Intelligence / Vendor Index / Methodology
Independent scoring. Six dimensions. Five bands.
The Advanta Vendor Index is the canonical, editorially independent assessment of vendors building AI capabilities for the legal function. Every entry is scored against six defensibility dimensions, placed against the five-band Maturity Stack, and stamped with the methodology version applied at the time of scoring. This page is the binding canon.
- Version
- v2026-Q3-v1
- Approved
- 2026-05-22
- Refresh
- Quarterly
- Status
- Binding canon
What this methodology is
The Advanta Vendor Index methodology scores legal-AI vendors against six defensibility dimensions — Governance, Evaluation & Monitoring, Security & Compliance, Data Handling, Transparency & AI BoM, and Lifecycle & Exit — and places each vendor against the canonical five-band Maturity Stack (Foundational → Defensible). The methodology binds an editorial independence canon: no advertising, no referral fees, no pre-publication vendor access, and no vendor editorial control over placement or right-of-reply text. Tier placements are determined by the Editorial Council; the methodology version applicable to each entry is stamped on the entry. Quarterly refresh; annual major-version review. The methodology applies uniformly across the six canonical vendor categories: Workbench, Agentic, Domain Systems, Eval & Monitoring, Governance, and Data & Knowledge.
Section 1
Scope and selection criteria.
Inclusion (all must apply)
- Legal-AI specificity. Named product or division targets legal use cases.
- Production-deployed. Available for purchase or paid trial today.
- Customer evidence. Public references, case studies, or analyst coverage establish paying users.
- Operational maturity. Founded ≥18 months ago OR backed by a parent with legal-sector operations OR stable through ≥2 release cycles.
Exclusion
- Methodology providers without product. Consultancies and training organisations (including Advanta itself) are not Index entries.
- Resellers. Distributors that resell a third-party product do not get separate entries; the underlying vendor does.
- Active litigation against Advanta or Council members. Review paused until resolution.
Volume target
Initial release publishes ~50 vendors across the six categories (~8 per category, ±2). v1 bias: mature operators with sufficient public evidence to score across all six dimensions. Subsequent quarterly cycles expand coverage as the methodology matures and new vendors clear the operational-maturity threshold.
Section 2 — six categories
Workbench · Agentic · Domain Systems · Eval & Monitoring · Governance · Data & Knowledge.
Categories are mutually exclusive. A vendor is assigned to its strongest category by primary product use. Vendors with material offerings in two categories are flagged in the entry but band-placed in the primary category only.
Workbench
General-purpose legal AI workbenches that combine drafting, research, and review in a unified interface. Often the first AI surface adopted by a legal team.
Boundary
Workbench vs Agentic: the lawyer is the operator (Workbench) or the supervisor (Agentic). Workbench vs Domain Systems: Workbench is broad-surface; Domain Systems is built around one practice area.
Agentic
Vendors providing agentic workflows — autonomous or semi-autonomous task execution where the AI plans, acts, and reports across multiple steps without per-step human prompting.
Boundary
Tier scoring crosswalks the Agentic Tier framework (T0–T4); vendors are tier-placed on the framework they enable in customer deployments.
Domain Systems
Domain-specific AI systems with deep capability in one legal practice area — contracts, eDiscovery, IP, litigation analytics, compliance review, regulatory monitoring, etc. Vendors trade breadth for depth in their domain.
Boundary
A Workbench covers a broad lawyer's workflow surface. A Domain System is built around one practice area or workflow. Contract review platforms are Domain Systems; general drafting copilots are Workbench.
Eval & Monitoring
Platforms providing model evaluation, output quality monitoring, drift detection, hallucination measurement, and continuous quality assurance for AI in legal contexts.
Boundary
Includes both vendor-specific eval tooling and platform-agnostic evaluation infrastructure with a legal-domain offering.
Governance
AI governance platforms providing policy management, risk register, control mapping, audit evidence, and regulatory alignment — applicable to legal AI deployments.
Boundary
Crosswalks the Risk Taxonomy 2026 (9 classes) — vendors here are scored on the breadth and depth of risk-class coverage their platform addresses.
