AI in Legal Practice
From Theatre to Real Value

Patrick Munro · Of Counsel · PLANIT//LEGAL
Follow along or revisit after the talk.

📍 Munich, Birketweg 21 🗓 11 March 2026 ⚡ Live demos
What AI changes for lawyers
~80%Faster first-draft contracts
~10×Faster regulatory research
~€0Cost for a first legal orientation
24/7Legal triage availability

Based on own experience and testing · Individual results will vary · Not legal advice

🎯

5 Key Takeaways

What to remember after tonight

1
Real value is narrow and verifiable AI delivers in specific, bounded tasks: drafting, research, checklists. "Magic button" demos exist to hide the failure modes.
2
Prompt quality = output quality Role + jurisdiction + document type + task + constraint. Every element you add cuts hallucination risk.
3
Cross-check before you send Statute confirmed? Dates checked? Jurisdiction match? Counter-party identified? No legal AI output skips this step.
4
Know when to escalate Trust AI for first pass, verify for complex issues, always escalate for binding commitments, financial stakes, or enforcement risk.
5
€5k–€15k saved per startup year Standard NDA, SaaS T&Cs, privacy policy baseline, vendor contract review: all manageable in-house with AI and basic legal literacy.

"AI won't replace your lawyer."

It'll replace the reason you couldn't afford one.

€5–15k
saved per year on routine legal work
NDA
in 30 minutes, not 3 billable hours
€0
for a first structured legal orientation

Practitioner estimates based on own experience and testing · Individual results will vary

Use the tabs above to access the prompt builder, cross-check checklist, and Trust/Verify/Escalate guide.

planit.legal · patrick.munro.ext@planit.legal

Regulatory references verified Mar 2026. Laws and regulations change. Always confirm against official sources before relying on any provision.

Prompt Builder

Generate a structured legal AI prompt with role, jurisdiction, and task. Paste it straight into any model.

⚠️ Always verify AI output. Generated prompts are starting points. Cross-check any legal conclusions before acting.
🛠

Build your prompt

Fill in the fields, then copy


        
      


      
    

  


  
  

    

      
📖

      
Anatomy of a good legal prompt
The 5-element framework

    

    

      

        
R

        

          Role
          "You are a [role]. I am a [role]." Sets expertise level and perspective for both parties.
        

      

      

        
J

        

          Jurisdiction
          Specify the governing law. AI defaults to US law without instruction.
        

      

      

        
D

        

          Document / Context
          Name the document type and paste the relevant clause or text.
        

      

      

        
T

        

          Task
          One clear ask: draft, review, explain, summarise, identify risks.
        

      

      

        
C

        

          Constraints
          Length, format, tone, what to avoid, risk appetite: these are your guardrails.
        

      

    

  








  

    
AI Output Cross-Check

    
Run through this before acting on any AI-generated legal text.

  


  

    

      

      
Pre-use checklist
Tap each item when verified

    

    

      
0 of 10 complete

      


      


        

        

        

        

        

        

        

        

        

        

      


      
    

  


  

    

      
🔗

      
Quick verification: where to check
No legal degree required

    

    

      

        

        

          EUR-Lex
          The official home of all EU laws: GDPR, AI Act, NIS2, DORA, Data Act. Search by name and article number to confirm any EU legal reference instantly.
        

      

      

        

        

          GDPR (readable version)
          The full GDPR text in English and German, article by article with explanatory recitals. Use this to double-check any GDPR obligation or fine the AI mentions.
        

      

      

        

        

          German laws online
          Every current German law in one place. Search by law name (e.g. "BGB" for contract law, "BDSG" for data protection). Useful even without German; open it and use browser translate.
        

      

      

        

        

          dejure.org & openjur.de: case law lookup
          Two free German case law databases covering BGH, BVerwG, BAG and more. Paste any case name or file reference the AI mentions. If the decision exists, it will show up here within seconds. If it doesn't, the AI invented it. For EU court decisions, use curia.europa.eu (official CJEU database).
        

      

    

  








  

    
Trust / Verify / Escalate

    
A three-tier decision framework for every AI legal output.

  


  

    
    
    
  


  
  

    

      ✓ Trust AI: a good starting point
      
These are clear, bounded tasks where AI gives you solid first-draft material. Run your checklist before using the output.

