AI and Modernization in Legal and FOIA: Beyond the Hype and Into Operational Reality

At the 23rd Annual E-Discovery, Records and Information Management Conference, or DGI EDRM, I had the opportunity to present a session with Pete Feinberg, Chief Product Officer at Casepoint, titled “AI and Modernization in Legal and FOIA: Beyond the Hype and Into Operational Reality.”

The timing felt right. At Legalweek in New York the week prior, one reporter told me that they heard AI mentioned 270 times. That says a lot about where the market is right now. AI is everywhere, but for legal, FOIA, and records professionals, the more important question is how to apply it in ways that are practical and defensible.

That was our focus during the session. We wanted to move beyond broad promises and look at what teams are actually dealing with on the ground.

Why AI Feels Different Now

AI isn’t new, of course. What’s new is how quickly AI has become accessible and moved into everyday work. People use it to:

• Summarize information

• Draft content

• Brainstorm ideas

• Speed up routine tasks

We have to think about where AI is going next. In legal, FOIA, and records environments, the stakes are higher. Yes, AI can help, but the question is whether it can help in a way that is secure, auditable, and operationally sound. That’s why this moment feels different. Operations are moving beyond simple experimentation. Teams are no longer simply expoloring possibilities or talking in general terms about potential. They are trying to figure out where AI fits into real workflows, where it can create measurable value, and where it can do so without introducing unnecessary risk. That shift means the conversation has to move from hype to execution.

What Gets in the Way

The path from experimentation to defensible AI deployment isn’t straightforward. The challenges tend to fall into a few distinct areas.

• Strategy and governance gaps: Many organizations still don't have a well-defined AI strategy or governance approach. Ownership is unclear. Use cases are not clearly prioritized. Data taxonomy is inconsistent. Collaboration between legal, IT, and program teams is often limited. Last summer, a U.S. Government Accountability Office (GAO) study identified nearly 100 government-wide AI requirements across 10 different bodies, with no single authoritative owner. That’s a difficult environment for agencies to navigate. That need for structure is also reflected in Office of Management and Budget Memorandum M-25-21, “Accelerating Federal Use of AI through Innovation, Governance, and Public Trust,” which tells agencies to scale AI adoption while appropriately resourcing governance, data, infrastructure, interoperability, privacy, confidentiality, and security.

• Data and infrastructure issues: Legacy systems may be incompatible with AI or difficult to connect. Data silos across agencies and bureaus make it harder to gain the context AI systems need to be useful.

• Security and compliance concerns: Sensitive data can't be exposed to unauthorized tools or weak controls. Shadow AI usage is already happening, and the real gap is exposure created by improper use.

• Performance and defensibility risks: There’s still the risk of hallucinations. And while AI adoption is moving quickly, the legal and oversight standards around generative AI are still developing.

• People, process, and cost challenges: Many teams don’t have the skills or capacity to support AI well, and over-reliance on one internal AI champion can create risk. At the same time, efficiency gains up front can create new work on the back end through verification, quality control, training, and ongoing oversight.

Records Modernization Is Part of AI Readiness

A key point from our session was that AI readiness and records modernization are closely connected. Many agencies are still dealing with manual, labor-intensive records processes. Records management often depends on policy knowledge, individual expertise, and uneven implementation across teams or components. We also discussed common challenges, including:

• Resource limitations

• Records schedule updates

• Onboarding and offboarding senior officials

• Migration to SharePoint Online and cloud environments

Those challenges also point to opportunities. Better automation can support:

• Electronic filing structures based on organizational information and file plans

• Records identification, classification, tagging, and organization

• Stronger metadata for governance and future transfer needs

In other words, AI adds urgency to the need for stronger information management.

Start Small With Low-Risk Use Cases

One of the biggest takeaways from the session was simple: progress is progress.

Organizations shouldn’t begin with the most ambitious or sensitive AI use case. In many cases, it makes more sense to start with a smaller, lower-risk use case that delivers immediate value and helps teams build confidence.

That is especially important in legal and FOIA contexts, where people may feel they need outside validation before moving forward. But waiting for perfect clarity can mean waiting too long while costs and workloads keep rising.

2 Practical Uses of AI Today

Here are two examples of low-step-in AI use cases that can create real value today. After all, teams in legal and FOIA environments are looking for practical ways to reduce friction, save time, and build confidence without creating unnecessary risk.

1. Reducing FOIA Requests Upstream

FOIA offices are overwhelmed. One way AI can help is before a request enters the workflow.

At the point of web form submission, AI can surface relevant public information from the agency’s reading room and show the requester that the answer may already be available. In some cases, that may reduce unnecessary requests. At a minimum, it can guide people to useful information earlier.

This is a practical use of AI that improves access and may reduce avoidable workload.

2. Speeding Up Review With Summaries

Document review remains one of the most expensive parts of legal and FOIA workflows.

Many teams are not ready to let AI make final calls on responsiveness, privilege, or redactions. That’s understandable. However, summarization is a more approachable starting point.

If AI can generate a concise summary of a document, reviewers can understand the substance more quickly and spend less time reading every page in full just to get oriented. Even modest time savings at scale can add up.

Security Still Matters

Security came up repeatedly in our session, and it should.

Not all AI tools are built for government use. Security posture matters. Auditability matters. Government-readiness matters.

That point also came up elsewhere at the conference. In fact, one speaker from the Department of War challenged vendors to meet the bar agencies actually need, including FedRAMP® High and DOD Impact Levels 5 (IL5) and 6 (IL6). Casepoint is the only legal technology provider with any of those authorizations, and it has all three.

That message reinforced a larger reality: in government, platform readiness for high-security operational use matters more than feature lists.

AI Creates New Records and New Risks

AI is already creating a new category of record inside existing systems. That includes outputs such as Copilot queries, responses, and AI-generated summaries that may live alongside ordinary business records. For legal, FOIA, and records teams, that creates immediate questions around retention, responsiveness, and litigation holds. In many organizations, policies were not written with this material in mind, which means the gap often only becomes visible after a request, investigation, or production forces the issue.

Defensibility matters just as much. Defensible AI is not about having the newest feature. It is about being able to account for what happened when the questions come later.

Organizations need to be able to answer basic questions such as:

• What AI was used?

• For what purpose?

• Can the output be verified?

• Can the result be traced to the source?

• Can the organization explain the decision made?

Those questions matter in court, in audits, and in oversight settings. They also matter because generative AI has not yet gone through the same validation cycle that helped technology-assisted review gain acceptance over time. The more organizations can verify, trace, and explain their use of AI, the stronger their position will be.

Move Beyond the Hype

AI will remain a major topic in legal, FOIA, and records management. But hype doesn’t modernize operations on its own.

What matters now is a more grounded approach built around:

• Stronger governance

• Better records management

• Secure, government-ready platforms

• Practical use cases

• Clear expectations around defensibility

That was the core message of our DGI EDRM session. The question, of course, isn’t about whether AI is coming, because it’s already here. The key question is how agencies can use it in ways that are responsible, realistic, and ready for the demands of government work.