Beyond chatbots: how technical literacy defines the next era of legal AI

IFLR is part of Legal Benchmarking Limited, 1-2 Paris Garden, London, SE1 8ND

Copyright © Legal Benchmarking Limited and its affiliated companies 2026

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Beyond chatbots: how technical literacy defines the next era of legal AI

Sponsored by

bar-karrer-2020.png
Person using laptop with icons of scales of justice, a human head, an AI brain circuit, and regulations documents

Dr Christian Kunz and Marwan Ezzat of Bär & Karrer argue that as AI tools converge, technical literacy, governance, and data quality have become the key sources of competitive advantage for law firms

A year ago, access to generative AI was a differentiator for law firms. Today, it is table stakes.

Most major firms can license broadly comparable tools; the real competitive advantage now lies in understanding how those tools work, how they fail, and how they can be integrated safely into legal workflows. That technical literacy allows lawyers to use AI more effectively, mitigate risk more intelligently, and innovate in the delivery of legal services. At Bär & Karrer, it is central to how AI is designed, governed, and deployed across practice areas.

From chatbots to hallucinations

First-generation legal AI applications were essentially chatbots: a software interface accepted a prompt and passed it directly to a model, which generated a response. The term ‘ChatGPT’ illustrates the point: Chat is the application layer; GPT is the underlying model.

Direct interaction with the model exposed a fundamental limitation. Large language models generate text that is statistically probable in light of their input and training data; they do not, by default, verify accuracy or distinguish reliably between facts and fabrications. The resulting ‘hallucinations’ were particularly problematic for legal work, where an apparently plausible answer may be unusable unless every authority, fact, and conclusion is independently checked.

Grounding AI in real data: retrieval-augmented generation

Second-generation legal AI applications addressed hallucinations through ‘retrieval-augmented generation’ (RAG). Rather than changing the model itself, RAG adds a software layer that retrieves relevant information from a curated knowledge base before the model generates its response.

The process works as follows: when a user submits a query, the system converts it into a numerical representation (a ‘vector embedding’) and retrieves semantically similar content from the knowledge base. These retrieved passages (called ‘chunks’) are then passed to the model along with instructions to answer based only on this information, thereby ‘grounding’ responses in verified data.

RAG materially changed the usefulness of legal AI. It reduced hallucination risk, enabled source verification, and shifted the basis of competitive advantage away from model selection. As leading models have converged in capability, the differentiator has moved towards data quality: firms with better-curated institutional knowledge can produce better AI outputs, even when using the same underlying models and platforms as their competitors.

This insight shaped Bär & Karrer’s approach. The firm prioritised selecting the optimal RAG-enabled platform and training its lawyers on how these systems access data, generate responses, and handle document chunking and retrieval. This technical fluency – not mere tool access – drives superior results.

RAG also introduces important data governance considerations. Output quality depends directly on the quality, relevance, and permissions attached to the underlying data. Data residency and access control matter under Swiss data protection law, but they can be managed through appropriate technical architecture, vendor selection, and contractual controls.

From a Swiss law perspective, RAG deployments are assessed under the Swiss Federal Data Protection Act’s (FADP’s) technology-neutral data protection principles – the Federal Data Protection and Information Commissioner (FDPIC) has confirmed the act applies directly to AI-supported processing – rather than under any dedicated AI statute. Switzerland has not yet enacted AI-specific legislation, though a consultation draft on AI regulation is expected by the end of 2026, and organisations should monitor this.

Where personal data is processed, the FADP requires that data subjects be informed of the purpose and categories of data processed and the recipients of that data. This general transparency duty applies regardless of whether AI is involved. FDPIC guidance extends this expectation to the purpose, functionality, and data sources of AI-supported processing more broadly – though this stems from supervisory guidance rather than a discrete statutory provision targeting AI as such.

A separate obligation applies where a RAG system feeds into an automated individual decision producing a legal effect or a considerable adverse effect on the person concerned. In that case, the data subject must be informed and given the right to request human review of the decision. Unlike the EU’s GDPR, this does not require disclosing the underlying algorithm or model logic – only enough information for the person to understand the basis of the decision. In practice, most RAG use in legal services – retrieval combined with drafting or research assistance that a lawyer reviews and acts on – will not itself constitute an automated individual decision, since a human remains in the loop.

Cloud-based retrieval layers or external model providers will typically raise processor, sub-processor, and cross-border transfer questions; the controller remains responsible for ensuring that outsourced processing complies with Swiss requirements.