    

    

      

        

          

          
Understanding what a clause actually meansPaste in any confusing contract paragraph and ask AI to explain it in plain language. This is one of the most reliable things to ask AI for. It translates legalese well.

        

        

          

          
Getting a first draft on paperStandard NDA, first SaaS terms, basic privacy policy: AI gets you to a working draft in minutes. Apply your cross-check checklist before you send it anywhere.

        

        

          

          
Researching what a regulation actually requiresWhat does the AI Act mean for your product? Does GDPR apply to your newsletter? AI is a fast, free starting point for regulatory research. Verify the specific numbers before acting.

        

        

          

          
Spotting what might be missing from a contractUpload or paste a contract and ask: "What important clauses are missing from this?" AI is good at gap analysis on familiar document types.

        

      

    

    

      
Try these prompts in any AI model

      Explain clause 7 of this contract in plain English, as if I have no legal background
      Draft a first version of a mutual NDA under German law, max 2 pages, plain language
      What does the cancellation clause in my SaaS subscription actually require me to do?
      What are the top 3 risks a startup founder should know about GDPR?
    

  


  
  

    

      ⚠ Verify First: before you act on it
      
AI output is useful here but may be incomplete or outdated. Confirm the key points before you sign, send, or rely on them.

    

    

      

        

          

          
Country-specific legal rulesGerman contract law and English or US law work very differently. Always verify that the AI's answer explicitly covers your country, not just "European law" in vague terms.

        

        

          

          
Whether a regulation actually applies to youNIS2, AI Act, and DORA all have size and sector thresholds. AI often applies them too broadly. Check whether your company actually meets the criteria before assuming compliance is required.

        

        

          

          
AI-generated risk assessmentsAn AI-flagged risk is a prompt to investigate, not a legal opinion. Run your checklist on the output and decide which risks are actually material to your situation.

        

        

          

          
Specific deadlines and timelinesNotice periods, cancellation windows, regulatory filing deadlines: AI often gets these wrong by one day or one week. Always confirm any specific date against the actual contract or regulation text.

        

      

    

    

      
Real "verify" moments: what to do

      AI says GDPR applies to your newsletter list. Confirm you're actually collecting personal data and not just business emails
      AI says you need to register with the BSI under NIS2. Check if your company size and sector actually trigger it
      AI gives you a 30-day notice period. Count the days yourself from the actual contract clause
      AI says your limitation of liability might be unenforceable in Germany. Ask a lawyer whether your standard terms hold up
    

  


  
  

    

      🚨 Escalate: bring in a qualified lawyer
      
These situations carry real financial, legal, or reputational risk. AI can help you prepare, but it cannot replace judgment on matters with serious consequences.

    

    

      

        

          

          
Before signing anything significantAny contract with meaningful financial consequences, long-term commitments, or binding obligations needs a qualified review. AI first draft, lawyer before signature.

        

        

          

          
A regulator or authority has contacted youData protection authority, tax authority, or any official enforcement body: do not respond without legal advice. Response strategy and legal privilege matter from the first reply.

        

        

          

          
IP rights, data protection fines, or high indemnitiesCopyright, data breach liability (fines up to €20M), and contractual penalty clauses carry stakes that AI alone cannot safely navigate. These require human legal judgment.

        

        

          

          
Funding, investment, or M&AInvestor agreements, term sheets, equity structures, or any deal involving company ownership: bring legal counsel in early, before positions get locked in.

        

      

    

    

      
Clear escalation signals

      The other party's lawyer has already reviewed and sent back comments
      A regulatory authority, court, or enforcement body has contacted you
      There's a penalty, fine, or indemnity clause above €10,000 in the contract
      You've read the contract three times and still don't understand who's responsible if something goes wrong
    

  








  

    
Live Tools & Resources

    
Built in production and tested against real failure modes. Each solves one legal or compliance task.

