Explain This: What to Ask Before You Buy GenAI for eDiscovery
The legal tech M&A market is moving fast.
The legal tech M&A market is moving fast.
HaystackID just acquired eDiscovery AI. Other vendors are racing to bolt "GenAI workflows" onto their platforms. Every sales deck now includes a slide about AI-powered review, AI-assisted coding, AI-generated summaries.
The pitch is compelling: faster review, lower costs, fewer associates staring at documents.
The risk is quieter: privilege leaks, chain-of-custody gaps, hallucinated conclusions, and a courtroom record that does not support the work you claim you did.
This is the due diligence checklist you need before you buy.
What it is
GenAI for eDiscovery means using large language models to: - suggest relevance and privilege codes - generate document summaries - identify key custodians and themes - draft privilege logs - surface hot documents faster
In theory, this accelerates review and reduces cost.
In practice, it introduces a new class of evidence-handling risk that most buyers are not asking about.
Why it matters
Three reasons.
First, AI-assisted review is becoming a standard of care. If your opponent uses AI and you do not, you may face pressure to explain why your review took longer and cost more. That pressure will push adoption faster than diligence.
Second, when AI makes mistakes in litigation context, the mistakes become exhibits. A hallucinated summary that mischaracterizes a document. A privilege call that an associate rubber-stamped. A chain-of-custody gap because data transited a third-party model. These are not hypotheticals.
Third, regulators and courts are starting to ask questions about AI-assisted work. The standard for "reasonable inquiry" is evolving. If you cannot explain how the tool worked, you may not be able to defend the conclusions it produced.
What to ask vendors (the checklist)
1) Where does my data go?
- Does the model run on-premises, in a private cloud, or via a shared API?
- Is data transmitted to a third party (including the model provider)?
- Is data used to train or fine-tune any model?
- Can you produce a data flow diagram showing every system that touches my data?
If the answer is "we use OpenAI / Anthropic / Google APIs," you need to understand what that means for privilege, confidentiality, and contractual obligations.
2) How do you prove chain-of-custody?
- Can you produce an immutable audit log of every document, every AI action, and every human decision?
- Can you prove what version of the model was used at what time?
- Can you export that log in a format a court or regulator can ingest?
Chain-of-custody is not a feature request. It is a litigation requirement. If the vendor cannot produce it, you cannot defend the process.
3) What happens when AI is wrong?
- How do you detect hallucinations or misclassifications?
- What is the human review layer, and how is it enforced?
- Can you show me a sample QC report?
"The AI is very accurate" is not an answer. "Here is the error rate, here is how we catch errors, and here is how we document corrections" is an answer.
4) How do you handle privilege?
- Does the model ever see privileged content?
- If yes, what controls prevent disclosure or leakage?
- Can you prove that a human (not AI alone) made the final privilege call?
- What happens if AI flags something as non-privileged and it turns out to be wrong?
Privilege waiver is not recoverable. If AI makes the call and you cannot prove a human reviewed it, you may have a problem.
5) What is your auditability story for opposing counsel?
- If opposing counsel challenges our review methodology, what documentation can you provide?
- Can you produce a declaration explaining how the AI was used?
- Do you have prior experience testifying or producing evidence about your AI workflows?
This is the question most buyers forget. The time to ask is before you sign, not after a motion to compel.
6) What is the contractual exposure?
- What indemnification do you offer for AI errors?
- What are the liability caps?
- Who owns the work product, and who can access it?
- What happens to my data when the contract ends?
Read the MSA. If the vendor's liability is capped at fees paid and there is no AI-specific indemnity, you are carrying the risk.
What to do this week
- Pull your current eDiscovery vendor contracts and check for AI-related terms.
- Ask your vendors to complete this checklist in writing.
- If you are evaluating new vendors, add these questions to your RFP.
- If you are in-house, brief your litigation team on the difference between "AI-assisted" and "AI-decided."
