The Lawyer’s Practical Guide to: Legal Chatbots (and Whether They’re Really Coming to Steal Your Job)

The Lawyer’s Practical Guide to: Legal Chatbots (and Whether They’re Really Coming to Steal Your Job)


In this article we’ll have a look at where chatbots are changing the market right now, the future for chatbots and how much impact they will really have on a lawyer’s workload and the legal industry.

“Yes, lorry drivers, translators and shop assistants are all under threat from the rise of the robots, but at least the lawyers are doomed too. (Some of my best friends are lawyers, honest.)”

BBC News: The robot lawyers are here – and they’re winning

Since AI started moving out of academia and into industry, people have been worried about the effects on employment. Ideas such as ‘universal income’ have been introduced as potential solutions for human workforces start to become redundant.

Are lawyers under immediate threat from ‘robot lawyers’? In this article we’ll take a look.

What is a Chatbot?

In its most basic definition, a chatbot is ‘a computer programme designed to simulate conversation with human users, especially over the internet’.

In their more basic forms in the legal industry, a chatbot could sit on the firm’s website and complete functions such as booking appointments and asking questions that direct an enquiry to the right department of an enterprise firm. However, chatbots at this level cannot be conceived as competition to a lawyer.

The chatbots under discussion in this article are those developed to solve problems for customers, rather than just direct customers. They can answer basic legal questions and can also generate standardised documents such as NDAs based on information inputted by the client. They resolve an individual’s issue without the need for interaction with a human lawyer. These chatbots may contain artificial intelligence (AI) to help them refine their response to questions, and will almost certainly contain AI in the future.

What is a Chatbot?
What is a Chatbot?

The Chatbots Helping Customers Right Now

The DoNotPay Phenomenon – Chatbots without Lawyers

In 2015, DoNotPay was revealed to the public. It was originally designed to help overturn parking tickets. Drivers would input the reason they would like to challenge the ticket and give their details, with the app filling in the relevant forms for them.

In 2018 it expanded into small claims, filling in the forms required and offering a script that plaintiffs can read from in court. Outside of the legal arena, DoNotPay also offers Uber and Lyft refunds, fighting bank charges, airline and hotel price protection and the ability to scan fast food receipts and receive free food.

DoNotPay has received significant amounts of media coverage – partly due to its charismatic young founder (who rented Mark Zuckerberg’s old house in Silicon Valley for a time). Joshua Bowder introduced himself in 2016 with these words: “lawyers all over the world should be scared of this technology”. Whilst his rhetoric has softened his vision is still that all consumer legal services will eventually be provided for free.

Legal Cheek: Computer science student, 19, says legal profession should be ‘very scared’ of his new ‘robot lawyer’

In addition to DoNotPay, there are several chatbots on the market which aim to fulfil client needs without any lawyer involvement. LISA offers NDAs and has recently launched into the property market. SoloSuit helps US consumers to respond when sued for a debt.

Chatbots that Support Lawyers

Supporting consumers for free is a laudable aim, but doesn’t lead to a financially self-sustaining business – DoNotPay is venture capital backed with an aim to monetise in the future, and LISA is reported to be looking at corporate licencing deals.

This is why the larger number of legal chatbots being developed are designed to be used by law firms rather than to work against them. The real revenue opportunity lies in leveraging these platforms to gain more chargeable work, rather than using them as a sole revenue stream.

Some of these are being developed by large law firms themselves. Norton Rose Fulbright in Australia developed a chatbot dealing with changes to data protection legislation. Clients could ask the chatbot simple questions, and then refers them to fixed price packages if further legal advice is required. It was responsible for selling A$15,000 of business within its first 24 hours.

Ailira is another Australian offering for consumers and small businesses, which offers a certain level of free legal advice and documentation and then offers users chargeable legal appointments if they would like documents checked or further advice.

Chatbots that Support Lawyers
Chatbots that support lawyers

The Roadmap for Chatbots

Chatbots without Lawyers

One of the key points about DoNotPay that is rarely picked up by the media is that its main audience is not the tiny minority who would hire a lawyer to pay a parking ticket – its main audience is those who would have paid the parking ticket, and now have an additional capacity to challenge it.

‘Access to justice’ is an important issue, and a key area where this type of chatbot could play a positive role. Asylum seekers, visa applicants, those in debt, those unable to afford a lawyer for civil matters – all of these could benefit from the DoNotPay model.

This social good is important, and worthy of support. It is also unlikely to significantly affect lawyers’ bottom lines as these are situations where people generally can’t or won’t hire a lawyer. These products expand access to legal advice into new areas rather than affecting the areas that law firms currently gain revenue from.

Chatbots that Support Lawyers

This is a more interesting case. Legal chatbots developed by law firms could affect the shape of the legal industry as a whole.

As discussed in the previous section, this technology is already available. Speaking purely in technological terms, there is no reason why chatbots could not be implemented by firms worldwide.

Some firms, such as Norton Rose Fulbright who were mentioned previously, have begun doing just that and have seen increased revenue as a result. However, the fact is that implementing a chatbot involves a significant change in business model. For most firms, the current business model works fine and so there is little incentive to change.

