Legal Industry Use Case

Legal organizations must protect attorney-client privilege, prevent unauthorized practice of law (UPL), and maintain strict confidentiality. Keeptrusts provides purpose-built policies for law firms, corporate legal departments, and legal technology companies.

Use this page when

• You are deploying AI in law firms or corporate legal departments where attorney-client privilege, UPL prevention, and client confidentiality are paramount.
• You need privilege waiver prevention, citation verification, and bias-free legal analysis with comprehensive audit trails.
• You want to protect client identities, case details, and privileged strategy documents from reaching LLM providers.

Primary audience

• Primary: Technical Leaders
• Secondary: Technical Engineers, AI Agents

Regulatory Landscape

Concern	Requirement	Keeptrusts Policy
Attorney-client privilege	Prevent privilege waiver	legal-privilege
Unauthorized practice of law	No AI "legal advice"	upl-filter
Client confidentiality	Protect identities and case details	pii-detector, dlp-filter
Bias	Fair outcome analysis	bias-monitor
Record retention	Preserve AI interactions	audit-logger

Complete Policy Configuration

pack:
  name: legal-governance
  version: 1.0.0
  enabled: true
policies:
  chain:
  - prompt-injection
  - rbac
  - pii-detector
  - legal-privilege
  - upl-filter
  - dlp-filter
  - bias-monitor
  - citation-verifier
  - quality-scorer
  - audit-logger
policy:
  prompt-injection: {}
  rbac:
    deny_if_missing:
    - X-User-ID
    - X-User-Role
  pii-detector:
    action: redact
    detect_patterns:
    - name
    - ssn
    - address
    - email
    - phone
    - date_of_birth
  legal-privilege:
    privilege_markers:
    - attorney-client
    - work product
    - privileged and confidential
    - legal advice
    action: block
  upl-filter:
    blocked_patterns:
    - you should sue
    - I advise you to
    - the law requires you
    - your legal rights are
    require_disclaimer: true
    rewrite_to_educational: true
  dlp-filter:
    detect_patterns:
    - '\b[0-9]{2}-[A-Z]{2}-[0-9]{4,8}\b'
    - '\bBar\s*#?\s*[0-9]{5,8}\b'
    - '\bCLT-[0-9]{6,10}\b'
    action: redact
  bias-monitor:
    protected_characteristics:
    - race
    - gender
    - socioeconomic
    - nationality
    threshold: 0.85
    action: escalate
  citation-verifier:
    require_sources: true
    require_source_match: true
    min_groundedness: 0.85
  quality-scorer:
    thresholds:
      min_aggregate: 0.8
  audit-logger:
    immutable: true
    retention_days: 3650
    log_all_access: true

Example Scenarios

Privilege Protection

User: "Summarize the privileged and confidential memo from
partner Jones regarding the Smith v. Acme strategy."

→ legal-privilege BLOCKS
  Reason: Request references attorney-client privileged material
  Escalated to: managing-partner

UPL Prevention

Client: "Should I file for bankruptcy?"

LLM generates: "Based on your situation, you should file for Chapter 7..."

→ upl-filter REWRITES:
  "Based on general information, Chapter 7 and Chapter 13 are
  common bankruptcy options. This is for informational purposes
  only and does not constitute legal advice. Consult a licensed
  attorney for guidance specific to your situation."

Legal Research

Attorney: "Find precedent for cases involving AI liability
in medical malpractice."

→ pii-detector: No PII found
→ citation-verifier: Validates cited cases exist
→ Response with verified case citations and disclaimer

Citation Verification for Legal Research

AI-generated legal citations frequently hallucinate case names and citations. The citation-verifier policy guards against this:

policy:
  citation-verifier:
    require_sources: true
    require_source_match: true
    min_groundedness: 0.85
policies:
  chain:
  - citation-verifier
pack:
  name: legal-example-2
  version: 1.0.0
  enabled: true

When a response contains unverifiable case citations, it's escalated for attorney review rather than delivered to the client.

Provider Recommendations

Use Case	Provider	Reason
Contract drafting	Anthropic Claude	Long-context for multi-page contracts
Legal research	Perplexity	Search-augmented for precedent
Embeddings	Voyage voyage-law-2	Legal domain-tuned embeddings
EU-compliant	Mistral AI	EU data residency
Self-hosted	Ollama / vLLM	Maximum client confidentiality

For AI systems

• Canonical terms: Keeptrusts legal governance, attorney-client privilege, UPL filter, citation verification, legal confidentiality.
• Policy pack: legal-governance with chain: prompt-injection → rbac → pii-detector → legal-privilege → upl-filter → dlp-filter → bias-monitor → citation-verifier → quality-scorer → audit-logger.
• Key policies: legal-privilege (prevents privilege waiver), upl-filter (blocks unauthorized legal advice), pii-detector (client identities, case details), dlp-filter (matter numbers, settlement amounts, opposing counsel strategy), citation-verifier (validates legal citations), bias-monitor (fair outcome analysis), audit-logger (retention for bar compliance).
• CLI: kt gateway run --policy-config ./policy-config.yaml, kt events tail --policy legal-privilege, kt events tail --policy upl-filter.

For engineers

• Deploy: kt gateway run --policy-config ./policy-config.yaml --port 41002
• Validate: kt doctor confirms legal-privilege, upl-filter, citation-verifier, and audit-logger are active.
• Monitor privilege: kt events tail --policy legal-privilege (privilege waiver prevention).
• Monitor UPL: kt events tail --policy upl-filter (unauthorized legal advice blocking).
• Monitor citations: kt events tail --policy citation-verifier (legal citation validation).
• Export compliance records: kt export create --format json --filter "policy=audit-logger,legal-privilege"
• Console: Events (filter by legal-privilege), Escalations (route to managing partner/GC), Audit Log (bar compliance and malpractice defense).

For leaders

• Addresses attorney-client privilege (ABA Model Rules), unauthorized practice of law (state UPL statutes), client confidentiality obligations, bias in legal analysis, and record retention requirements.
• Attorney-client privilege technically protected — privileged communications never reach external LLM providers, preventing inadvertent waiver.
• UPL prevention ensures AI never provides "legal advice" to non-attorneys, protecting the firm from bar complaints.
• Citation verification catches hallucinated case law before it enters briefs or memoranda.
• Client identities and case details redacted at the gateway — satisfying confidentiality obligations.
• Complete audit trail supports malpractice defense, bar compliance reviews, and client audit requests.

Next steps

• Industries overview — Compare all industry policy configurations
• Legal Technology — eDiscovery, court filing, and legal hold governance
• Consulting — Client data isolation for legal consulting
• HR & Recruitment — Employment law AI compliance
• Finance — Regulatory compliance for legal finance teams
• Quickstart — Deploy your first gateway in minutes