Key insights:

• • • Unauthorized practice of law rules have repeatedly come into conflict with new forms of legal self-help 鈥� Each major wave of consumer-facing legal assistance has tested the boundaries of UPL doctrine and forced courts, regulators, and lawmakers to decide where legal information ends and legal advice begins.

    • Technology has expanded access to legal information faster than regulation has adapted 鈥� LegalZoom and other justice tech companies showed that legal tools could be delivered at scale, while UPL doctrine often struggled to accommodate new models of legal assistance designed for consumers with unmet legal needs.

    • The rise of AI makes the old UPL framework increasingly inadequate 鈥� As GenAI tools provide legal research, document assistance, and guided analysis directly to the public, regulators should move beyond the LegalZoom-era battles and consider a framework focused on consumer protection, transparency, and actual harm.

This two-part blog series examining how regulators, the legal profession, and individual litigants are looking at the unauthorized practice of law (UPL) first looks at the history of UPL and then suggests a consumer protection-based method of regulation to replace today鈥檚 supplier-based regulations.

With three-quarters of state court cases including at least one self-represented party, and with 92% of Americans with a legal problem not getting the legal help they need, it鈥檚 not surprising that the unauthorized practice of law (UPL) is a concept that鈥檚 not far from people鈥檚 minds.

It does not have to be this way, of course, and there are solutions to the thornier issues with UPL; but first, it may be helpful to understand how we got to this place and how UPL has evolved.

Legal self-help in a pre-Internet world

In the late-1800s, before UPL was formally articulated, John Wells published “Every Man His Own Lawyer”, a widely circulated guide that explained legal principles and provided practical forms. Its popularity reflected sustained public demand for accessible legal information. Around the same time, the organized bar began to emerge, along with more structured efforts to define and protect the boundaries of legal practice.

By the early-1900s, auto clubs were providing legal help to their members, demonstrating an early form of a prepaid legal services plan that exists to this day, but with typically a wider array of services. As would be the case in later years, an economic downturn soon brought a fight as lawyers used threats of UPL to fight competition. Not long after the Great Depression began, the ABA formed the Committee on Unauthorized Practice of Law, and a wave of litigation ensued to essential end the offering from auto clubs.

Similar dynamics appeared later in the 20th century. In the 1960s, soon before the recession of the 1970s, Norman Dacey鈥檚 “How to Avoid Probate!” offered readers tools to manage estate planning without engaging a lawyer. The response included investigations and attempts to suppress the book. Courts ultimately clarified that providing general legal information, even when presented in a structured and practical format, does not constitute individualized legal advice and falls within the scope of protected speech.

Tech enters the equation

By the 1990s, these ideas had moved into a digital environment. Companies such as Nolo and Parsons Technology translated legal forms and guidance into software and the Texas State Bar sued in federal court. Although the bar initially prevailed, a legislative response introduced a software exception to UPL that remains in effect today, reflecting an early acknowledgment that technology-based tools required a different regulatory lens.

By early 2000s, LegalZoom extended these concepts at scale. By automating document creation across a wide range of legal needs, it brought structured legal tools directly to consumers in a more accessible format. While not the first provider of self-help legal resources, it demonstrated how technology could move online and operationalize these services at a national level 鈥� not surprisingly, this effort would face resistance at a whole new level.

Launched in 2001, LegalZoom argued that it just represented the modern evolution of books like those written by Wells and Dacey. The response from the legal establishment was ferocious. It began with state bar inquiries trying to understand what LegalZoom was offering, and as the Global Financial Crisis began in 2007, class action lawsuits and regulatory challenges followed.

These suits sought significant damages without alleging specific consumer harm, creating substantial pressure on a still-developing sector and signaled resistance to new models of service delivery. The objections were ostensibly about consumer protection, while more reflecting concerns about changes to established structures in the legal profession.

LegalZoom won some of the class actions and settled others on friendly terms, typically agreeing to limit the use of certain words in its advertising, paying some class member claims, offering its attorney-access plans on a complimentary basis, and paying attorneys鈥� fees.

Supreme Court precedents

Two U.S. Supreme Court decisions would prove highly important to the UPL battles. The first came in in which the Court ruled that companies could include class action waivers in arbitration provisions. Soon after, LegalZoom began implementing this type of arbitration provision to coincide with the resolution of several major class actions to make sustaining a class action against it in the future more difficult.

The second Supreme Court ruling to impact UPL came in in which the Court ruled that a state occupational licensing board cannot claim state-action antitrust immunity if a controlling number of its decision-makers are active market participants in the occupation it regulates and the state does not actively supervise the board. This decision put state bars at risk.

The fight that changed the conversation was the LegalZoom lawsuit against the North Carolina State Bar (NCSB) that was modeled after the result in the Dental Board matter. LegalZoom had built a prepaid legal services plan offering attorney access to its customers 鈥� a narrower version of what the auto clubs had offered in the past. These types of plans historically were supported by the ABA and National Association of Attorneys General, but a few states pushed back on LegalZoom offering one. Most notably, North Carolina objected and LegalZoom sued the NCSB for a declaratory judgment that it was not engaged in UPL as well as on antitrust and other grounds, leading to a settlement and cooperative legislation that cleared the way for LegalZoom to continue operations, including launching its legal plan, in that state.

Upon the case’s conclusion, University of Tennessee College of Law professor , LegalZoom fought the North Carolina Bar 鈥� and LegalZoom won. Barton opined that the 鈥淪outh Carolina [where the Supreme Court had found LegalZoom practices lawful] and North Carolina precedents will likely end all state bar action on UPL.鈥� He was largely correct, as future LegalZoom and other industry skirmishes would not amount to much, allowing the industry to thrive.

The future of UPL

Today, the LegalZoom fights look quaint. It was essentially a fight over the online equivalents to form books, when a few years later AI would explode onto the scene and upend everything. We now have everything from foundation models such as ChatGPT, Claude, and Gemini to legal specialists available to the public and generating research memos at the push of a button.

This, perhaps, brings us back to where we started. And now may be the time to ask whether a new system of regulation is needed around UPL, because no other justice tech company should have to run the gauntlet of fights that LegalZoom faced.

In the next part of this blog series, we will look at how the issues raised by UPL in the AI age may require a new regulatory solution, possibly one based on a consumer protection model that would replace today鈥檚 supplier-based regulations

Key insights:

• • • AI is supercharging old fraud schemes聽鈥� By making synthetic identities, deepfake scams, and customer fraud faster, more credible, and harder to detect, AI is amplifying fraud and crime.

    • The real vulnerability may be internal silos聽鈥� Institutions need to be on the lookout, because what looks like a credit loss, an HR issue, or a payment request may actually be part of a wider multi-vector AI-enabled attack.

    • Institutions already have the tools to respond聽鈥� Through KYC and internal and behavioral data, financial institutions have the ability to respond to fraud threats 鈥� but only if teams connect and act together.

