Navigating AI Governance: A Practical Guide for Law Firms

As artificial intelligence transforms legal practice, law firms face increasing pressure to adopt AI while ensuring compliance with emerging regulations. In a recent Platforum9 Session, Ciara O’Buachalla, a former lawyer turned legal tech entrepreneur, provided crucial insights into how firms can navigate the European Union’s AI Act and establish proper governance frameworks.

The Regulatory Landscape Takes Shape

The EU AI Act’s implementation follows a carefully staged approach, with key dates that firms must prepare for. Starting February 2, 2025, rules on prohibited AI systems take effect, followed by regulations on general purpose AI models in August 2025. The final stage arrives in August 2026, when high-risk AI system rules and regulatory sandboxes become operational.

Building the Foundation for Compliance

The journey towards compliance begins with a comprehensive mapping of AI usage across the organisation. “First, map out all current planned AI use cases across departments, functions, tools, even features,” O’Buachalla advises. This inventory becomes the foundation for all subsequent governance decisions.

Organisations must then determine their role within the AI ecosystem. A firm might be a provider developing AI systems, a deployer using them under their authority, an importer bringing solutions into the EU market, or a distributor making them available within the EU. Each role carries distinct obligations under the Act.

Perhaps most critically, firms must conduct thorough risk assessments of their AI systems. This isn’t a one-time exercise but an ongoing process that must cover the entire AI lifecycle, from data collection through deployment and monitoring.

The Data Challenge

The Act places significant emphasis on data governance, requiring organisations to ensure their training data is relevant, representative, and free from errors. This requirement becomes particularly challenging when considering bias in data sets—an issue O’Buachalla highlights as especially problematic since human bias can be amplified by AI systems.

Key data governance requirements include:

  • Rigorous procedures for data collection and storage
  • Robust processing and sharing protocols
  • Technical measures to protect personal data

Importantly, GDPR compliance remains fundamental to AI governance. “AI governance starts with GDPR compliance,” O’Buachalla emphasises.

Understanding the Stakes

The penalties for non-compliance are severe and tiered according to the violation:

  • Deploying prohibited AI systems could cost organisations up to €35 million or 7% of annual worldwide turnover
  • Breaches relating to high-risk AI systems may incur penalties up to €15 million or 3%
  • Providing incorrect information to regulators risks fines up to €7.5 million or 1%

Creating an Effective Governance Structure

Success in AI governance requires a cross-functional approach. While some organisations are appointing dedicated AI officers, O’Buachalla suggests that the exact structure matters less than ensuring clear responsibilities and collaboration across departments. “It’s not just one person’s job,” she notes. “You need a team with IT expertise, compliance knowledge, and project management skills.”

Training becomes crucial in this context. Firms must develop comprehensive AI usage policies and ensure ongoing AI literacy training for all staff. This becomes particularly important as employees increasingly access AI tools independently—whether sanctioned by the firm or not.

Managing External Relationships

Vendor management takes on new importance under the AI Act. When selecting third-party AI providers, firms must carefully evaluate their compliance documentation and seek specific assurances. Enterprise agreements need robust service level agreements and clear delineation of responsibilities regarding AI governance.

The Path Forward

“It’s not going away,” O’Buachalla emphasises. “I would see it as an opportunity. If you get it right, that is a competitive advantage you have, whether it’s your product, your service, or your internal systems.”

While the regulatory requirements may seem daunting, they also present an opportunity for firms to differentiate themselves. Those that develop robust compliance frameworks now will be better positioned to leverage AI technology while maintaining regulatory compliance and client trust.

The key lies in viewing AI governance not as a one-time compliance exercise but as an ongoing process of adaptation and improvement. Regular risk assessments, policy updates, and continued training must become part of the firm’s operational DNA.

As the legal industry continues its technological transformation, the firms that thrive will be those that successfully balance innovation with compliance, using AI governance as a foundation for sustainable growth rather than seeing it as merely a regulatory burden.

Related

Working with International Teams: Keys to Cross-Border Success

Legal Directory Rankings: A Strategic Guide to Success

Building Your Legal Brand: A Young Lawyer’s Guide to Business Development

Getting the Deal Done: A Business Advisor’s Strategic Perspective

Building Key Client Relationships: Insights from Both Sides of the Table

Related

Working with International Teams: Keys to Cross-Border Success

Legal Directory Rankings: A Strategic Guide to Success

Building Your Legal Brand: A Young Lawyer’s Guide to Business Development

Getting the Deal Done: A Business Advisor’s Strategic Perspective

Building Key Client Relationships: Insights from Both Sides of the Table

Surviving and Thriving at Year-End: A Psychotherapist’s Guide for Legal Professionals

Innovation at the Core: Rethinking Legal Practice for the Modern Era

Ethics in Law: Navigating Professional Responsibilities in a Global Context

The Latest Trends in Legal Tech: Insights from the Frontline

Finding Your Ideal Legal Clients: The Art of Market Segmentation

The Future of Legal Shared Services: A Strategic Tool for Modern Law Firms

Introduction to a Career as a Legal Engineer: Bridging Law and Technology

The Path to Partnership: How Lawyers Can Make It

To Coach or Not to Coach in Law Firms, a Professional Dilemma

The Legal MBA: Strategic Choices for Law Firm Management and How to Make Them

Building a Career in International Criminal Law & Human Rights

Do Clients Hire the Firm or the Lawyer?

How to Dual Qualify as a U.S. Attorney

Lessons from the AI Frontline: How A&O Shearman Implemented Harvey

Special Skills for Startup Lawyers

Navigating AI Governance: A Practical Guide for Law Firms

How to Build Your Legal Practice Through Strategic Referrals

Getting the Balance Right: How Much is Too Much for Legal Services?

Technology is Only the Tool: The Human Side of Legal Innovation

Top 10 Challenges of Running a Law Firm

Dual Qualifying as a Solicitor in England and Wales: A Practical Guide

First Steps in Understanding English Contract Law

How to Do More with Less: Productivity Strategies for Legal Professionals

Introduction to Alternative Legal Service Providers

Why Small Law Firms Need to Move Quickly to Survive

Taking the Pain Out of Work – Wellbeing in the Legal Profession

Setting Effective Personal and Professional Goals in Legal

Winning Work in the Legal Profession

Why Lawyers who Provide Feedback Build Better Business

Expert Insights on Building Legal AI Platforms

Expert Insights on Building the In-House as a Service Model

How to Identify Leadership Talent in Law Firms

How to Study Law in the UK

Expert Insights on Best Use Cases for AI in Legal

Mastering Legal Directory Rankings: How to Make Top Tier

Legal CRM 2.0: Client Relationships in the Digital Age

Internal Coaching in Law Firms: Bridging the Gap in Professional Development

Is Arbitration the Solution? Insights from a Legal Expert

Get early access
to our community

Shape the future of legal

Apply as a moderator by filling and submitting this form.
We will use the information you provide on this form to be in touch with you. You can change your choice at any time by using the Manage consent link in this widget or by contacting us. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with our Terms.

Get Early Access to our app

We will use the information you provide on this form to be in touch with you. You can change your choice at any time by using the Manage consent link in this widget or by contacting us. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with our Terms.

Please fill out your details

We'll get back to you within 5 working days