On May 28, 2026, Bloomberg Law reported that Kirkland & Ellis has committed $500 million over the next three to four years to build its own proprietary artificial intelligence platform. The investment, described as one of the most ambitious technological bets ever made by a law firm, reflects Kirkland's judgment that controlling its own AI infrastructure is the path to outperforming competitors in an industry being reshaped by the technology.
Kirkland is not alone. Fried Frank recently rolled out an internally built AI platform. Linklaters launched a dedicated team of data scientists and lawyers to build bespoke AI workflows for specific clients and matters. The direction the profession's largest firms are moving is not toward off-the-shelf vendor solutions. It is toward AI governance and tooling built from the ground up, around their specific practices, clients, and competitive strategies.
The logic is sound. The price tag is not available to most firms.
What Top-Down Governance Delivers
For firms without Kirkland's resources, the market offers an alternative: off-the-shelf AI governance platforms engineered for scale. Their business model depends on selling the same solution to hundreds of firms, which means the product must be broad enough to apply everywhere and specific enough to appear useful anywhere. The result is governance by lowest common denominator.
A top-down platform will give you a policy template that covers the categories every firm needs to address: data security, acceptable use, human review requirements, vendor approval. It will give you a training module that explains what large language models are and why attorneys should verify their outputs. It will give you a compliance dashboard that tracks who has completed the training and whether your policy has been acknowledged firm-wide.
What it will not give you is a policy calibrated to the specific practice areas your firm actually handles. It will not assess whether your existing vendor relationships create confidentiality exposure under Rule 1.6, account for how your litigation group uses AI differently from your transactional attorneys, or identify which attorneys are quietly using consumer AI tools on client matters and why.
The Compliance Illusion
A firm whose attorneys have completed a vendor's online training module and signed a policy acknowledgment form is not a governed firm. It is a firm with documentation. Those are not the same thing, and a disciplinary panel will not treat them as equivalent.
Top-down governance produces paperwork that resembles compliance. It satisfies the requirement that something be done. It does not, however, address the actual friction points that determine whether attorneys use AI responsibly or work around whatever policy is nominally in place.
The Adoption Problem Vendors Don't Solve
There is a research-backed principle in organizational change management that governance frameworks fail at the point of adoption, not at the point of design.1 A policy that attorneys cannot apply to their specific workflows, or that they experience as an obstacle, will be quietly set aside in favor of whatever produces results fastest.
Human beings under deadline pressure find paths around requirements that add steps without obvious benefit. The policy stays on the books. The behavior it was designed to govern continues unchanged.
Off-the-shelf governance platforms are particularly vulnerable to this failure mode because they are designed to minimize deployment friction for the vendor, not operational friction for the attorney. The training is generic. The policy language is broad. The workflows it prescribes were not built around how your firm actually operates. The result is a governance program that lives in a portal that nobody checks and a policy document that lives in a folder that nobody reads.
Governance that attorneys work around is not governance. It is liability dressed up as compliance.
What Ground-Up Governance Looks Like
Kirkland's $500 million investment is ground-up governance at enterprise scale: AI infrastructure designed around Kirkland's specific practices, clients, workflows, and competitive position. The investment figure is extraordinary. The governing principle is available to every firm: governance built around the firm it serves.
Ground-up governance begins with a diagnostic question, not a policy template: what is actually happening in this firm right now?
The answer is almost always more complicated than leadership expects. Tools are in use that IT did not approve and partners do not know about. Practice groups have developed sophisticated AI workflows with no policy framework around them. Some attorneys are genuinely trying to use AI responsibly but have no guidance on what responsible use looks like in the context of their specific matters. Others have quietly concluded that the risk is someone else's problem.
A ground-up governance program maps that reality before it attempts to govern it. The audit is a diagnostic, not a checkbox. Its output is not a list of tools but an understanding of how AI is actually integrated into the firm's work, where the ethical exposure exists, and what specific interventions are most likely to produce genuine behavioral change.
| Top-Down (Vendor Platform) | Ground-Up (InGlobo AI) | |
|---|---|---|
| Starting point | Generic policy template | Firm-specific diagnostic audit |
| Policy design | Broad enough to apply to any firm | Calibrated to your practice areas, risk profile, and existing tools |
| Training | One-size module, completion tracked | Role-specific, scenario-based, built around actual firm workflows |
| Vendor evaluation | Approved vendor list from the platform | Independent due diligence against your actual data security requirements |
| Adoption outcome | Documentation of completion | Measurable behavioral change and reduced friction |
| Ongoing governance | Platform subscription, self-managed | Continuous advisory relationship, updated as tools and regulations evolve |
The Rules of Professional Conduct Don't Grade on a Curve
The Rules themselves set the standard here, and they have not changed to accommodate the vendor market.
