Skip to main content

Legal technology

Privilege is an architecture boundary.

A legal retrieval system becomes useful when it can find the right material without dissolving matter access, source provenance, professional judgment, or the path to correction.

AuthorIT Modality editorial team

ReviewPrincipal and domain review

UpdatedJuly 13, 2026

FocusA sourced operating question with a practical decision path

SOURCE CHAIN

The reasoning stays separate from the firm's commercial offer.

  1. 01Question
  2. 02Primary sources
  3. 03Analysis
  4. 04Correction path
The article's sources and access dates define the evidence boundary.

Author: IT Modality editorial team
Reviewed: July 14, 2026

Begin before the prompt

The most consequential retrieval decision happens before a model sees a query: which sources the current person may use for this matter and purpose.

Treating access as a prompt instruction is too late. The source eligibility decision belongs in identity, matter membership, ethical walls, document status, region, client terms, and information-governance controls. Retrieval should inherit the authorized intersection rather than create a broader parallel corpus.

ABA Formal Opinion 512 identifies duties lawyers must consider when using generative AI, including competence, protection of client information, communication, supervision, candor, meritorious claims, and reasonable fees. The opinion is jurisdiction-sensitive ethics guidance, not a product approval; the responsible lawyers and firm owners still determine the applicable obligations and acceptable use. (ABA Formal Opinion 512, accessed July 14, 2026.)

Separate five control planes

1. Source eligibility

For every source class, record owner, matter/client, jurisdiction, privilege or confidentiality posture, retention state, region, document status, permitted uses, exclusion rules, and authority to correct or remove it. Drafts, superseded analysis, internal know-how, filed material, client-provided records, and third-party sources should not become one undifferentiated index.

2. Identity and matter access

Evaluate access at query time and again when each source is retrieved. Preserve ethical-wall and matter changes without waiting for a full reindex. Denial should reveal no source title, excerpt, count, or existence to an unauthorized person.

3. Retrieval and provenance

Each supported proposition should return to the exact authorized passage, document version, and retrieval event. When the corpus cannot support the request, the system should abstain or route the question—not fill the gap with fluent text.

4. Answer policy and professional review

Define what the system may summarize, compare, quote, draft, or refuse. Name when attorney review is mandatory, which conclusion remains human-owned, how uncertainty appears, and which uses require a separate specialist or client decision.

5. Evaluation, incident, and correction

Evaluation should cover retrieval relevance, source authorization, citation fidelity, unsupported assertions, missing controlling material, cross-matter leakage, instruction attacks, and safe abstention. A correction needs the affected source, index, output, user, matter, downstream use, owner, and verification step—not merely a model prompt change.

Test the full authorized path

A useful evaluation set combines expected-use and adversarial cases:

  • the correct source is authorized and retrievable;

  • the correct source exists but the user or matter cannot access it;

  • a superseded source conflicts with the current version;

  • several matters contain similar language with different obligations;

  • the query requests a conclusion beyond the evidence;

  • the source contains instructions aimed at the retrieval or generation layer;

  • the corpus lacks controlling or current material;

  • a citation supports only part of the generated statement;

  • an access change occurs after indexing;

  • a corrected source must invalidate prior output.

Measure the decision behavior as well as answer quality. A system that refuses an unauthorized request is operating correctly even when its conventional relevance score falls.

NIST AI RMF organizes voluntary risk-management work around Govern, Map, Measure, and Manage. It offers a useful shared language, while privilege, professional responsibility, legal accuracy, and matter authority remain with the firm's qualified owners. (NIST AI Risk Management Framework, accessed July 14, 2026.)

Keep a compact decision record

For each use, retain:

  • purpose, users, matters, jurisdictions, source classes, and excluded uses;

  • identity and access inheritance design;

  • hosting, model, retrieval, logging, retention, and vendor boundaries;

  • evaluation corpus, acceptance thresholds, failures, and open risks;

  • required lawyer and specialist review;

  • incident, correction, client-communication, and shutdown paths;

  • approved version, conditions, owner, review date, and material-change triggers.

Halevy Marsh LLP used this control model across six offices and three jurisdictions. Matter-scoped retrieval, source-level citations, abstention, and attorney-owned conclusions allowed the firm to use a 2.3-million-document estate without replacing its existing ethical-wall authority.

Read the Halevy Marsh case

Start with one matter class

Select a bounded source set and one real research or matter-support task. Trace identity, authorization, retrieval, citation, lawyer review, correction, and deletion end to end. Expand only when the next source class can inherit the same control quality.

Start a conversation.

Supporting links: Explore legal technology work · Review private AI and retrieval · Review trust and security