Data & Knowledge
Vendors providing the data and knowledge infrastructure layer — knowledge graphs, semantic search, document understanding, matter taxonomy, and the substrate AI runs on.
Boundary
Includes legal-specific knowledge platforms. Generic vector databases (Pinecone, Weaviate, etc.) without a legal product are excluded from this category.
Section 3 — six defensibility dimensions
Six dimensions. Anchored 0–100 rubric per dimension.
Every vendor in the Index is scored on the same six dimensions. Each dimension is an anchored rubric — scores are calibrated to the evidence requirements named below, not to vendor marketing claims. Composite score is the arithmetic mean of the six.
D1Governance
Documented AI governance posture, accountable executive ownership, and external audit attestation that withstands board and regulator scrutiny.
▾
Governance
Documented AI governance posture, accountable executive ownership, and external audit attestation that withstands board and regulator scrutiny.
Score anchors
- 5
- Published AI governance framework. Named accountable executive. External audit attestation (ISO 42001 or equivalent). Public methodology + change log.
- 4
- Documented AI governance with internal audit cadence. Named accountable owner. No external attestation but a clear policy stack.
- 3
- Governance committee exists. Policies in force. No published external evidence.
- 2
- Informal governance. Policies exist but not consistently applied.
- 1
- No documented governance posture.
D2Evaluation & Monitoring
How rigorously the vendor measures, publishes, and continuously monitors the accuracy, hallucination rate, and failure modes of its AI outputs.
▾
Evaluation & Monitoring
How rigorously the vendor measures, publishes, and continuously monitors the accuracy, hallucination rate, and failure modes of its AI outputs.
Score anchors
- 5
- Published evaluation methodology + quarterly benchmark results + customer-comparable accuracy metrics. Third-party validation cited.
- 4
- Internal evaluation framework with documented metrics. Customer-facing accuracy claims backed by methodology.
- 3
- Some published metrics but methodology opaque. Selected case studies establish a baseline.
- 2
- Marketing claims of accuracy without methodology. No published benchmark.
- 1
- No evaluation evidence.
D3Security & Compliance
External attestation against recognised security and compliance frameworks (SOC 2, ISO 27001/27017/27018, sector-specific) with current evidence accessible to customers.
▾
Security & Compliance
External attestation against recognised security and compliance frameworks (SOC 2, ISO 27001/27017/27018, sector-specific) with current evidence accessible to customers.
Score anchors
- 5
- SOC 2 Type 2 + ISO 27001 (or equivalent) + sector-specific certifications (HIPAA, FedRAMP, ISO 27017/27018). Published penetration test results.
- 4
- SOC 2 Type 2. Active penetration testing programme. Customer-accessible compliance documentation.
- 3
- SOC 2 Type 1 or in-progress Type 2. Documented security controls.
- 2
- Self-attested security posture. No external certification.
- 1
- No published security evidence.
D4Data Handling
How customer data is handled: residency, retention, training-data isolation by default, and explicit model-output IP terms.
▾
Data Handling
How customer data is handled: residency, retention, training-data isolation by default, and explicit model-output IP terms.
Score anchors
- 5
- Customer data isolated from model training by default. Configurable residency (EU/UK/US). Published retention + deletion SLAs. Documented model-output IP terms.
- 4
- Data isolation default + residency options. Standard retention policy. Output IP terms in main contract.
- 3
- Data isolation available on opt-out. Limited residency choice. Retention policy published.
- 2
- Customer data may flow into training without explicit opt-out. Residency limited.
- 1
- Opaque data handling. No published policy.
D5Transparency & AI BoM
Published AI Bill of Materials, disclosed model dependencies, and per-output decision provenance accessible to customers.
▾
Transparency & AI BoM
Published AI Bill of Materials, disclosed model dependencies, and per-output decision provenance accessible to customers.
Score anchors
- 5
- Published model architecture (or vendor-disclosed model dependencies, i.e. AI BoM). Customer-accessible decision provenance per output. Open methodology for accuracy claims.
