Lawyers discussing while standing in library

What legal departments should ask themselves about GenAI

Related topics

The legal department and its chief legal officer play an important role in helping organizations get the most out of GenAI.


In brief

  • Legal departments are charged with protecting and enabling the business, but they wear two hats as advisors and end users of GenAI.
  • Aligning with functional leaders around GenAI strategy and goals will help the legal department set guardrails that support responsible innovation.
  • Legal functions will get more out of GenAI by defining specific use cases and focusing on informed data management and education.

Generative AI (GenAI) adds opportunities and complexity to business operating environments. Despite the potential, GenAI comes with certain risks and strategic implications for the business and the legal department. Chief legal officers (CLOs) should be prepared to provide necessary legal guardrails that both protect and enable the business to lead the competition and enhance customer value. The following ten questions frame the issues every CLO should address to support GenAI business adoption and simultaneously transform their legal function.

1. How well do I understand what the business wants to accomplish with GenAI?

The propagation of GenAI technology reinforces the need for CLOs to partner with the chief information officer (CIO) and executive leadership to align technology, business strategy and risk management. Close collaboration regarding data and process transformation helps the legal function to deeply understand business issues and to spot and manage risk early. CLOs can accelerate time-to-value by aligning with other functional leaders to establish GenAI sandboxes, thereby encouraging experimentation, accelerating paths to production and scaling learnings across business teams.

2. Am I a leader in a cross-functional GenAI governance committee?

CLOs should be at the forefront of creating a governance model to lead responsible enterprise GenAI adoption. Specifically, CLOs should take steps to stay current with legal developments and risks, be active leaders in cross-functional GenAI governance committees (with the CIO, chief technology officer (CTO), risk, human resources, audit and cybersecurity colleagues), and provide regular updates to the executive board. In doing so, CLOs can better enable innovation, create organizational awareness and help the enterprise realize the commercial benefits of GenAI in compliance with applicable requirements.

3. Are we managing our GenAI approach to comply with the rules of today and tomorrow?

The regulatory landscape is rapidly evolving. In addition to data re-use, privacy and confidentiality issues, GenAI raises potential risks associated with contractual compliance, IP infringement and liability for the use of inaccurate or discriminatory outputs. Some recent examples include initiatives to govern the interoperability and security of data and prevent harm caused by GenAI systems such as the EU AI Act, Digital Operational Resilience Act and Data Act.

The uptick in such initiatives corresponds with an increasing business imperative to embrace evolving GenAI capabilities and drive efficiencies. This requires the legal team to monitor ongoing developments, analyze them and operationalize compliance with interfacing and often overlapping laws. Organizations should adopt a holistic, principles-based approach to incorporate GenAI requirements into existing governance, risk, and control frameworks, enabling compliance across business functions.

4. Have we modified our policies and procedures to deploy safely our current GenAI plans at scale?

As GenAI technology, regulations and societal perspectives continue to evolve, organizational policies and procedures must accommodate the changing landscape throughout the GenAI lifecycle (e.g., design, data acquisition, training and deployment). The legal function can lead responsible GenAI business deployment by implementing robust internal and third-party risk management protocols throughout this lifecycle, aligned to the organization’s existing governance and control frameworks, all underpinned by timely legal advice.

A GenAI compliance readiness assessment can create the foundation for the safe deployment of GenAI, helping align business policies, procedures and activities with developing trends and risks. Such assessments can be used to generate tailored recommendations for priority use cases and map these cases to applicable GenAI regulations and industry-specific legislative regimes.

5. Do I have the right processes to deploy GenAI to my legal team?

GenAI presents an opportunity to re-envision the way legal tasks are performed, changing the way legal teams create and share knowledge, answer legal questions, review contracts, draft legal documents, and summarize regulatory impacts. To identify, evaluate, prioritize, and deploy legal use cases, CLOs should consider two related approaches. First, GenAI use case experimentation supports quick wins, starting the necessary cultural change for lawyers to understand how to integrate GenAI into their daily work. Second, a process-driven approach helps the team understand who, what and when to automate, supporting structural, long-term transformation. Legal operations leaders can guide this journey and help ensure that GenAI can confidently comply with the ethical and legal standards, such as confidentiality and work product protection.

6. Do I understand enterprise GenAI data use cases to advise how they should be governed?

GenAI is powered by data, which is used to train models, answer questions, create code, generate content and automate activities, augmenting people as they perform various tasks. This data may be a mixture of external and internal sources consumed by internal teams, vendors and third parties. To understand the potential scope of issues regarding GenAI internal and third-party data risks, CLOs can, for example, assess current and in-flight contracts to see how data use, disclosures and obligations are addressed. This positions the legal team to further advise how to manage business operational risks associated data privacy, cyber security, intellectual property, insurance and applicable GenAI regulations.

7. How mature is my team’s management of our legal data?

Contract playbooks, legal spend, practical guidance and policy data helps legal departments make decisions and provide legal advice. If this legal data is managed in silos, legal teams will not be positioned to put their data to work. CLOs should understand if legal data is well-organized in a data model that is intentionally structured for legal to take advantage of GenAI. This approach is intended to provide a safe, secure environment in which your teams can share confidential data over which they can apply GenAI. In parallel, deliberate alignment with the enterprise's master data strategy supports enforcement of data integrity across the enterprise and compliance with security, regulatory and ethical requirements.

8. How do I upskill my legal team to use GenAI and advise the business?

Legal teams need to understand GenAI types, capabilities and limitations. Further, legal teams need to learn basic prompt engineering skills. Together, this provides two inter-related benefits. First, the legal team will have the skills to take advantage of evolving capabilities, understanding if there are opportunities to upskill certain team members and roles. Second, these technical and practical skills will help the legal team understand how to advise the business on responsible GenAI adoption. These will likely be new skills for the legal team and active change management is required. Like the practice of law, GenAI use still needs lawyer oversight.

9. How does GenAI impact my legal technology strategy?

Legal technology is a term of art referring to systems that are managed for the legal team in parallel with enterprise systems. Separate legal technology creates additional operating costs and potential barriers to legal–business collaboration. GenAI offers an opportunity to connect the legal, CIO and CTO technology agenda, aligning GenAI approaches and adoption across all functions. Additionally, the integration of GenAI in standard enterprise applications may present an opportunity to simplify the legal technology stack over time.

 

10.  How should GenAI impact my legal service delivery vision?

GenAI is expected to have a profound impact on the legal industry, with the potential to automate many routine legal tasks performed today. CLOs can support their teams through this change by presenting a clear, positive vision of what this technology means for them as professionals, the way they partner with the business and how the legal delivery model incorporates GenAI use by law firms and other third-party providers. To realize the vision for the legal department, CLOs should advocate to fund legal use cases that are resourced with legal and technical subject matter experts to support development and ongoing training.

 

Summary

Legal teams have an opportunity to lead GenAI compliance and adoption, providing the enterprise with a responsible, smooth trajectory forward. These ten questions highlight issues that need to be proactively planned and managed along the way. With the right legal, technical and design support, CLOs can ensure that their GenAI technology has the right data to manage legal and business processes with the requisite legal oversight.

Reprinted with permission from the 9 April 2024, issue of Corporate Counsel. ©2024 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved. 

EY member firms do not practice law where not permitted by local law or regulation.

Related articles

    About this article