Easylaw AI

Trust & Compliance

Easylaw AI was built around lawyers' professional obligations. Not retrofitted to meet them.

Votre cabinet
Dossiers clients
Contrats
Correspondances
Reseau interne uniquement
Easylaw AI
Mac Studio dans votre cabinet
Traitement 100 % local
Internet / Cloud
×
Zero acces

Our position

Easylab AI is an integrator of artificial intelligence solutions. Under Regulation (EU) 2024/1689, Easylab AI acts as a deployer. Easylaw AI is not a high-risk system within the meaning of Annex III.

Easylab AI does not develop AI models. We select, configure and deploy proven AI systems, on your local infrastructure, under your control, within your firm.

As an integrator, Easylab AI is not a data processor of your client data under Article 28 GDPR. You are the sole Data Controller. We do not have access to your documents, by architecture, not by policy.

We apply, by voluntary commitment, documentation, transparency and human oversight measures aligned with best practices under the Regulation.

Attorney-Client Privilege, Guaranteed by design, not by promise

Attorney-client privilege is absolute. It applies to every technology used in the practice of law. Professional bodies, CCBE, Luxembourg Bar, Paris Bar, OBFG, BRAK, advise lawyers to prefer solutions that keep data within their own infrastructure.

Easylaw AI is precisely that solution. The AI runs on your physical equipment, on your local network. No data leaves your firm, not because we promise it, but because the system is architecturally incapable of it.

No data leaves your network

The AI runs entirely on your dedicated local hardware, on your premises. No outbound connection to external servers is established or possible.

Zero permanent remote access

There is no permanent remote access to your system. Updates and maintenance interventions are deployed by Easylab under controlled and documented conditions, without access to client data, without permanent connection. No port is open to the outside beyond agreed maintenance windows.

Zero training on your data

The AI model is pre-trained and frozen. Your documents feed the document search engine, not the model. No client data ever modifies the model's behavior.

Verifiable

The absence of outbound connections is verifiable by independent technical audit. We provide the architectural documentation required for any compliance verification.

Compatible with your disciplinary obligations

We encourage firms to submit Easylaw AI to their bar association for review. Complete technical documentation is available on request to facilitate this process.

Clients and confidentiality

Your clients have never consented to sharing their information with a technology provider. With Easylaw AI, their data never leaves your firm. No additional consent is required.

EU AI Act, Our classification and commitments

Regulation (EU) 2024/1689 on artificial intelligence applies progressively since August 2024. It classifies AI systems by risk level and imposes proportional obligations for transparency, documentation and human oversight.

Easylaw AI is not a high-risk system.

Annex III of the regulation lists the categories of high-risk systems. Point 8(a) covers systems used "by a judicial authority or on their behalf to assist a judicial authority." A law firm is not a judicial authority. Easylaw AI therefore does not fall under Annex III.

Easylaw AI is a document research and drafting system. It assists the professional, it does not replace them. It does not make legal decisions. It does not issue autonomous opinions. Responsibility and judgment remain entirely with the lawyer.

Not high-risk (Annex III)

Annex III targets systems used by judicial authorities. A law firm is not a judicial authority. Easylaw AI therefore does not fall under Annex III, and is not subject to any of the obligations specific to high-risk systems.

Transparency (Art. 50)

Every response generated by Easylaw AI explicitly states that it is produced by an AI system. Documentary sources are systematically indicated, the lawyer always knows where the information comes from. We apply these principles now, ahead of the formal entry into force of Art. 50 (August 2026).

Human oversight

Easylaw AI assists, it does not decide. Every summary, every extract, every draft is subject to review and validation by the lawyer before any use. We adopt this principle by choice, because a document assistance tool for legal professionals cannot function otherwise.

Accuracy and limits

Easylaw AI systematically indicates its sources and the scope of its response. It does not claim completeness. It recommends verification against primary sources for critical points. Responses are grounded in your document base, the system only cites what exists in your files.