For forward-thinking firms who want to be known for a modern and innovative mindset, this is a great technology to look at from both a revenue and a PR perspective. For firms who are happy to stay just ahead of the curve, it will most likely be several years before legal chatbots become popular enough to become a serious consideration.

Implementing a legal chatbot involves a significant change in business model
Implementing a legal chatbot involves a significant change in business model

How Chatbots will Change the Legal Industry

Whilst widespread implementation may not be immanent, it is very likely to occur at some point. When it does, it will change both the legal industry and the makeup of individual law firms.

Automating the basic level of client interactions firstly requires a different fee structure. Clients will presumably pay either a regular subscription or a fee per interaction. Either way, this fee will likely be smaller than the fee clients currently pay for a service.

Law firms will therefore need to create revenue on the chatbot via increased volume – both within individual clients, who may use additional services when the cost is lower, and being able to support a much higher volume of clients. If a reasonable portion of those clients convert to paid projects with human lawyers, then law firms can increase revenue rapidly and effectively. Successful firms could grow rapidly with a relatively small increase in headcount. 

The rise of chatbots will change the dynamics within businesses. Whilst lawyers will be needed for the content, non-lawyer staff including technical teams, marketers and business developers will increase. As multiple firms develop chatbots, differentiating via marketing and other means will become more important and will increasingly direct business strategy.

Lawyers’ workloads will also change, with a focus on higher value work that cannot be completed by the chatbot. The level of change will depend on the area of law and client base, with some areas almost untouched and some having a significant percentage of their previous workload handled by a chatbot.  

Chatbots, however, will not replace human lawyers in the short term, and are unlikely to in the long term. A similar comparison is e-discovery platforms – which reduce hours of time spent reviewing documents, but in no way reduce the need for litigation lawyers who interpret the data, represent clients in and out of court and negotiate settlements. For as long as individuals look to achieve their goals and protect their interests through legal means, they will need human lawyers to support them.

One concern is that chatbots will reduce the number of positions for individuals completing those more manual, repetitive tasks. Some of those are positions that would be filled by recent law graduates and associates – which could lead to a shortage of experienced lawyers further down the line. The legal industry will have to be mindful of this in order to avoid a talent shortage and find ways to move junior lawyers onto higher value work more rapidly.

Chatbots to replace human lawyers
Chatbots to replace human lawyers

In Conclusion

At this moment in time, legal chatbots are an opportunity, but are unlikely to be a threat. They are an opportunity for those who want to expand legal access to those would currently be unrepresented. They are also an opportunity for law firms who want to become the early adopters of this technology, and to drive a new type of business model that could bring new types of revenue.

For law firms who are happy to continue with their current operations, legal chatbots are unlikely to be a significant business threat in the near future. Law firm owners can keep an eye on this technology, and consider it again when early adoption has started to become more widespread.

Finally, unless you are a lawyer who deals solely in parking fines or standard NDAs, the ‘robot lawyers’ are unlikely to be coming for your job any time soon!

Legal chatbots are an opportunity for Law firms
Legal chatbots are an opportunity for law firms
The Lawyer’s Practical Guide to: Cybercrime, the Legal Industry and What You Can Do

The Lawyer’s Practical Guide to: Cybercrime, the Legal Industry and What You Can Do


On 8th January 2019 in Dublin, Ireland, it was reported that a law firm lost €97,000 in a cyber scam after the hackers intercepted an email between the solicitor and their bookkeeper and changed the bank details for a payment. It was shared with the newspapers by the Law Society, who wanted to warn other law firms about the risks and kept the firm’s name anonymous.

On 15th January 2019 in Kingaroy, Australia, it was reported that a law firm lost $148,554.11 of client money after a wire transfer to a fake account. It was shared with the newspapers by the angry client and the firm has since ceased trading.

These are just the first two published stories of 2019 – there will certainly be more, many which are never brought to public attention.

Why Is the Legal Industry at Risk?

Due to the nature of legal work, even sole practitioners can be processing five-figure or higher payments and sensitive personal data. Cyber-criminals want both of those things and will proactively target law firms to get them.

Whilst enterprise firms will offer a larger prize to successful criminals, smaller firms are often less protected. This is why smaller firms as well as large are being targeted, and business owners cannot assume that they are too small to be actively targeted.

In 2016, QBE reported that $120 million had been stolen from law firms by cybercriminals in the previous 18 months. With the overall global cost of cybercrime now rising to $600 billion per year it is unlikely that this figure will decrease any time soon.

On another note, whilst most law firms will not have breaches on the scale of the Panama Papers, a loss of trust when client information is stolen can be fatal to the future of small and large firms.

Money Laundering Watch: “Panama Papers” Law Firm Announces Its Closure Due to Fallout from Massive Data Breach

Cybersecurity is not something that should be left to the IT staff – it is a matter of business survival and Managing Partners need to take the lead in ensuring their firm is safe.

What Can I Really Do? Even IT Firms Get Hacked

The truth is that there is no 100% fool-proof way of preventing cybercrime. However, there are plenty of things you can do to reduce your chances of being a victim. It’s not so different from physical security – locks and an alarm cannot prevent your house from being robbed 100% of the time, but locks and an alarm are undoubtedly better than just locks, or nothing at all. 

