Legal IT Insider’s editor Caroline Hill spoke with Stephenson Harwood technology sector group head Simon Bollans and head of innovation Paul Orchard about how the UK-headquartered law firm partnered with Curvestone to create a GenAI custom contract review solution.
Partners in the international firm’s technology practice have utilised the tool to review IT contracts to ensure they comply with the Digital Operational Resilience Act (DORA), which came into effect on 17th January.
We were keen to understand more about the key drivers behind the latest iteration of this partnership; how it advances Stephenson Harwood’s GenAI strategy; and the benefit for clients.
Caroline Hill (CH): Stephenson Harwood’s GenAI strategy was first announced in May 2024 with the adoption of Harvey AI for legal tasks and in October you announced that you’re working with Curvestone. This latest collaboration is the next step, please can explain what that means?
Paul Orchard (PH): “Yes as part of our overall AI strategy, we knew that there was space for let’s say a kind of general assistance type GenAI technology to help with the vast majority of our use cases. So, we spent time working with Harvey and with Curvestone, looking at how well they might fill that opportunity for us. But we also realised early on that there was going to be opportunity for us to build some custom GenAI solutions and that’s one of the reasons why we entered into the partnership with Curvestone, because we knew very early on that it gave us the opportunity to do that.
We’ve been using Curvestone’s core platform for a while. We got comfortable with it. We knew how it worked. We got to know the Curvestone team. We felt like it was the right time to think about building the first custom solution in partnership with them. And we do an awful lot of work with Simon and his team. So, they were the obvious candidates to start that conversation with. We very quickly identified the DORA opportunity as something that would drive immediate value for our clients, but also give us the kind of the experience of working with Curvestone and building out that first custom solution. You need to start with the first one and that will probably be the hardest one to be perfectly honest. Simon and his team were super keen to do this and Curvestone were keen to do it with us, and so we embarked upon that journey.
CH: So, Simon you and your team felt this would be beneficial for clients? 
Simon Bollans (SB): Yes we’ve been working with clients to see how we can deploy AI within our services to augment what we’re what we’re doing with clients and to test it on particular use cases that we are focused on at the moment. There’s a lot of DORA activity in contract remediation and we were really keen to work with Workflow to understand the process of building a bespoke application based on our legal expertise and how we augment that into the AI.
CH: Before we dive into the new contract review capabilities, please can you give us a little more detail about Curvestone’s baseline Workflow GPT platform?
PO: Yes, so it’s probably better to think of it as almost two separate things that it offers us. One is a core platform where it gives us a type of functionality that you would expect from a general AI assistant. So it gives you opportunities to ask questions directly and to upload documents in various different ways. It offers you that core functionality that we saw with ChatGPT frankly, but then people have enhanced the user interface and thought a little bit more about how it can more directly support workflows, and with RAG technology evolving, developed the functionality they need to build on top of that. So that’s the core platform that we use on a day-to-day basis.
Using the same underlying technology, they’ve essentially built a framework where you have building blocks that you can drop in that offer bespoke functionality that you can then tailor to the nuances of what the client needs or what the specific content is that you want to look for in a particular document. Or what you want the technology to do once it’s extracted that specific content. So it’s almost a set of bricks that you can customise.
CH: And for those people not familiar with DORA, Simon could you please just briefly explain what it is?
SB: Yes, so DORA is the Digital Operational Resilience Act and it came into full effect in terms of compliance obligations on the 17th of January. And one element of DORA required regulated financial entities to ensure that their contracts meet certain requirements. They need, for example, to ensure that their contracts include specific terms to support their operational resilience, such as the ability to audit their ICT supply chain around testing business continuity.
It’s a very broad piece of legislation that applies to really all ICT services that are used by that regulated entity. And additional requirements for those that are supporting a critical and important function. What that meant is a lot of regulated entities needed to remediate those contracts, so their current contracts, if they don’t include those requirements, needed to be uplifted by the 17th of January to include these new provisions.
If you take a large regulated entity that might have 100 or 200 ICT suppliers, the task of uplifting all of those contracts and potentially reviewing each supplier’s sets of terms is quite big task and so we’re supporting and have been supporting clients on that compliance road map.
