Home For COLPs How It Works AI Tools About Contact Run the Diagnostic
The AI governance crisis

The AI tools are brilliant.
The AI exposure is real.

Every AI tool your firm uses was built for productivity. Not one of them was built to satisfy an SRA inspection. That gap is where regulatory exposure lives. And it is already producing fines, enforcements, and firm closures.

The enforcement reality — 2025 to 2026

This is not a future risk.
It is a current crisis.

935
Proactive SRA AML engagements in 2024/25. Almost double the previous period. Inspections, desk-based reviews, thematic assessments.
70%
Of SRA fines in early 2025 involved inadequate firm-wide risk assessments. Not incompetence. Absence of documented evidence.
£23M+
FCA AML fines across regulated sectors in 2025. The direction of travel is more enforcement, larger fines, named individuals.
833
Firms underwent SRA onsite inspection or desk-based review in 2024/25. Your firm could be next. What will you show them?

Sources: SRA Anti-Money Laundering Annual Report 2024/25. Legal Futures, May 2026.

The AI tools landscape

Every tool does something brilliantly.
None of them constitute governance infrastructure.

These tools are not the problem. Deploying them without governance infrastructure is the problem. Every single one of them will produce output that cannot be audited, attributed, or defended in a regulatory inspection — unless REACH LAW sits above them.

New — May 2026
CL
Claude for Legal
Legal AI — Anthropic (Purpose-Built for Law)

Anthropic's dedicated legal AI. Launched 2026 with 12 practice-area plugins covering commercial counsel, privacy, corporate, employment, product, and AI governance work. MCP connectors link directly to DocuSign, Thomson Reuters Westlaw, Box, Ironclad, and Harvey. Integrated with Microsoft 365. Available to all paying Claude customers. The most significant legal AI launch of 2026 — described by Artificial Lawyer as moving "centre stage" in legal AI.

Regulatory exposureClaude for Legal is exceptionally capable. It reviews contracts, drafts documents, connects to your existing legal tools, and operates at speed across complex matter types. It does not — and cannot — create a timestamped, COLP-attributed governance record of how its outputs were used in compliance decisions. Speed and capability at scale increases, not decreases, the governance gap. The more Claude for Legal is used across your firm, the more critical REACH LAW becomes.
Co
Microsoft Copilot
General AI — Microsoft 365 (Most widely deployed in UK law firms)

AI assistant embedded across Word, Outlook, Teams, and Excel. Drafts emails, summarises meetings, generates documents. The single most widely deployed AI tool across UK law firms. Now also integrates with Claude for Legal via Anthropic's MCP connectors.

Regulatory exposureThe most common source of ungoverned AI output in regulated law firms. Every Copilot-drafted client email is AI output with no compliance gate. No COLP oversight record. Microsoft's compliance features cover data residency and security. Not SRA decision governance. Not COLP accountability. Not evidence of how compliance decisions were made.
C
Clio
Legal Practice Management

Practice management, billing, client intake, document management. Clio Manage AI generates matter summaries and automates time capture. Used by thousands of UK law firms.

Regulatory exposureAI-generated content and decisions are not logged as governed compliance events. No audit trail of who authorised AI output. No COLP oversight record. Excellent at productivity. Silent on accountability.
L
LEAP
Legal Practice Management

Matter management, document automation, time recording and billing. AI features include automated precedent drafting and matter summaries for UK law firms.

Regulatory exposureAI drafting output has no compliance gate. No record of whether the COLP reviewed AI-assisted documents. No governance layer between output and client delivery.
P
PracticeEvolve
Legal Practice Management

End-to-end practice management for UK law firms. Workflow automation, client management, and integrated document assembly.

Regulatory exposureWorkflow automation creates outputs without governance checkpoints. No mechanism to evidence that a named officer reviewed AI-assisted decisions before they became actions.
H
Harvey AI
Legal AI Research and Drafting

AI legal research, contract analysis, due diligence, and document drafting. Built specifically for legal professionals. Used by major UK and international law firms.

Regulatory exposureOutputs produced at speed with no deterministic compliance gate. No SRA-aligned audit trail. The firm cannot evidence how Harvey's output was reviewed, by whom, and what governance decision was made.
Lx
LexisNexis
Legal Research and Intelligence

Legal research, case law analysis, regulatory intelligence. Lexis+ AI provides generative AI research summaries and drafting assistance for legal professionals.

Regulatory exposureResearch outputs are AI-generated summaries. No record of how those summaries informed compliance decisions. The SRA does not inspect research quality. It inspects decision governance.
Sm
Smokeball
Legal Practice Management

AutoTime AI automatically captures billable time. Archie AI assists with matter-specific drafting. Strong productivity tool for UK high street firms.

Regulatory exposureAutoTime creates activity records for billing. Not for compliance. Archie AI drafting outputs have no SRA-aligned governance layer. Time captured is not the same as decisions governed.
Ar
Archie AI
Legal Drafting Assistant

Matter-centric AI drafting assistant. Produces letters, attendance notes, and legal documents from within the case management system.

Regulatory exposureEvery document Archie produces is AI output. None of it passes through a compliance gate before it reaches the client. No evidence trail that the COLP reviewed AI-assisted client communications.
Lz
Legalyze.ai
Document Review and Analysis

AI document review, contract analysis, and due diligence acceleration. Designed to reduce the time taken to review large document sets.