  


  
  
Tools: patrickmunro-ai-use-cases.netlify.app

  

    

      


        

          
01

          AI Act Compliance Dashboard
          Is your product or business affected by the EU AI Act? Interactive self-assessment for GPAI models and high-risk systems
        


        

          
02

          EU Regulations Tracker
          18 key EU regulations on one screen: timelines, obligations, enforcement dates, and implementation status at a glance
        


        

          
03

          Contract Review Assistant
          AI-powered clause-by-clause risk analysis for IT and tech contracts under German and EU law, with an educational clause library
        


        

          
04

          Legal Prompt Studio
          Learn to build legal AI prompts that actually work. Interactive examples, modular templates, and best-practice frameworks
        


        

          
05

          Legal Definitions Navigator
          Search 431 official definitions across GDPR, AI Act, NIS2, DORA, and the Data Act, with cross-regulation links
        


        

          
06

          AI Act Timeline
          Interactive visualisation of AI Act obligation deadlines, from the February 2025 prohibited practices to the 2027 legacy system requirements
        


        

          
07

          Legal AI Benchmarks
          Real evaluation data on how AI models perform at legal tasks. 10 benchmark categories so you pick the right tool for the job, not just the most-hyped one
        


      

    

  


  
  
AI Skills: lawvable.com

  

    

      


        

          

          Tech Contract Negotiation
          Three-position negotiation framework for IT services agreements: provider-favourable, balanced, and client-favourable positions
        


        

          

          Vendor Due Diligence
          Structured assessment of IT vendors across financial, compliance, security, and reputational dimensions, covering DORA and NIS2
        


        

          

          Legal Simulation
          Realistic demonstration of how AI democratises legal advice, run across five client personas: tenant, startup founder, HR manager, SME, and consumer
        


        

          

          Red Team Verifier
          Adversarial quality check for AI-generated legal content: systematic fact-checking, source validation, and distribution readiness assessment before anything goes to a client
        


      

    

  


  

    

      
🧠

      
What makes these different
Design philosophy behind the tools

    

    

      

        

        

          One specific task, done well
          Every tool solves one legal problem with a defined scope. No magic multi-purpose AI lawyers. Constrained, verifiable workflows.
        

      

      

        

        

          Output you can actually check
          Each tool explains its reasoning and points to the source material so you can verify it. Black-box answers are not acceptable for legal work.
        

      

      

        

        

          Lawyer stays in the loop
          Tools flag escalation triggers automatically. AI handles the first pass; qualified judgment handles the decisions that matter.
        

      

      

        

        

          Built after the AI failed first
          The guardrails in these tools came from real failures during development. That's the only honest way to build for legal use.
        

      

    

  


  

    🔗 Live tools →
    ⚙ Skills on Lawvable →
  








  

    
Let's Keep Building

    
Questions, a collaboration, or a first conversation about your legal setup: reach out.

  


  

    
Patrick Munro

    
Of Counsel · PLANIT//LEGAL Rechtsanwaltsgesellschaft mbH
AI Governance & EU Digital Regulations · Munich & Southern Germany


    

      ✉️
      patrick.munro.ext@planit.legal
    

    

      🌐
      planit.legal
    

    

      🛠
      patrickmunro-ai-use-cases.netlify.app
    

    

      💼
      LinkedIn: Patrick Munro
    

  


  

    

      
🏛

      
PLANIT//LEGAL
Germany's IT & Data Protection law boutique

    

    

      

        

        
Hamburg (HQ)Jungfernstieg 1, 20095 Hamburg · +49 (0) 40 609 44 190

      

      

        

        
MunichPatrick's base. Your local contact for AI governance, tech law, and EU regulatory compliance across Southern Germany and the Munich tech community.

      

      

        

        
SpecialismsIT law · Data protection (GDPR/BDSG) · AI law · Cybersecurity (NIS2, DORA, CRA) · Data economy (Data Act)

      

      

        

        
Patrick's focusIT contracts · AI governance · Cross-border tech transactions · EU regulatory compliance for startups & SMEs · Munich & Southern Germany

      

    

  


  

    This guide is provided for informational purposes only and does not constitute legal advice.

    © 2026 PLANIT//LEGAL Rechtsanwaltsgesellschaft mbH · planit.legal
  









  

    
GenAI Wednesday Promo

    
Exclusive offer for tonight's attendees — PLANIT PRIMA Licence "Basic", with 6 months free using your promo code.

  


  


    
    

      

        
🎁

        
Offer Terms & Conditions
Everything you need to claim your subscription

      

      

        

          

          
LicencePLANIT PRIMA "Basic" — 12-month licence at €79.00/month + VAT

        

        

          

          
Promo CodeEnter AISpecial2026 at registration to get 6 months free

        

        

          

          
Valid11 March 2026 – 31 December 2026

        

        

          

          
EligibilityNew customers only

        

      

    


    
    

      
Scan to register at planitprima.com

      QR Code – PLANIT PRIMA AISpecial2026
      

        
          → planitprima.com
        
      

    


  


  

    How to redeem:

    Visit planitprima.com, create an account, and enter the promo code AISpecial2026 during registration. The code gives you 6 months of the Basic licence at no charge. Questions? Reach out to Patrick directly at patrick.munro.ext@planit.legal.
  