Fraud and crime existed long before AI, of course, but today鈥檚 technology delivers an acceleration in speed, scale, and success rate for fraudsters, resulting in billions of dollars in losses for victims. AI-enabled frauds on financial institutions by 2027 in the United States alone, and of detected fraud attempts on financial institutions use AI 鈥� and of these, 29% are successful.

To respond effectively to these threats, institutions need to implement a unified response that brings together departments that may not traditionally be partners. This cross-functional coordination should include not only the institution鈥檚 fraud and financial crime risk teams but also its credit risk, cybersecurity, and human resources functions.

And this response is critical, because today, financial institutions are being targeted by multiple types of AI-enabled attacks, including tactics such as:

• • • use of synthetic identities to circumvent know your customer/customer due diligence (KYC/CDD) controls and perpetrate fraud or launder money;
    • use of deepfake identities to gain employment, particularly by North Korean IT workers;
    • AI-enhanced 鈥淐EO frauds鈥� to deceive staff into taking unauthorized actions; and
    • Bank customers may be targeted by fraud too, presenting further risk to financial institutions.

Let鈥檚 look at these threat vectors individually:

Vector 1: Synthetic identities and KYC/CDD

Synthetic identities can be entirely fabricated or may use combinations of real and fabricated personal information to create a new identity. For example, a fraudster may construct a synthetic identity using a Social Security number exposed during a data breach combined with an AI-generated passport.

This threat is real and happening now: identifies that criminals have already used AI to successfully open accounts using falsified documents, photographs, and videos. And according to , synthetic identities were used to open as many as 3% of US bank accounts, representing millions of identities. Not surprisingly, these illicit accounts are used to commit fraud and launder the proceeds of money laundering.

Vector 2: North Korean IT workers

North Korean individuals have successfully gained employment as remote IT workers at American companies, often passing themselves off as US nationals using AI-generated face-swapping technology combined with proxy computers and false identity documents. North Korean IT workers are almost $800 million annually for the regime.

Institutions deceived into employing these workers are not only against North Korea, but they are also exposing commercially sensitive data and systems to an adversary state, increasing the possibility of theft, cyber-attacks, and extortion.

Vector 3: CEO Fraud

A 鈥淐EO fraud鈥� is a cybercrime in which an attacker impersonates an executive to deceive an employee into taking actions such as sending unauthorized wire transfers or disclosing sensitive information. AI accelerates these frauds by making them more personalized and credible.

In one of the more well-known examples, in an AI-enhanced CEO fraud in 2024 after the fraudster impersonated Arup Engineering鈥檚 CFO and requested a staff member to make several financial transfers. The criminals added credibility to the fraud by using a in which the target recognized many of their colleagues 鈥� unfortunately, all of them were deepfakes.

Vector 4: Frauds targeting customers

Where customers are targets, AI provides the scale, speed, and personalization to allow illicit actors to deliver individualized fraud. For example, whereas romance scams previously used repetitive scripts and re-used the same images of the romantic 鈥減artner,鈥� fraudsters can now use AI-generated messages, images, or videos, continuously adapting the execution of the scam to the target鈥檚 responses and behaviors.

Creating a cross-functional and unified response

The examples above demonstrate the diverse and highly sophisticated uses of AI by illicit actors, both adversary states and criminal networks. Detecting and responding to these illicit activities requires joint action between teams that may not traditionally work closely together.

For example, if an account holder fails to repay a loan, the credit team may consider it to be a default by a legitimate customer and write it off as a credit loss. However, if the account was opened using a synthetic identity, investigation may reveal other accounts that share similar customer data points or transactional patterns. This could reveal a network of accounts that are perpetrating a fraud or money-laundering scheme. To detect and respond effectively, joint action is needed between KYC/CDD on-boarding teams, financial crime investigators, and fraud and credit risk professionals.

Alternatively, for HR teams to effectively identify use of face-swapping videos during a hiring process, knowledge from the organization鈥檚 cybersecurity team, especially of deepfake indicators, would be valuable. If a North Korea IT worker is hired and only later identified, cybersecurity and sanctions teams must be involved in the response to mitigate data, network, and compliance exposures.

Detecting and responding to all illicit activities requires joint action between teams that may not traditionally work closely together.

Finally, all staff may be targeted by deepfake fraud, but those in senior positions or departments with financial authority are the most vulnerable. This means it is essential for institutions to deliver employee training using real-life case studies, 鈥渘ear misses,鈥� and scenarios drawn from across the institution and industry. This type of training will increase vigilance and minimize the likelihood of a successful attack.

For customers, financial institutions are well-positioned to identify indicators of fraud due to their extensive datasets of KYC/CDD records, transactional, and behavioral information. Institutions should enhance their customer relationships (as well as meet applicable regulatory requirements) by taking proactive measures to inform and protect their customers.

While AI has accelerated fraud and crime, financial institutions also hold valuable and relevant assets: the knowledge distributed across their cybersecurity, HR, credit risk, financial crime compliance, fraud, and KYC/CDD teams. By connecting these teams together, even in contexts in which these departments have not traditionally been partners, institutions will be well-positioned to protect both themselves and their customers from illicit actors鈥� sophisticated AI-enabled threats.

You can learn more about the fraud-fighting challenges faced by financial institutions and other organizations here

Key highlights:

• • • The theory-practice gap is now an AI-era crisis鈥� Integrating legal training with hands-on pro bono experience is the future of legal education.

    • A collaborative model merges learning and doing into a single platform鈥� The model connects law students with vetted pro bono opportunities from legal services organizations, while also offering targeted, skills-based training at the moment students step into those matters.

    • Pro bono work is uniquely suited for responsible AI training鈥� On-demand programs led by expert faculty are available to help students sharpen pro bono skills, understand the use of AI in today鈥檚 legal practice, and stay on top of developments in numerous industry and practice areas.

Legal education has operated on a familiar, decades-long divide that saw students spend their first years learning the law in the classroom and then after graduation, gaining substantive experience practicing the law in the real world. This gap has always been costly for both students and legal employers, and now it鈥檚 emerging as untenable in an era in which AI is rapidly reshaping what junior lawyers do.

Pro bono and skills training close this gap

A new partnership between , a pro bono management platform, and the (PLI), a nonprofit provider of learning resources for legal professionals, is designed to close this gap while showing something larger about where legal education must go.

The partnership is designed to equip students with on-demand, actionable training that supports effective pro bono engagement by offering access to PLI’s training programs directly through Paladin’s platform. Since launching with 30 law schools in August 2025, students have signed up for thousands of pro bono cases through the platform, according to , Co-founder and CEO of Paladin.

For years, experiential learning in law schools was something students had to piece together on their own by hunting across spreadsheets, clinic listings, and externship postings for opportunities, says Sonday, adding that too often students were given little guidance on what they were walking into.

The partnership is designed to equip students with on-demand, actionable training that supports effective pro bono engagement

“What’s fundamentally different is the integration and centralization of learning and doing,” Sonday explains. “Historically, legal education has separated theory, training, and practice.” Now, she notes, a student can learn a concept, build confidence through targeted training, and apply it in a real-world setting within a short amount of time.

