Home → Glossary
Legal AI Glossary
The canonical terminology for Legal AI governance, operations, and transformation. Every term is defined for general counsel, legal operations leaders, and the teams they lead.
60 terms
A
AI BoM
FrameworkP6The procurement-grade inventory of AI components — models, datasets, tools, APIs, and vendors — used in a legal function's AI stack. The AI BoM (AI Bill of Materials) is the foundation for vendor due diligence, contract governance, and regulatory disclosure. It is the procurement-grade variant of the broader AI Inventory concept. 'AI Bill of Materials' is acceptable on first use only.
AI Inventory
ProductP6The broader canonical concept for documenting all AI tools, systems, and components in active use across a legal function — including approved tools, Shadow AI detections, and tools under evaluation. The AI BoM is the procurement-grade, contractually-referenced variant of the AI Inventory. The Inventory governs what is known; the BoM governs what is contracted, auditable, and disclosed.
AI Lifecycle
FrameworkP8The canonical five-stage sequence governing any AI use case from inception to retirement — Concept, Build, Deploy, Operate, Sunset. The AI Lifecycle provides the operational frame for governance, risk management, and performance measurement across any use case. It applies at both the individual tool level and the portfolio level. 'Project lifecycle' and 'AI project lifecycle' are forbidden synonyms.
AI Literacy
FrameworkP3The capability of legal function staff to understand, critically evaluate, and work effectively with AI systems — including their limitations, failure modes, governance requirements, and appropriate use contexts. AI Literacy is a prerequisite for responsible deployment at any Maturity Band. It is distinct from AI training (a delivery mechanism) and AI awareness (a surface-level outcome). 'AI training' and 'AI awareness' are forbidden synonyms.
Accountability dilution
Risk ClassP4Risk class 9 of the Risk Taxonomy 2026: when AI is in the decision loop, accountability for outcomes becomes structurally diffuse across the lawyer, the function, the vendor, and the board — and the diffuseness itself, independent of any specific failure, means no single party invests in the discipline that clear individual accountability would produce. Addressed by naming a single individual accountable for the function's overall AI posture with the mandate to enforce the governance framework.
Action irreversibility
Risk ClassP4An operational risk concept emerging at Tier 3 of the Agentic Tier framework: some sub-steps taken by an AI workflow operator cannot be undone once executed, including sent notifications, updated database rows, and modified system states. Currently positioned alongside hallucination as a distinct operational concern that workflow design and human-in-the-loop controls must address explicitly.
Agentic Tier
FrameworkP5The classification layer for AI systems that operate with autonomous decision-making, multi-step reasoning, or action-taking capability without per-step human approval. Agentic Tier governs use policy, escalation thresholds, and oversight requirements for the most capable AI deployments in a legal function. Higher Agentic Tier designation requires stronger governance controls, explicit board awareness, and documented Defensibility Posture.
Annual Legal AI OS Index
P7The Annual Legal AI OS Index is Advanta's planned annual publication of the aggregate maturity distribution of legal functions across the five bands of the Maturity Stack. Sourced from opt-in diagnostic submissions, the Index reports the cluster of investments functions at each band have made and the observed correlation between Defensibility-quadrant investments and avoided-incident rates. First publication targeted for 2027; by the second annual publication (2028), the dataset will support comparative claims about ROAI performance and incident exposure across cohorts.
C
Capability Portfolio
FrameworkP8The register in which every AI capability the legal function operates is recorded with its current Lifecycle stage. The Portfolio view surfaces stage-balance and enables governance committees to see at a glance which capabilities are in Concept, Build, Deploy, Operate, or Sunset at any given time, preventing both under-renewal and governance over-extension.
Cascade failure
Risk ClassP4An operational risk concept dominant at Tier 4 of the Agentic Tier framework: agent decisions feed downstream agent decisions such that errors compound across a multi-step autonomous process before any human review point. A distinct operational concern from single-step hallucination; controls focus on intermediate human review checkpoints and per-step audit trail discipline.
