SECURITY

Your documents stay yours. We read them where they live.

LegalAI Space connects to the systems you already run and reads documents live, with your firm's own permissions. Ethical walls and access controls stay intact. Nothing is copied into a separate store. Every source it touches is recorded, and every run is signed.

Read live, never copiedEthical walls and ACLs preservedProvenance on every sourceA signed record of every stepNever used to train AI models
research-agent / director-liability.memoCompleted

Research Agent — Director liability research

23 steps · 4m 12s

Completed

Governance — all 6 checks passed

Verification, privilege & conflict screening, signed audit trail.

Research memo

High confidence

Wrongful trading — director liability

Short answer

A director can be personally liable for wrongful trading under s.214 Insolvency Act 1986 where they knew, or ought to have concluded, that there was no reasonable prospect of avoiding insolvent liquidation — and failed to take every step to minimise loss to creditors. The test is both subjective and objective (Re Produce Marketing).

BriefAuthorities (12)MethodologyOpen questions (2)
#AuthorityStatus
1

Prest v Petrodel Resources Ltd [2013] UKSC 34

Supreme Court

Verified
2

Re Produce Marketing Consortium (No 2) [1989] BCLC 520

Chancery Division

Verified
3

Insolvency Act 1986, s.214

legislation.gov.uk

Verified
4

BTI 2014 LLC v Sequana SA [2022] UKSC 25

Supreme Court

Verified
5

Re Continental Assurance Co of London [2007] 2 BCLC 287

Chancery Division

Verified
12 authorities verified · 1 fabrication caught & removedsigned audit
Grounded inBAILIIlegislation.gov.ukEUR-LexHUDOCCURIACourts.ie

Document access

Live access, with your permissions, never a copy.

Most AI tools copy your documents into their own index. We do not. LegalAI Space reads each document live, at the moment it is needed, through your firm's own connection. The access rules that govern the original govern the read.

Fetched live, never copied

Documents are browsed in chat and projects and fetched live from source. No second copy sits in a separate store.

Ethical walls and ACLs preserved

The agent inherits the permissions of the person running it. Information barriers and access-control lists on the source apply to the read. If a fee earner cannot open a document, neither can their agent.

Firm-connected MCP endpoints

Access runs through your firm's own connectors: CloudiManage MCP for iManage, ndMAX MCP for NetDocuments, Microsoft Work IQ for the Microsoft estate. The connection is yours, not a credential we hold.

Permission-aware Know-How

The Know-How agent finds precedents and prior matters across your DMS and wikis while respecting every information barrier. It surfaces what the user is entitled to see, and nothing else.

Connected sources

Your systems. Your connection, your control.

LegalAI Space reads from the document systems firms actually use, each through its own firm-held connector. Further tools and integrations extend the platform without moving your data out of it.

iManage

via your firm's CloudiManage MCP, ethical walls and ACLs intact

NetDocuments

via ndMAX MCP

Microsoft Work IQ

SharePoint, OneDrive, Teams, Outlook

Google Drive

via your firm's connection

Box

via your firm's connection

Dropbox

via your firm's connection

Microsoft Work IQ covers SharePoint, OneDrive, Teams and Outlook as one connector. Live, permission-aware reads. No bulk export, no shadow index.

Provenance

Every source carries its receipt.

When an agent cites the law, it does not cite from memory. Primary UK and EU law is fetched through OpenLaw, provenance-first and no sign-in, and every result arrives with the proof attached: the live source URL and a content hash of exactly what was read.

Cases also carry a treatment signal, so a citation is not just real. It is still good law.

Source URL

Every authority links back to the real page on the issuing source, so anyone can open it and check.

Content hash

A hash records the exact text that was read at fetch time. If the source changes later, the record still shows what the agent saw.

Data handling

Built for data you are not allowed to lose.

Where your data lives, who can reach it, and what happens to it, set out plainly, and built to answer the questions an SRA or ICO review actually asks.