, Chief Strategy Officer at PLI, describes the experience from the student’s perspective: 鈥淲hen a first-year logs into the Paladin platform, they are not thrown into the deep end. Instead, they can access skills-based programs, such as a PLI program specifically on how to interview a pro bono client before they ever sit across from someone in need. This leads to a better experience for the student, the law school, and especially for the client.”

Pro bono work suited to responsible AI training

The urgency behind this partnership is inseparable from the impact AI is having on the entry-level legal market.

“We’re already seeing AI reduce the time spent on tasks like initial legal research, document review, drafting memos, and summarizing case law,鈥� Sonday says. 鈥淭his is work that has traditionally formed the foundation of junior associate training.鈥� The skills AI cannot replicate 鈥� such as judgment, issue spotting in ambiguous situations, client communication, and ethical decision-making 鈥� are what students need to develop deliberately earlier in their legal careers.

Indeed, those human skills are essential to the effective use of AI, Talmage says. The lawyer of the future will be a strategic advisor and creative problem solver, which are the very attorney roles that AI cannot fill, she explains, adding that those must be cultivated through experience. “You always need to be questioning and verifying and authenticating 鈥� and that’s generally a lawyer鈥檚 role.鈥�

For years, experiential learning in law schools was something students had to piece together on their own by hunting across spreadsheets, clinic listings, and externship postings for opportunities.

There is a particular logic as to why pro bono work is the right fit for learning to use AI responsibly. Pro bono is “a built-in, humans-in-the-loop model” in which students are always supervised by attorneys, Sonday says. And this supervision creates a structured environment in which to learn how to use AI tools, apply them to real matters, get feedback, and iterate. The result, Sonday argues, will be more attorneys who are AI-fluent early on and throughout their careers.

A message to law school leaders

For law school leaders, both Sonday and Talmage highlight that AI use has already changed the legal profession. The choice then for law schools is whether they evolve by design or by default.

Students know the legal profession has changed and so do employers, CLE providers, and clients, Talmage explains.

Sonday agrees. “The pace of change in the legal profession is accelerating, and students need to be prepared not just for the law today, but also for the practice of law in the future,鈥� she says. 鈥淚ntegrating pro bono platforms and AI-specific training aligns legal education with reality.”

The Paladin/PLI partnership offers a blueprint for what legal education must become in the future, transforming itself into a space that鈥檚 grounded in applied legal knowledge, human-supervised, and AI-informed. Indeed, the best way to train the next generation of lawyers is to give them real clients, real cases, and real responsibility while they still have room to grow.

You can find more about the challenges facing law schools and legal education here

Key takeaways:

• • • Mandatory compliance mandates are growing 鈥� Pillar 2, DAC6, and other real-time reporting mandates are increasing obligations in dozens of jurisdictions today, and those tax departments without the infrastructure to meet these obligations are already behind.

    • Real-time documentation is critical 鈥� The window between a transaction occurring and a tax authority scrutinizing it is shrinking to near zero in some markets, meaning that documentation must exist at the moment it is generated, not reconstructed afterward.

    • Data quality is compliance quality 鈥� Real-time compliance brings with it heightened pressure to avoid incomplete or inconsistent inputs, because increasingly sophisticated analytics used by tax authorities will find them.

In 2023, a major European manufacturer was hit with a seven-figure penalty not because its tax return was wrong, but because it couldn’t demonstrate how it arrived at the right answer. No documented governance framework, no clear ownership, and no audit trail. The numbers were defensible, but the process wasn’t.

That gap 鈥� between getting the right answer and being able to prove it 鈥� is where corporate tax risk now lives.

Governments and tax authorities worldwide are to self-report accurately. They are building legal frameworks, digital infrastructure, and enforcement mechanisms to verify compliance in real time. And for tax departments accustomed to managing compliance on their own terms, the window for a comfortable transition is closing fast.

A global tightening

Tax governance requirements are intensifying on multiple fronts. In the United States, for example, the IRS’s Large Business & International division has significantly expanded its compliance campaigns, targeting transfer pricing, research & development (R&D) credits, and multinational structures. Section 174 of the 2017 Tax Cuts and Jobs Act now requires companies to amortize R&D expenditures over five or 15 years depending on where research occurs 鈥� a change that many tax departments are still working through while absorbing new obligations on top of it.

Internationally, the pace is faster still. The framework that the Organisation for Economic Co-operation and Development (OECD) created for its base erosion and profit shifting (BEPS) rules has been adopted by more than 135 countries. Pillar 2 鈥� the global 15% minimum corporate tax rate 鈥� is already in effect in dozens of jurisdictions and is actively reshaping how multinationals structure their tax affairs. These are not coming changes 鈥� they are current ones.

Mandatory disclosure regimes have expanded in parallel. The European Union’s DAC6 directive requires intermediaries and taxpayers to report potentially aggressive cross-border arrangements, with penalties in some member states reaching hundreds of thousands of euros. The United Kingdom’s Senior Accounting Officer regime goes even further, placing personal legal accountability on named senior executives for the adequacy of their company’s tax accounting arrangements. Similar regimes are expanding in Australia, Canada, and Brazil.

These are not isolated experiments. They represent that is not going to reverse any time soon.

The real-time reporting challenge

That means, corporate tax departments must respond to this shift because the traditional audit model 鈥� authorities review historical returns and request documentation years later 鈥� is being replaced in a growing number of markets. Spain, Hungary, and South Korea already require taxpayers to submit transactional data directly to tax authorities through mandatory electronic systems. The EU’s Value added tax (VAT) in the Digital Age initiative will extend similar requirements across all 27 member states beginning in 2028.

For tax departments, this reporting compression is the central operational challenge of the next five years. A team that once had 12 to 18 months to reconstruct documentation for an audit now needs that documentation to be accurate and defensible at the moment it is generated. That requires a fundamentally different operating model 鈥� not just better record-keeping, but automated data capture and real-time reconciliation built into core financial systems 鈥� along with the ability to transfer that documentation electronically in real time.

3 actions tax departments must take now

To begin to address this dramatic change, corporate tax departments need to act now, taking steps that include:

1. Building a formal governance framework

Tax departments need written governance frameworks that clearly define what party owns each compliance decision, how decisions are reviewed and approved, and what controls exist to catch errors before filing. This means named ownership of obligations, documented sign-off processes, and regular internal reviews against a compliance calendar.

In the UK, this is already a legal requirement ; and similar standards are emerging in Germany, Australia, and across the EU. A framework should cover at minimum; the ownership of each material filing obligation; the review and approval chain for positions taken; escalation procedures for uncertain tax positions; and a schedule for internal control testing. Without these processes in place, tax departments could face regulatory penalties, personal liability for senior leaders, and reputational damage that may be difficult to recover from.

