Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Insights on data, AI & business. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

AI in Australian Law Firms: A 2026 Reality Check
Blog AI

AI in Australian Law Firms: A 2026 Reality Check

AI is reshaping Australian law firms in 2026. Here is what the profession is actually adopting, what is stalling, and what firm leaders should do next.

Sam McKay

Where Australian law firms actually sit with AI in 2026

If you run a law firm in Australia, you have been hit with more AI pitches in the last 18 months than in your entire prior career. The noise is loud and the signal is thin. So here is the honest read on where the profession is up to in mid-2026, drawn from what I am seeing across our network of firms in Sydney, Melbourne, Brisbane and the regions.

The good news first. AI is genuinely useful in legal work, and the firms that have stuck with disciplined pilots are quietly pulling ahead on turnaround time and cost recovery. The less good news is that the gap between the early adopters and everyone else is widening, and a lot of the tools being sold right now will not survive a serious privacy or privilege review.

Industry estimates we work with suggest around 30 to 45 percent of mid-sized Australian law firms have at least one production AI tool running today, with another cohort piloting or trialling. Solo and small practices sit lower on adoption, mostly because the upfront workflow work feels heavier than the payoff. That matches what we typically see in our work with NZ and AU professional services firms.

Vendors love to talk about AI as if it is one thing. For a law firm, it is at least four different things, and each carries different risk.

Document review and due diligence. This is the most mature use case. Tools that summarise discovery bundles, extract clauses from contracts, and flag anomalies across large document sets have been quietly used by Australian firms for several years. They tend to be hosted in Australia or in approved jurisdictions, and the better ones let you keep the data inside your existing matter management environment.

Drafting assistance. This is where the conversation has moved fastest. The leap in general-purpose assistants through 2024 and 2025 changed what partners expect from first drafts of emails, memos, and standard clauses. The risk profile is higher here, because the temptation is to feed draft content into tools that may not have appropriate data handling in place.

Research and citation. Tools that can search case law and commentary are useful, but Australian practitioners should treat any AI-generated citation as a junior lawyer’s first pass that needs to be checked against the actual authority. The risk of hallucinated citations is real and well documented.

Practice operations. Scheduling, billing narrative generation, conflict searches, matter intake triage. This is where the time savings stack up fastest for a firm of 5 to 50 lawyers, and where the privacy exposure is lowest if you choose tools built for the profession.

The privacy and confidentiality trap

This is the bit most AI marketing material skips past, and where the most expensive mistakes get made.

When a lawyer pastes client information into a general-purpose AI tool, several things can happen that you do not want. The data may be used to train future models. It may be stored in a jurisdiction with weaker disclosure protections. It may be accessible to a wider set of people inside the vendor than you assumed. Each of these is a problem for legal professional privilege, for client confidentiality, and for compliance with the Australian Privacy Principles under the Privacy Act 1988.

If client data ends up offshore in a way the client has not consented to, you can find yourself in breach of APP 8 (cross-border disclosure). For sensitive matters, this is not a theoretical risk. It is the kind of thing that ends up in a complaint to the Office of the Australian Information Commissioner and, worse, in the local law society’s regulatory arm.

The safe path is to choose tools that have an Australian or equivalent-jurisdiction data residency option, that do not train on your inputs by default, and that will sign terms consistent with your professional obligations. The legal-specific platforms like LEAP, Smokeball, LawVu and the document management heavyweights like iManage and NetDocuments have invested in this. General consumer tools often have not, no matter how impressive the demos look.

A useful rule of thumb we share with firms: if the tool is free and you did not negotiate enterprise terms, do not put client information into it. Not even to “just test it”.

Where the real cost and time savings show up

Let me put rough numbers around this, with the usual caveat that your mileage will vary by practice area and team.

A mid-sized commercial firm with 20 to 40 lawyers spending real money on AI tooling is looking at around AUD $40,000 to $150,000 per year in software costs, depending on which tools and how many seats. That sounds like a lot, and it is, but the return is mostly in recovered time on document-heavy work. Industry estimates we work with suggest meaningful productivity lifts in the 15 to 35 percent range on tasks like contract review, first-draft memos, and discovery triage. For a firm billing out at $450 to $800 per hour, even a modest time recovery across the team covers the software cost several times over.

The bigger cost, and the one most firms underestimate, is the change management. You will spend real money and several months getting the workflows right, the prompts right, the templates right, and the team trained. Firms that skip this step are the ones that buy a tool, use it for a month, and quietly let it lapse.