Rule 1.1 requires competence, and Comment 8 to that Rule has long established that technological competence is part of the duty. An attorney who cannot assess whether the AI tools in use on a client matter are appropriate for that matter, or who has simply deferred to a firm policy without understanding what it requires, is not meeting that standard. A signed acknowledgment form does not satisfy Rule 1.1 any more than it satisfies the duty of diligence under Rule 1.3.
Rule 1.6 requires that attorneys make reasonable efforts to prevent unauthorized disclosure of client information. "Reasonable efforts" is a facts-and-circumstances standard. What is reasonable for a firm whose attorneys routinely handle sensitive transactional data is not determined by what a vendor platform defines as its security tier. It is determined by the actual data flowing through the actual tools your attorneys are actually using. A platform that does not know what those tools are cannot tell you whether your confidentiality obligations are being met.
Rules 5.1 and 5.3 place supervisory responsibility squarely on partners and supervising attorneys. If a subordinate attorney or paralegal uses AI in a way that causes harm to a client, the question a disciplinary panel will ask is whether the supervising attorney had reasonable measures in place to prevent it. A generic firm-wide policy applied uniformly across practice groups with materially different risk profiles is a thin defense. A governance program designed around the specific workflows those attorneys use is a more durable one.
The NIST AI Risk Management Framework reinforces the same point: effective governance requires an organization-specific understanding of context, impact, and exposure that generic frameworks cannot supply.2 The framework identifies the categories of risk. Addressing those categories in a way that satisfies your professional obligations requires someone who knows your firm.
What Defensible Governance Requires
A governance program is defensible when an attorney facing a disciplinary panel, a client facing a data breach, or a managing partner facing a sanctions motion can demonstrate that the firm understood its actual AI risk exposure and made deliberate, documented decisions to address it. Generic documentation does not meet that standard. Firm-specific governance does.
You Don't Need $500 Million
Kirkland's investment confirms a direction, not a price of entry. Firms that build AI governance around their specific practices will be better positioned than firms that bolt a vendor platform onto existing workflows and call it done.
Most firms will not spend $500 million to get there. They do not need to. The same governing principle (governance that fits the firm) is available at a fraction of that cost when the work is done by advisors with direct experience in legal practice, genuine fluency in AI technology, and the ability to design programs attorneys will actually follow.
Attorneys use tools that work and avoid tools that create friction. A governance program built around how your attorneys actually work, accounting for their specific workflows, practice pressures, and existing tool preferences, will be followed. One that adds bureaucratic steps without reducing real risk will not.
InGlobo AI does not sell a platform. We build governance programs fitted closely enough to your firm that following them requires less effort than working around them. Policies your attorneys can apply in the context of their actual matters. Training built around the scenarios your practice groups encounter. Vendor evaluations conducted against your actual data security requirements. Monitoring structured around the tools your attorneys use.
Governance built for your firm gets followed. Governance followed means the obligations under the Rules of Professional Conduct are actually met. That is the entire point.
The InGlobo AI Perspective
The right approach is available at the right budget.
Kirkland & Ellis can spend $500 million building proprietary AI infrastructure. Most firms cannot. InGlobo AI delivers ground-up, firm-specific AI governance programs designed around your practice areas, your attorneys' workflows, and your actual risk exposure, at a scale that works for your firm. If your current governance approach came in a box, it may be time for a conversation about what genuine governance looks like.
Sources & References
- Prosci. Best Practices in Change Management (successive editions). Industry-standard research on organizational change adoption, including the finding that change initiatives fail most frequently at the adoption and usage stage rather than at the design or awareness stage.
- National Institute of Standards and Technology. AI Risk Management Framework (AI RMF 1.0) (January 2023). Establishes that AI risk management must be context-specific and organization-specific; generic frameworks require substantive customization to be operationally effective.
- Killelea, Eric and Strom, Roy. Kirkland & Ellis Investing $500 Million to Build AI Platform. Bloomberg Law, May 28, 2026.
- ABA Model Rules of Professional Conduct: Rules 1.1, 1.3, 1.6, 5.1, 5.3. ABA Formal Opinion 512 (July 2024) provides nonbinding interpretive guidance on the application of these Rules to generative AI.
Ready to bring responsible AI to your firm? Let's start with a conversation.
Book a Discovery CallLegal Disclaimer
InGlobo AI, LLC is an AI governance consultancy and not a law firm. This article is provided for general informational and educational purposes only and does not constitute legal advice. Reading or sharing this article does not create an attorney-client relationship with InGlobo AI or its personnel. Law firms, lawyers, and organizations evaluating AI governance or compliance questions should consult independent legal counsel licensed in the applicable jurisdiction.