2. Fixing the data access problem

Tax departments consistently lack reliable, timely access to the financial data they need. This is primarily an organizational problem, not a technology one. Tax functions often sit downstream from finance systems designed without tax requirements in mind 鈥� meaning data often arrives aggregated, reclassified, or stripped of the granularity needed for compliance work.

Solving this requires tax leaders such as finance, IT, and business operations 鈥� not just to request data, but to influence how that data is captured at its source. That means participating in enterprise resource planning implementations, establishing data requirements for new business lines before they launch, and building direct feeds from source systems rather than relying on manual extracts.

3. Treating data hygiene as a compliance control

Tax authorities in the UK, the Netherlands, Germany, and the US are deploying advanced analytics to identify anomalies in corporate filings. Unexplained variances between statutory accounts and tax returns, inconsistencies in intercompany pricing, or mismatches between VAT and corporate income tax data could all trigger closer scrutiny.

Data hygiene must be treated as a compliance control, not an IT issue. In practice that means establishing reconciliation checkpoints between source data and tax inputs, maintaining documented data lineage so any figure in a return can be traced to its source, and conducting data quality reviews before filing deadlines 鈥� not after.

The bottom line

The regulatory trajectory is set, so that means the question for tax leaders whether their department will be ready when tested. Governance, data access, and data quality are no longer back-office concerns 鈥� they are the foundation upon which defensible compliance is now built.

Tax department leaders need to build that foundation now, before the examiner asks.

You can find out more about

Key highlights:

• • • AI governance is hard to prove in practice 鈥� While our research shows that 44% of companies publish an AI strategy, 76% of those same companies show no evidence of having policies to evaluate the quality of data used to train AI systems.

    • Workers are being left under-prepared and under-protected 鈥� Only 14% of companies have policies to mitigate the negative impacts of AI on workers, and only 31% offer any reskilling or training programs around adapting to an AI-integrated workplace.

    • Human rights and ethics appear an afterthought in AI governance 鈥� Almost three-quarters (72%) of companies conduct no AI impact assessments, and less than 1 in 10 companies conduct ethical or human rights assessments.

There is a widening chasm at the heart of corporate AI governance, according to a new report, , published by the 成人VR视频 Foundation and the United Nations Educational, Scientific and Cultural Organization (UNESCO).

The Foundation鈥檚 analyzed publicly available information from nearly 3,000 companies across 11 industry sectors, creating the most comprehensive picture yet of how organizations are managing AI.

Beneath the surface of corporate AI governance mechanisms, divergence between the speed of AI adoption and meaningful human oversight is growing. The report’s findings make clear that this is no longer a gap that organizations can afford to ignore, especially when backlash against is growing and are solidifying among consumers in the United States.

Data highlights the illusion of AI governance

Businesses of different sizes and across multiple sectors are adopting AI technology at a rapid pace. When governance exists only in the wording of a strategy or company vision, however, the people most affected by AI systems 鈥� workers, consumers, and communities 鈥� are left vulnerable. According to the report:

• • • 44% of companies publicly communicate having an AI strategy. However, a gap in AI governance is evident as more than three-quarters of those companies (76%) do not seem to have policies to evaluate the quality of data used to train AI systems.
    • 40% of companies report board- or committee-level oversight of AI. At the same time, strategic signals do not necessarily indicate operational capacity or day-to-day governance. In fact, less than one-third of all sampled companies claim to have an additional team or resource dedicated to AI governance. Moreover, limited information is publicly disclosed on the teams, processes, and accountability mechanisms that translate intent into action.

Workers are being left behind

Research by the International Monetary Fund finds almost , highlighting the acute nature of concerns about job displacement and declining opportunities for some groups. Without sufficient oversight, AI can threaten workers’ rights, amplify bias, and increase surveillance and work intensity, which can enable inhumane decision-making at scale.

The TR Foundation/UNESCO report notes that many companies are adopting AI without the safeguards needed to support workers and help them to adapt to the changes this technology brings. Less than one-third of companies were shown to offer training and reskilling programs for employees who may be adapting to an AI-integrated workplace. Even within the 31% of organizations in which these training programs exist, there is a vast variation in the scope and depth of the training offered.

In fact, many company training programs are not enterprise-wide or structured. Instead, they are ad-hoc or limited to leadership roles. This lack of investment in talent risks undermining the significant investment that companies are making in AI.

Despite growing pressure from regulators, policymakers and social justice campaigners, the ethical impact of AI appears poorly governed, with companies sharing limited information publicly.

The picture on worker protections is equally concerning. Only 14% of companies have public policies in place to mitigate the negative impacts of AI systems on workers, the report shows. This means the majority of companies either have no policies in place or do not publicly communicate them.

What is more troubling is that when workers experience harm, there is almost nowhere for them to turn. Only 2% of companies indicated they had a complaints mechanism 鈥� a critical early warning system for potential concerns. The findings suggest many organizations lack a mechanism for AI-related internal complaints beyond the broad generic complaint channel, and this is compounded by low awareness of the areas in which AI systems may infringe employees’ rights and protections.

Ethics and human dignity as an afterthought

Despite growing pressure from regulators, policymakers and social justice campaigners, the ethical impact of AI appears poorly governed, with companies sharing limited information publicly.

Human rights and ethical use of AI are treated as secondary considerations to compliance, according to our research. The majority of companies (72%) do not conduct any impact assessment with regard to AI. Only 7% publicly communicate conducting a fundamental or human rights impact assessment, and just 5% report conducting an ethical impact assessment.

Among those companies conducting some form of impact assessment, the focus skews sharply toward compliance rather than people. The most prevalent assessments are privacy or compliance-focused, with 18% of those companies that conduct some form of impact assessment reporting that they conducted a data protection impact assessment, and 14% reporting they conducted a privacy impact assessment.

How to center people in AI governance

Closing this governance gap is essential for companies in order to adopt AI responsibly and avoid costly legal, ethical operational, talent-related risks.

To support companies in navigating this challenge, offers a free survey to help companies map the areas in which AI is used across products, operations and services, and then benchmark those against peers their sector.

The report also contains case studies from companies that voluntarily shared their responsible practices with us. For example, German software company SAP intentionally designs and deploys its internal AI systems with a human-in-the-loop in which AI automates repetitive tasks and supports decision-making while final judgment and complex problem-solving remain firmly in the hands of employees.

As AI becomes part of core business infrastructure, companies must move beyond statements of intent and toward measurable AI governance.

In another example, BASF, a German chemical conglomerate, has jointly agreed with its workers’ councils on a general reskilling program that covers technical, hard, and soft skills. Finally, Canadian telecom company TELUS’ Indigenous Advisory Council provides guidance on AI ethics issues that directly affect indigenous communities.

Next steps for companies

The TR Foundation/UNESCO report highlights the most impactful concrete commitments that companies can take now to future proof against AI-related risk, including:

• • • investing in structured, enterprise-wide worker-reskilling programs that measure outcomes, not just participation;
    • establishing enforceable human rights impact assessments as a standard part of AI deployment, not as an optional addition; and
    • creating accessible, AI-specific internal grievance mechanisms so that workers and users have a genuine pathway to raise concerns and seek remedy.