AI literacy (Art. 4)

Easylab accompanies every deployment with training in responsible AI use, tailored to legal professionals. Complete documentation, user guides and technical support are included in the subscription.

No prohibited practices

Easylaw AI does not use any of the prohibited practices under Article 5 of the regulation: no manipulation, no profiling, no exploitation of vulnerabilities, no remote biometric identification, no social scoring.

GDPR, Data under your sole control

GDPR imposes strict obligations on the processing of personal data. For lawyers, these obligations overlap with the professional rules of attorney-client privilege. Easylaw AI was architected to satisfy both, without compromise.

Your firm is the Data Controller

Your firm is the sole data controller. Easylab AI is not a processor under Article 28 GDPR, we do not have access to the personal data processed by the system. No amendment to your records of processing activities is required for an Easylab processor.

100% local processing

All processing takes place on your physical infrastructure. No data passes through a third-party server, whether located in Europe or elsewhere. Processing is entirely under your physical and logical control.

Zero non-EU transfer

Post-Schrems II, transfers of personal data to the United States remain subject to persistent legal uncertainty. With Easylaw AI, the question does not arise, data does not leave your local network. No SCCs required. No third country involved.

Zero CLOUD Act exposure

The US CLOUD Act allows US authorities to compel US companies to hand over data, regardless of geographic location. Easylaw AI does not depend on any US infrastructure, provider, or service.

Zero training on client data

The local AI model is pre-trained and frozen. Your documents are never used to train, fine-tune or improve any model. Your data remains your data, today, tomorrow, after your subscription ends.

Individual rights

Your existing GDPR processes apply without modification. The exercise of rights of access, rectification, erasure, portability, restriction and objection by your clients follows your usual internal procedures, Easylaw AI does not intervene.

Security, The infrastructure you don't see, but can rely on

Easylaw AI relies on a security infrastructure designed for demanding professional environments. All measures are included in your subscription, no additional configuration on your part is required.

Data encryption

AES-256 for all data at rest (documents, search index, logs). TLS 1.3 for all communications on your local network. Your data is encrypted at every step.

Isolated network

Easylaw AI is deployed on an isolated local network. No interface is exposed on the internet. No port is open to the outside. The system is physically and logically separated from any external access.

Strong authentication

Access to the Easylaw AI interface is protected by mandatory multi-factor authentication (MFA). Each access is logged with the user's identity and timestamp.

Audit log

Every query submitted to Easylaw AI is recorded: user, date, time, document queried, nature of the query. This log is available to you for your internal compliance and to meet the requirements of your clients or bar association.

Zero telemetry

Easylaw AI transmits no operational data to Easylab. No usage statistics, no logs, no metrics leave your infrastructure. You have complete control over what leaves or does not leave your system.

Maintenance and updates

Security updates are deployed by Easylab as part of your subscription. They are tested before deployment and documented. For updates, Easylab accesses system configuration only, not your documents or client data. The process is documented and controlled. No action on your part is required.

Documents & Formal Commitments

  1. Data protection clauses embedded in service agreements
  2. No AI model training on client data, guaranteed by on-premise architecture
  3. Encryption in transit (TLS 1.3) and at rest (AES-256)
  4. Mandatory multi-factor authentication (MFA)
  5. Logical data separation between firm users
  6. 100% local infrastructure, no external hosting
  7. Access and operation logging
  8. Notification to the firm within 72 hours in case of an incident involving an Easylab intervention
  9. AI transparency notice on every AI-assisted deliverable
  10. Annual security testing following OWASP methodology
  11. At end of contract: Easylab access removed, transition guide provided, your data remains on your hardware in its original format

For any questions regarding compliance, GDPR, the AI Act or security: compliance@easylab.ai

Compliance status

GDPR CompliantEU AI Act, Not high-risk (2024/1689)Attorney-Client Privilege ProtectedZero CloudAES-256TLS 1.3MFANo US jurisdiction

Frequently asked questions

A compliance question? Our team will answer.