The following steps are not a comprehensive plan for IT security – every business has different IT system weak points and your plan should be tailored to your company by a professional.

However, there are practical steps that all business owners can and should be following today:

Don’t leave your cybersecurity to the IT people

Law firm owners are not IT specialists and hiring either an outsourced supplier or IT Manager, depending on the size of a business, is a good idea. However, a business owner’s responsibility does not stop there.  

 “When we first engage with law firm owners, many of them cannot answer basic questions about their IT set-up and what protections are in place,” said eXpd8’s Shane Branagan, who specialises in IT managed services for law firms. “They hire an IT specialist and then just pay the bills. This lack of oversight leaves firms dangerously vulnerable, and if the worst happens it is the firm and not the IT supplier who will bear ultimate responsibility.”

 Law firm owners are not IT specialists, and they do not need to be – however, they do need to understand enough of the basics to have an overview of what is needed and to interrogate any suggestions made by an IT supplier or manager. IT security should be discussed at board and management team level.

The good news is that learning about basic cybersecurity has never been easier. Most country-level Law Societies will have resources to get you started, there are plenty of articles on the internet and many cybersecurity companies offer free webinars that will go into topics in more depth.

To get you started, here is eXpd8’s checklist of the basic protections every business should have:

  • Firewall
  • Anti-virus
  • Data back-up
  • Email spam filter

Watch Out for Passwords

Passwords are a tricky area, and there’s plenty of conflicting advice on best practice. However, whilst IT security experts are arguing over password managers and the optimum number of passwords per person, many law firm owners leave big holes in their security by not following some simple rules.

  1. Don’t use the same password(s) for your personal and work accounts. Breaches on e-commerce and other sites happen all the time – don’t let them affect your business.
  2. Don’t use a password someone can guess. Your children’s names, birthdays, the road you live/ have lived on? Hackers don’t need malware when you use such easy to guess information.
  3. Use two factor authentication on applications with sensitive data. Two factor authentication feels like an inconvenience but is highly effective. Shane Branagan from eXpd8 said that he found it was one of the first thing firms implemented after a data breach to increase security. Be ahead of the curve and implement now!

Keep Your Programmes Up To Date

Do you remember the WannaCry ransomware attack in May 2017 that affected more than 200,000 computers in 150 countries? This was an issue that had been identified, a solution found and an update released. The attack affected those who had not downloaded the relevant Windows update.

Cyber threats are ever evolving, and most ‘new features’ updates also include new protections against recently identified threats. Making sure that your applications are up to date helps the software providers to keep you safe.

Make Sure Your Employees Know What a Suspicious Email Looks Like

Cyber-security training for employees is recommended by all IT security professionals and all businesses should give their employees regular and comprehensive cyber-security training.

Yet in a sample survey, Eset found that only 17% of employees surveyed had received ‘a lot’ of cyber security training, and 33% had received none at all.

The advice of this article is to do as much cyber security training with your team as possible. However, if you have limited time and resources then the best place to start is training on email security. Email is one of the key intersections between people and technology and email scams are getting more sophisticated and more frequent.

Do your employees know the key signs of phishing? Have they heard of CEO fraud? Do they know what to do if they receive an email with a potentially suspicious link? Do they know how to identify a spoofed email address?

Unless you can answer a confident yes to all these questions you need to arrange some training. It doesn’t have to be expensive – there are plenty of free online courses, or training platforms you can sign up to for a reasonable fee.

I’m Following All of Your Tips – What Now?

As described before, the legal industry is a particular target of scammers due to the combination of sensitive personal data collection and their processing of large sums of money. This means that of course you need to invest to make your business as safe as possible – and consult with professionals on a comprehensive plan. You also need to be prepared for if the worst does happen.  

If you have business within the EU, data breaches must be reported within 72 hours. If this happens, you want to be 100% focussed on resolving the data breach and minimising your exposure rather than splitting your attention between the data breach itself and learning about how to report it. Even if you operate outside of the EU, you will still need a plan to communicate with clients promptly whilst resolving the issue.

Larger organisations will need to do more complex preparations and involve IT providers and internal staff within the planning. All organisations, no matter the size, should at a minimum have read the reporting guidelines for their country, put together a template for themselves to fill in and assigned internal roles in case of a breach. The 72 hour reporting requirement includes weekends, so you should also think about what happens if the breach is noticed between Thursday and Sunday.

‘Cybersecurity war games’ but are a useful way of testing your plans and making sure that there aren’t any gaps that you’ve missed. For larger firms, hire a specialist to make sure tests are comprehensive and catch anything your internal staff have missed. For smaller firms, you can identify a scenario and run it to its conclusion without needing consultants or a big budget.

In conclusion, whilst the threats are significant and ever growing, there is plenty that law firms both large and small can do to protect against these threats and to prepare for if the worst does happen. Lawyers have a responsibility to protect their client data and funds to the best of their ability and this means taking a proactive approach to cybersecurity rather than just hoping for the best.