Vol. III · No. 128 Independent LegalTech Analysis Wednesday, June 17, 2026

The Legal Stack

← Analysis Analysis · In-House Legal

The GC's Dilemma: When Your Outside Counsel's AI Policy Is Better Than Your Own

There is a particular kind of discomfort that comes from reading a law firm's AI governance policy and realizing, somewhere around page four, that it is significantly more rigorous than anything your own department has produced. This is happening to general counsel at mid-market and...

Andy Armstrong
June 02, 2026 · 7 min read

There is a particular kind of discomfort that comes from reading a law firm's AI governance policy and realizing, somewhere around page four, that it is significantly more rigorous than anything your own department has produced. This is happening to general counsel at mid-market and enterprise companies with increasing regularity in 2026, and the implications run deeper than a simple capability gap. They cut into work allocation strategy, budget justifications, and the political relationship between the legal department and the CFO who keeps asking why headcount needs to grow.

How the Inversion Happened

The counterintuitive reality is that law firms had stronger institutional incentives to formalize AI governance earlier than in-house legal teams did. When a firm deploys AI on client work, it faces professional responsibility exposure, malpractice liability, and the very concrete risk of losing clients who ask hard questions during outside counsel reviews. The American Bar Association's Formal Opinion 512, issued in 2024, gave firms a regulatory pressure point that in-house legal departments simply did not have in the same concentrated form.

Firms like Orrick, Cleary Gottlieb, and A&O Shearman (formerly Allen & Overy, post-merger from 1 May 2024) — which rolled out dedicated AI labs and accompanying governance structures between 2023 and 2025 — were not doing this out of altruism. They were managing risk in a competitive market where enterprise clients were beginning to ask, directly and in outside counsel guidelines, what AI tools were being used on their matters and how outputs were being validated. Client pressure accelerated firm governance faster than internal corporate pressure accelerated in-house governance.

Meanwhile, in-house legal teams were caught in a different dynamic. They were under cost pressure to demonstrate efficiency, handed access to enterprise AI tools through IT procurement processes that moved faster than policy development, and often lacked a dedicated legal operations function with the bandwidth to build governance frameworks from scratch. The result: widespread informal AI use with minimal documentation, inconsistent review practices, and no audit infrastructure.

What "More Mature" Actually Looks Like

When I say a law firm's AI policy is more mature than a client's internal policy, I mean something specific. Mature AI governance in legal practice includes, at minimum: documented model version tracking (knowing which version of which tool generated which work product, and when), output review logs showing that a licensed attorney reviewed and annotated AI-generated content before it was used or transmitted, defined escalation protocols for outputs that fall outside confidence thresholds, and periodic auditing of AI use against those logs.

A firm operating at this level can tell you, for a given contract negotiation or regulatory filing, exactly which AI tool touched the work, at what stage, and what human review occurred. That is an audit trail. Contrast this with a typical in-house legal team using Microsoft Copilot or Harvey through an enterprise license, where usage data lives in platform dashboards that nobody is actively reviewing, where there is no policy on when AI-drafted language requires attorney annotation before it enters a contract, and where the term "model version" has never appeared in a team meeting.

The gap is not about which tools are being used. It is about whether there is a governance layer sitting above tool use — one that creates accountability, enables review, and would survive scrutiny in a dispute or regulatory inquiry.

The Work Allocation Problem

Once you see the gap clearly, it creates a genuine dilemma for work allocation decisions. If your outside counsel has better controls on AI-assisted contract review than your internal team does, routing that work in-house to save money is not straightforwardly a cost reduction. It may be a risk transfer that you have not priced correctly.

This is not an argument for keeping work outside. It is an argument for being honest about the governance delta when making insourcing decisions. Several GCs I have spoken with recently are using their outside counsel AI policies as benchmarking documents — essentially reverse-engineering a requirements list from what their firms have already built and asking whether their own team could meet that standard before pulling work back in-house.

That is a practical and defensible approach. It also produces something useful: a specific, documented gap analysis rather than a vague sense that "we need to do something about AI policy."

The CFO Conversation

The political difficulty is real. If you spent the last eighteen months arguing that expanding your in-house team would reduce outside counsel spend, telling the CFO that your outside counsel has better AI governance than your internal department is a painful conversation. It sounds like an admission that the expansion did not deliver the operational maturity it was supposed to.

The honest framing is that tool deployment moved faster than governance in almost every corporate legal department — this is not a failure unique to your team. But the CFO does not particularly care about industry benchmarks. What the CFO cares about is whether the legal department's use of AI is creating liability the company is not aware of. Frame the governance gap in those terms, not as a capability embarrassment but as a risk management issue that requires a defined remediation plan with a budget and a timeline.

A Framework for Closing the Gap

You do not need a full legal ops transformation to reach baseline AI governance maturity. You need four things:

1. An AI use inventory. Document every AI tool currently in use by the legal team, the use cases, and the licensing structure. Most teams are surprised by how many tools are in active use.

2. A minimum review standard. Define, in writing, what attorney review is required before AI-generated content is used in a contract, advice memo, or external communication. This does not need to be elaborate. It needs to exist.

3. A logging mechanism. Require that AI-assisted work products be flagged in your matter management or contract management system. Most platforms now support custom metadata fields that can serve this function without custom development.

4. A quarterly governance review. Assign someone — a senior associate, a legal ops manager, outside counsel on a limited scope engagement — to review AI use logs against your minimum review standard and report exceptions.

None of this requires a platform purchase or a reorganization. It requires about forty hours of focused work to build and a commitment to enforce it. The firms you are hiring have already done it. There is no good reason your department should not have as well.

More Analysis