Skip to main content

Building a Defensible AI Workflow Automation Framework for eDiscovery: The Human-in-the-Lead Model

This article provides a practical framework for attorneys, eDiscovery counsel, and compliance officers to integrate AI workflow automation into eDiscovery while satisfying professional responsibility obligations. It covers the Krino methodology, mapping ABA Model Rules to EDRM stages, emerging case law like the Heppner standard, and a playbook for defensible implementation.

Updated
  • e-discovery
  • professional responsibility
  • workflow
  • human-in-the-loop
  • litigation support

Workflow overview

Workflow category
e-discovery
Relevant roles
attorney, eDiscovery counsel, compliance officer
Where AI intervenes
Processing, Collection, Production (full automation); Review, Early Case Assessment, Analysis (AI-assisted human judgment)
Professional responsibility notes
ABA Model Rules 1.1 (competence) and 5.3 (supervision); California proposed Rule 1.1 amendments extending competence duty to AI verification; US v. Heppner (SDNY Feb 2025) requiring reasoning, safeguards, and validation around AI tools (Verify in regulatory tracker →)

The Behavioral and Ethical Case for Structured Automation

The legal industry's AI adoption rate has reached 78%, according to the Litify 2025 report, yet half of legal professionals still cite confidentiality, quality, and privacy concerns as the top barriers to enterprise-wide deployment. This gap between adoption intent and operational trust is not a technology problem — it is a behavior problem. Daniel Gold, Principal and Forensics eDiscovery Managed Service Leader at BDO USA, frames the challenge through the COM-B model: capability, opportunity, and motivation must all align before a professional will trust an AI output enough to attach their license to it.

In eDiscovery, the stakes are particularly high. Document review accounts for 73% of discovery-related costs, according to RAND Corporation research, and the volume of data subject to discovery continues to grow — global data creation is forecast to reach 394 zettabytes by 2028. Legal teams cannot afford to ignore automation, but they also cannot afford to deploy it without a framework that satisfies professional responsibility obligations. The core thesis of this article is straightforward: AI should handle predictable, rules-based EDRM stages while lawyers retain judgment on privilege, responsiveness, and strategy. This is not a human-in-the-loop model; it is a human-in-the-lead model.

The behavioral dimension matters because defensibility is ultimately a question of process, not tool sophistication. A judge or regulator who asks "why did you do this and how do you know it is reliable" is not asking about the model's architecture. They are asking about the lawyer's reasoning, the safeguards applied, and the validation performed. That is a human question, not a technical one.

The Krino Methodology: Operationalizing Professional Judgment

Gold introduced the "Human as the Krino" framework as a deliberate alternative to the widely used phrase "human in the loop." His reasoning is precise: "When you say human in the loop, it suggests that as the attorney, you are not actually leading the process." The Krino framework — Know, Review, Interrogate, Normalize, Own — operationalizes professional judgment across five discrete steps that map directly onto the eDiscovery workflow.

A sequential diagram showing the five steps of the Krino methodology — Know, Review, Interrogate, Normalize, Own — displayed as connected circular nodes with simple icons on a white background in dark blue and teal.
The Krino methodology provides a structured framework for attorneys to exercise professional judgment over AI-assisted eDiscovery outputs.
  • Know: Understand what the AI tool did — which model was used, what data it processed, what instructions it received, and what confidence thresholds were applied. This is not a technical audit; it is a professional awareness requirement.
  • Review: Examine the AI's output as a judgment call, not a data transfer. The attorney must evaluate whether the result makes sense in the context of the case, the jurisdiction, and the client's exposure.
  • Interrogate: Question the methodology. Did the AI apply the correct legal standard? Were there edge cases the model might have misclassified? What would change if the prompt were phrased differently?
  • Normalize: Calibrate the AI's output against your subject matter expertise. If the model flags a document as responsive but your knowledge of the case suggests otherwise, the professional judgment prevails.
  • Own: Accept professional responsibility for the determination. As Gold stated, "If you are going to leverage AI to help you with your answers, whether it is legal research or eDiscovery, you have to own that determination. That's how you operationalize professional judgment."

