While GenAI is captivating business audiences around the world, it represents a unique set of considerations for general counsel and legal teams. Like many functions, legal can certainly stand to gain from incorporating GenAI into ways of working. That said, a host of data protection and privacy concerns are holding some general counsels back from capitalizing on this emerging tool’s full potential
But GenAI doesn’t have to be an either/or decision. General counsels and legal teams in Canada and beyond can effectively employ GenAI while simultaneously mitigating its inherent risks. Doing so, however, requires the right strategic approach.
GenAI represents a groundbreaking leap in artificial intelligence technology. It is at once easily accessible, simple to use, relatively inexpensive — and abounding with possibilities for legal teams the world over. What could that look like from day to day?
Picture the continuous master statement agreements (MSAs), contracts and statements of work (SOWs) reviews that stream into legal day over day. Now picture applying a GenAI utility against that ongoing review process, one that’s capable of reviewing an SOW in a minute or less, automatically flagging details that must be changed as well as any potential trouble spots that fall outside preset assumptions. A GenAI-based tool of this nature could drive significant productivity gains, all while reducing the potential for human error or missed red flags.
That same principle can be applied against continuous calls for legal to participate in and support requests for proposal (RFPs). The right GenAI assistive technology can help general counsel and legal teams instantly complete core RFP fields using standard company information. This would speed up the process of completing these business-critical files, while elevating the role of legal team members from data processer to strategic reviewer. Instead of getting bogged down in the minutiae, general counsel and legal practitioners could instead focus on layering in the unique differentiators or specific details that set the business apart, strengthening the RFP itself and potentially opening the door to new conversations or even business wins.
Apply GenAI capabilities to vendor contracts, and a whole new landscape of possibilities emerges. For example, using GenAI to help govern MSAs could help legal teams implement factors like discount pricing structures at the right time with the right clients.
Similarly, GenAI could help a general counsel’s team spot abstract connections between contracts — think nested contracts sitting in different parts of the business that must be identified to effectively answer a query. By flagging anything out of the ordinary, or special, GenAI can support lawyers in digging deeper into contracts, and do so continuously so that contracts themselves become living documents that support better bottom-line business results.
Because GenAI mirrors the content generation and interpretation capabilities that characterize so many legal functions, opportunities to strategically apply it abound. Even so, general counsel teams continue to be cautious in embracing this technology — and rightly so.
On the regulatory front, many are concerned about the potential implications of the European Union Artificial Intelligence (EU AI) Act. Marking the world’s first concrete initiative for regulating AI, the Act aims to turn Europe into a global hub for trustworthy AI by laying down harmonized rules governing the development, marketing and use of AI in the EU. Geared to ensure the EU’s AI systems are safe and respect fundamental values and rights, the Act carries implications for all parties involved in developing, using, importing, distributing or manufacturing AI models — including providers and users outside the EU if the output of their system is intended to be used in the EU.
Canadian organizations operating internationally must undoubtedly begin considering the EU AI Act as part of operations. What’s more, Canada’s proposed Artificial Intelligence and Data Act (AIDA) — introduced as part of the Digital Charter Implementation Act in 2022 — is positioned to set a similar foundation for the responsible design, development and deployment of AI systems that impact Canadians’ lives. In September 2023, a new code was released providing Canadian companies with common, but temporary, standards to demonstrate their voluntary commitment to develop and use GenAI systems responsibly until federal regulations are formalized.
That said, compliance and regulatory requirements aren’t the only factors holding general counsels back from adopting GenAI at scale. Across the industry, there is a pervasive sense that unknown or hidden data and privacy risks are too big to overcome. In practice, that’s simply not the case. It is possible for general counsels and legal teams to tap into the vast range of GenAI possibilities while upholding rigorous security standards. It’s all a matter of asking the right questions at the front end and building in the right safeguards.
What does that entail? At EY, we encourage general counsel teams to consider five critical questions as they build out a plan for helping implement GenAI effectively, safely and flexibly enough to adapt for the future:
- Is our data sound? GenAI trains large language models (LLMs) based on the data you have. That means legal teams — and organizations as a whole — must have a clear and compelling data set to draw from. If your data itself is unreliable or riddled with errors, you could potentially feed that inaccurate content into your tool or amplify the error across the function. Sometimes manifested as “hallucinations,” bad data could actually prompt GenAI to create its own inaccurate story. A thorough data review and refresh is an important first step to reduce risks and implement GenAI well.
- What’s the best LLM approach for us? There are various ways to use LLMs. For example, here at EY we opted not to train LLMs with our data, as we wanted to take a conservative approach, keeping our data within our walls. Nevertheless, we still used LLMs for creating, validating and reviewing legal documents. To do this, we employed the concept of embeddings with LLMs and retrieval augment generation (RAG) with support from EY technology team. However, the importance of good data remained, being the foundational block of any AI or GenAI project. Our foundation models are trained offline, making the model agnostic to any data created after training.
- Do we have effective data protection guardrails in place? Safeguards for data privacy and confidentiality are table stakes in business today. Implementing GenAI is no exception. Doing a strategic analysis of existing data protection guardrails can help you spot any potential gaps and close them. This is beneficial for the legal team and the business itself, whether you’re diving into GenAI or not. But it becomes doubly important when layering in new technologies like GenAI. Don’t skip or rush this step in the process.
- How will we protect against copyright infringement? Especially in the legal realm, knowledge management and permission to access files is critical to helping ensure the confidentiality of any document in play. That said, if you’re going to embrace GenAI’s full potential, you need to do so in a way that prevents the potential for copyright infringement. You don’t want to be drawing someone else’s intellectual property (IP) into LLM model training. Preventing GenAI from scrolling through folders and information on the fly is essential. Guaranteeing that process requires a thoughtful approach to GenAI implementation. You’ll need to consider single sign-on functions and a host of other rules to prevent GenAI from accessing or using copyright information in its training. The right supplier can help build those processes into your GenAI tools so legal doesn’t have to worry about this once implementation takes place.
- What’s the best architecture for our GenAI model? Every legal team and every business will have distinctive considerations to factor in to an effective GenAI model. This technology isn’t about one-sized-fits-all approaches. Rather, putting your own people and specific team or organizational factors at the heart of architecture design is absolutely key. General counsel teams, lawyers and legal teams will need the right architecture at the right time to get the most out of GenAI. Cookie cutter approaches to GenAI architecture don’t just create additional risks; they hold legal teams back from maximizing the tool’s massive potential.