Client confidentiality breach
Risk ClassP4Risk class 7 of the Risk Taxonomy 2026: information protected by attorney-client privilege or matter confidentiality reaches a model provider, a vendor's broader infrastructure, another customer, or a vendor employee through an AI system in a way that compromises privilege or breaches the function's confidentiality obligations to clients — distinct from data leakage in that it covers specifically privileged or contractually confidential matter content with downstream legal consequences. Addressed by data handling and governance posture — the function must maintain matter-level and client-level AI policy mapping, vendor approval workflows that consider client-specific consent, and matter intake processes that surface AI restrictions before tooling is deployed.
Concept stage
Lifecycle StageP8Stage 1 of the AI Lifecycle: the function identifies a candidate AI use case, defines the problem, specifies success criteria across the four ROAI quadrants, maps the candidate against the Risk Taxonomy 2026, and makes a committee-recorded decision to pursue or not. The Concept stage ends with a formal proceed-or-not decision; Concept-stage governance is conducted at the committee's regular cadence, not ad hoc.
Confabulated execution
Risk ClassP4A Tier 3+ operational risk concept in the Agentic Tier framework: the AI agent proceeds through a workflow with hallucinated intermediate states, generating downstream actions and outputs based on facts the AI invented mid-workflow rather than facts sourced from the actual systems it interacted with. Treated as a distinct, governed risk pattern with its own evaluation, telemetry, and control requirements.
Constrained
FrameworkP4A legal function with high defensibility but low capability on the Capability–Maturity Matrix: well governed, not yet capable. Governance has run ahead of deployment — the inverse of Exposed. The remedy is to build capability under the governance already in place, progressing toward Defensible.
Continuous learning
FrameworkP4Defensibility Element 5 of 5. Incidents, close-calls and Sunset post-mortems feed a loop that refines the framework; methodology evolves on documented triggers. Cross-cutting across all 9 canonical Risk Taxonomy classes; most active in the Operate and Sunset stages of the AI Lifecycle.
D
Data leakage
Risk ClassP4Risk class 2 of the Risk Taxonomy 2026: information that should have remained inside the function reaches a model provider, a vendor's broader infrastructure, or another vendor customer through the AI system's data pathways — whether through training-use terms, logging, data residency gaps, or vendor support access to prompt content. Addressed by contemporaneous proof of data isolation, residency, retention bounds, and vendor-access controls per AI system in use.
Decision traceability
FrameworkP4Defensibility Element 1 of 5. Per AI-assisted output of consequence, the function maintains the inputs, model returns, and named human validator; reconstructable on demand. The element that anchors decision traceability discipline against Risk Taxonomy 2026 Class 1 (Hallucination) and Class 6 (Professional conduct exposure).
Defensibility Gate
OperationalP4The threshold a legal function crosses to demonstrate defensible AI operations and enter the Defensible maturity band (Band 5): the point at which capability is matched by governance, evidence, and supervised autonomy. Distinct from the Defensibility Gap (the problem of capability outpacing governance), the Gate is the bar that closes it; passing it is evidenced by a maintained Defensibility Posture Statement.
Defensibility Posture Statement
FrameworkP4A board- and regulator-ready document evidencing an organisation's Defensible AI posture at a specific point in time. The Defensibility Posture Statement draws from the AI Governance Framework (GOV-01), Risk Register (GOV-03), and Annual AI Audit (SUS-05). It is the canonical evidence artefact for regulatory inquiry, procurement due diligence, and board-level AI governance reporting.
Defensible AI
FrameworkP4The practice of designing, deploying, and governing AI systems that withstand regulatory scrutiny, board challenge, and client examination. Defensible AI requires documented evidence of governance, not stated intent alone. Advanta operationalises defensibility for legal AI: it builds on and extends compliance- and responsible-AI approaches by making governance testable and audit-ready.
Delegation-authority register
FrameworkP5The Tier 4 governance instrument that names exactly what an autonomous agent may and may not do within its delegated scope, requiring board or committee sign-off before deployment. The register defines the agent's action bounds, escalation triggers, and the named human accountable for the agent's behaviour within that scope.
Deploy stage
Lifecycle StageP8Stage 3 of the AI Lifecycle: the function moves from pilot to production, covering cutover, workflow updates, training rollout, and the operationalisation of decision traceability. The Deploy stage ends when the function declares the capability is in steady-state operation; the committee receives weekly status reports during the first month before shifting to monthly cadence.
