What does it take for Legal AI to Deliver Real Results?

The foundation problem hiding inside your AI Investment

I recently read something in the 2026 Wolters Kluwer Future Ready Lawyer Report that’s been on my mind: 90% of legal professionals now use at least one AI tool in their daily work. Ninety percent. That’s not early adoption anymore — that’s just how legal work gets done.

But here’s the question I keep coming back to: Is the right foundation in place to go beyond the basics and scale as AI does?

Because here’s what I’ve seen over and over. AI is only as good as the data underneath it. If that data is unstructured or ungoverned, AI doesn’t fix the problem — it amplifies it. The teams seeing the most meaningful results from AI aren’t the ones who adopted it earliest. They’re the ones who built a solid foundation first. And that foundation has a name: a system of record.

Most legal departments aren’t thinking in those terms yet. A lot of the platforms in use today were built before AI was even part of the conversation. They don’t have the enrichment tools, the AI workspace capabilities, or the agent functionality that defines what’s coming next. Stacking more AI tools on top of a weak foundation doesn’t strengthen it. It just creates more complexity built on shaky ground.

So let’s walk through what a true system of record actually does — and how to figure out whether yours makes the cut.

The Seven Properties at a Glance

Before we get into each one, here’s the short version. A genuine system of record does seven specific things: it defines the data model, serves as the source of truth, enforces business logic, manages state and lifecycle, provides auditability, governs permissions, and acts as the integration hub.

If that list feels abstract right now, don’t worry — it won’t by the end. Each one maps to something concrete that either is or isn’t working in your department today. Let’s go through them.

1. Defines the Data Model

Think of this as the blueprint for everything else. Before your system can do anything useful, it needs to know what things are — what a matter is, how it relates to a vendor, how an invoice connects back to both. That’s the data model.

When it’s missing or inconsistently applied, you end up with what I’d call useful-looking noise. Data that exists, but can’t be reliably queried or trusted. You might have a field called “matter type” that means three different things depending on who filled it in. You might have critical context buried in a free-text notes field that no system can read.

This is where AI enrichment tools come in. They don’t take actions like agents do — instead, they look at your existing data and extract and record metadata from it, creating new structured information from what’s already there. Because they work from defined, governed rules, the gaps and inconsistencies that would normally creep in over time if humans were creating the data just don’t accumulate in the same way. AI enrichment tools are an effective solution to the “garbage in, garbage out” problem that most legal departments are quietly sitting on.

What good looks like: Every invoice tied to a matter. Every matter with a practice area, a managing attorney, a status. The model is enforced, not just aspirational — meaning someone can’t just skip the fields that feel inconvenient.

Watch out for: Custom fields multiplying without any governance around them. The word “matter” meaning something different in different parts of your system. Important relationships living in notes fields instead of structured data.

2. Serves as the Source of Truth

I’d be willing to bet most people reading this have been in a meeting where legal and finance are looking at different spend numbers and nobody can agree on which one is right. Someone pulls an export. Someone else opens a dashboard. Fifteen minutes later the conversation has shifted from “what should we do about this” to “wait, which figure are we even using.”

That’s a source of truth problem. And it’s not just annoying — it’s a genuine obstacle to making good decisions.

When a system truly serves as the source of truth, that conversation doesn’t happen. There’s one place you go. Everyone knows it. AI tools know it too.

What good looks like: One authoritative place where attorneys and legal ops go to confirm the facts — and where they’d send anyone else who asked.

Watch out for: People maintaining their own offline trackers because the system is too cumbersome to use consistently. Finance and legal regularly arriving at different numbers for the same question — usually a sign that the system isn’t enforcing standardization.

3. Enforces Business Logic

Most legal departments have billing guidelines. Invoices submitted within 90 days. Associate rates capped at a certain level. Matters above a spend threshold requiring General Counsel sign-off. Good rules, all of them — usually put in place to provide clarity for teams and act as Standard operating procedures (SOPs).

The problem is that having rules and enforcing rules are two very different things. If enforcement depends on a reviewer remembering to check, on a good week, when they’re not buried in three other things — those rules are going to have holes in them. And the holes tend to grow over time.

A true system of record takes that burden off the individual. The rules are built in. They apply every time, automatically, regardless of who’s reviewing or how busy they are.

What good looks like: Violations flagged or blocked before they become approved spend. Exceptions documented, not just quietly waved through.

Watch out for: Enforcement that only happens when someone remembers to check. Exceptions granted informally with no paper trail. Compliance that varies depending on who’s doing the reviewing.

4. Manages State and Lifecycle

Every piece of data in your legal department has a lifecycle. An invoice doesn’t just exist — it moves. Submitted, under review, approved, paid. A matter opens, goes active, closes. These transitions matter, and a true system of record makes sure they happen in the right order.

It sounds almost obvious when you say it out loud. But without this, you end up in situations where nobody’s quite sure where something stands. Is that invoice approved or still in review? Is that matter actually closed or did someone just stop updating it? Every status check becomes a manual investigation, and at scale that adds up fast.

What good looks like: Every matter and invoice has a clear, queryable status at any point in time. You can answer questions about what state something was in six months ago without digging through emails.