The Krino framework is not a vendor product or a proprietary methodology — it is a practitioner-developed approach published through BDO and Everlaw. Its value lies in its specificity: each step gives the attorney a concrete action to perform, which in turn creates a documented record of professional engagement with the AI output. That record is what makes the workflow defensible.

Mapping ABA Model Rules to EDRM Stages

The Electronic Discovery Reference Model (EDRM) provides a useful structure for mapping where AI automation is safe, where AI-assisted human judgment is appropriate, and where exclusive human judgment is required. The two ABA Model Rules most relevant to this mapping are Rule 1.1 (competence) and Rule 5.3 (supervision of nonlawyer assistance). When AI tools perform tasks that a paralegal or junior associate might otherwise handle, the supervising attorney's obligations under Rule 5.3 apply directly.

Mapping of EDRM stages to appropriate automation levels under ABA Model Rules 1.1 and 5.3.
EDRM StageAutomation LevelProfessional Responsibility Notes
Information GovernanceFull automation safePolicy-driven rules; no legal judgment required
IdentificationFull automation safeCustodian and date-range filters are rules-based
PreservationFull automation safeLegal hold triggers may be automated with human oversight of scope
CollectionFull automation safeForensic collection tools operate on defined parameters
ProcessingFull automation safeDeduplication, OCR, and file-type filtering are rules-based
ReviewAI-assisted human judgmentKrino framework applies; attorney must own responsiveness calls
AnalysisAI-assisted human judgmentTrend identification and clustering assist but do not replace strategy
ProductionFull automation safeFormat conversion and metadata stripping are rules-based
PresentationExclusive human judgmentTrial strategy, witness preparation, and narrative construction
Privilege ReviewExclusive human judgmentAttorney-client privilege determinations carry professional liability
Early Case AssessmentAI-assisted human judgmentAI provides data summaries; attorney evaluates case value and risk

The critical boundary in this table is between Processing and Review. Legal teams that automate processing routinely cull 70% to 90% of raw data before a single reviewer logs in, according to Logikcull. This can transform a $500,000 review into a $50,000 review. But the moment the AI makes a judgment call about responsiveness or privilege, the attorney's professional obligations activate. As the Logikcull analysis notes, privilege review and strategic analysis resist full automation because "the final call on attorney-client privilege carries professional responsibility implications that no in-house team is comfortable delegating to a model."

For a deeper examination of how ABA Model Rules 1.1 and 5.3 apply to AI-assisted legal work, see our ABA Model Rules and Attorney AI Use: Competence and Supervision Obligations entry.

California's Proposed Rule 1.1 Amendments and the Heppner Standard

Two developments in 2025 and 2026 have begun to crystallize what courts and regulators expect from attorneys who use AI in their workflows. Neither is settled law, but both serve as emerging indicators of the professional responsibility standard that is taking shape.

California's Proposed Rule 1.1 Amendments

The State Bar of California has proposed amendments to Rule 1.1 of its Rules of Professional Conduct that would explicitly extend the duty of competence to include understanding the benefits and risks of AI tools. Under the proposed language, a lawyer must "independently verify and exercise professional judgment over any AI-generated output" before relying on it in client representation. The amendments are still in proposal stage as of mid-2026 and have faced scrutiny from critics who argue the non-delegable duty of verification may be overly burdensome, particularly for solo practitioners and small firms.

If adopted, California's rule would go further than the ABA's existing Model Rule 1.1 commentary, which already requires attorneys to "keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology." California's proposed language would make explicit what the ABA commentary leaves implicit: that competence with AI requires active verification, not passive awareness.

For a detailed breakdown of what competence requires under the current ABA framework, see our ABA Model Rule 1.1 and AI: What Competence Requires of Attorneys Using AI Tools entry.

The Heppner Standard

In February 2025, the U.S. District Court for the Southern District of New York issued a decision in United States v. Heppner that has become a reference point for what courts expect from attorneys using AI in discovery. The court required the lawyers to demonstrate not just that they had used a sophisticated AI tool, but that they had applied reasoning, implemented safeguards, and conducted validation around the tool's outputs.

