93 per cent of mid-sized UK law firms now use AI in at least one workflow. Platforms like Luminance, Harvey AI, and Thomson Reuters CoCounsel promise 50 to 90 per cent reductions in contract and due diligence review time. The SRA has made clear that COLPs are directly responsible for regulatory compliance when AI is introduced — and its December 2025 thematic review found that compliance officers at the majority of firms could not describe more than half of their regulatory obligations. What follows is what the mid-market needs to know before signing a contract with any AI document review vendor.
The State of AI Document Review in UK Legal Practice
AI document review is no longer a Magic Circle curiosity. The technology moved into general legal practice in 2024 and accelerated through 2025. 93 per cent of mid-sized UK firms report active AI use, compared with 72 per cent for solo and small practices. The gap is closing, but mid-market firms have led adoption because they face the sharpest version of the core problem: volume that demands automation, but budgets that cannot absorb the headcount Magic Circle firms throw at due diligence.
The tools fall into two categories. The first is AI-assisted contract review — platforms that read, extract, and flag clauses across large document sets. Luminance, iManage RAVN, and Kira Systems sit here. The second is generative AI for legal work — platforms that draft, summarise, and research using large language models. Harvey AI and Thomson Reuters CoCounsel occupy this space, though the boundaries are blurring as every vendor adds generative features.
The numbers vendors cite are real but context-dependent. Luminance reports a 60 per cent reduction in contract review time. Diligen claims up to 60 per cent time savings on due diligence. Kira Systems reports 50 per cent time savings on contract review. These figures come from controlled deployments, and the actual saving depends on document complexity, how well the AI has been trained on the relevant clause types, and whether the firm has someone who can validate the output.
The Four Platforms Mid-Market Firms Will Encounter
Luminance was founded in Cambridge in 2015 and has built a proprietary legal language model instead of relying on third-party LLMs. The platform covers contract review, due diligence, and negotiation. Luminance claims 700 organisations across 70 countries, with particular strength in M&A due diligence. It integrates with Microsoft Word, Outlook, and Salesforce. Pricing is not published — the company requires a sales call, and quotes vary by firm size and use case. Industry estimates put per-user costs between $10 and $100 per month, but verified figures are not publicly available.
Harvey AI launched in 2022 and has raised over $300 million in funding. It uses a custom legal LLM and has partnerships with Allen & Overy (now A&O Shearman), PwC, and Macfarlanes. In 2025, Harvey launched a two-way connection with iManage, allowing lawyers to access Harvey from within the iManage document management system. Pricing is entirely opaque — Harvey operates on enterprise contracts and does not publish tiers. For mid-market firms, the practical barrier is that Harvey's go-to-market has been built around the top end of the market. Getting a quote as a 30-person firm in Birmingham is a different experience to getting one as a Magic Circle partner in London.
iManage RAVN is the AI layer on top of iManage, the document management system that controls an estimated 60 per cent of the large law firm DMS market. iManage acquired RAVN Systems in 2017 and has since built contract analysis, knowledge management, and AI-powered search into the platform. The advantage for firms already on iManage is built-in access — no data migration, no additional authentication layer. The disadvantage is that if you are not on iManage, RAVN is not a standalone option. Pricing sits inside the broader iManage enterprise agreement.
Thomson Reuters CoCounsel is the rebranded version of CaseText, which Thomson Reuters acquired in 2023 for $650 million. CoCounsel uses OpenAI's GPT models to handle legal research, document review, deposition summaries, and contract analysis. Thomson Reuters has integrated CoCounsel across its Westlaw and Practical Law products. Pricing is subscription-based but not published for the AI features — firms need to contact their Thomson Reuters account manager. The advantage is breadth: if your firm already uses Westlaw or Practical Law, CoCounsel is an add-on instead of a new vendor relationship.
What the SRA Expects — and Where Firms Are Falling Short
The SRA regulates on a principles-based model. There is no AI-specific rule. What exists is the SRA Code of Conduct for Firms, which requires effective governance structures, arrangements, systems and controls that ensure compliance with all regulatory arrangements and applicable legislation. AI falls within that requirement.
The SRA has stated explicitly that COLPs are responsible for regulatory compliance when new technology is introduced. That includes AI document review tools. The COLP does not need to understand the underlying machine learning, but they do need to understand what the tool does with client data, where that data is processed and stored, whether outputs are being used without human review, and what happens when the AI gets it wrong.
The December 2025 thematic review of compliance officers visited 25 firms and interviewed 36 individuals. The findings were stark. Only one COLP out of 36 could outline all of their regulatory responsibilities. The majority could not describe more than half of the compliance requirements set out in the SRA Code of Conduct for Firms. If compliance officers do not understand their existing obligations, the chances of them properly governing a new AI tool are low.
