There's a version of AI document analysis that's genuinely useful, and a version that creates a false sense of security. The difference matters because the consequences of missing something in a commercial lease or an SPA aren't minor.
The useful version: AI reviews a 60-page document in seconds and tells you what's in it. What are the key dates, the payment provisions, the break clauses, the limitation of liability position, the unusual indemnities. That first-pass extraction, the thing a paralegal would spend an hour doing, AI handles well and quickly.
The false security version: treating that extraction as the review, rather than as the input to the review.
What AI is actually good at here
Extraction is reliable. AI can find defined terms, pull out key dates, identify clause types, and summarise provisions across a long document with reasonable accuracy. For due diligence on a pack of similar contracts, supplier agreements, leases, NDAs, AI can process the pack and tell you which documents contain unusual provisions before you've read a single one.
Deviation flagging is also useful. If you give an AI tool your firm's standard position on limitation of liability and ask it to flag where a document departs from that, it will find them. This is quicker than reading clause by clause looking for deviations from a checklist.
What this does is compress the first stage of review. The reading, highlighting, and initial structuring that used to take an hour can take a few minutes.
What AI doesn't do
AI finds what's in the document. It doesn't notice what's missing.
A commercial lease with no break clause isn't unusual on its face, the AI won't flag it as a risk. Whether that's a problem for your client depends on the transaction. A missing MAC provision in an acquisition agreement, a landlord's repair obligation that stops short of the structure, a limitation clause that doesn't cap what your client assumed it capped, these are gaps, not deviations, and gaps are harder for AI to catch.
AI also doesn't know your client's situation. A non-standard assignment restriction might be completely acceptable given how the client intends to use the premises, or it might be fatal to the deal structure. That assessment requires understanding the transaction context, not just the document.
Confidentiality before you upload anything
This is the practical thing many solicitors don't check before they start using a tool with client documents.
Does the AI provider train its models on uploaded documents? Some do. If client data is used to train a model, it may influence outputs visible to other users, that's a confidentiality breach and a UK GDPR breach, regardless of whether anything is ever directly recoverable.
Before you upload a client document to any AI tool, confirm in writing (usually in the Data Processing Agreement) that the provider doesn't train on customer data, where the document is processed, and what security measures are in place.
If the provider can't answer those questions clearly, don't use it for client documents.
A workflow that works
Upload the document. Let AI extract the key provisions and flag deviations from your standard position. Use that as your structured starting point. Then read the document, applying your judgment about what the extraction means for this particular client and this particular transaction.
You still read the document. You still apply the professional judgment. What changes is that you go into the read with a structured map of what you're looking at, and the time you save on extraction you spend on the parts of the review only you can do.
Writford's document analysis feature processes client documents without training on them, see the DPA for the specifics, and sits within the matter record so analysis is saved against the file.