As AI becomes part of core business infrastructure, companies must move beyond statements of intent and toward measurable AI governance. While this data demonstrates clear governance gaps, it also presents an opportunity for companies to take the lead on implementing responsible AI that operates openly in the public interest.

You can learn more about

Key insights:

• • • Define your risk appetite 鈥� A clearly defined fraud risk appetite aligns prevention efforts with strategic objectives and ensures accountability by establishing acceptable levels of fraud risk across the organization.

    • Create a fraud-specialized team 鈥� Dedicated ownership of the vendors that supply fraud solutions by a fraud-specialized team 鈥� rather than by the procurement function 鈥� is critical to maximizing technology performance and adapting to emerging threats.

    • Establish a specialized prevention division 鈥� The rise of sophisticated scams demands the creation of a separate, specialized prevention division to avoid overburdening core fraud teams and ensure targeted, effective responses.

Corporate fraud represents one of the most significant risks facing organizations today. Yet many companies lack the structured governance and technology infrastructure needed to combat fraud effectively.

The solution requires that comprehensive fraud prevention frameworks be built on clear governance, proper technology deployment, and data-driven insights, according to Aaron Frye, Founder & CEO of Lucid Point Consulting. Organizations that implement these five pillars create resilient fraud prevention functions capable of identifying and preventing fraud before it impacts results. These five pillars include:

1. Develop a fraud risk appetite

Effective fraud prevention begins with a well-defined fraud risk appetite that tells the right story to the right stakeholders. Your framework must communicate to your board, executive leadership, and operational teams the level of fraud losses your organization should tolerate, and in which areas you should prioritize fraud prevention investments.

The fraud risk appetite framework must address several key considerations; for example, it should define the level of fraud risk that aligns with the organization’s growth objectives, identify the areas of greatest vulnerability, and evaluate which investments will yield the strongest return. Equally important is the ongoing monitoring and communication of progress through regular reporting on fraud risk metrics, vendor assessments, and investigation outcomes. These actions demonstrate to stakeholders that fraud prevention remains an active priority for the organization and ensures that fraud risk continues to inform organizational decision-making.

2. Establish clear ownership of risk-solution vendors

Many organizations invest significantly in fraud detection tools only to see disappointing returns. The problem often lies not in the tools themselves, but in unclear ownership and accountability for their performance.

Organizations that implement these five pillars create resilient fraud prevention functions capable of identifying and preventing fraud before it impacts results.

If your organization lacks a designated person or team within your fraud strategy function whose job it is to ensure the risk-solution tools you鈥檙e getting from vendors are the best for your enterprise, you likely aren’t getting the most out of your vendors. This dedicated fraud service ownership role must act as your internal champion, evaluating vendor performance, staying current with product enhancements, and ensuring integration with other fraud prevention initiatives.

Critically, procurement, sourcing, and vendor management functions should never own this role. These teams, by the nature of their titles and responsibilities, don’t prioritize fraud. They lack the specialized knowledge required to assess whether your fraud detection technology is performing optimally or adapting to emerging threat landscapes. Without dedicated fraud expertise overseeing your technological investments, advanced tools sit underutilized and critical fraud signals go undetected.

3. Develop a fraud governance function

Every organization should have a dedicated fraud risk governance team within its fraud risk management organization. This governance function serves as your second line of defense, working proactively to reduce operational chaos within your fraud strategy, operations, and investigation groups.

If a non-fraud governance function owns fraud governance, you are guaranteed not to be getting the best form of governance. Fraud is a specialized discipline requiring dedicated expertise and focus; and your governance team must develop policies, establish standards, monitor control effectiveness, and ensure consistent application of fraud prevention practices across the enterprise.

4. Document existing risks and resource gaps

One of the most important responsibilities of your fraud governance function is identifying and documenting the areas related to fraud risk that your current fraud risk teams don’t have time to review. Due to capacity constraints, it is impossible for many fraud risk teams to cover all open gaps. Your organization must understand those open gaps and not be ashamed to address them.

Create an action plan that documents open risk and self-identified issues that your current team cannot adequately address. This transparency demonstrates clear-eyed realism about your organization鈥檚 limitations and creates the business case for requesting additional resources or engaging external consultants to help close these risk gaps.

5. Address the growing scam-prevention challenge

needs its own prevention strategy division within your fraud risk function. Compromised business email, investment scams, and vendor fraud schemes represent an entirely new category of fraud risk that demands specialized attention.

Every organization should have a dedicated fraud risk governance team that serves as its second line of defense, working proactively to reduce operational chaos within corporate strategy, operations, and investigation groups.

There has never been a full manageable grip on fraud prior to the spike in scams. Therefore, you cannot expect your existing fraud risk teams to tackle a new wave of scams as a priority as well as to manage traditional fraud prevention responsibilities. Your core fraud function manages internal control systems, transaction monitoring, and investigation protocols. Adding comprehensive scam prevention to this workload without dedicated resources guarantees that identifying and preventing scams will receive insufficient attention.

Establish a dedicated scam-prevention division focused specifically on emerging scam threats, employee education, scam-specific prevention technology, and response protocols. This specialized approach ensures sophisticated scam schemes receive the expertise and resources necessary while your core fraud function continues addressing traditional fraud prevention requirements.

Going forward into the fight against fraud

In an era of escalating fraud threats, reactive detection is no longer sufficient. Organizations must adopt a proactive stance grounded in strong governance, clear accountability, and strategic resource allocation.

By defining a fraud risk appetite, assigning ownership of fraud prevention tools, strengthening governance, documenting unaddressed risks, and establishing a dedicated scam prevention function, companies can build resilient, forward-looking fraud prevention frameworks. These five pillars enable organizations to anticipate threats, allocate resources effectively, and protect both financial performance and reputational integrity.

Today, the path to fraud resilience begins not with technology alone, but with deliberate, enterprise-wide commitment to proactive risk management.

You can find out more about ways to

Key insights:

• • • Cloud modernization created accumulation, not transformation聽鈥� Many enterprises scaled infrastructure faster than they integrated systems, leaving fragmented data, duplicated processes, rising costs, and weak links between IT investment and business value.

    • AI and regulation now expose weak data architecture聽鈥� Agentic AI, real-time decision making, and regulatory reporting depend on consistent, traceable, well-governed data 鈥� not fragmented systems or after-the-fact governance.

    • Enterprise architecture must be rebuilt around outcomes and economics聽鈥� Instead of treating the cloud as the strategy, organizations should define business outcomes first, structure data as a reusable asset, and measure architecture by revenue, cost efficiency, regulatory accuracy, and decision speed.

In this two-part blog series about the current state of cloud architecture, we look into where this architecture has failed and, in the next part of the series, what the possible remedies might be.

