Vortalis for Legal

Document review, contract analysis, and matter management

The trust layer for AI agents reading privileged material, drafting documents, and routing matter activity.

Legal work runs on privilege, supervision, and a complete record of who decided what. The legal sector pack codifies the actions an agent may take inside a matter, gates the high-impact ones behind matter-partner approval, and signs every decision into an audit chain a regulator can verify offline. The DMS adapters for Clio, iManage, NetDocuments, and Relativity apply privilege detection on the return path so the agent reasons over content without seeing raw privileged text.

Regulators covered

Which frameworks the legal pack maps to today.

Framework

Jurisdiction

Coverage

Notes

SRA Standards and Regulations

vortalis_proxy/compliance/sra_uk.py
tests/conformance/regulators/sra_uk/

Full

SRA Principles 5 and 7, Code of Conduct for Solicitors paragraph 6.3 on confidentiality, and Code of Conduct for Firms paragraph 2.5 on information security. The SRA has not published a binding code chapter specifically on AI; the binding obligations the pack maps against are the existing published rules that apply to AI-assisted work as they do to any other matter activity.

NY Rules of Professional Conduct

vortalis_proxy/compliance/us_state_bars/new_york.py
tests/conformance/regulators/ny_state_bar/

US-NY

Full

Rule 1.6 on confidentiality of information, Rule 1.1 Comment 8 on technology competence, Rule 5.3 on responsibilities regarding nonlawyer assistance (applied to AI agents under attorney supervision), and Rule 1.4 on communication. The first published state-bar mapping; California, Texas, Illinois, and Massachusetts follow the same shape as customers in those jurisdictions onboard.

GDPR

vortalis_proxy/compliance/frameworks.py

EU and UK

Full

Personal data carried in legal matters (client contact details, opposing-party identifiers, witness data) is tokenised and audited on the same chain as the agent's matter actions. The lawful-basis analysis is the firm's; Vortalis records the evidence the regulator needs.

Adapter coverage

Upstream services Vortalis adapts for this vertical.

ClioShipping
Matters, documents, contacts, notes, activities, communications. Privilege detection on note bodies and communication bodies.
iManageShipping
Document management API. Privilege detection on document text fields; per-tenant pattern set extensible via Tenant.config.
NetDocumentsShipping
Document workspace and folder API. Tokenisation of client and matter identifiers; privilege detection on document content.
RelativityShipping
E-discovery workspace API. Privilege detection on extracted text and email subjects; production manifest captured in the audit trail.

Action vocabulary

The policy template for this vertical.

Actions allowed

Each action gated by policy at the hot path.

Anticipated require_human actions

contract.signed_off
ediscovery.produced
document.shared

Rate-limit posture

Per-day caps on the highest-risk action types: 50 external shares per 24-hour window, 10 e-discovery productions per 24-hour window, 20 contract sign-offs per 24-hour window. The firm raises any of these after agreeing the volume with the matter partner.

Template path: policies/sectors/legal/document-review-template.yaml

Integration brief

The implementation guide your engineers read first.

Available

docs/governance/integration-briefs/legal-document-review.md

Honest limits

What this sector pack does not do.

Vortalis does not provide legal advice; it governs AI-agent actions that draft, review, or produce legal documents.

The policy template gates thirteen actions including document.drafted, contract.redlined, and ediscovery.produced. It does not advise on the merits of a matter, choose the legal strategy, or substitute for the supervising solicitor. The legal judgement remains with the firm. Vortalis records what the agent did, when, and under whose authority; it does not adjudicate whether the agent should have been delegated the work.

Privilege detection is a Vortalis primitive; the legal determination of what constitutes privileged content in a given jurisdiction is the operator's responsibility to encode in policy and tenant configuration.

The DMS adapter base applies a marker-based detector and records the classification result on each audit row. The default pattern set covers the common UK and US privilege markers; a firm with jurisdiction-specific markers extends the set via Tenant.config["dms_privilege_markers"]. The detector is conservative by design (it flags candidates rather than missing them) and is not a substitute for the firm's privilege-review workflow.

Counterparty certification with Clio, iManage, NetDocuments, and Relativity is the operator's responsibility.

Per the public limitations page, Vortalis ships adapters as code, not as counterparty-certified production integrations. The four DMS adapters listed above are shipping code in the platform; the operator's contract with each upstream vendor governs the conformance and rate-limit conventions of the upstream service. The audit-chain evidence the firm presents to the SRA or the NY state bar is the Vortalis chain; the upstream's own audit trail remains a separate artefact.

State bar rules differ between jurisdictions; the New York rules are the first published state-bar mapping. Mappings for other states land as customers in those jurisdictions onboard.

A matter in California, Texas, Illinois, or Massachusetts requires a state-specific evidence-pack builder. The NY mapping is shipping; the package structure under vortalis_proxy/compliance/us_state_bars/ anticipates the other states. A matter run through the platform in a state without a published builder is governed but the regulator-facing evidence pack will not name that state's specific rule numbers. The honest framing is that the platform's runtime evidence is jurisdictionally consistent; the regulator-facing mapping is state by state.

The general-purpose honest limits sit at /security/limitations; this list is specific to the legal pack.

Bring Vortalis to your legal agents.

Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.

Read the integration brief Talk to an engineer