in ways that violate client confidentiality.

Every data processing agreement for a legal AI tool should contain these four provisions explicitly:

1. No model training on firm data. The prohibition must cover both direct fine-tuning and indirect use in aggregate training pipelines.
2. Defined data residency. If your firm operates in the UK or EU, the contract must specify that data does not leave the relevant jurisdiction.
3. Subprocessor disclosure and consent rights. The vendor must notify you before adding a new subprocessor and give you the right to object.
4. Breach notification timeline. Seventy-two hours is the GDPR standard. Any contract that specifies longer should be flagged.

Firms often miss the subprocessor clause. A vendor's core infrastructure may be secure, but if it routes queries through an undisclosed third-party API for a specific feature, your client data may be leaving a jurisdiction or entering a less secure environment without your knowledge.

Review our Legal AI Data Privacy: What Law Firms Must Know for a deeper breakdown of what each DPA clause should contain and where vendors typically leave gaps.

Explainability is not a feature. It is a professional requirement.

When a lawyer relies on an AI output to advise a client, brief a court, or structure a transaction, that lawyer must be able to verify every factual assertion independently. A tool that produces a confident answer with no source link is not a legal AI tool. It is a liability generator.

RAG-based architecture (retrieval-augmented generation) is the current standard for accountable legal AI. In a RAG system, every output traces back to a specific retrieved passage from a defined document set. The AI cannot hallucinate a source because it can only cite documents it actually retrieved. Ask vendors explicitly whether their system is RAG-based or relies on parametric memory alone.

Beyond architecture, audit trails matter. Every query, every output, and every user action should be logged with timestamps. If a regulator or a client asks what your AI system concluded about a matter and why, you need to be able to answer with a document trail.

Casero's source-linked intelligence does exactly this: every AI-generated insight links to the exact passage in the original document it came from. Nothing is a black box. The audit trail captures who accessed what, when, and based on which document. The lawyer-in-the-loop control means AI never acts autonomously and lawyer approval is required at every stage.

For a broader view of how case-level AI handles this accountability layer, see Case-Level AI for Law Firms: How It Works.

A tool that requires lawyers to leave their existing environment to use it will not be used. This is not speculation. It is the most reliable predictor of legal AI adoption failure.

Evaluate workflow integration before evaluating features. The critical questions:

Does the tool operate within existing workflows? For most lawyers that means Microsoft Word, Outlook, or a document management system like iManage or SharePoint. Tools that require a separate browser tab for every query introduce context-switching that kills adoption.

Does the tool integrate with the firm's current matter taxonomy? A tool that imposes its own file structure creates a parallel universe of data the firm cannot govern. Demand that the vendor demonstrate integration with your existing DMS structure, not a demo environment.

Is synchronization live or batch-based? Batch uploads mean the AI is always working from stale data. A tool that syncs live as new documents and emails arrive gives lawyers intelligence that reflects the current state of a matter, not last Tuesday's state.

Casero utilizes live synchronization, ensuring changes in a connected DMS or inbox are mirrored instantly with no batch uploads required. It also organizes incoming data into the firm's natively established matter taxonomy automatically, so there is no separate file structure to manage.

For firms currently using iManage or Clio and evaluating whether to add an intelligence layer, see our iManage Alternatives for Law Firms: AI Options and Clio Alternatives for Law Firms: AI Options breakdowns.

The legal AI due diligence checklist for law firms is incomplete without a governance layer that survives partner turnover and vendor change. Build the governance structure before you deploy, not after.

Formal AI Use Policy. Define which tools are approved, which data categories are prohibited from AI queries (draft settlement figures, AML-flagged client data, medical records in litigation), and mandate human verification for all outputs before external use. ABA Formal Opinion 512 makes this a supervision obligation, not optional practice management.

Designated AI oversight role. As of May 2026, 85 percent of legal departments use dedicated AI oversight tools (Bloomberg Law, 2026). Assign a responsible partner or legal operations director to own vendor relationships, monitor hallucination rates, and trigger reviews when vendor practices change.

Ethical wall adherence. AI tools that bypass existing DMS access controls create a breach of the ethical wall regardless of whether data leaves the firm. The tool must enforce the same access permissions that govern your DMS. If a lawyer cannot access a document in your connected DMS, the AI must not return that document in a query response.

Annual review trigger. Set a calendar item. Review the vendor's current SOC 2 report, subprocessor list, terms of service, and model card every twelve months. Trigger an ad-hoc review if the vendor is acquired, changes its model provider, or updates its privacy policy.

For the governance side in detail, see our Law Firm AI Governance Framework: A Practical Guide.

Vendors know the right vocabulary now. Saying 'we take security seriously' or 'we're SOC 2 compliant' costs nothing. The difference between a defensible procurement and a liability is documentation.

Stop a procurement immediately if a vendor:

• Cannot produce a current SOC 2 Type II report or equivalent on request
• Refuses to provide a subprocessor list in writing
• Inserts a clause permitting model training on customer data in any form, including 'aggregate' or 'anonymized' data
• Cannot demonstrate RAG-based citation or equivalent source-tracing for legal outputs
• Has no contractual commitment to data residency
• Cannot name a specific individual responsible for your account's data security
• Prices the tool in a way that ties cost to the volume of data stored, creating a perverse incentive to retain your data longer

For M&A diligence and large-scale document review, tools like Harvey, Luminance, and Kira by Litera operate at enterprise scale and can produce vendor documentation on request (Chambers and Partners, 2026). For Word-integrated drafting work, Spellbook and GC AI serve smaller teams. Every one of these vendors should still face the same checklist. Market reputation does not substitute for documentation.

The business case for running this process thoroughly is straightforward. See our Law Firm AI ROI: Making the Business Case for how to translate governance investment into firm-level ROI.