E
EU AI Act
P4The EU AI Act is the European Union's regulatory regime for artificial intelligence. Provisional political agreement was reached December 2023, formal adoption proceeded through 2024, and staged enforcement began August 2025. The Act operationalises ISO/IEC 42001's management-system posture for high-risk AI use cases, imposing conformity assessment, post-market monitoring, and incident reporting obligations comparable in posture to medical device regulation. Article 26 places the burden of demonstrating compliance on the deployer of the AI system, not the provider — a structural cornerstone of the Defensibility framework.
Emerging
FrameworkP7A legal function at the start of the Capability–Maturity Matrix: low capability and low defensibility. Neither the AI capability nor the governance to operate it is yet established. The honest starting posture, and the base from which a function builds toward Defensible.
Evidence Register
FrameworkP4The catalogue maintained per AI system in use that records contemporaneous proof of governance: evaluation results, security attestations, data residency confirmations, model upgrade notices, and customer-impact assessments. The Evidence Register is updated on a quarterly cadence and on every material change, and is distinct from the Risk Register.
Evidence framework
FrameworkP4Defensibility Element 3 of 5. The discipline of maintaining the Evidence Register — per AI system × per Risk Taxonomy 2026 class, the contemporaneous proof the function holds. The operational substrate of the entire Defensibility posture; addresses all 9 canonical Risk Taxonomy classes by design.
Exposed
ProductP4A legal function whose AI capability has outpaced its governance and defensibility: high adoption, low defensibility. The capability is real; the evidence a board or regulator would accept is not. Exposed is the lead critical condition Diagnostic Pro surfaces when adoption runs ahead of the Defensibility Lens.
G
Governance Cadence
FrameworkP4The governance committee's operating calendar structured around the AI Lifecycle: Concept-stage intake meetings, Build-stage approval gates, quarterly Operate-stage reviews, and Sunset decisions all occupy scheduled positions in the cadence. The Governance Cadence prevents governance from being ad hoc or concentrated only at procurement.
Governance posture
FrameworkP4Defensibility Element 4 of 5. A named individual accountable for AI overall, with documented mandate; committee operating at the cadence the AI Lifecycle requires; the Capability Portfolio classified by Lifecycle stage. Addresses Risk Taxonomy 2026 Class 5 (Regulatory non-compliance), Class 8 (Shadow AI proliferation), and Class 9 (Accountability dilution).
M
Materiality calibration
FrameworkP5The governance discipline of setting and tuning the thresholds that determine which agent actions and decisions are escalated for human review at Tier 4 of the Agentic Tier framework. Miscalibrated materiality is a severe failure mode: thresholds set too high mean consequential decisions pass without human scrutiny; thresholds set too low negate the productivity benefit of autonomous operation.
Maturity Band
ProductP7One of five sequential positions in the Maturity Stack — Foundational (Band 1), Operational (Band 2), Integrated (Band 3), Optimised (Band 4), and Defensible (Band 5). Each Band is defined by threshold scores across the four Maturity Lenses. Bands are diagnostic outputs, not static labels; progression is evidence-based and threshold-governed.
Maturity Lens
ProductP7One of four analytical dimensions used to score an organisation's Maturity Stack position — Adoption (weight 25), Sophistication (weight 25), Defensibility (weight 30), and Autonomy (weight 20). Default weights sum to 100. Each Lens produces a normalised score; the composite across all four Lenses determines Maturity Band placement. The full name is Maturity Lens (Adoption / Sophistication / Defensibility / Autonomy).
Maturity Stack
ProductP7The canonical five-Band × four-Lens positioning instrument for the Legal AI OS. The Maturity Stack places an organisation at one of five Maturity Bands — Foundational through Defensible — based on composite scores across four Lenses: Adoption, Sophistication, Defensibility, and Autonomy. The Stack is the canonical positioning instrument; the Maturity Grid is the Year-1 field tool that maps into it.