Regulatory exposureDocument review outputs have no governance audit trail. No record of how AI analysis informed legal advice or compliance decisions. Speed without accountability is a regulatory liability.
GP
ChatGPT
General AI

General purpose AI used by fee earners for research, drafting, summarisation, and client communication. Widely used informally in legal settings despite not being purpose-built for law.

Regulatory exposureThe highest-risk ungoverned AI tool in legal. Personal accounts, no firm control, no data boundary, no audit trail. Fee earner use is largely invisible to the COLP. Classic shadow AI.
Gm
Google Gemini
General AI

Google's generative AI across Workspace. Drafts emails, summarises documents, generates content. Increasingly embedded in Gmail and Google Docs used by smaller firms.

Regulatory exposureAI-generated client communications with no SRA governance layer. No evidence that Gemini output was reviewed by a named compliance officer before reaching a client.
Sf
Salesforce
CRM with AI

Einstein AI across Salesforce CRM. Automates client communications, predicts next actions, generates follow-up emails and case summaries for law firm BD teams.

Regulatory exposureAI-generated client communications created without compliance review. Marketing and BD outputs may breach ASA, SRA, or FCA rules without a governance gate. Salesforce is compliant with its own standards. Not yours.
Hs
HubSpot
CRM and Marketing with AI

AI content generation, email automation, client communication workflows. HubSpot AI drafts marketing emails, social posts, and client-facing content for law firm BD teams.

Regulatory exposureAI-generated marketing content with no ASA, SRA, or FCA compliance gate. Client-facing claims generated at speed with no record that a named compliance officer reviewed them before publication.
Ca
CaseMatters Evo
Legal Case Management (AI-integrated)

UK-specific legal case management with integrated AI. Built-in automation for case workflows, document generation, and client communications for regulated UK practices.

Regulatory exposureIntegration of AI into core case workflows without a deterministic compliance gate creates systemic exposure. Case management efficiency does not equal compliance governance. Two different things.
Sl
Slack AI
Communications with AI

AI-powered summaries of conversations, channels, and threads. Increasingly used to summarise client matters and internal compliance discussions.

Regulatory exposureAI summaries of compliance discussions are not compliance records. A Slack AI summary of a conversation about a client matter is not an audit trail. It is a productivity feature.
Li
LinkedIn AI
Professional Network with AI

AI-assisted post generation, profile writing, and message drafting. Widely used by law firm marketing teams and individual fee earners to generate professional content.

Regulatory exposureAI-generated content published in the name of a regulated firm or individual solicitor without compliance review. SRA and ASA rules apply to public-facing professional claims regardless of how they were generated.
The compliance comparison

What every tool claims.
What only REACH LAW actually delivers.

This is not about which tool is best at its job. It is about which tool can satisfy an SRA, FCA, or ICO inspection. That is a different question entirely. Only one answer exists.

Compliance capability Legal AI tools
(Clio, LEAP, Harvey etc)		 General AI
(Copilot, ChatGPT etc)		 CRM tools
(Salesforce, HubSpot etc)		 REACH LAW
Governance infrastructure
Timestamped decision audit trail Every decision
Named COLP attribution on every AI output By design
Binary fail-closed compliance gate Not 98%. Closed.
SRA-inspection-ready evidence pack Retrievable in 60 seconds
Traffic light status per AI output RED / AMBER / GREEN
Shadow AI detection Unregistered tools flagged
COLP real-time governance dashboard ~ Activity logs ~ CRM reports Built for the COLP
MLR 2017 AML governance layer ~ Partial Deterministic rules
UK GDPR data boundary enforcement ~ Data residency only ~ Data residency only No identifiable data crosses boundary
ASA / FCA marketing compliance gate Rule engine built in
Built as deterministic governance framework Productivity tool General purpose CRM tool From the ground up
Will satisfy an SRA investigation That is the entire point
The REACH LAW position

You do not need to throw
away your AI tools.
You need governance above them.

Every tool listed above is legitimate. Some are exceptional. The problem is not the tools. The problem is deploying them in a regulated environment without the infrastructure to prove that their use was governed. REACH LAW is that infrastructure.

Keep using Copilot. Keep using Clio.

Your fee earners' productivity tools stay in place. REACH LAW does not replace them. It sits above them as a governance layer that records, validates, and evidences how every AI-assisted decision was made.

Every tool becomes safer to use.

The regulatory exposure created by each tool does not disappear. REACH LAW reduces it to a manageable, auditable, defensible record. The gap between using AI and being able to prove it was governed closes the moment REACH LAW is deployed.

The COLP is protected.

Every compliance decision made across every AI tool in your firm is timestamped, attributed, and retrievable. When the SRA walks in, the COLP opens REACH LAW and produces the evidence pack. In under 60 seconds. Without reconstruction.

"REACH LAW does not decide what is compliant. It proves how compliance decisions were made."

The distinction that protects the COLP when the regulator arrives.

Find out where you stand

How exposed is your firm
right now?

The Exposure Diagnostic maps your firm's governance posture across every AI tool you are using. Four minutes. No commitment.

Run the Exposure Diagnostic