Good morning. When I helped implement self-serve contracting tools a decade ago, it felt revolutionary to encode legal judgement into a workflow. Subjective judgment into rules-based either/or. Gartner now predicts that much more advanced versions of these tools will absorb 50% of contract review by 2029. What began as legal automation is becoming AI infrastructure.
Beyond legal, we are starting to see open-weights models allowing organisations to run sophisticated AI on their own hardware, reducing reliance on cloud providers and accelerating experimentation. That’s an eye-opening opportunity alongside a meaningful transfer of responsibility.
This week, we look at what happens when AI moves off the cloud and onto your own balance sheet. 🎯
— Philip
BRIEFING ROOM
Open season
For most of the past five years, if a business wanted to use artificial intelligence, the answer was to sign up with a provider (OpenAI, Google, Microsoft) and send data to that company's servers via the internet. The model lived on someone else's infrastructure and the provider retained responsibility for significant parts of the stack.
That structure is being disrupted by “open-weights” models. When Google released Gemma 4 in April, it made the model itself freely downloadable and runnable on a user's own hardware. Once downloaded, the model requires no ongoing relationship with Google to operate. A business takes ownership and runs it on its own laptops or servers. Developers can customise, fine-tune and deploy without sharing data with Google. Open-weights models can operate fully offline, avoiding API costs, and enjoy greater privacy and security.
Gemma is not alone. Meta's Llama, Microsoft's Phi and Mistral are doing the same thing. Gemma has been downloaded collectively hundreds of millions of times across its generations and has already spawned more than 100,000 variants built by developers worldwide. More than a product launch, this represents a structural shift in where AI lives and, consequently, who is responsible for it.
Liberated from centralised gatekeeping and cloud-hosted ecosystems, the horizon for what businesses can build has advanced even further. Legal teams will correctly identify the shift in governance focus from Californian providers to close-to-home downstream governance.
🛡️ No vendor shield. Open-weights AI doesn't remove regulation. It removes the company that was helping absorb it. When you self-host, there may be no vendor left standing between your organisation and the regulatory obligations. The implementation friction disappears. The governance burden does not. In many cases it simply moves downstream. Businesses will need to stress-test their exposure to requirements for conformity assessments, technical documentation, human oversight mechanisms, incident reporting and post-market monitoring.
🔄 The model survives the vendor. Self-hosting also means inheriting operational responsibilities that cloud providers once absorbed: patching, monitoring, security, updates and vulnerability management. For GCs, this is a much wider surface of exposure than SaaS-style licensing.
📋 Open doesn't mean unrestricted. Several popular “open” models impose usage conditions, scale thresholds and attribution requirements. Legal teams may review a licence at the start of a build. The problem is that licensing obligations can change as products scale, underlying models change and commercial usage evolves.
👑 The most valuable asset may be the least clearly owned. Most businesses that deploy open-weights models will not run them out of the box. They will fine-tune them (a process of additional training that teaches the model to do something specific). That fine-tuned model can represent a significant commercial asset. But who owns it? The answer depends on the base model's licence, any development agreements in place with the engineers who did the fine-tuning and legal territory that courts have not yet meaningfully addressed. There is currently no settled framework for the IP ownership of fine-tuned model weights. Businesses who invest significantly in fine-tuning, and in the underlying proprietary training data, will want this exposure mitigated in contracts upfront, not discovered in a due diligence process during a transaction or a dispute after the relationship with the developer has ended.
📂 Policy updates. Most organisations have governance processes for sharing data. Few yet have governance processes for training models on it. Questions around lawful basis, purpose limitation, retention and model "memory" are moving from academic debate into operational governance.
The model is free to download. Open-weights AI changes more than where the model runs. It changes where responsibility sits. Organisations that once relied on vendors to shoulder part of the governance burden may find that burden now rests entirely with them. The technology is becoming more accessible. The accountability is becoming more direct.
FROM THE SIDEBAR
Quick signals worth clocking
🧪 Founder of legaltech pioneer Ironclad, Jason Boehmig, has joined OpenAI to “build AGI for law”. All the major frontier AI labs are now explicitly developing AI tools for legal work.
🦾 Gartner predictions for in-house legal by 2029: 95% contracts reviewed via self-service; AI-enabled intake systems answering half of inbound requests without human intervention. GCs and CFOs will evaluate more closely who does legal work and what counts as advice.
🧱 Kirkland & Ellis has set aside $500 million to build its own proprietary AI platform. The system will be trained on the workflows of its own lawyers, demonstrating AI tools as a major competitive moat.
Enjoying the signal?
If this edition would help a colleague thinking through AI governance, enterprise risk or legal operating change, feel free to forward it on.
💬 Forward to a colleague
🧠 Was this forwarded to you? Subscribe here to get Profiles in Legal every Wednesday.
Here’s how I can help
I advise technology businesses and leadership teams on AI, product and regulatory strategy and enterprise readiness to move from informal AI adoption to scalable governance.
If your organisation is navigating AI deployment, maturity or commercial negotiation challenges, feel free to reply directly.
- Philip
Profiles in Legal examines how AI, governance and technology are reshaping modern businesses and legal teams.
This publication is for general information only and does not constitute legal advice. Seek professional advice for specific situations.