The Heppner decision does not establish a controlling appellate standard — it is a single district court opinion — but it signals a shift in judicial scrutiny. Courts are no longer satisfied with a vendor's representation that a tool is reliable. They want to see the attorney's work: What prompts were used? What quality control samples were reviewed? What was the error rate on the privilege screen? How was the AI's output validated against human review?

The practical implication of Heppner is that defensibility documentation must go beyond the tool's technical specifications. An attorney who can produce a Krino-style record — showing what the AI did, how they reviewed it, what they interrogated, how they normalized it against their expertise, and that they ultimately owned the determination — will be in a far stronger position than one who can only say "the vendor told us the model is accurate."

For concrete examples of what happens when courts find that AI oversight was insufficient, see our AI Hallucination in eDiscovery: Documented Failure Cases and Court Sanctions comparison guide.

Practical Playbook: Process Documentation, Audit Logs, and Prompt Governance

Building a defensible AI workflow requires more than choosing the right tool. It requires a documented process that can survive scrutiny from a judge, a regulator, or a client's internal audit team. The following playbook provides concrete steps that legal teams can implement regardless of which eDiscovery platform they use.

Process Documentation Standards

  • Define the workflow scope: Document which EDRM stages are fully automated, which are AI-assisted, and which require exclusive human judgment. This scope document should be reviewed and signed off by the supervising attorney before any data is processed.
  • Establish validation protocols: For AI-assisted review stages, define the sampling methodology, the acceptable error rate, and the escalation process when the error rate is exceeded. The Everlaw 2025 Ediscovery Innovation Report found that 90% of respondents believe generative AI has already altered conventional billing practices or will within two years — validation protocols are the mechanism that makes alternative billing arrangements defensible.
  • Document the Krino steps: For each AI-assisted determination, create a record showing what was Known, Reviewed, Interrogated, Normalized, and Owned. This does not need to be a narrative paragraph for every document — it can be a structured log entry tied to a batch or a workflow stage.

Audit Log Requirements

An audit log for AI-assisted eDiscovery should capture, at minimum: the date and time of each AI operation, the specific model or algorithm used, the prompt or instruction provided, the confidence threshold applied, the number of documents processed, the number of documents flagged for human review, and the identity of the attorney who performed the Krino review. The log should be immutable — write-once, read-many — to prevent any appearance of post-hoc manipulation.

Prompt Governance

Prompt engineering is not just a technical skill — it is a professional responsibility consideration. A poorly phrased prompt can produce systematically biased results that a reviewer may not catch. Legal teams should implement prompt governance practices that include:

  • Maintaining a prompt library with version control, so that every prompt used in a matter can be reproduced and audited.
  • Requiring two-attorney review for any prompt that defines responsiveness, privilege, or other legal standards.
  • Testing prompts against a gold-standard set of documents before deploying them at scale.
  • Documenting the rationale for prompt choices, including any trade-offs between recall and precision.

For a companion resource that covers the workflow mechanics of AI-assisted document review in more detail, see our eDiscovery AI Workflow Guide for Legal Teams: Document Review in Practice.

ROI and Cost Implications of Defensible AI Automation

The economic case for AI automation in eDiscovery is strong, but the numbers require careful contextualization. The Winter 2026 eDiscovery Pricing Survey, conducted by ComplexDiscovery in partnership with EDRM, collected responses from 53 participants (92.5% U.S.-based, 67.9% legal and litigation support professionals) and found that per-document generative AI review pricing is concentrated in the $0.11 to $0.50 range, with 35.8% of respondents falling in this band. By contrast, traditional human review rates typically range from $0.50 to over $1.00 per document.