Methodology transparency
FrameworkP4Defensibility Element 2 of 5. Per AI capability, the function articulates why this tool, why this configuration, why this control — in capability terms, not vendor names. Addresses Risk Taxonomy 2026 Class 3 (Model drift), Class 4 (Vendor lock-in), and Class 5 (Regulatory non-compliance).
Model drift
Risk ClassP4Risk class 3 of the Risk Taxonomy 2026: the vendor's underlying model changes behaviour between versions without proportionate notice to the deployer, causing the same inputs to produce materially different outputs across time. Addressed by requiring vendors to publish change logs and model upgrade notices with customer-impact assessments, and by versioning methodology against the model version in use.
Q
Q1 Productivity
FrameworkP5Canonical ROAI return category 1 of 4. Time saved per matter, throughput per lawyer, capacity freed for higher-value work. Typically the smallest of the four return categories (15–30% of total ROAI). Visible at the first quarterly review — the shortest time horizon. The CFO's question on the dashboard.
Q2 Defensibility
FrameworkP5Canonical ROAI return category 2 of 4. Avoided regulatory exposure, avoided incidents, avoided adversarial discovery, audit-readiness. Typically the largest single category of total ROAI (40–60%) for institutional legal functions. Visible at the first audit cycle — quarters, not months. The board's question; the largest under-counted category in functions that frame AI as a productivity story. Distinct from 'Defensible AI' (the operating posture) and 'Defensibility Posture Statement' (the artefact).
Q3 Institutional
FrameworkP5Canonical ROAI return category 3 of 4. The function's standing as strategic capability partner — the ability to take on work the function could not previously hold. Typically 15–25% of total ROAI. The longest payoff horizon — compounds across years as the other three categories work in concert. The executive committee's question.
Q4 Category positioning
FrameworkP5Canonical ROAI return category 4 of 4. Peer standing, talent attraction, client outcomes where AI capability differentiates the function. Typically 10–20% of total ROAI. Rewards early Concept-stage commitment — first-movers capture most of this category. The market's question; the category most often missed entirely by functions that wait for proof.
R
ROAI
FrameworkP5The four-quadrant return framework for AI investment in legal functions, comprising productivity value, Defensibility value, institutional value, and category positioning value. Productivity-only cases underweight the investment by a factor of three or four; the full ROAI frame presents the board with the complete case for funding AI at institutional scale.
ROAI 4-Category Framework
FrameworkP5Canonical Advanta framework for measuring the return on a legal AI programme. Four independent return categories on parallel clocks: Q1 Productivity (typically 15–30%), Q2 Defensibility (typically 40–60% — the largest single category), Q3 Institutional (typically 15–25% — longest payoff), Q4 Category positioning (typically 10–20% — rewards early action). The categories are independent ledgers, not a 2D positioning matrix. Replaces the deprecated v1 'ROAI 4-Quadrant Matrix' framing with weighted quadrants.
ROAI 4-Quadrant
FrameworkP5The canonical value lens for measuring and communicating Return on AI Investment in legal functions. The 4-Quadrant maps outcomes across four dimensions: efficiency, quality, risk reduction, and strategic value. 'ROI' alone is forbidden in AI contexts; 'ROI 4-Quadrant' and 'Value 4-Quadrant' are forbidden synonyms. ROAI (Return on AI Investment) is the canonical term.
Reduced supervisory capacity
Risk ClassP4An operational risk concept dominant at Tier 4 of the Agentic Tier framework: humans cannot review every agent action at autonomous scale, so the function relies on materiality calibration; miscalibrated materiality thresholds mean significant decisions pass without human scrutiny. A first-order Tier 4 control concern that compounds adjacent risks when oversight is structurally under-resourced.
Regulatory non-compliance
Risk ClassP4Risk class 5 of the Risk Taxonomy 2026: the deployment of an AI system, or the legal function's governance around it, violates a current regulatory obligation or fails to anticipate a near-term emerging one, including specific Articles of the EU AI Act, ICO guidance under UK GDPR, sectoral regulator expectations, and court rules on AI disclosure. Addressed by governance posture and methodology transparency — the function must maintain a current mapping of AI use cases to applicable regulations and an audit trail showing that each obligation has been assessed and addressed.
