Running Legal AI: A Practical Guide to Deployment Options
If you’re considering AI tools for legal work, you’ll eventually face the question: where does the data actually go?
This matters because lawyers have confidentiality obligations. Regulators are starting to pay attention. And clients occasionally ask.
Here’s what actually exists in terms of deployment options, compared across the dimensions that matter.
The Deployment Spectrum
| Option | Setup | Cost (monthly) | Performance | Data Control | Use Case |
|---|---|---|---|---|---|
| Claude Pro / ChatGPT Pro | None | €20-50 | Excellent | None | Conceptual work |
| Cloud APIs | Moderate | €50-500 | Excellent | Contractual | Routine matters |
| Isolated Tenant | Moderate-High | €200-1,000+ | Excellent | High | Sensitive matters |
| Hybrid | High | Variable | Variable | Mixed | Large/varied practice |
| On-Premise | High | One-time €3-10k | Good | Maximum | Regulated/criminal |
Matching Deployment to Data Sensitivity
Not all legal work involves the same level of confidentiality. Your deployment choice should match what you’re actually processing.
Public data only:
If your tool works exclusively with publicly available information—case law databases, legislation, published guidance—cloud APIs are perfectly fine.
Example: Our own Feitlijn.nl processes case law from Rechtspraak.nl and EUR-Lex. All public data. We use standard cloud APIs because there’s nothing confidential to protect.
Anonymizable analysis:
Strategy work, legal theory, argument testing. If you can frame the question without client-specific details, use public tools with anonymized prompts.
Standard commercial matters:
Routine contracts, corporate housekeeping, non-sensitive correspondence. Cloud APIs with contractual protections are proportionate here.
Sensitive but not highly regulated:
M&A due diligence, complex transactions, competitive disputes. This is where isolated cloud tenants make sense—like our Thea timeline builder running on dedicated Azure OpenAI infrastructure.
Highly regulated or criminal work:
Government investigations, criminal defense, matters involving state secrets. Consider on-premise deployment.
The Options in Detail
1. Anonymized Prompting (Public Tools)
Description: Use ChatGPT, Claude, or public AI tools but strip all identifying information before input.
Data location: Provider’s cloud infrastructure (US-based typically)
Setup complexity: None. Create account, start using.
Cost: €20-50/month
Performance: Excellent (latest models, full speed)
Use cases:
- Conceptual legal analysis
- Argument structure and testing
- Legal research and strategy
- Drafting from scratch (not editing client docs)
Limitations: Can’t analyze actual documents. Can’t process client files. Only works for abstract reasoning.
When this makes sense: Thinking through problems, testing theories, learning AI capabilities
2. Standard Cloud APIs (OpenAI, Anthropic)
Description: Direct integration with provider APIs. Your application sends data to their servers for processing.
Data location: Provider’s cloud (contractual protections against training on your data)
Setup complexity: Moderate (API integration, application development)
Cost: €50-500/month depending on volume (pay-per-token)
Performance: Excellent (same models as public tools)
Use cases:
- Routine contract review
- Document summarization
- Research memos with public sources
- Tools processing only public data
Example: Feitlijn uses standard cloud APIs because it only processes publicly available case law.
Limitations: Data transits through US-based infrastructure. Some GDPR complexity. Regulators may be skeptical for client-confidential work.
When this makes sense: Public data processing, or standard commercial work where confidentiality matters but risk is proportionate
3. Isolated Cloud Tenants (Azure OpenAI, AWS Bedrock)
Description: Same models (GPT-4, Claude) deployed in your dedicated cloud environment. Data never shared with other customers.
Data location: Your Azure/AWS tenant, EU regions available
Setup complexity: Moderate to high (cloud tenant setup, configuration)
Cost: €200-1,000/month plus infrastructure costs
Performance: Excellent (slight latency increase, negligible in practice)
Use cases:
- M&A due diligence
- High-value transactions
- Litigation document analysis
- Any matter where confidentiality risk is material
Example: Our Thea timeline builder runs on Azure OpenAI in isolated tenants. Client litigation documents stay in controlled infrastructure while getting GPT-4 level analysis.
Limitations: Requires technical setup or vendor support. Not truly “on-premise” if that’s specifically required.
When this makes sense: Firms with genuine compliance requirements needing cloud performance with additional isolation
4. Hybrid Deployment
Description: Sensitive work routes to isolated/local infrastructure. Routine work uses cloud APIs. Decision made per-task based on data sensitivity.
Data location: Mixed (varies by workflow)
Setup complexity: High (requires routing logic, multiple integrations)
Cost: Combined costs of multiple options
Performance: Variable (best for routine work, slower for sensitive)
Use cases:
- Firms with mixed work (some sensitive, some routine)
- Large firms with varied practice areas
- Organizations with sophisticated technical teams
Limitations: Complexity in managing multiple systems. Requires clear internal policies on what goes where.
When this makes sense: You have volume to justify the complexity and clear criteria for routing decisions
5. On-Premise/Local LLMs
Description: Open-source models (Llama, Mistral, Qwen) running on your own hardware. Fully air-gapped if needed.
Data location: Your infrastructure only
Setup complexity: High (hardware, model deployment, maintenance)
Cost: €3,000-10,000 one-time hardware investment, minimal ongoing costs
Performance: Decent but slower than cloud. Quality gap vs. GPT-4/Claude exists but shrinking.
Use cases:
- Criminal defense work
- Government/military clients
- Matters requiring air-gapped systems
- Firms wanting independence from vendors
Limitations: Requires technical expertise. Manual updates. Quality-performance tradeoff. Most firms overestimate how often they need this.
When this makes sense: Specific regulatory requirements mandate on-premise, or handling genuinely sensitive matters where cloud is unacceptable
The Practical Reality
Most firms overestimate their risk. You’re probably fine with isolated cloud tenants (Azure OpenAI) for 95% of your work.
Some firms underestimate their risk. If you’re handling genuinely sensitive matters, ChatGPT Plus isn’t appropriate no matter how convenient.
The question isn’t “what’s theoretically safest” but “what’s proportionate to the actual work I’m doing.”
Start conservative. Learn what you actually need. Expand as you understand the technology better.
We built Mino tools to support multiple deployment models—from isolated cloud tenants to on-premise—because this decision should be yours, not ours. If you’re thinking through these tradeoffs for your practice, join the conversation.