Watch out for: Status fields that get updated manually — or not at all. No reliable way to see what’s actually in flight right now.

5. Provides Auditability

At some point, someone is going to ask why a decision was made. It might be an auditor. It might be a dispute with outside counsel over a rejected invoice. It might be a CFO asking why a particular matter went 40% over budget.

The system of record needs to be able to answer that question. Not roughly, not based on someone’s memory — but with a clear, timestamped record of what happened, who did it, and when.

This matters even more as AI takes on more of the work. If an AI agent approves an invoice, that action needs to be logged just like a human approval would be. Which rules did it apply? What was the outcome? The “why” can’t disappear just because a human wasn’t the one making the call.

What good looks like: A complete history of every significant action. The ability to reconstruct a decision from months ago without relying on anyone’s recollection.

Watch out for: Change history that only shows the most recent edit, not the full trail. AI actions that aren’t logged separately from human ones.

6. Governs Permissions

Not everyone should be able to see or do everything — and that’s not just a security consideration, it’s an operational one. A paralegal can view invoices but not approve them. A regional counsel has access to matters in their jurisdiction but not others. An AI agent can approve invoices under a certain threshold but needs to escalate anything above it.

If those boundaries aren’t enforced by the system itself, they’re enforced by trust and convention. And trust and convention have a way of breaking down — especially as teams grow, roles shift, and AI tools start taking actions inside your systems.

What good looks like: Role-based access that’s easy to configure, easy to audit, and consistently applied whether someone is accessing the system through the UI, an API, or an AI tool.

Watch out for: Access managed by sharing login credentials. No way to define or limit what an AI tool can actually see or do inside your system.

7. Acts as the Integration Hub

This last one is maybe the most important for where things are heading. The system of record isn’t just a place where data lives — it’s the point through which data flows. It sends payment instructions to AP/ERP. It receives documents from your document management system. And increasingly, it’s the place that exposes governed data to AI workspaces and agents through Model Context Protocol (MCP) servers — an open standard that gives AI systems a secure, governed way to connect to the tools and data they need to take action.

The reason this matters so much is that every connection goes through the system of record, which means every connection inherits its governance. That’s what makes it a foundation, not just another tool in the stack. A system that can’t integrate is an island. And islands don’t compound — they just sit there.

What good looks like: Clean, documented integrations with AP/ERP, document management, and identity management. A clear path to exposing governed data to AI workspaces as that becomes more central to how legal work gets done.

Watch out for: Integrations that are fragile, undocumented, or both. Getting data into your data warehouse requiring a manual export every time. AI tools pulling data from outside your governance boundary.

Why This Matters More Now

Here’s something worth understanding about AI before you connect it to anything: it’s nondeterministic. Ask the same question twice and you’ll get different answers. For drafting and summarizing, that’s actually fine — the variability is part of what makes it useful. But for enforcing billing rules, managing approvals, or maintaining an audit trail, you need consistent outcomes every time. AI can’t guarantee that on its own. A system of record can.

Without that foundation underneath it, you’re not deploying AI on solid ground. You’re deploying it on top of ambiguity — and you’ll get ambiguous results, just faster and at greater scale. There’s Gartner research suggesting that teams with higher digital readiness are nearly twice as likely to see meaningful benefits from their technology investments. Fewer than a quarter of legal departments are there yet. The gap between using AI and using it well almost always comes down to what’s underneath it.

Where Most Legal Departments Actually Stand

Here’s something I find comes as a surprise to people: most legal teams are further from a true system of record than they think they are. It’s easy to look at the tools you have in place and assume the foundation is solid. But there’s an important difference between a system of record and a system of reference — and a lot of what’s currently in use in legal departments falls into the second category.

A system of reference stores information. A system of record governs it. And many of the platforms built before AI became central to how legal work gets done simply weren’t designed to do the latter.

The reason this distinction matters is that the solution is different depending on which one you have. A system of reference needs to be replaced or substantially strengthened — not just connected to more AI tools on top.

How to Score Your Current System

Take the seven properties and honestly assess your current ELM system against each one. The question to ask isn’t “could this theoretically do that” — it’s “does it actually do that, reliably, without manual workarounds?”

6–7 properties met: You’re in good shape. The foundation is solid enough to start building AI-enabled workflows on top of with confidence.

4–5 properties met: You have a partial system of record. The gaps might not be causing obvious problems today, but they’re creating risks that will compound as you add more AI into the mix.

0–3 properties met: You have a system of reference. That’s the honest diagnosis — and it’s also the single biggest obstacle to getting real value from AI. Adding more tools on top won’t fix it.

Assess one system this month

Pick one domain and score it honestly. If outside counsel spend is your biggest area of legal expense, start with your ELM system. Work through the seven properties. Note where your tool genuinely meets them and where it doesn’t.

A score of 6 or 7 means you’re ready to start connecting AI workspaces and agents. A lower score means you’ve just identified exactly what needs to be addressed before that investment pays off.

Brightflag is the AI-native ELM system of record for matters, vendors, and spend. If you’d like to see how it holds up against these seven properties, request a demo.