  

    This guide is provided for informational purposes only and does not constitute legal advice.

    © 2026 PLANIT//LEGAL Rechtsanwaltsgesellschaft mbH · planit.legal
  








  

    
Sources & References

    
All citations used in the presentation and this handout. Verified March 2026. Legal text versions may change. Always check the current version at eur-lex.europa.eu.

  


  
  

    

      
⚖️

      
EU Legislation
Regulation texts and official articles

    

    

      

        

        
EU AI Act — Regulation (EU) 2024/1689Art. 26 (Deployer obligations for Annex III high-risk AI) · Art. 27 (Fundamental Rights Impact Assessment for qualifying deployers: public bodies, credit scoring, life/health insurance risk) · Annex III (High-risk AI system categories) · Mandatory obligations: 2 August 2026 · Implementation Timeline ↗ · Art. 26 (EC) ↗ · Art. 27 (EC) ↗ · Full text EUR-Lex ↗

      

      

        

        
GDPR — Regulation (EU) 2016/679Art. 6 (Lawful basis for processing) · Art. 9 (Special category processing bases) · Art. 22 (Automated individual decision-making; applies to decisions based solely on automated processing) · Art. 28 (Data Processing Agreements) · Art. 35 (Data Protection Impact Assessment — mandatory for high-risk processing using new technologies) · gdpr-info.eu ↗

      

      

        

        
DORA — Regulation (EU) 2022/2554Art. 28 (General principles for ICT third-party risk management; note: DORA Art. 28 does not yet directly resolve accountability for AI agent-driven incidents) · Applicable from 17 January 2025 · Art. 28 full text ↗

      

      

        

        
NIS2 — Directive (EU) 2022/2555Cybersecurity obligations for operators of essential and important entities · German implementation: NIS2UmsuCG (entered into force 6 December 2025; BSI registration deadline 6 March 2026) · EUR-Lex ↗

      

    

  


  
  

    

      
🔐

      
Security Research
Agentic AI risks and prompt injection data

    

    

      

        

        
OWASP Top 10 for LLM Applications 2025 — LLM01: Prompt InjectionPrompt Injection ranked #1 critical vulnerability in LLM deployments. The 73%+ figure cited during the talk appears in security industry reports referencing OWASP assessment frameworks (Vectra AI, Obsidian Security); it is not a primary OWASP publication statistic and should be read as an industry estimate. · OWASP LLM01:2025 ↗ · OWASP LLM Top 10 ↗

      

      

        

        
Help Net Security — "Enterprises are racing to secure agentic AI deployments" (23 February 2026)Survey finding: only 29% of organisations deploying agentic AI report being prepared to secure those deployments. · Full article ↗

      

    

  


  
  

    

      
📊

      
Industry Research
Agentic AI in banking and fintech — Feb 2026 data

    

    

      

        

        
Deloitte — "Agentic AI in Banking" (2025)Estimates of >30% productivity improvement and 25–40% operational savings from scaled intelligent automation in banking middle office. Figures are potential estimates and vary by use case and deployment maturity. · Deloitte Insights ↗

      

      

        

        
Visa — PERC Biannual Threats Report, Fall 202525% increase in bot-initiated malicious transactions globally (40% increase in the United States) compared to prior period. Source: Visa Acceptance Solutions, Payment Ecosystem Risk and Control (PERC) biannual report, Fall 2025 edition. · PERC Fall 2025 Report (PDF) ↗

      

    

  


  
  

    📋 Verification note


    All EU legislation references were verified against EUR-Lex in March 2026. Regulation texts may be amended. Always verify the current consolidated version at eur-lex.europa.eu ↗


    Industry statistics (Deloitte, Visa, Help Net Security) are cited as published. They represent estimates or survey data and should be read as directional rather than precise benchmarks. The attack scenario in the presentation is illustrative and composite. No specific incident is described.
  


  

    This guide is provided for informational purposes only and does not constitute legal advice.

    © 2026 PLANIT//LEGAL Rechtsanwaltsgesellschaft mbH · planit.legal