- 4
- Model dependencies disclosed. Output-level provenance available on request.
- 3
- High-level model description published. No per-output provenance.
- 2
- “AI-powered” claims without architectural disclosure.
- 1
- Closed-box positioning with no architectural transparency.
D6Lifecycle & Exit
How the vendor manages product evolution and customer exit: deprecation policy, model upgrade transitions, customer-impact disclosure, and contractual exit terms.
▾
Lifecycle & Exit
How the vendor manages product evolution and customer exit: deprecation policy, model upgrade transitions, customer-impact disclosure, and contractual exit terms.
Score anchors
- 5
- Published deprecation policy with N-month notice SLA. Documented model-upgrade methodology + customer-facing change log. Backward compatibility commitments. Contractual data-portability terms.
- 4
- Deprecation policy + change log. Customer-impact reviews on major model upgrades. Standard exit clauses in MSA.
- 3
- Change log published. Deprecation notice variable but historically given.
- 2
- Ad-hoc product updates. Customers notified post-change.
- 1
- No published lifecycle posture. Surprise changes documented in customer complaints.
Section 4 — composite scoring → maturity-stack placement
Five bands. Aligned to the Maturity Stack.
Composite score = arithmetic mean of the six dimension scores, scaled 0–100. Band placement uses the canonical 5-band Maturity Stack — the same band taxonomy the Diagnostic uses for the function-level score — so that vendor maturity and function maturity are directly comparable.
| Band | Score range | What it means |
|---|---|---|
Band 5 Defensible | Composite ≥ 90 | Institutional-grade. Evidence-attested across all 6 dimensions. Suitable for AmLaw 100 / Magic Circle / regulated enterprise procurement. RequirementsAll 6 dimensions ≥ 75. No single dimension < 75 — i.e., institutional-grade across the board. AND ≥ 12 months post-launch (the Defensible age ceiling). |
Band 4 Optimised | Composite 75 – 89 | Production-mature with strong evidence across most dimensions. Suitable for enterprise procurement with documented mitigations on noted gaps. RequirementsAll 6 dimensions ≥ 60. Material strength on ≥ 4 dimensions. No dimension below the production-deployment floor. |
Band 3 Integrated | Composite 60 – 74 | Production-deployed and operating across multiple customer environments. Strong on 3–4 dimensions, partial on others. RequirementsAt least 4 dimensions ≥ 60. Evidence base growing across the remainder. |
Band 2 Operational | Composite 45 – 59 | Production-deployed but evidence base thin or recently shipped material change. Promising; monitored quarterly. RequirementsAt least 3 dimensions ≥ 45. Clear product-market signal but insufficient evidence depth for higher placement. |
Band 1 Foundational | Composite < 45 | Below the production-deployment threshold for institutional procurement. Listed for completeness; quarterly review may reinstate to a higher band. RequirementsBelow the band thresholds above OR an override condition (Section: Override Conditions) has applied a floor downgrade. |
Defensible age ceiling
Vendors less than 12 months post-launch are capped at Optimised regardless of composite score. The Defensible band implies survival of operational stress (model upgrade transitions, customer escalations, regulator inquiry) that very-young vendors have not yet faced. The 12-month floor is in addition to the 18-month inclusion criterion that gates Index entry at all.
Override conditions
- Documented security incident in preceding 12 months without published remediation evidence — floor: Operational.
- Material misrepresentation of capability publicly demonstrated — floor: Operational or Foundational.
- Active enforcement action by a regulator related to the AI product — floor: Operational.
Section 5 — editorial independence canon
No advertising. No referral fees. No pre-publication vendor access.
Advanta accepts no payment, sponsorship, advertising, referral fees, or in-kind compensation from any vendor evaluated in this Index, regardless of band placement. We do not publish “sponsored” entries or accept guest-authored vendor profiles.
Band placements are determined by Advanta's Editorial Council applying the published methodology (v2026-Q3-v1). Council members disclose any prior advisory, investment, or employment relationship with a vendor; a member with a disclosed relationship recuses from that vendor's review.
