Your documents stay yours. We read them where they live.
LegalAI Space connects to the systems you already run and reads documents live, with your firm's own permissions. Ethical walls and access controls stay intact. Nothing is copied into a separate store. Every source it touches is recorded, and every run is signed.
Research Agent — Director liability research
23 steps · 4m 12s
Governance — all 6 checks passed
Verification, privilege & conflict screening, signed audit trail.
Research memo
High confidenceWrongful trading — director liability
A director can be personally liable for wrongful trading under s.214 Insolvency Act 1986 where they knew, or ought to have concluded, that there was no reasonable prospect of avoiding insolvent liquidation — and failed to take every step to minimise loss to creditors. The test is both subjective and objective (Re Produce Marketing).
Prest v Petrodel Resources Ltd [2013] UKSC 34
Supreme Court
Re Produce Marketing Consortium (No 2) [1989] BCLC 520
Chancery Division
Insolvency Act 1986, s.214
legislation.gov.uk
BTI 2014 LLC v Sequana SA [2022] UKSC 25
Supreme Court
Re Continental Assurance Co of London [2007] 2 BCLC 287
Chancery Division
Document access
Live access, with your permissions, never a copy.
Most AI tools copy your documents into their own index. We do not. LegalAI Space reads each document live, at the moment it is needed, through your firm's own connection. The access rules that govern the original govern the read.
Fetched live, never copied
Documents are browsed in chat and projects and fetched live from source. No second copy sits in a separate store.
Ethical walls and ACLs preserved
The agent inherits the permissions of the person running it. Information barriers and access-control lists on the source apply to the read. If a fee earner cannot open a document, neither can their agent.
Firm-connected MCP endpoints
Access runs through your firm's own connectors: CloudiManage MCP for iManage, ndMAX MCP for NetDocuments, Microsoft Work IQ for the Microsoft estate. The connection is yours, not a credential we hold.
Permission-aware Know-How
The Know-How agent finds precedents and prior matters across your DMS and wikis while respecting every information barrier. It surfaces what the user is entitled to see, and nothing else.
Connected sources
Your systems. Your connection, your control.
LegalAI Space reads from the document systems firms actually use, each through its own firm-held connector. Further tools and integrations extend the platform without moving your data out of it.
via your firm's CloudiManage MCP, ethical walls and ACLs intact
via ndMAX MCP
SharePoint, OneDrive, Teams, Outlook
via your firm's connection
via your firm's connection
via your firm's connection
Microsoft Work IQ covers SharePoint, OneDrive, Teams and Outlook as one connector. Live, permission-aware reads. No bulk export, no shadow index.
Every source carries its receipt.
When an agent cites the law, it does not cite from memory. Primary UK and EU law is fetched through OpenLaw, provenance-first and no sign-in, and every result arrives with the proof attached: the live source URL and a content hash of exactly what was read.
Cases also carry a treatment signal, so a citation is not just real. It is still good law.
Source URL
Every authority links back to the real page on the issuing source, so anyone can open it and check.
Content hash
A hash records the exact text that was read at fetch time. If the source changes later, the record still shows what the agent saw.
Data handling
Built for data you are not allowed to lose.
Where your data lives, who can reach it, and what happens to it, set out plainly, and built to answer the questions an SRA or ICO review actually asks.
Data residency
- UK data in UK infrastructure, EU data in EU infrastructure.
- Client data does not leave your chosen jurisdiction.
- Processing stays within your jurisdiction's GDPR regime — no transfer to a separate index.
Organisation-scoped access
- Firms see only their own data.
- Compliance, fee-earner and admin views are role-separated, so the right people see the right things and no one sees across the wall.
No training on client data
- Your prompts, documents and outputs are never used to train AI models — ours or the underlying model providers'.
- Client data is processed only to carry out your request, never fed back into model training or retained to improve a model.
PII handled at the door
- The PII Redaction guardrail detects and redacts personal data from agent inputs before processing.
- A control on the way in, not a clean-up afterwards.
Encryption and resilience
- Encryption at rest and in transit (TLS 1.3).
- Regular penetration testing.
- A disaster-recovery and business-continuity plan underneath it all.
In the product
Every authority, pinned to its source.
Each source the agent reads carries its provenance: the live URL it came from, re-fetched for verification, with ethical walls and ACLs intact on the read.
Re-fetched for verification
Each authority is fetched again at the point of citing, not recalled from memory, and checked against the live source before it appears in the work.
Treatment signal on every case
A case carries its treatment signal, so a citation is not just real — it shows whether it is still good law before a lawyer relies on it.

THE RECORD
A signed record of every action.
Every agent action is logged: timestamps, inputs, outputs, sources and verification results. The record links the live source and its content hash to the work that used it, and exports in a regulator-aligned format on demand.
Hash-chained and signed
Each entry is hash-chained and cryptographically signed, so any later edit breaks the chain and is detectable.
It records the read, not just the result
The entry names which document was read, under whose permissions, from which live source — so an access question has an answer, not an assumption. See how the full record is built for the SRA and the EU AI Act on the governance model.

Every prompt, retrieval, verdict and synthesis step is signed and linked, reproducible on demand for the SRA, a client or a regulator.
Certification roadmap
The certifications firms procure against, on a defined timeline.
We are pursuing the certifications law firms procure against. These are planned — not yet achieved — and we will update this page as each milestone is reached.
Cyber Essentials
UK government-backed certification for baseline cyber security — planned pre-launch to meet law firm procurement requirements.
SOC 2 Type II
Independent audit of security controls, availability, and confidentiality — the standard enterprise procurement benchmark.
ISO 27001
International information security management standard — aligned with the expectations of Top 100 UK firms and international clients.
Other tools secure your data. We never copy it.
Rivals index or anonymise your documents — a copy either way. LegalAI Space reads them where they live, under your permissions, and writes a signed record of every read. Security-grade trust keeps the data safe; this is governance-grade trust — proof of what was read, by whom, and how it was checked.
Bring your security team.
Tell us your information-governance requirements and we will map LegalAI Space controls to your firm's framework, line by line.
- 01
Document access, provenance (source URL and content hash) and audit features described on this page represent planned or in-development architecture. References to third-party systems (iManage, NetDocuments, Microsoft, Google, Box, Dropbox, OpenLaw) are illustrative. LegalAI Space is not affiliated with these providers and integration availability may vary.
- 02
Certification roadmap (Cyber Essentials, SOC 2 Type II, ISO 27001) reflects our planned timeline. These certifications have not yet been achieved. We will update this page as each milestone is reached.
- 03
References to hosting infrastructure regions (UK, EU) describe planned deployment architecture. Final hosting arrangements will be confirmed prior to launch.