In-house legal leaders say AI is now standard in legal departments but guardrails over outside counsel data use lag behind adoption pace
AI (artificial intelligence) has moved from experiment to core business tool inside corporate legal departments, but senior in-house leaders say the governance challenge has shifted — the real risk is now not internal use but controlling what outside counsel do with company information when using AI tools, according to reporting from Law.com. Johnson & Johnson director of legal operations Chris Potter is cited as flagging that some of his biggest concerns involve AI use by outside counsel rather than internal teams. While J&J encourages firms to use the technology, it expects strict controls around company information — a posture that reflects a broader industry shift toward demanding contractual and policy-level AI governance from law firm panel members. The story mirrors a wider pattern: legal departments across large corporates are increasingly treating AI as standard, but the governance infrastructure — data use policies, vendor agreements, client consent frameworks, and oversight protocols — has not kept pace with the speed of adoption. The gap is sharpest at the boundary between in-house teams and their external advisers, where information flows are substantial and historically lightly governed. For law firms, this creates a direct commercial pressure: clients are beginning to impose specific requirements on how firm AI tools may interact with client data, which in turn requires firms to have robust, auditable AI governance frameworks in place. Separately, Bloomberg Law reports that firms including Kirkland & Ellis — which has committed $500 million to AI — are seeking to capitalise on proprietary internal data as a competitive differentiator in the AI era, building client-facing tools that leverage their own institutional knowledge.
Why this matters
The convergence of two stories — corporate clients demanding AI governance controls from outside counsel, and law firms investing hundreds of millions to build proprietary AI capabilities — marks a structural inflection point for the commercial legal market. Firms that cannot demonstrate robust data handling policies for client information in AI tools risk losing panel positions with large in-house legal departments. Simultaneously, the Kirkland $500 million commitment signals that top-tier firms view proprietary data-driven AI as a long-term competitive moat, not just a cost-reduction exercise. For students, this is the governance and technology intersection that will define how legal services are delivered and procured over the next decade. The regulatory backdrop — including EU AI Act implementation and evolving ICO (Information Commissioner's Office) guidance on AI data processing — adds a compliance layer that requires dedicated legal advisory work.
On the Ground
On an AI governance matter for a law firm or in-house client, a trainee would be marking up data processing agreements between the firm and AI vendors, drafting AI governance policy documents for client review, and preparing regulatory impact assessment memos that assess how proposed AI tool deployments interact with data protection obligations. Vendor due diligence questionnaires focused on data security and model training practices would also be a core task.
Interview prep
Soundbite
Client data governance requirements are now a panel-qualification threshold — not just a preference — for major corporates' law firm relationships.
Question you might get
“If you were advising a Magic Circle firm on drafting its AI usage policy for client matters, what key provisions would you include to satisfy a sophisticated in-house client like Johnson & Johnson?”
Full answer
Corporate legal departments are treating AI as standard, but the governance gap between internal AI use and what they allow outside counsel to do with company data is widening, with Johnson & Johnson among the in-house leaders demanding strict controls from panel firms. For law firms, this is commercially urgent: failing to demonstrate auditable AI data governance is becoming a disqualifier in panel reviews, not just a soft risk. The parallel story is that firms like Kirkland — committing $500 million to AI — are racing to build proprietary data advantages before commodity AI tools flatten the market. These two dynamics are reinforcing: firms need both client-facing governance credibility and a competitive AI product to win and retain mandates. This suggests AI governance practices and legal tech investment will jointly define which firms emerge strongest from the current transition period.
Sources
My notes
saved