Data residency

  • UK data in UK infrastructure, EU data in EU infrastructure.
  • Client data does not leave your chosen jurisdiction.
  • Processing stays within your jurisdiction's GDPR regime — no transfer to a separate index.

Organisation-scoped access

  • Firms see only their own data.
  • Compliance, fee-earner and admin views are role-separated, so the right people see the right things and no one sees across the wall.

No training on client data

  • Your prompts, documents and outputs are never used to train AI models — ours or the underlying model providers'.
  • Client data is processed only to carry out your request, never fed back into model training or retained to improve a model.

PII handled at the door

  • The PII Redaction guardrail detects and redacts personal data from agent inputs before processing.
  • A control on the way in, not a clean-up afterwards.

Encryption and resilience

  • Encryption at rest and in transit (TLS 1.3).
  • Regular penetration testing.
  • A disaster-recovery and business-continuity plan underneath it all.

In the product

Every authority, pinned to its source.

Each source the agent reads carries its provenance: the live URL it came from, re-fetched for verification, with ethical walls and ACLs intact on the read.

Re-fetched for verification

Each authority is fetched again at the point of citing, not recalled from memory, and checked against the live source before it appears in the work.

Treatment signal on every case

A case carries its treatment signal, so a citation is not just real — it shows whether it is still good law before a lawyer relies on it.

app.legalaispace.com/research/authorities
Research Agent authorities view — every retrieved source pinned to its live URL and re-fetched for verification, with the firm's permissions intact

THE RECORD

A signed record of every action.

Every agent action is logged: timestamps, inputs, outputs, sources and verification results. The record links the live source and its content hash to the work that used it, and exports in a regulator-aligned format on demand.

Hash-chained and signed

Each entry is hash-chained and cryptographically signed, so any later edit breaks the chain and is detectable.

It records the read, not just the result

The entry names which document was read, under whose permissions, from which live source — so an access question has an answer, not an assumption. See how the full record is built for the SRA and the EU AI Act on the governance model.

app.legalaispace.com/governance/audit
Governance dashboard showing the signed audit trail — severity-tagged flags, verification counts, and the regulator-aligned record of every agent action

Every prompt, retrieval, verdict and synthesis step is signed and linked, reproducible on demand for the SRA, a client or a regulator.

Certification roadmap

The certifications firms procure against, on a defined timeline.

We are pursuing the certifications law firms procure against. These are planned — not yet achieved — and we will update this page as each milestone is reached.

Target: H2 2026

Cyber Essentials

UK government-backed certification for baseline cyber security — planned pre-launch to meet law firm procurement requirements.

Target: 2027

SOC 2 Type II

Independent audit of security controls, availability, and confidentiality — the standard enterprise procurement benchmark.

Target: 2027

ISO 27001

International information security management standard — aligned with the expectations of Top 100 UK firms and international clients.

The difference

Other tools secure your data. We never copy it.

Rivals index or anonymise your documents — a copy either way. LegalAI Space reads them where they live, under your permissions, and writes a signed record of every read. Security-grade trust keeps the data safe; this is governance-grade trust — proof of what was read, by whom, and how it was checked.

Bring your security team.

Tell us your information-governance requirements and we will map LegalAI Space controls to your firm's framework, line by line.

Important notices
  1. 01

    Document access, provenance (source URL and content hash) and audit features described on this page represent planned or in-development architecture. References to third-party systems (iManage, NetDocuments, Microsoft, Google, Box, Dropbox, OpenLaw) are illustrative. LegalAI Space is not affiliated with these providers and integration availability may vary.

  2. 02

    Certification roadmap (Cyber Essentials, SOC 2 Type II, ISO 27001) reflects our planned timeline. These certifications have not yet been achieved. We will update this page as each milestone is reached.

  3. 03

    References to hosting infrastructure regions (UK, EU) describe planned deployment architecture. Final hosting arrangements will be confirmed prior to launch.