Risk Register
FrameworkP4The operational artefact in which every AI-related entry in the legal function maps to one of the nine classes of the Risk Taxonomy 2026. Paired with the Evidence Register, the Risk Register constitutes the minimum governance posture for institutional AI use: the Taxonomy is the inventory, and the Risk Register is the function's working record of exposure against it.
Risk Taxonomy 2026
FrameworkP4The canonical nine-class AI risk classification system for legal functions, versioned at 2026.1. The nine classes are: (1) Hallucination, (2) Data leakage, (3) Model drift, (4) Vendor lock-in, (5) Regulatory non-compliance, (6) Professional conduct exposure, (7) Client confidentiality breach, (8) Shadow AI proliferation, and (9) Accountability dilution. Every AI use case in the legal function is assessed and registered against this taxonomy; every Risk Register entry maps to one of the nine classes. 'Risk framework', 'Risk model', and 'Risk register taxonomy' are forbidden synonyms.
S
Shadow AI
FrameworkP4AI tools or capabilities used by legal function staff without formal approval, governance oversight, or organisational awareness. Shadow AI creates undisclosed risk exposure — privilege breach, uncontrolled data processing, and audit gaps — regardless of individual intent. Detection, policy enforcement, and AI Inventory integration are P4 Governance priorities. 'Rogue AI' and 'Stealth AI' are forbidden synonyms.
Sunset stage
Lifecycle StageP8Stage 5 of the AI Lifecycle: structured retirement of an AI capability triggered by vendor failure, capability replacement, use case obsolescence, or regulatory change. Sunset requires committee approval, data export in portable format, Evidence Register archival, lessons-learned capture, and vendor relationship closeout per contract exit terms.
T
Tier 1 Augmentation
TierP5The first tier of the Agentic Tier framework: AI as drafter or suggester where the lawyer reviews every AI output before any use and the AI does not take action. Standard supervision frameworks apply, audit trail is per-output, and the dominant risk classes are hallucination and professional conduct exposure if supervision is sloppy.
Tier 2 Co-pilot
TierP5The second tier of the Agentic Tier framework: AI executes routine sub-steps autonomously within a lawyer-supervised workflow, with the lawyer reviewing material outputs and exceptions rather than every sub-step. Audit trail moves from per-output to per-workflow; exception threshold calibration becomes a material governance decision; workflow-level audit infrastructure is required.
Tier 3 Workflow operator
TierP5The third tier of the Agentic Tier framework: AI runs multi-step processes end-to-end and packages outcomes for lawyer review, taking actions within the workflow but not cross-system actions without explicit per-task authorisation. New risk classes at this tier include action irreversibility and confabulated execution; audit trail requires per-execution logs and explicit workflow specifications with bounded-action lists.
Tier 4 Autonomous agent
TierP5The fourth tier of the Agentic Tier framework: AI initiates work, takes actions across systems within guardrails, and decides what to escalate; lawyers review exception flags and end-of-period summaries rather than per-execution outcomes. Requires a delegation-authority register with board sign-off, continuous audit trail, and materiality calibration; Tier 4 with weak Defensibility is operationally uninsurable.
V
Vendor Index
ProductP6Advanta's annual publication ranking legal AI vendors across standardised evaluation dimensions — capability, Defensible AI posture, commercial terms, and ecosystem fit. Vendor Index entries are produced independently; vendors do not pre-review their entries. Editorial independence from vendors is binding. For clarity, 'vendor rankings' and 'vendor scorecard' refer to this same publication.
Vendor lock-in
Risk ClassP4Risk class 4 of the Risk Taxonomy 2026: workflows, data, and methodology become so deeply embedded in one vendor's tooling that the switching cost to exit is disproportionate to the value extracted, whether due to technical, workflow, commercial, or regulatory entrenchment. Addressed by articulating methodology in terms of capabilities required rather than vendors deployed, and by negotiating data portability and exit-assistance terms at the Build stage.
WORKING WITH THESE TERMS
Where does your function stand?
The Free Baseline Diagnostic places your function on the Maturity Stack. Five minutes. No registration.
Run the diagnostic