Many firms start the AI conversation in the wrong place.
They start with tools. Drafting tools, summarisation tools, research tools, copilots and assistants. Vendors demonstrate impressive capabilities and the conversation quickly becomes about which tool to buy.
But the real question is not which AI tool to use. The real question is whether the firm’s underlying systems and data are in a position where AI can be used safely and commercially.
Without the right foundations, AI does not create efficiency. It creates faster mistakes, faster data leakage and faster confusion.
In simple terms, if your systems, workflows and data are not structured, AI is built on sand.
There are three foundations that matter: automated workflows, robust security and a structured data platform.
The data problem
AI is only as useful as the data it can access and trust.
As an example, in many legal practices, data is spread across:
- Practice management systems
- Document management systems
- Finance systems
- Spreadsheets
- Individual file stores
The same client may exist in multiple systems with slightly different names. Matter information may sit in documents rather than structured fields. Financial data may not align cleanly with matter data. Reporting becomes a manual exercise.
An aside (for those not working in legal services), in legal services the primary unit of work is called a “matter”. In other industries this might be called a project, job, case or client engagement. Throughout this series we use the legal terminology, but the underlying principles apply to any professional services organisation.
In this environment, AI cannot reliably answer even simple questions like:
- Which clients are most profitable?
- Which matters overran budget?
- Which sectors are growing fastest?
- Where are write offs increasing?
The problem is not the AI. The problem is the data architecture.
A reference data architecture defines:
- Where core data should live
- How systems synchronise data
- Which system is the system of record for each data type
- How reporting and analytics are structured
- How data is secured and governed
Once that structure exists, AI becomes useful because it is working from consistent, governed data rather than disconnected fragments.
This is why the most advanced reference architecture we are developing is the data enabled practice. It is not about AI tools first. It is about data structure first.
The workflow problem
The second issue is workflow.
Many legal processes still rely on email, manual reminders and individual knowledge. Even where systems exist, workflows are not always automated or enforced.
AI works best when it sits inside structured processes:
- Matter opening workflows
- Client onboarding and compliance checks
- Document review and approval flows
- Billing and financial review processes
- Reporting and management information
If workflows are inconsistent, AI cannot reliably assist because there is no consistent process to augment.
A reference architecture defines not just systems, but how work should move through those systems. Automation reduces administrative overhead, improves consistency and creates structured data as a by product.
The security problem
The third foundation is security and control.
Legal firms hold highly confidential information. AI introduces new questions:
- Where is data processed?
- Is client data used to train external models?
- Who has access to AI tools?
- What information can be exported?
- How are prompts and outputs logged?
If security architecture is weak, AI increases exposure rather than productivity.
In this dimension, a reference architecture specifies:
- Identity and access control
- Data classification
- Secure document storage
- Controlled integrations
- Audit and monitoring
Security is not an add on. It is part of the architecture from the start.
Starting at the end and working backwards
The most advanced stage for a modern legal practice is a data enabled firm where systems are integrated, data is structured, workflows are automated and AI can be used securely and proportionately.
But not every firm can move there immediately, and many should not try.
For firms with legacy servers, fragmented systems and limited integration, the immediate priority is stability and security. For others, the priority is moving from on premise systems to structured SaaS platforms.
This is why we have developed three reference architectures for legal services, not one. They represent a progression, not a single destination.
Some firms need to stabilise.
Some need to modernise.
Some are ready to become data enabled and AI ready.
The important point is that all three stages are part of the same journey. The destination is clear, but the starting point will differ for every firm.
In the next article, we will start with the first stage: stabilising legacy infrastructure and establishing a secure cloud baseline. This is where many firms begin, and where a significant amount of risk can be removed quickly. If you would like to understand where your firm sits today and what a structured path forward could look like, get in touch for a conversation.