Generative AI-assisted review pricing models from the Winter 2026 eDiscovery Pricing Survey (n=53).
Pricing ModelPercentage of RespondentsTypical Range
Per-document GenAI review35.8%$0.11 - $0.50 per document
Hybrid (human + AI)28.3%Varies by workflow
Per-GB11.3%Varies by data volume
Per-token5.7%Varies by model
Flat monthly subscription5.7%Varies by platform
Outcome-based3.8%Varies by result
Do not know / not applicable35.8% - 79.2%N/A

Beyond per-document pricing, the time savings are substantial. The Everlaw 2025 Ediscovery Innovation Report, which surveyed 299 legal professionals in conjunction with ACEDS and ILTA, found that nearly half of respondents save one to five hours each week using generative AI. For those saving five hours per week, the annualized figure is 260 hours — or 32.5 full working days — per person. At a large firm, these savings could collectively free up nearly 200,000 hours annually.

The broader market context reinforces the urgency of adoption. The global eDiscovery market was valued at approximately USD 31.5 billion in 2025, according to Business Research Insights. Meanwhile, the 2024 ACC Chief Legal Officers Survey found that 42% of legal departments received a mandate to cut legal costs and 58% experienced major rate hikes by their law firms. Legal teams face tighter budgets, increased data volumes, and greater internal scrutiny over spend — a combination that makes AI automation not just attractive but necessary.

However, the ROI calculation must account for the cost of defensibility. Implementing the Krino framework, maintaining audit logs, and conducting validation sampling all require attorney time that does not exist in a fully manual workflow. The question is not whether AI automation saves money — it does — but whether the savings are large enough to justify the investment in defensibility infrastructure. For most legal teams handling discovery volumes above a few hundred thousand documents, the answer is clearly yes.

For a tool-level comparison of the leading eDiscovery platforms that support these workflows, see our AI eDiscovery Platform Comparison for Legal Teams: Relativity aiR, Reveal, Logikcull, and Everlaw.

Conclusion: The Hybrid Model as the Defensible Standard

The evidence from multiple sources converges on a single conclusion: defensibility in AI-assisted eDiscovery lives in the hybrid model. As Cal Yeaman, Everlaw's Senior Strategic AI Advisor, put it: "Defensibility lives in the hybrid." AI handles volume and predictability — the rules-based stages of processing, collection, and production where human judgment adds little value. Lawyers exercise judgment on complexity and risk — the stages where privilege, responsiveness, and strategy require professional expertise.

The human-in-the-lead framework, operationalized through the Krino methodology, satisfies both professional responsibility obligations and emerging regulatory requirements. It gives attorneys a structured way to Know what the AI did, Review its output, Interrogate its methodology, Normalize it against their expertise, and Own the determination with their professional license. It creates the documentation that courts like the Heppner court are beginning to expect. And it provides a defensible answer to the question that every judge, regulator, and client will eventually ask: "Why did you do this and how do you know it is reliable?"

The legal teams that will thrive in this environment are not the ones that adopt AI fastest or most broadly. They are the ones that adopt AI most defensibly — with clear boundaries between automation and judgment, documented processes that can survive scrutiny, and a professional culture that treats AI output as the beginning of the attorney's work, not the end.

  • eDiscovery AI Document Review Workflow: How It Works and Where It Breaks

    A structured walkthrough of the AI-assisted eDiscovery document review workflow — covering where machine learning and generative AI are inserted, what each stage actually does, documented failure modes, and the human verification steps practitioners currently apply to manage risk.

  • eDiscovery AI Workflow Guide for Legal Teams: Document Review in Practice

    A structured guide to how legal teams are applying AI at each stage of eDiscovery document review — covering where AI is actually inserted, what it cannot do, and which human-in-the-loop steps remain non-negotiable.

  • AI Legal Research Workflow: Human Verification Steps Practitioners Actually Use

    A structured guide to where AI is inserted in the legal research workflow, what hallucination and citation risks practitioners have documented, and the specific human-in-the-loop verification steps attorneys and legal ops teams apply before relying on AI-generated output.

← All workflow guides

Corrections & feedback

Submit corrections, share workflow experience, or flag outdated professional responsibility notes. Comments are moderated. Nothing here constitutes legal or professional responsibility guidance.

Comments

Join the discussion with an anonymous comment.

Loading comments...