A 15-person commercial firm, three vendor demos in as many months. One pitched a firm-wide AI copilot at £60 per user per month. Another offered targeted drafting tools for half the price. The third was a legal research add-on for a fraction of both. All three claimed to be the right fit for a firm this size. The question the partners were actually sitting with was more practical: what does a firm this size genuinely need, and what does getting that call wrong cost?
What choice is a small law firm actually facing?
The typical decision for a firm with 5 to 50 staff sits between narrow, purpose-built tools that solve one workflow problem well and broader platforms that promise AI capability across the whole firm. Law Society research on generative AI in the legal profession shows that targeted tools are the dominant early-adoption pattern, with firms deploying AI in research, drafting, or document review rather than rolling out firm-wide systems first.
Three options tend to come up in these conversations. Point solutions such as Lexis+ AI or CoCounsel for research and drafting, or AI features built into Clio for matter management. Firm-wide copilots such as Harvey or Microsoft 365 Copilot, sitting across email, documents, and internal files. And AI capabilities already embedded in whatever practice management system the firm uses, which arrive automatically on an upgrade rather than as a separate buying decision.
The SRA’s research on small firm regulation provides the underlying context. Three quarters of UK law firms have fewer than 10 partners, and this segment operates under real cost and staffing pressure. Legal Services Board resilience research identifies unexpected technology spend as a primary driver of financial stress for firms with limited cash buffers. For that segment, the practical question is which platform a firm with these constraints can get genuine value from before the next renewal arrives.
When does a point solution give you better value?
Point solutions earn their place when the pain is specific and the use case is contained. A tool that handles first-draft contracts, speeds legal research on routine matters, or summarises case documents can be trialled with a small group and measured against billable time saved. Clio data shows around 60% of small firms cite improved efficiency from AI, while only about 20% have implemented firm-wide tools.
A firm of 5 to 25 staff with no internal IT function is well placed to start here. Entry costs are lower, trial commitments are shorter, and the adoption footprint is small enough to manage without a dedicated implementation project. A 30-day pilot with three to five users focused on a single workflow is enough to tell you whether the tool is earning its subscription.
Data-protection analysis is also simpler when you start narrow. A tool that plugs into Lexis, Westlaw, or your existing practice management system processes a defined set of client data through a vendor with established contractual safeguards. That makes the ICO-required DPIA a manageable exercise. Point solutions integrated with authoritative legal databases also give fee-earners something to verify: a Stanford law school study found that general-purpose GPT tools produced fabricated case citations in 17 to 33% of responses when not grounded in authoritative legal content. Tools that cite the underlying source let you catch errors before they reach a client.
When does a broader platform start to make sense?
A broader platform earns serious consideration when a firm has multiple departments, a substantial body of internal knowledge that is difficult to search and reuse, and the IT infrastructure to support a wider rollout. Firms closer to 30 to 50 staff, already running integrated modern systems with access to managed IT support, have the operational foundation a platform deployment needs to return real value rather than additional complexity.
Microsoft 365 Copilot carries list pricing of around US$30 per user per month on top of existing Microsoft licences. For a 20-person firm that is a meaningful subscription before a single billable hour is saved. That spend is defensible only when the firm can quantify genuine cross-firm benefits, such as reducing internal email load, standardising document styles, or surfacing knowledge from historic matters. Time savings on one workflow alone do not justify the cost of that tier.
Lock-in is a real commercial risk at this level. The CMA’s report on AI foundation models flags that a small number of large providers dominate the market, pricing is often opaque, and switching costs are high once workflows are embedded around a single platform. Reviewing the data-export and termination clauses before signing is easier than negotiating them after year one.
The NCSC guidance on secure AI development is also relevant here. A firm-wide deployment across email, documents, and client files creates a broader attack surface and a more complex access-control requirement than a targeted point solution. The NCSC recommends role-based access controls, encrypted data in transit and at rest, and auditable logs. Firms without managed IT support often struggle to implement and maintain these controls at the scale a platform deployment requires.
What does overbuying actually cost you?
The direct cost of a mis-scoped AI subscription is straightforward to calculate. A 20-user firm at £80 per user per month spends roughly £19,200 a year before onboarding costs. When active usage concentrates in two or three people, effective cost per productive user climbs sharply. For a firm where median profit per equity partner is in the low six figures, that is not a rounding error.
The regulatory exposure sits on top of that. The ICO can impose fines of up to £17.5 million or 4% of global turnover for serious data protection breaches. The Tuckers Solicitors case in 2022 resulted in a £98,000 ICO penalty after a ransomware attack exposed over 970,000 files including court bundles, showing what weak controls on any new system can cost even a firm that did not consider itself a high-risk target. Cyber insurers including Hiscox and Beazley now ask specific questions about AI data-handling at renewal; inadequate governance can increase premiums or narrow cover for data breach claims.
The professional liability picture is different but equally significant. The SRA is clear that accountability for AI output stays with the solicitor. A negligence claim founded on a hallucinated case citation or an outdated statutory reference sits with the firm, not the vendor. The Law Society notes that small firms often lack spare capacity for training; non-billable time diverted to learning a complex platform that only a fraction of staff use reduces short-term fee income without a corresponding return.
What should you ask before signing anything?
Five questions cut through any vendor conversation for a small law firm. Where is client data stored and processed? Does the vendor train on your inputs? How are hallucinations identified and controlled? What are the pilot and exit terms? Who in your firm will own AI adoption day to day? These require specific, written answers. A vendor with sound contractual practices will have them prepared.
On data, ask for data-centre locations and the sub-processor list. Check whether data leaves the UK or EEA and what standard contractual protections apply. Many legal AI vendors commit in writing not to train on your content; insist on that clause rather than relying on a verbal assurance during the demo.
On hallucinations and supervision, look for tools that cite the underlying source, whether a statute, a judgment, or a document from your own file, so that fee-earners can verify outputs rather than trust them. The SRA’s technology guidance reinforces the same point: the lawyer reviews the work.
On commercial terms, ask whether you can pilot with a small user group before any firm-wide commitment, and check the data-export clause carefully. The CMA highlights lock-in as one of the primary risks in AI vendor relationships, and exit provisions are significantly easier to negotiate before the contract is signed.
On operational fit, identify who will take internal ownership of the AI tool. Firms without a CTO do better when a tech-aware partner or practice manager acts as an internal AI lead. Without that person, even a well-chosen tool gets abandoned within six months when the early enthusiasm fades and no one is left to troubleshoot it.
A vendor that answers all five clearly and in writing is one worth piloting with.