For the better part of the last 15 years, IT enterprise architecture definition and management didn鈥檛 disappear, it was deprioritized and replaced by as-a-Service solutions. The rapid rise of cloud platforms such as Amazon Web Services, Microsoft Azure, Snowflake, and Google Cloud made it possible to stand up infrastructure, deploy applications, create advanced databases, and scale environments without the same level of architectural rigor that was once required. Speed replaced structure, and access replaced integration.

Today鈥檚 cloud realities

The problem is that what was built during this last technological explosion was not architecture 鈥� it was accumulation. Systems expanded, data proliferated, budgets exploded, and organizations convinced themselves that connectivity was the same as coherence, and that data replication was the same as the system-of-record.

These assumptions have now been exposed as false positives. Over the last three years, AI, real-time decision making, and regulatory transparency have fundamentally changed the requirements. These are not technologies that sit on top of fragmented environments, they are data-driven capabilities and outcomes that depend on precision, integration, and sequence. The arrival of agentic AI and its stringent objective-based principles cannot tolerate data ambiguity and fragmented architectural designs.

The problem is that what was built during this last technological explosion was not architecture 鈥� it was accumulation.

AI does not fail at rates exceeding 80% because models are weak, it fails because the underlying data is inconsistent, inaccessible, or economically misaligned. Regulatory frameworks do not struggle because rules are unclear, they struggle because data cannot be traced, reconciled, or produced in real time. What the cloud enabled 鈥� rapid deployment without disciplined integration 鈥� is exactly what now constrains performance. The issue is no longer whether systems can scale, but whether they can produce measurable, consistent, and adaptable outcomes.

This is where enterprise architecture returns, but just not in its previous form. The discipline cannot simply revert to academic frameworks and abstractions that were designed for a different software era. It must be rebuilt around a different sequence that sees business outcomes first, data second, and then systems engineered within those constraints. Today, enterprise architecture must be defined and managed by economic KPIs, value added, and its adaptability to rapidly changing business realities.

Where the model broke

The failures experienced today in cloud architecture are not singularly technological. Cloud platforms deliver exactly what they promise 鈥� scalable, resilient, highly available infrastructure. Rather, the failure is architectural, and more precisely, involves the economics of compartmentalized capabilities.

Enterprise value is not created at the infrastructure layer. It is created where data informs decisions, and decisions drive outcomes. By over-rotating toward infrastructure, organizations optimized the least differentiating component of the enterprise stack, while leaving the highest-value layers largely untouched.

The result is a structural imbalance in which data remains fragmented across domains, business logic continues to operate in silos, governance is applied inconsistently and often retroactively, and measurement frameworks fail to tie technology activity to financial performance.

In this model, the cloud amplifies existing conditions. If fragmentation exists, it scales fragmentation. If inefficiency exists, it scales inefficiency. Modern infrastructure, applied to legacy architecture, produces modernized dysfunction.

What makes the cloud鈥檚 illusion particularly persistent is that its failure is rarely framed in economic terms. Cloud investments are justified through technical metrics such as uptime, latency, migration progress, and consumption efficiency. And while these are necessary, they are not sufficient. They do not answer the only question that ultimately matters: 鈥�Did the investment improve the economics of the business?鈥�

Enterprise value is not created at the infrastructure layer 鈥� it’s created where data informs decisions, and decisions drive outcomes.

In many cases, the answer is no 鈥� at least, not in a way that can be clearly articulated. Instead, organizations experience cost expansion without proportional productivity gains, increased data duplication that drive storage and processing inefficiencies, extended timelines for analytics and reporting despite real-time capabilities, and persistent manual intervention in regulatory and operational workflows.

The absence of a direct line between architecture and outcome creates a vacuum often filled with disconnected KPIs, measurement solutions, and most recently, AI-automation. And with this interoperable vacuum, activity and speed have been mistaken for progress.

Figure 1: Cloud accumulation meets enterprise architecture shifts

The data reality beneath the surface

The cloud did not fail to deliver transformation; rather it exposed why transformation had not occurred 鈥� and at the center of this exposure is data.

Most enterprises operate with data architectures that were never designed for interoperability, reuse, or regulatory-grade consistency. Definitions vary by function, pipelines are purpose-built and duplicative, and governance is layered on after the fact. Automation was designed using business rules, then software architectures, then what the data needed. Therein resides the structural disconnect for enterprise architecture in AI solutions: They are out of order.

When these legacy conditions are moved to the cloud, they do not improve, they accelerate. The organization gains speed without alignment, scale without standardization, and access without coherence. For regulated industries, this creates a compounding risk of inconsistent outputs across reporting channels, increased reconciliation overhead, reduced confidence in data lineage and auditability, and slower response to regulatory changes.

What appears to be a technology issue is, in fact, a failure of data design.

Reframing the problem

To move forward, the premise must change. The cloud is not the strategy; rather it鈥檚 the environment. Transformation does not occur when systems are moved, it occurs when the relationship between data, decisions, and outcomes is fundamentally redesigned.

This requires an organization-wide shift from infrastructure-led thinking to what is defined as value architecture. Simply put, value architecture includes data that is structured as a reusable, governed asset 鈥� not a byproduct of applications, and business outcomes that are defined upfront and used to drive architectural decisions. Its governance is embedded at the point of data creation and distribution, and it replaces redundancy by making reuse the primary scaling mechanism. Finally, measurement is tied directly to financial and operational impact.

This is not a rejection of the cloud; rather, it鈥檚 a repositioning of its role and value proposition.

The implication is both direct and unavoidable. If your current strategy cannot clearly articulate how technology investment improves the economics of your business, then your organization is operating within the cloud illusion. However, this is not a critique of past decisions. It is a recognition that the next phase of transformation requires a different operating model 鈥� one that explicitly connects architecture to economics. Moving forward, what was forgotten in the past is now a future core competency.

Most organizations using as-a-service software had assumed that the cloud provider, vendor, or combination of those dealt with the complex liabilities of making designs interoperable. The implication moving forward 鈥� as well explore more in the second installment of this series 鈥� is that service software architectures using the system ideation approaches within AI silos are failing miserably, and there are few who understand the designs and skills needed to guide enterprises in the future.

You can find more blog posts聽by this author here

Key insights:

• • • AI is changing legal鈥檚 role, not just its workload 鈥� Going forward, AI will do more than automate routine tasks, it also will help in-house legal teams become more strategic business partners.

    • The 5 archetypes make the transformation concrete 鈥� There are five practical ways in which AI could reshape legal work, including automation, stronger advising, better collaboration, and global scale.

    • Every organization鈥檚 AI transformation will be different 鈥� 成人VR视频鈥� own legal transformation journey shows the common and unique aspects of this process.

Beyond the automation, productivity boosts, or the now-familiar promise of doing more with less, the question over how AI will really transform the work that corporate legal departments do on a daily basis, has yet to be truly answered.

