---
title: "LegalTech due diligence in 2026 · what to actually check before you sign"
description: "AI contract review, e-discovery, and matter-management vendors all promise 'privilege-aware'. Here's the 12-point checklist we run before any law firm we advise signs."
date: 2026-05-06
updated: 2026-05-06
author: "Dezső Mező"
tags: "LegalTech, Due diligence, AI, Compliance"
slug: legaltech-due-diligence-2026
canonical: https://dfieldsolutions.com/blog/legaltech-due-diligence-2026
---

# LegalTech due diligence in 2026 · what to actually check before you sign

Legal-tech vendors all say 'privilege-aware'. Here's the 12-point due-diligence checklist we run before our law-firm clients sign.
Every LegalTech sales deck says 'privilege-aware', 'attorney-built', 'SOC 2 compliant'. Half of them haven't read their own DPA. Here are the 12 questions we make every law firm we advise put in writing before signing.

## Data + privilege (1-4)

- Where does our data live? (City + country, not just 'EU')
- What's the retention default, and can we change it without an enterprise plan?
- Are we opted out of model training by default, contractually?
- What's the breach-notification SLA in hours, not days?

## Workflow (5-8)

- Show me the privilege-preservation flow when a document is shared internally · screen-share, not slides
- Can we export the matter / case in a format we can take to another vendor?
- Is there a conflict-check API or are we manually re-keying?
- Show me the per-user, per-document audit log · the regulator will ask

## Architecture (9-12)

- What's the encryption-at-rest story · key custody included?
- Is there an on-premise / private-cloud option for the M&A and IP work?
- What's the exit clause · 30 days? 90? Data + format?
- Full sub-processor list · who else touches our data?

> **NOTE:** If a sales rep can't answer 9 of these on the second call, the answer is no. We've watched firms sign anyway and pay 5-figures to migrate out 18 months later.

## How we help

We sit on the technical-eval call as the firm's outside engineer · ask the questions, read the SOC 2 Type II, push back on the standard MSA. One-week engagement, fixed price. The output is a go / no-go memo + redlined contract.

---

Source: https://dfieldsolutions.com/blog/legaltech-due-diligence-2026
Author: Dezső Mező · Founder, DField Solutions
Site: https://dfieldsolutions.com