An AI audit in the legal context is a systematic, structured review of one or more AI tools used by a law firm or legal department, evaluating: the tool's performance against accuracy and reliability standards; the vendor's data handling practices against contractual commitments and regulatory requirements; the firm's use of the tool against its own AI governance policies; and the overall risk posture associated with the tool's continued use.
AI audits can be conducted internally (by the firm's legal technology, risk, or compliance staff) or externally (by third-party auditors, including the security auditors who issue SOC 2 reports for vendors). They are distinct from, but complementary to, the pre-procurement due diligence that occurs before a vendor is selected — audits are ongoing assessments that verify continued compliance and performance throughout the vendor relationship.
The concept of auditing AI tools is gaining regulatory backing. The EU AI Act requires that deployers of high-risk AI systems maintain documentation of their oversight activities — which in practice requires some form of ongoing audit. GDPR Article 28 DPAs increasingly include vendor audit rights as a standard provision. ABA Formal Opinion 512 (2023) implicitly endorses ongoing monitoring of AI tools as part of the attorney's competence and confidentiality obligations.
Within a law firm AI governance framework, AI auditing serves three distinct functions: accountability (verifying that vendors are doing what they committed to do), quality assurance (assessing whether AI outputs are meeting the firm's accuracy and reliability standards), and governance validation (confirming that attorneys and staff are using AI tools in accordance with the firm's policies).
The arguments for regular AI auditing are both defensive and affirmative. Defensively, documented audits are critical to the firm's position in the event of an AI-related incident. If a vendor breach exposes client data, or an AI error causes client harm, a firm that can demonstrate it conducted regular audits — reviewed vendor certifications, tested output accuracy, verified data handling practices — is in a significantly stronger position than a firm that selected the vendor initially and then never reviewed its practices. The audit record is evidence of reasonable protective measures.
Affirmatively, regular auditing improves AI tool performance within the firm. When a firm systematically reviews AI outputs for accuracy, it identifies the use cases and conditions under which a particular tool performs well and those where it underperforms. This knowledge should inform how the tool is deployed — restricting it to high-performance use cases and supplementing it with additional human review in use cases where it performs less well. Without auditing, firms cannot make informed decisions about AI tool deployment.
The regulatory dimension is growing. Under the EU AI Act, deployers of high-risk AI systems must implement oversight measures that include monitoring system performance and maintaining logs of AI outputs — both of which are components of an AI audit program. As EU-adjacent clients subject US law firms to supply chain compliance requirements, firms may face contractual obligations to conduct AI audits that flow from client requirements.
How It Works
A law firm AI audit program typically operates on two tracks: internal operational audits (what the firm is doing) and vendor security audits (what the vendor is doing).
Internal AI operational audit components:
Output quality review. A sampling of AI-generated work product from the audit period is reviewed by qualified attorneys for accuracy, completeness, and reliability. For legal research AI, this means verifying a sample of AI-generated citations and checking that AI-identified case law accurately reflects the holdings cited. For contract review AI, this means comparing AI risk assessments against an attorney's independent review of the same contracts. For document drafting AI, this means reviewing AI-generated drafts for accuracy, appropriate legal standards, and completeness. The sample size should be statistically meaningful and drawn randomly rather than from a cherry-picked set. Findings should be documented.
Data flow audit. The firm maps how client data moves through each AI tool: which data fields are sent to the vendor, how the vendor processes them, which subprocessors handle the data, where data is stored, and how data is deleted. This map is then compared against the vendor's DPA commitments and the firm's AI governance policies. Discrepancies — data being sent that should not be, subprocessors not disclosed in the DPA, data retention inconsistent with commitments — are documented and escalated.
Access log review. Who accessed which AI tools, for which matters, at what times? Access logs reveal whether AI tool use is consistent with authorized use cases — whether attorneys are entering client data of the permitted classification, whether AI tools are being used only on approved matter types, and whether any unauthorized users have access. AI tools with robust audit log features (a key evaluation criterion in vendor selection) make this review feasible.
Policy compliance review. Are attorneys following the firm's AI use policies? Are required verification steps being followed? Are AI outputs being documented appropriately in matter files? This review may involve a combination of spot-checking matter files and confidential interviews with attorneys and staff.
Vendor security audit components:
SOC 2 report review. Request and review the vendor's most recent SOC 2 Type II report. Focus on: the audit period (confirm it covers the past 12 months); the scope (confirm the firm's specific use case is within the audited systems); exceptions noted (any qualified opinions or control failures); and the auditor's identity (reputable audit firm). For any exceptions noted, follow up with the vendor on remediation status.
DPA currency check. Verify that the current DPA reflects any changes in data processing practices, subprocessor lists, or regulatory requirements since the DPA was last updated. Request the current subprocessor list and compare it to the DPA.
Security certification currency. Verify that security certifications (SOC 2, ISO 27001, if applicable) are current and have not lapsed.
Incident history inquiry. Ask the vendor whether any security incidents occurred during the audit period that affected customer data. GDPR-compliant vendors are required to notify firms of incidents affecting their data, but incident notification obligations are not always fulfilled promptly.
Key Considerations for Law Firms
Risk-tier your audit schedule. Not all AI tools warrant the same audit intensity. A contract review tool that processes confidential transaction documents should be audited more frequently and more thoroughly than a scheduling AI that handles only administrative information. Establishing a risk tier for each AI tool — based on the sensitivity of data it handles and its importance to client work — allows audit resources to be allocated proportionally.
Build audit requirements into vendor contracts. The DPA should include specific audit rights: the right to receive current SOC 2 reports on request; the right to request additional security assessments under certain conditions; and the right to receive notification of any security incidents within a defined timeline. Vendors who resist including these provisions in their contracts should be treated with heightened skepticism.
Document everything. The value of an AI audit is entirely realized in its documentation. An undocumented audit provides no evidence of the firm's reasonable protective measures. Audit findings, vendor responses, and remediation actions should all be recorded in the firm's AI governance record.
Use automation where appropriate. Continuous control monitoring platforms like Drata and Vanta automate some aspects of vendor security audit — continuously checking that vendor certifications are current, that security controls meet defined standards, and generating alerts when compliance gaps are detected. These platforms do not replace full operational audits but can significantly reduce the manual effort required for ongoing monitoring.
Limitations and Risks
Internal audits can create complacency if not genuinely critical. An AI audit conducted by people who have organizational incentives to find that everything is fine is not a genuine control. Effective AI audits require independence — either by involving staff who are not direct users of the audited tools or by engaging external reviewers. The output quality review component in particular should involve attorneys with subject matter expertise who can identify AI errors that a non-specialist might miss.
Vendor audit access is often limited. Most vendor contracts provide firms with the right to receive SOC 2 reports and to ask questions — they do not provide the right to conduct on-site security audits or to review source code. Firms largely depend on vendor self-reporting and third-party auditor opinions for their vendor security assessments. This is a limitation inherent to the current vendor contracting model.
AI performance can be difficult to measure objectively. Defining "adequate performance" for an AI tool is challenging — different attorneys may evaluate the same AI output differently, and the applicable standard of care varies by practice area, jurisdiction, and client expectations. Audit programs should establish explicit performance benchmarks before conducting output quality reviews, rather than relying on subjective impressions.