To deepen our understanding of where in-house legal is really heading next, Norie Campbell, 成人VR视频 Chief Legal Officer, and Lizzy Duffy, a Senior Director of the 成人VR视频 Institute, produced a new feature article, The 2030 legal department: 5 ways AI will transform how in-house teams work聽that steps back from the day-to-day noise around AI and asks the bigger, more interesting question: 鈥淲hat is the legal function actually becoming?鈥�

Importantly, the article recognizes that in-house legal teams are navigating real constraints around time, budget, and clarity even as expectations continue to evolve. It also acknowledges how GCs are balancing rising demands with a growing focus on efficiency, while also working to define what effective and meaningful AI adoption should look like for their teams.

Indeed, this human pressure is one of the most compelling aspects to the questions corporate law departments are facing today, and it reverberates beyond a simple theory of AI in legal to really reflect a profession at a turning point.

The five archetypes

The feature also lays out five archetypes 鈥� distinct models for how AI could reshape legal work, from high-volume automation to better strategic advising, stronger business partnering, smarter collaboration with outside counsel, and truly global leverage across teams and languages.

By referencing these five archetypes, legal department leaders can start asking where their own teams fit, and what they need to do to get better prepared for the AI-driven legal future of 2030.

These archetypes cover everything from deciding on the best ways to leverage AI-led automation to helping legal teams become more proactive strategic advisers. The archetypes also detail how to foster collaboration that can allow other corporate functions to act more confidently without constant legal intervention. And how to use AI to reduce barriers caused by language and time zones, enabling multinational legal teams to work more effectively across geographies.

By referencing these five archetypes, legal department leaders can start asking where their own teams fit, and what they need to do to get better prepared for the AI-driven legal future of 2030.

成人VR视频鈥� own journey

This feature article also builds a practical, grounded picture of the future from inside 成人VR视频鈥� own General Counsel鈥檚 Office (GCO), showing readers a transformation that鈥檚 already taking shape.

This insider perspective offers a front-row look at how one GCO is trying to move from experimentation to real transformation and tells a bigger story than technology alone. Today鈥檚 transformation of the corporate legal department is really about leadership, ambition, and the choices department leaders need to make now if they want to stay relevant by 2030.

More than anything, the feature article stresses that adopting AI tools is not the same as true transformation. To move beyond incremental gains, legal departments must redesign workflows, improve data infrastructure, invest in training, and hire for adaptability and technical literacy. Ultimately, the central message is that efficiency is only a by-product 鈥� the real challenge is deciding what kind of legal function an organization will need in 2030 and how to start building toward that vision now.

You can access the full feature article, The 2030 legal department: 5 ways AI will transform how in-house teams work here

Key highlights:

• • • Curriculum聽redesign must start now 鈥� One law school鈥檚 approach illustrates the necessity of mapping the entire curriculum to identify which skills to preserve, evolve, or build from scratch.

    • Training faculty in AI use is critical 鈥� Faculty AI training should be a multi-layered approach including hands-on training with specialized legal AI tools, guidance on redesigning curricula, and more.

    • AI simulations may be the key 鈥� Law school leaders need to act now by experimenting with small pilot projects and building simulation-based learning tools to replace the developmental depth that once came naturally in the first years of practice.

The debate about AI consuming most of the work that teaches essential lawyering skills to junior attorneys is forcing a reckoning with the long-held assumption that law schools were never designed to produce practice-ready lawyers and that it was always the profession’s job.

Indeed, AI is forcing that uncomfortable truth into the open faster than anyone anticipated because essential lawyering work 鈥� the document review, contract markup, research memo creation 鈥� dictated how a junior lawyer learned to spot the issue buried on page 47, to sense when a clause was off, and to develop the instinct that no classroom can fully replicate. Now, as more law firms deploy AI to handle precisely those entry-level tasks, the organic training moments that used to define the first two to three years of legal practice are evaporating.

, Executive Dean, Faculty of Law at Bond University, and Co-Chair of the Council of Australian Law Deans, says he sees where this is leading. The ultimate results will be firms hiring fewer junior lawyers today because AI has taken over that entry-level work, James explains, adding that means there will simply be no pipeline of mid-level, experienced lawyers to draw from in three to five years. Indeed, this is a slow-moving crisis, already in motion, and yet to fully arrive.

This crisis lands at the center of what the AI and Future of Legal Practice (AIFLP) initiative exists to address because at the core of this crisis is what does being job-ready really means when the job itself is being redefined. Answering this question requires law schools, law firms, licensing bodies, and technologists to do something they have historically struggled to do 鈥� that is to think and act collaboratively.

Rethinking the curriculum before AI does it for you

leads IE Law School鈥檚 AI initiative and is steering the school鈥檚 efforts to embed AI across the curriculum. To do so effectively, her approach requires going back to a broader set of foundational questions in legal education such as: For what is legal education meant to prepare students? How do students learn to develop legal judgment? What makes legal advice genuinely valuable? And what skills are essential to deliver that value in an AI-enabled profession?

鈥淟ayering AI tools on top of an unchanged curriculum serves no one,鈥� Perez-Llorca explains, adding that without answers to the fundamental questions, 鈥測ou are just adding technology to a structure that was never designed to handle it.鈥�

Check out how one law school professor is building AI simulation tools

IE law school is currently mapping its entire curriculum to determine which skills need to be preserved, which need to evolve, and which need to be built from scratch, while also using the AI-boosted curriculum to train faculty. Perez-Llorca describes the school鈥檚 faculty AI training as a multi-layered approach encompassing university-wide LLM training, substantive AI law curriculum review, hands-on training with specialized legal AI tools, guidance on redesigning curricula, and assessments to reflect students’ growing AI proficiency. Before students can be taught with AI, professors need to understand the tools themselves and how to use them in teaching, in simulation, and in assessment, she adds.

An AI tutor that meets students where they are

Bond University鈥檚 James says he has spent the last several months building an AI tutor designed to walk students through course material the way a patient, attentive instructor would. His vision for the AI teaching assistant supports the professor meeting students where they are. 鈥淚t [the AI tutor] introduces the week’s topic, outlines learning outcomes, guides students through the readings, checks comprehension with short quizzes, and then adapts in real time based on how the student responds,鈥� James explains, adding that the AI tutor will pull any student who is struggling deeper into the material until the learning outcome is achieved. 鈥淭he conversation never stops until the learning does.鈥�

However, James is careful to draw a clear distinction about what the tutor replaces and what it does not, stressing that AI is a substitute for the lecture recording, the static reading list, or the passive video watched at midnight before an exam 鈥� but it chiefly exists to support the law professor. This approach frees up class time, turning it from content delivery to more meaningful the time between the human instructor and students, he adds.

