Good morning. A pattern that keeps surfacing this week: risk is appearing earlier and in places organisations don’t always label as “legal”.
From product design and AI tooling (AI search results and Claude for Legal) to progression frameworks (“Up-or-out” policies) and cross-border operating assumptions (data transfer adequacy), the pressure point is less about downstream compliance and more about the structures decisions are made within. When those structures are set before Legal is involved, the risk usually resurfaces later - politely framed as a “quick sense-check”.
As ever, our aim isn’t completeness, but orientation. 🎯
— Philip
If you read one thing this morning, read the Risk Radar. Everything else is optional.
BRIEFING ROOM
CMA applies its new digital markets regime to Google Search
On Wednesday, the UK’s CMA published its first proposed conduct requirements for Google under the new digital markets regime - a move that signals where AI-driven search regulation is likely to land next. It follows Google’s designation as having “Strategic Market Status” in online search services.
📚 Publisher controls. Publishers would get explicit rights to opt out of their content being used to power AI Overviews and to train AI models outside Google Search. Google would be expected to take practical steps to ensure proper attribution inside AI-generated results.
⚖️ Fair ranking. Google would be required to be able to demonstrate that its ranking is fair and transparent, including within AI Overviews and AI Mode. Google would create a process for businesses to raise and have ranking concerns investigated.
🔁 Choice screens & defaults To make switching search engines easier and more realistic, default search choice screens on Android would become mandatory; and choice screens introduced on Chrome.
🔓 Search data portability Users would get the right to port their Google search data directly to authorised third parties.
In parallel, the European Commission opened proceedings under the EU Digital Markets Act that similarly focus on how Google’s existing search obligations apply to AI-enabled functionality, including interoperability for AI features and access to search data for third parties.
Where this matters beyond Google
These proposals are likely to resonate most with GCs at businesses that depend on search visibility, publish content at scale or are embedding AI into their own discovery and ranking surfaces.
Content-led businesses gain strategic leverage around enabling or limiting access by Google AI summaries, rather than just accepting it as an unnegotiated reality.
Loss of visibility following an AI change may create legal recourse routes for businesses, beyond relying on emergency SEO re-optimisation.
Discoverability becomes part of product risk, not just marketing. Businesses that depend on search traffic, or that rank or summarise others, may find themselves asking questions about “fairness” and defensibility earlier in the design process.
It’s another example of legal risk emerging at the product-design stage, long before it shows up as a downstream compliance issue.
RISK RADAR
🤖 Anthropic ships playbook-driven contract review inside Claude. This week, Anthropic released open-source “knowledge-work” plugins for its Cowork agentic environment, including a “legal” plugin that can perform contract review against an organisation’s negotiation playbook, generate redlines and provide fallback positions with explanations. Plugins are currently available in research preview to paid Claude users.
Why it matters: Frontier LLMs are evolving from general-purpose chat tools to show up as department-specific AIs. Legal is more than NDAs and redlining, but it’s easy to see how these tools increase pressure on junior team members whose primary value is “apply the standard”. Mirroring this, it increases the premium of contextual judgement, setting risk appetite and understanding business trade-offs (territory for which Profiles in Legal is designed). It also complicates legal AI procurement. As base-layer models absorb acceptable contract review capabilities, teams locked into long-term deals with undifferentiated legal AI tools may find switching options constrained just as the market shifts.
🇧🇷 Brazil gets EU adequacy. Last Tuesday, the European Commission and Brazil adopted mutual adequacy decisions, recognising each other’s data protection regimes as comparable, so personal data can flow between the EU and Brazil without extra transfer mechanisms. It will be reviewed in four years. The UK does not benefit from the decision, and would have to reach its own assessment.
Why it matters: EU companies will be pleased that focus can shift from transfer paperwork to managing easier oversight in-country, for vendors in Brazil and staff who may wish to work from abroad. But adequacy reframes rather than removes risk. Oversight, local enforcement expectations and the four-year review cycle now matter more than the paperwork they replace. It also introduces a new asymmetry for UK-linked groups. The UK does not benefit from the decision, meaning parallel transfer regimes and executive confusion are likely to surface just as teams assume the issue has been “solved”.
🇬🇧 Up-or-out policies collide with disability and adjustments analysis. The UK Employment Appeal Tribunal sided with a former Accenture employee challenging her dismissal under an “up-or-out” model (get promoted or go elsewhere). The claimant was suffering from endometriosis when she was dismissed. The appeal judgment questioned the lawfulness of dismissing staff deemed “unpromotable” where disability and reasonable adjustments are in play. Discrimination and compensation issues were sent for rehearing.
Why it matters: This judgment puts pressure on “up-or-out” progression models that assume uniform capacity to advance on a fixed timetable. Once disability and reasonable adjustments are engaged, that assumption is now risky. “Up-or-out” models may be inadvertently discriminatory and higher risk for businesses, at least without case-by-case reasonable adjustment assessments.
FROM THE SIDEBAR
Quick signals worth clocking (optional reading)
POLL OF THE WEEK
Last week Juro shared that 71% of inhouse lawyers believe law firms are keeping most or all of the savings from AI. That matches with the results we are seeing in our current poll, where we’re asking “In your organisation, what is AI primarily doing to legal work today?”:
⬜⬜⬜⬜💸 Reducing external counsel spend
⬜⬜⬜⬜🤖 Automating low-level internal work
🟩🟩🟩🟩👥 Enabling the same team to handle more
⬜⬜⬜⬜✂️ Optimising headcount
There is still time to vote below.
In your organisation, what is AI primarily doing to legal work today?
HIRING BOARD
This week’s senior roles stand out less for the unusual capabilities they formalise inside legal teams.
🇩🇰 Trustpilot, Legal Counsel, Public Affairs & Regulatory: A regulatory role that explicitly spans product input, external messaging and advocacy with policymakers, mixing internal compliance, policy and public affairs in one seat.
🇩🇪 Meta, Associate General Counsel, Civil Litigation (privacy / collective actions): A litigation role narrowly anchored in GDPR and collective redress, reflecting how privacy disputes have become a permanent, specialist in-house discipline rather than episodic external counsel work.
🇬🇧 Lemonade, Associate General Counsel, UK: An insurance regulatory lawyer framed as a builder of legal infrastructure, with AI called out as a core context rather than a future add-on.
🇬🇧 UK Anti-Doping, Lawyer (Case Management / Advocacy): An in-house role that expressly includes appearing as an advocate before tribunals, which is still rare outside regulators and signals deliberate retention of courtroom capability.
The common thread is specialism + embeddedness. These roles are not generic “business partner” positions. Each formalises a distinct capability (advocacy, privacy litigation, regulatory-product translation, regulatory systems design) inside the company.
Enjoying Profiles in Legal?
If you know an in-house lawyer who gets pulled into “hallway question” conversations, feel free to forward this on.
💬 Forward to a colleague
🧠 If this was forwarded to you, you can subscribe here
ABOUT THE EDITOR
I’m a General Counsel working at the intersection of regulation, product and board-level decision-making in tech and regulated markets.
I work with a small number of companies and leadership teams where senior legal judgment is needed to navigate growth, regulatory pressure or investor scrutiny. Get in touch.
- Philip
Too much legal content is dull and jargon-filled. Profiles in Legal is for lawyers who want to think clearly, sound credible in the room and get promoted.
This newsletter is for general information only and does not constitute legal advice. Seek professional advice for specific situations.