Vendors receive their band placement and the supporting scoring rubric after the Index is published. Vendors have a right of reply (see Section 6); replies are reviewed at the next quarterly cycle. Vendors have no editorial control over their entry, their band, or their right-of-reply text being abridged for length.
Disputed bands do not change between cycles. The Editorial Council's review at the next quarterly cycle is final.
The methodology version applicable to each Index entry is stamped on that entry. Methodology version bumps trigger full re-scoring of the Index at the next quarterly cycle.
Section 6 — right-of-reply policy
Replies are reviewed at the next quarterly cycle. Post-publication only.
Process
- Publication. The Index publishes on the announced quarterly date. Vendors are notified by email of their entry, band, and scoring rubric on the publication date — not before.
- Submission window. Vendors may submit a reply within 30 days of publication, addressed to the canonical editorial inbox.
- Format. The reply must specify (a) which scored dimension(s) are disputed, (b) what evidence supports the dispute, and (c) what band or score the vendor believes is warranted. Replies without specific evidence are noted but do not trigger Council review.
- Council review. Replies meeting the format requirement are added to the Council's agenda for the next quarterly cycle.
- Outcome. Three possible outcomes documented in the next publication's change log: band confirmed, band adjusted, or methodology bug requiring broader retroactive review.
What right-of-reply does not allow
- Pre-publication review of the vendor's own entry.
- Editorial input on competitors' entries.
- Suppression of the entry from the Index (only the Council can exit a vendor).
- Anonymous reply.
Final authority
Council review cadence is quarterly. Final authority rests with Editorial Council majority vote; the founder may exercise a tie-breaker but cannot override a unanimous Council position. All right-of-reply outcomes are documented in the public change log: vendors named, evidence summarised, decision rationale published.
Section 7 — versioning and refresh cadence
Quarterly refresh. Annual major-version review.
Methodology versioning
- v2026-Q3-v1
- Major release — complete methodology document. Annual (Q3 default), or when ≥3 dimensions are added/removed/redefined.
- v2026-Q3-v1.1
- Minor update — rubric anchor refinement, override condition addition, category boundary clarification. Quarterly.
- …-p1
- Patch — typos, formatting, broken links. As needed; no Council review required.
Every Index entry is stamped with the methodology version applied at the time of placement. Versioned references are permanent: a vendor's 2026-Q3-v1 placement remains queryable forever; the next cycle re-scores under whichever version is current at that point.
Refresh cadence
- Vendor scoring
- Quarterly — new band placements per cycle (Q1, Q2, Q3, Q4).
- Minor update
- Quarterly — version bump (v1 → v1.1 etc.).
- Major release
- Annual — new annual version (e.g., 2027-Q3-v1).
- Annual dataset
- Annual (Q1) — aggregate maturity data published as separate document.
- Council review
- Annual — confirmed membership; conflict disclosures refreshed.
Major-version migration
When methodology hits a new major version, the entire Index is re-scored under the new methodology at the next quarterly publication. Vendors previously placed under the old version receive notification of the methodology change, their new placement under the new version, and a 60-day window to update evidence before the next publication.
Apply the methodology
Browse the Index or take the Diagnostic.
The Vendor Index applies this methodology to the legal-AI vendor universe. The Diagnostic applies the same five-band Maturity Stack to your function. Both publish under the same canon and the same version cadence.
Related Canon
Where this methodology sits.
Vendor Index
The 6-category, 5-band Index this methodology governs.
Defensibility
The institutional canon the six dimensions operationalise for vendors.
Risk Taxonomy 2026
The nine risk classes vendor scoring crosswalks against.
Agentic Tier Framework
T0–T4 — vendor scoring shifts with the tier the vendor enables.
Lifecycle
How vendor Dimension D6 maps onto the AI Lifecycle stages.
ROAI 4-Category
How vendor scoring shapes the Defensibility quadrant.
Maturity Stack
The 5-band canon that vendor placement is aligned to.
8-Pillar Framework
Pillar 6 (Vendor, Procurement & Technology) is the institutional home for this Index.