Contract review is inherently a risk identification exercise. Attorneys reviewing commercial agreements are looking for provisions that expose their client to unacceptable risk: unlimited liability, broad indemnification obligations, unfavorable IP assignments, problematic governing law choices. The challenge is that risk identification is time-consuming when done manually and inconsistent when different attorneys apply different standards.
AI contract risk scoring addresses both problems. By automating the comparison of contract language against defined risk criteria, AI enables consistent, rapid risk identification across large contract volumes. Every contract is measured against the same playbook, by the same model, without the variability that results from different attorneys applying different risk standards.
Risk scoring also enables portfolio-level risk analytics. Once every contract in a portfolio has been scored, legal operations teams can answer questions that manual review cannot efficiently address: what is the average limitation of liability exposure across the vendor contract portfolio? What percentage of customer agreements contain uncapped indemnification obligations? Which contract categories carry the highest aggregate risk?
These analytics inform strategic decisions — renegotiation priorities, contract template revisions, insurance coverage assessments — that individual contract review cannot support. AI risk scoring transforms contract management from a reactive (review when needed) to a proactive (know the risk landscape) activity.
How It Works
Clause Extraction and Classification
AI risk scoring begins with clause extraction — the same process that underlies all AI contract analysis. The model reads the contract, identifies clause boundaries, and classifies each clause by provision type: limitation of liability, indemnification, IP ownership, governing law, dispute resolution, termination, auto-renewal, confidentiality, warranty, and others.
Tools like Luminance and Kira Systems have trained their models on large volumes of commercial agreements to classify provision types with high accuracy for standard contract structures. The classification layer is the foundation on which risk scoring is built.
Playbook Comparison
For each classified provision, the AI compares the contract language against the reviewing party's playbook — the defined set of acceptable standards for each provision type. The comparison operates at multiple levels:
At the binary level: is this provision present or absent? (A contract missing a limitation of liability clause is higher risk than one that contains one, even if the contained clause is below preferred standards.)
At the threshold level: does this provision meet minimum acceptable criteria? (Is the limitation of liability cap above $1 million? Is the indemnification scope limited to third-party claims?)
At the language level: does the specific language match preferred standards, acceptable alternatives, or unacceptable positions?
Scoring Calculation
Clause-level risk ratings are aggregated into an overall contract risk score using a weighting model. Weights reflect the relative importance of each provision type in the reviewing party's risk framework. A technology company with significant IP exposure may weight IP ownership provisions more heavily; a company with high litigation frequency may weight dispute resolution provisions more heavily.
Evisort enables users to configure provision weights and risk thresholds within its platform, allowing risk scores to reflect the organization's specific risk priorities rather than a generic commercial standard.
Risk Visualization
Risk scores are presented visually — heat maps showing provision-level risk, radar charts showing risk distribution across provision categories, traffic-light indicators (green/yellow/red) for overall contract risk. This visualization enables rapid review prioritization: red-scored contracts get immediate attorney attention; green-scored contracts may be approved with minimal review.
Portfolio Analytics
Across the contract portfolio, risk scores aggregate into analytics: average risk by contract category, distribution of risk scores, trend analysis (are newly executed contracts higher or lower risk than those executed 2 years ago?), and outlier identification (which specific contracts are statistical outliers in their risk category?).
Key Considerations for Law Firms
Playbook quality is the primary determinant of scoring quality. AI contract risk scoring is only as useful as the playbook it applies. A vague playbook — "indemnification should be reasonable" — cannot produce meaningful risk scores. A specific playbook — "indemnification scope is acceptable only if limited to third-party claims arising from the indemnifying party's negligence; cross-indemnification is acceptable; unlimited defense obligations are unacceptable" — produces meaningful, actionable scores. Playbook investment precedes AI value.
Customize by contract type. Risk standards vary by contract type. The acceptable limitation of liability cap in a commodity software subscription is different from the acceptable cap in a manufacturing supply agreement. AI risk scoring systems should be configured with separate playbooks for distinct contract categories, not a single universal standard.
Review scoring models periodically. Provision weights and risk thresholds should be reviewed periodically as the organization's risk tolerance, commercial relationships, and market standards evolve. A risk model built in 2023 may not reflect 2026 data processing risk standards or updated regulatory requirements.
Train attorneys on risk score interpretation. Risk scores are not legal conclusions. A high risk score on a limitation of liability provision means the provision deviates significantly from preferred standards — it does not mean the contract is unacceptable. Attorneys need to understand that scores identify provisions requiring attention, not provisions that must be changed.
Use risk scores for routing, not approval. The primary operational value of risk scoring is enabling differential review — routing high-risk contracts to senior attorneys and allowing low-risk contracts to proceed with faster review. Risk scores should drive routing decisions and review intensity, not substitute for attorney review entirely.
Limitations and Risks
Garbage in, garbage out. This is the most fundamental limitation of AI contract risk scoring. If the playbook is poorly designed, the risk scores will be misleading. If the clause extraction model misclassifies provisions, the scores will reflect the wrong analysis. AI risk scoring amplifies the quality of the underlying inputs — it does not compensate for poor playbook design.
No contextual judgment. AI risk scores reflect deviation from standard; they cannot assess whether a deviation is commercially justified by the specific relationship. A limitation of liability cap that scores high-risk may have been deliberately accepted in exchange for favorable pricing that is not reflected in the contract text. Risk scores are decontextualized — the attorney must supply the commercial context.
Novel risk types are invisible. AI models identify risk types they were trained to recognize. Emerging risk categories — novel AI liability provisions, new regulatory compliance requirements, bespoke commercial structures — may not be in the training data and will not be captured in risk scores. Risk scoring is backwards-looking by nature.
Vendor-specific risk standards. Each organization has unique risk tolerance shaped by its industry, size, regulatory environment, and commercial relationships. Generic risk scoring tools that apply market-average standards may not align with the organization's specific risk framework. Customization capability is essential.
Over-reliance risk. Legal teams that treat AI risk scores as definitive rather than advisory may under-review contracts that score low risk but contain unusual provisions the AI did not flag. Risk scores should trigger differential review intensity, not binary approval/rejection.