We wanted to see how we could augment that service with the workflow platform to use those building blocks to almost reverse engineer what we wanted the output to be; what the requirements were, and we were able to provide our legal knowledge and guidance for doing that so it wasn’t just a document review exercise in terms of ‘does it include specific provisions?’ but we’ve been able to feed it with our legal know how, such as the different permutations of what those clauses might look like.
We had a prompt training exercise for the tool so that it was able to analyse what we were asking for in the same way that we would individuals in the team.
CH: What benefit is there in this exercise to using generative AI specifically?
SB: What we’ve built is based on the requirements and also our secret sauce; our legal knowledge input and guidance. It’s not just reviewing it to say whether or not there’s a provision there, it’s reviewing it to tell us whether or not that provision is compliant with the requirements, because the requirements are relatively prescriptive and every one can be draughted in a different way.
Suppliers are drafting those provisions in a supplier friendly way, with some more compliant than others. And so what we were able to do is in putting our guidance into the tool, we were able to give it parameters around what compliance looks like in all its different flavours. It’s not just doing the data extraction but also using natural language and analytics to understand ‘does that provision meet the requirements that we say it should?’
We always have a lawyer in the loop and so it was really empowering the team to be doing things more efficiently; handling a higher capacity; and it enables us to form quicker views over a larger number of documents at a high level before we get into allocating who’s going to pick up particular matters.
CH: So the ones that need to be remediated, that’s the ‘human bit’ is it?
PO: Yes, but there’s also a careful review of the content that’s extracted. We built the solution in a way where it’s a relatively simple task to jump to the relevant parts of documents to check that the extracted content is correct, but then also to review the analysis and the recommendation. We ask for its reasoning, so ‘how have you come up with this recommendation?’ to help sense check and at every stage, there’s still human in the loop because we know that the output isn’t always going to be right.
CH: Is this quite a laborious checking process and is there still a big time saving?
SB: There were definitely efficiencies and time saving in doing it this way, but we and the team do review all of the output to verify it. We need to ensure that the output that we’re sending to clients, we’re confident and we know that it’s right. And the way that we do that is by having that lawyer in the loop to do that. It’s no different to a partner checking an associate’s work and we do that verification because we want to ensure that it’s right and it’s consistent.
With the state of AI at the moment there are always changes and improvements that we need to make, and we also need to ensure that it that we’ve checked it for accuracy.
CH: Can you talk me through the workflow?
PO: The way we’ve built the solution is that at each stage of the process there’s an opportunity for the lawyer to engage and change the output, which then feeds through to the next stage. Even down to some of the more laborious formatting of the report so that it looks right for the client, the technology takes care of all of it. And if something isn’t quite right at Stage 2 and you change it, that then flows through nicely into stages three, four and five. The output is in a Word document that’s formatted and has the relevant risk ratings.
CH: Are you able to say how accurate the tool is?
PO: We went into this not with the expectation that the technology is going to produce 100% correct output: we knew that that just wasn’t going to be possible. And if we tried to get to that point we would still be working on it in 2027. We very quickly realised that we just needed to get to that point where we felt like it was helping enough.That still involved a lot of iteration, but because we knew there was going to be lawyer in the loop at every stage, it meant we didn’t have unrealistic expectations around the quality.
We got it to a point where it was helpful and repeatable, and we designed a rigorous testing process. Because we knew there was always going to be a lawyer in the loop at every stage, we were confident enough that it was the right thing to do for our clients to start using it.
SB: This is one of many use cases that we’re looking at and building out and so it’s also a process of testing and learning.
PO: There’s also a huge value to be had in my team getting an understanding of how to build these things along with a partner; what the types of questions we need to ask people like Simon; where does the responsibility lie for testing; how do we keep it up to date? It’s all hugely valuable for us.
SB: It was able to give us additional bandwidth in the team, so we were able to look at a larger volume and were quicker across the board, as well as being able to give the client more certainty around fees. This approach is a trial but there are a large number of use cases that we’re now looking at.
Our thanks to Stephenson Harwood for chatting with us, if you want to discuss your own project with us contact [email protected]