In legal services, those considerations are reinforced by professional secrecy and confidentiality duties (notably Article 321 of the Swiss Criminal Code), which operate as an independent layer on top of data protection law. This makes vendor diligence, access controls, encryption, logging, data segregation, and contractual restrictions on training or reuse of client data essential design choices rather than procurement details.

AI that plans and acts: agentic systems

Third-generation AI applications are agentic systems: software architectures that allow models to plan, reason step by step, and execute multi-step tasks autonomously with access to external tools. The foundational concept was introduced in the 2022 paper “ReAct: Synergizing Reasoning and Acting in Language Models” and has evolved into production-ready frameworks.

Consider a partner who receives a late-night query: “Can our client terminate the joint venture if the counterparty’s parent company is acquired?” Answering this requires parsing the question, retrieving the relevant joint venture agreement, identifying the change-of-control provisions, checking the governing law, and synthesising a coherent response. A standalone language model cannot complete that workflow because it lacks access to the necessary tools, documents, and legal sources. Agentic systems address that gap through two innovations: planning before acting and enabling the model to invoke external tools, such as document management systems and research platforms, in accordance with that plan.

Two paradigms have emerged.

The ReAct loop follows a cycle of thought, action, and observation: the model reasons about its next step, executes an action, observes the results, and repeats the process until the task is complete. This approach is flexible but offers less deterministic control, which makes it well suited to development environments, where the iterative loop lets the agent experiment, fail, learn, and retry. It powers coding tools such as Anthropic’s Claude Code and OpenAI’s Codex.

The graph-based approach, by contrast, represents workflows as directed graphs of steps (called nodes) and transitions. Each node performs a defined function: invoking a model, executing a tool, and applying a rule or routing based on conditions. This architecture offers greater control, auditability, and reproducibility, which makes it particularly attractive in legal enterprise settings where predictability and traceability are paramount.

This is where process matters as much as technology. Bär & Karrer invests heavily in mapping internal workflows across practice areas, from the initial query to the final deliverable. By documenting how its lawyers work, the firm can design agentic systems that augment legal practice rather than merely automate isolated tasks.

Agentic systems require careful implementation because the underlying models remain probabilistic. Unlike earlier tools, these systems do not merely answer questions; they can trigger actions with operational, legal, and confidentiality consequences. Robust guardrails are therefore not optional.

One critical vulnerability is prompt injection: malicious or adversarial instructions embedded in processed text that may redirect model behaviour. For example, text instructing a model to disregard previous instructions or disclose confidential data could be treated as operative input because models do not inherently distinguish legitimate instructions from hostile content. Firms that understand this attack vector can implement effective safeguards, including input filtering, strict permission boundaries, tool-level access controls, output monitoring, and human approval for sensitive actions.

Technical literacy as a competitive advantage

The most effective AI governance frameworks function less as constraints on innovation than as prerequisites for it: firms that understand AI architecture at a technical level are better positioned to design systems that are powerful, auditable, and trustworthy.

The regulatory trajectory reinforces the same point. Switzerland has so far favoured technology-neutral and principle-based regulation, with AI governance built from existing obligations on data protection, professional secrecy, outsourcing, cybersecurity, records management, and sector-specific supervision. The Federal Council confirmed this sector-specific approach on February 12 2025, and signed the Council of Europe’s AI Convention in March 2025, with a consultation draft implementing the convention expected by the end of 2026. Formal ratification, however, still requires parliamentary approval following that consultation process, and is potentially subject to an optional referendum (triggered by 50,000 voters) – so the legal basis is being prepared rather than finalised.

In parallel, Swiss firms serving EU clients or deploying systems into the EU must monitor the EU AI Act. The EU AI Act follows a risk-based model, with more demanding obligations for high-risk AI systems and separate transparency, documentation, and copyright-related obligations for general-purpose AI models. Even where legal AI tools are not themselves classified as high risk, EU-facing deployments may still require documentation of intended use, human oversight, data governance, vendor diligence, and incident response processes as a matter of good practice or under narrower transparency obligations applicable to certain AI systems.

For cross-border legal work, the practical lesson is that technical literacy and legal governance are converging: lawyers must understand not only what an AI system produces but also how data enters the system, who can access it, what logs and audit trails exist, and where regulatory responsibility sits across the AI supply chain.

For clients, the trajectory is clear: AI applications will become increasingly capable of handling complex, multi-step workflows with progressively less human intervention. The question is no longer whether advisers have access to AI but whether they understand the systems well enough to use them responsibly. In an environment where many firms can obtain similar technology, technical literacy is a meaningful differentiator – it is what allows lawyers to deliver value while preserving the accuracy, confidentiality, professional judgement, and diligence that define the legal profession.

Gift this article