Act by design or default

The approaches by both Perez-Llorca and James point to a way to address the question of disappearing tasks that teach essential lawyering skills as well as shift the center of gravity in legal education toward ways to foster developmental skills and legal judgment. Indeed, inertia is not a strategy, and law school deans and associate deans can be at the forefront of this fight by taking decisive action, including:

• • • Experiment freely 鈥� Investigate with AI on your own by starting small with a pilot project.
    • Strategically assign where AI goes 鈥� Decide where AI belongs in the curriculum, such as in courses focused on legal research and drafting as they become commoditized by AI. Also, determine in which instances AI does not belong, such as counseling clients through ambiguity, navigating ethical complexity, and advocating persuasively. Make sure these all remain led by human lawyers.
    • Focus on skills 鈥� Map your law school鈥檚 curriculum by identifying which skills need to be preserved, which skills need to evolve, and which need to be built from scratch.
    • Build AI-assisted teaching tools 鈥� Make experiential and simulation-based learning central to the curriculum.

鈥淭he choice is between dealing with this crisis by design or by default,鈥� James says, noting that the pipeline problem he described is already in motion while the practitioners, educators, technologists, and licensing bodies that need to solve this together are not yet consistently in the same room.

Watch our recent Clarity podcast to see

Key takeaways:

• • • Falling behind on worked rates 鈥� Midsize firms grew worked rates by just 5.3% in Q1 2026, roughly half the Am Law 100’s 9.8% growth 鈥� a structural gap that has widened with every passing quarter.

    • Underinvesting in the tools that will define tomorrow 鈥� Midsize firms also invested 6.2% more in tech and knowledge management in the quarter 鈥� the lowest of any segment 鈥� leaving them at risk falling behind as larger peers accelerate their investment.

    • Sitting out the talent race 鈥� With recruiting expense growth at -0.2%, Midsize firms are virtually absent from the lateral market while their closest competitors saw 5.6% growth in their investment.

In Q1 2026, demand growth across all segments landed at 2.7% year-over-year, with 聽Midsize firms coming in at 2.6%, essentially in line with the market average and comfortably ahead of the Am Law 100’s 1.2%, according to the 成人VR视频 Institute鈥檚 recent Q1 2026 Law Firm Financial Index (LFFI).

Based on this metric, Midsize firms are not underperforming, as they are capturing work at a pace that outstrips the elite tier; however, a deeper look shows a more nuanced story. The Am Law Second Hundred led all segments with demand growth of 3.9%, posting a notable advantage over the Midsize segment. That growth was enough to make up the ground ceded by the Am Law 100 that the Am Law 200 as a whole still managed to outstrip the Midsize segment in terms of demand growth.

That makes the demand story a very mixed one for Midsize firms. While they are holding their own against the very largest firms, the Am Law Second Hundred 鈥� Midsize鈥檚 most direct competitive set 鈥� is pulling significantly ahead on volume. If that gap persists, it could further shut the gates to demand gains. Of course, that would be made all the more impactful because of how rising demand influences firms鈥� ability to raise rates.

Rates are the most consequential gap in the data

If demand tells a moderately positive story for Midsize, worked rate growth is the point at which the data turns slightly more negative for the segment. In Q1 2026, Am Law 100 firms posted worked rate growth of 9.8%, the highest of any segment by a significant margin. The Am Law Second Hundred recorded 6.9% growth, while the overall market average was 7.0%. Midsize firms, meanwhile, came in at 5.3%.

That is a gap of more than 4.5 percentage points between Midsize and Am Law 100 firms, a magnitude outstripping the entirety of the Midsize segment鈥檚 demand gains.

What makes this especially significant is that the gap is not new 鈥� one year ago, in Q1 2025, the same hierarchy held, with Am Law 100 firms seeing worked rates grow at 9.4%, Second Hundred firms at 7.1%, and Midsize firms at 5.9%. In other words, the rate divergence between Midsize firms and the rest of the market has been consistent and is widening even further. The end result of this is stark: Midsize firms are growing revenue per hour of work at a pace roughly half that of their Am Law 100 counterparts, and that differential compounds over time into a meaningful profitability disadvantage.

Expenses diverge in the wrong direction

On the expense side of the ledger, the pattern reverses in a way that creates a genuine squeeze for Midsize firms. Looking at direct expenses 鈥� the costs most closely tied to delivering client work 鈥� Midsize firms recorded growth of 5.4% in Q1 2026, the highest of all three segments. This compares to 4.8% for the Am Law 100 and just 4.4% for the Am Law Second Hundred. That means that Midsize firms are generating the slowest rate growth while simultaneously growing their client-delivery costs the fastest. That combination reflects a textbook margin compression dynamic.

Overhead expenses per FTE tell a different story. Here, Midsize firms showed lower growth at 4.0%, well below the Am Law 100’s 6.7% and the Second Hundred’s 5.8%. On the surface this looks like cost discipline, but it is worth reading carefully: lower overhead investment, especially when coupled with the market鈥檚 high tech and talent expenditure pressures may actually reflect forced underinvestment rather than efficiency. Midsize firms may simply have less capacity to expand their infrastructure spending, not less need for it.

Making an opposite bet on talent

Indeed, one of the sharpest contrasts in the “Q1 2026 LFFI ” data involves recruitment expenses. The Am Law Second Hundred is investing heavily in lateral talent, seeing recruitment expense growth of 5.6%. The Am Law 100 has sharply pulled back, growing recruitment costs at just 0.3% 鈥� a signal that the largest law firms may be consolidating their existing talent base rather than expanding it aggressively. Midsize firms sit at the opposite extreme, with recruitment expense growth of -0.2%, essentially flat to slightly negative.

This difference is notable because the Am Law 100 and Midsize segments are pursuing fundamentally different headcount strategies. As Am Law firms focus on leaner headcount powered by rates, Midsize firms have finding much more of their revenue growth comes from growing aggregate hours worked by hiring more lawyers. Midsize firms鈥� decision not to leverage as much investment in this area could signal a shift in strategy, simple cost pressures, or perhaps a greater focus on which areas they spend their recruiting money. Whichever the driver, it鈥檚 a sizeable shift across a segment that鈥檚 already feeling pressure across multiple facets of their business.

The compound effect of this divergence

The “Q1 2026 LFFI” data highlights several reinforcing challenges facing Midsize firms: slowing demand and lagging rate growth, the highest direct expense growth but the lowest technology investment, and minimal lateral recruitment investment. While no single factor is critical, together these divergences show a widening gap between earnings and costs.

Of course, this is not to say that Midsize firms are going bankrupt 鈥� far from it. Midsize firms鈥� profitability, on average, is growing at a solid pace as demand and rates continue to power them forward, even as expenses weigh on their numbers.

What may be more concerning is what this means for the future potential of Midsize firms, especially as the market bifurcation grows and the Am Law firms increasingly pull away. As this continues, it鈥檒l become harder and harder for Midsize firms to break into those ranks, compete for talent, and compete for the kind of bet the company work that is some of the most profitable in the legal industry. Reversing this course isn鈥檛 about Midsize firms鈥� 2026 results; rather, it鈥檚 about what they can achieve in 2030, 2040, and beyond.

You can download a full copy of the 成人VR视频 Institute鈥檚 Q1 2026 Law Firm Financial Index here