The SRA is preparing two new resources: a GenAI FAQ document and a Good Practice Note on AI use and client data. Neither has been published yet, but the SRA held a webinar on AI Policy and Regulation on 4 February 2026, signalling that enforcement attention is building.
The SRA's Risk Outlook report on AI in the legal market identified three primary risks: confidentiality breaches from data leaking into AI training sets, competence failures from over-reliance on AI outputs without proper verification, and supervision gaps where junior lawyers use AI tools without adequate oversight from qualified supervisors.
The Law Society's Position
The Law Society has taken a different approach from the SRA. Where the SRA focuses on regulatory compliance, the Law Society has focused on guidance and representation. In January 2026, the Law Society responded to the government's call for evidence on the proposed AI Growth Lab, welcoming the use of AI but emphasising that members need practical guidance to interpret existing professional rules in light of new technology.
The Law Society's core message is that a solicitor's professional duties apply regardless of whether AI was used to assist with the work. That includes the duty to the court to ensure that information and documents submitted are accurate and from genuine, verifiable sources. If an AI tool hallucinates a case reference — and LLM-based tools do hallucinate — the solicitor who submits it is responsible, not the vendor.
The Law Society has also published guidance on generative AI in legal disclosure, covering how AI tools can be used in the disclosure process while maintaining compliance with CPR Part 31 and the Practice Direction on Electronic Documents. This is directly relevant to any mid-market firm using AI for document review in litigation.
UK Data Handling — Where the Client Data Goes
| Platform | Data Used for Training | UK Data Processing | Client Data Stays in Firm's Control | SOC 2 / ISO 27001 | DPA Available | --- | --- | --- | --- | --- | --- | Luminance | No (proprietary model) | Yes (UK deployment available) | Yes (on-premise option) | ISO 27001 certified | Yes | Harvey AI | Not disclosed publicly | Not confirmed for UK | Enterprise agreement dependent | SOC 2 Type II | Enterprise only | iManage RAVN | No | Yes (UK data centres) | Yes (within iManage tenant) | SOC 2 + ISO 27001 | Yes | CoCounsel | OpenAI — opted out for enterprise | Not UK-specific | Thomson Reuters cloud | SOC 2 Type II | Yes |
The critical question for any UK law firm is whether client data leaves the firm's control and, if it does, whether it crosses a jurisdictional boundary. Luminance offers on-premise deployment, which keeps data entirely within the firm's infrastructure. iManage RAVN operates within the iManage tenant, which for UK-provisioned firms means UK data centres. Harvey's data handling terms are negotiated per enterprise agreement and are not publicly available. CoCounsel runs on Thomson Reuters infrastructure using OpenAI models — enterprise customers are opted out of model training, but data processing geography is not UK-specific by default.
For firms handling legally privileged material, the question is not only GDPR compliance but legal professional privilege. If client data is processed by a third-party AI service, the firm needs to be confident that privilege is not waived. The SRA has not issued specific guidance on this point, but the Law Society's position is that privilege attaches to the communication, not the technology used to process it — provided the technology is under the firm's control or subject to adequate contractual protections.
Five Questions to Ask Before Signing a Contract
1. Where is client data processed and stored — and can you prove it stays in the UK if your clients require that? 2. Is client data used to train or fine-tune the vendor's models, and is the opt-out contractual or only a policy statement? 3. What happens when the AI gets a clause wrong — does the platform provide an audit trail showing what was flagged, what was missed, and what confidence score was assigned? 4. Can your COLP explain how the tool works at a level sufficient to satisfy the SRA's governance requirements — or are you introducing technology that nobody in the firm can oversee? 5. What does the exit look like — if you stop paying, can you export your data, your training configurations, and your review histories in a format another tool can read?
A Practical Adoption Checklist for Mid-Market Firms
1. Audit your current document review workflow — measure how long it takes, what it costs, and where errors occur, so you have a baseline to compare AI performance against. 2. Classify the data you intend to process — separate routine commercial contracts from legally privileged material and apply different AI policies to each. 3. Brief your COLP before you trial any tool — the SRA expects the COLP to be involved from the start, not informed after deployment. 4. Start with a paid pilot on non-privileged documents — every vendor offers a trial or pilot programme, and you should use it on real work, not demo documents. 5. Require a UK-specific data processing agreement — do not accept a global DPA that does not address UK GDPR, the Data Protection Act 2018, or the UK's adequacy arrangements. 6. Build a human review step into every AI-assisted workflow — the SRA and Law Society both expect qualified solicitors to verify AI outputs before they are relied upon. 7. Document your AI governance — write down which tools you use, what data goes into them, who approved them, and how you monitor accuracy, because the SRA will ask. 8. Review the SRA's GenAI FAQ and Good Practice Note when they are published — these documents will set the practical standard that firms are measured against.
