Is Legal AI safer than generic AI? Most providers take security very seriously, but this does not necessarily make them safer than generic providers. Legal AI can add value, but only if you ask the right questions.
The trend was always the same: "Generic AI is not safe, use Legal AI." It's an understandable reaction, but it overlooks an essential part of the technical infrastructure: legal AI tools themselves also run on models from the major AI providers. So the question is not whether your data is processed by OpenAI or Anthropic, but through how many links, and at what level is each link secured?
For the quick reader, here's the essence in one paragraph: Legal AI can certainly add value. Most providers take security very seriously, but this does not necessarily make them safer than generic providers. Therefore, ask the right questions. What does the chain look like? Does the provider store my data themselves, and if so, where, for how long, and who has access? Does the provider have an enterprise contract with the underlying provider, or does it operate on standard API terms?
The chain you don't see
Legal AI certainly has advantages. Some tools offer legal workflows, smart document analysis, and jurisdiction-specific knowledge. But the underlying language model is almost always from OpenAI, Anthropic, or Google (see also our research from last year, in Dutch: https://www.ictrecht.nl/onderzoek-ai-tooling-ictrecht). The provider builds a layer on top of these models (such as an interface, a set of instructions, integrations with legal databases), but the processing of your request ultimately takes place at the same major provider as if you were to take out a subscription yourself.
In practice, the chain looks like this: you send a document to the legal AI tool, that tool forwards it via an API to the underlying AI provider, that provider processes it and sends a response back. In practice, this means you take out a subscription with a legal AI provider. You then ask a question or start a workflow through that platform. This question is then sent to an underlying language model (whether or not via Microsoft's servers), which sends the response back to the tool you have subscribed to.
What the major providers already offer
To properly assess that chain, it's useful to know what security measures the major providers themselves implement and how this differs per level.
With the free versions of tools like ChatGPT or Claude, conversations may be used for model training by default. You can turn this off, but you have to actively choose to. You'd rather not process personal data or business data in these.
But at the API level (the level at which legal AI vendors are typically connected), the agreements are already substantially different. Regarding information security and data processing, both Anthropic and OpenAI contractually guarantee that they do not use customer data from the API for training models. In addition, they hold quite a few certifications:
Anthropic, for example, holds SOC 2 Type 2, ISO 27001 and ISO 42001 certifications for its API (as well as when used on Microsoft, Amazon or Google servers). This is comparable to OpenAI, except that they have supplemented this with ISO 27017 and ISO 27018.
By default, API data is retained for thirty days (for abuse monitoring), but a zero data retention agreement can be arranged upon request, with data deleted immediately after inference. It is also possible to make agreements about data location, monitoring (who has access to the logging, when and under what conditions) and data processing agreements.
These terms also apply to the business versions of Claude for Work and ChatGPT Enterprise.
What happens between the links in the chain
And this is precisely where the relevant question for legal AI arises. When a vendor sends your data through the API, in principle, the underlying provider's API terms apply.
But the vendor also processes data itself: in its application, on its servers, in its log files. That's an additional processing party with its own security maturity. And unless the vendor has demonstrably entered into an enterprise contract with the underlying provider with EU data location, those enterprise guarantees do not automatically apply to your data.
How much security maturity a twenty-person legal AI startup has, and what agreements it has made exactly with OpenAI or Anthropic, is usually not transparently communicated. This is a brief overview of the different options but gives a picture of the architecture and the possibilities that exist.
How about the consumer subscriptions?
Enterprise licenses are (of course) different from paid consumer licenses. Caution is advised with these subscriptions. Although a paid subscription does not use your data for training by default, there is insufficient clarity about where the data is sent. While Anthropic and OpenAI claim on their websites that they also handle data securely and responsibly for these subscriptions, concrete measures specific to these subscriptions are lacking.
No judgment, just questions
This blog is not a plea against legal AI. Specialized tools can offer great added value and many vendors take security seriously. But the assumption that the 'legal AI' label automatically offers more security than generic solutions is not correct.
The relevant questions are simple: which AI provider processes my data behind the scenes, and at what contract level? Does the vendor store my data itself and if so, where, for how long, and who can access it? Are there integrations with external services that can channel data elsewhere? And does the vendor have an enterprise contract with the underlying provider, or does it run on standard API terms?
Our AI Pro Pack
Looking for reliable AI assistants developed by lawyers and compliance professionals, for lawyers and compliance professionals? Look no further. For organizations that want to implement AI structurally, we offer the AI Pro Pack. Now with a 14-day free trial.
/30.png?width=600&height=300&name=30.png)