For a sole practitioner or two-partner firm, the calculus is different. A general-purpose assistant on a paid plan at roughly AUD $30 to $50 per user per month, combined with one well-chosen practice management add-on, is often the right starting point. You do not need a stack. You need one tool used well, then a second.

What the regulators expect of you

The Australian regulatory landscape for AI in legal practice is not a single rule. It is a stack, and the stack is moving.

At the base are the Australian Privacy Principles. These apply to most firms with annual turnover above AUD $3 million, and to all firms handling health and other sensitive information. APP 11 (security of personal information) and APP 8 (cross-border disclosure) are the two that bite hardest when you introduce AI tooling. Verify the specific obligations that apply to your firm with your lawyer, because the thresholds and exemptions have shifted and may continue to.

On top of privacy sits the professional conduct layer. Each state’s Legal Profession Uniform Law and the equivalent rules in jurisdictions that have not adopted it set out your obligations on supervision, competence, and confidentiality. The Law Society of NSW, the Law Institute of Victoria, the Queensland Law Society and the others have all issued guidance on AI use. The common theme is that AI cannot be a substitute for your professional judgment, that you remain responsible for any output that goes out under your name, and that client consent is required where the AI handling changes the way their information is processed in any material way.

For incorporated legal practices, ASIC regulatory guides also come into play, particularly where AI affects financial reporting, fee disclosure, or trust accounting. APRA’s CPS 234 on information security does not directly regulate law firms, but the same principles are a useful benchmark if you ever represent APRA-regulated clients and want your own house in order.

The honest answer is that regulators have not yet drawn a hard line on most AI questions. The risk to a firm is not so much a fine as a complaint that escalates because the firm cannot show it thought through the issues.

The practical risks nobody wants to talk about

Beyond privacy, three risks deserve your attention.

The first is competence and supervision. If a junior lawyer uses AI to produce work product and the partner signs it off without checking, the partner is still the responsible practitioner. Several firms in our network have started requiring that any AI-assisted output be clearly identified in the file notes, which makes supervision practical rather than theoretical.

The second is billing transparency. If AI shaves four hours off a matter that you used to bill at twelve, the right answer is to tell the client. Some firms are now writing AI disclosure language into engagement letters, particularly for commercial clients with sophisticated procurement teams. It is also a useful hedge against the cost disclosure and fee reasonableness scrutiny that has been ramping up across the states.

The third is vendor lock-in and data portability. AI tools evolve fast, and a tool you depend on today may be acquired, repriced, or shut down next year. Make sure you can get your templates, prompts, and matter data out if the relationship ends. Ask the hard questions before signing.

A realistic adoption path for your firm

If you are still in the thinking-about-it phase, here is the path we typically recommend.

Start with one workflow, one team, one tool, and a clear before-and-after measurement. Contract review for a single practice group is usually the best first move because the volume of work is high, the output is easy to measure, and the privacy risk is manageable if the tool is hosted in Australia.

Get the policies in place before you scale. A one-page AI use policy, a client disclosure line you are comfortable with, and a clear rule on which tools are approved. This takes a few days, not a few months, and it saves a lot of pain later.

Train the team properly. Generic training videos do not change behaviour. Sitting with a practice group for two hours, walking through real matters, and showing the right and wrong way to use the tool does. Budget for this.

Then expand. Add drafting assistance, then research tooling, then practice operations. Review every quarter. The firms doing this well are the ones treating AI as an ongoing operating discipline, not a one-off software purchase.

Questions to ask any AI vendor before signing

A short list we walk firms through. If the vendor cannot answer these clearly, walk away.

Where is the data stored, in what jurisdiction, and can we choose? Is our data used to train your models, and can we turn that off in writing? What is your incident notification process and timeline? Can we terminate and get our data back in a usable format? How do you handle our obligations under the Australian Privacy Principles? Will you sign terms that reflect our professional conduct obligations? Who has access to our data inside your organisation, and how is that access logged?

These are not unreasonable questions. Any vendor serious about the legal market in Australia should be able to answer them without flinching.

The honest bottom line

AI in Australian legal practice in 2026 is past the hype stage and into the messy, useful middle. The firms getting real value are not the ones with the biggest budgets or the flashiest tools. They are the ones that picked a small number of workflows, governed them properly, trained their people, and kept measuring.

If you run a firm, the worst move right now is to do nothing while your competitors quietly compound their advantage. The second worst move is to buy a stack of tools without the policies and training to support them. The right move is a small, deliberate, well-governed first step, taken this quarter.

Enterprise DNA works with NZ and AU businesses on this challenge. Get the free Working With Claude field guide: https://enterprisedna.co/resources/working-with-claude?utm_source=edna-landing&utm_medium=blog&utm_campaign=nzau