A developer sends you a proposal for a new AI-powered customer service tool. Buried in the technical specification are three product names: LangChain, LangGraph, and LangSmith. You recognise they are software products and that they involve AI, but you are not sure whether the specification makes sense, is over-engineered, or is missing something you should be pushing back on. That gap costs founders money every time a proposal goes unchallenged. This post separates the three.
What are LangChain, LangGraph and LangSmith?
LangChain, LangGraph and LangSmith are three separate tools from the same US company, LangChain Inc., each solving a different problem. LangChain is the framework that connects an AI language model to your data and external tools. LangGraph adds a control layer for complex workflows that need to loop, branch, or coordinate several tasks. LangSmith is the monitoring platform that records every AI call, prompt, and response.
Think of them as three layers sitting on top of each other. LangChain handles the wiring between an AI model, such as OpenAI or Azure OpenAI, and your data: your documents, your CRM, your internal knowledge base. LangGraph sits on top when the logic becomes complex enough to require branching decisions or memory that persists across steps. LangSmith watches the whole stack, recording what happened, how long it took, and what it cost.
LangChain itself offers one of the largest ecosystems of model and tool integrations, with connectors covering hundreds of AI models and data sources. That breadth accelerates early prototyping but can create dependency complexity as a project grows, which is worth raising with any developer quoting on LangChain-based work.
You do not need all three for every project. A simple internal knowledge search will typically use only LangChain. A multi-step client onboarding agent, where the AI triages an incoming email, checks your CRM, drafts response options, and logs the outcome, might use all three.
Why does this matter for your business?
Understanding the distinction between these three tools matters because each solves a different problem, and a proposal that includes all three when you only need one costs more than it should. LangChain handles the AI integration work. LangSmith matters most for compliance and accountability, providing the evidence trail that UK regulators now expect from firms using AI in client-facing workflows.
The ICO’s guidance on generative AI requires organisations to maintain auditability and human oversight when deploying AI models. The FCA has confirmed that Consumer Duty and operational resilience rules already apply to AI use in financial services, including AI outsourced to third-party agencies. LangSmith’s tracing features are the most direct way to produce the evidence both regulators expect: a record of what prompt the AI received, what context it drew on, and what it returned.
The NCSC and ICO set a secure-by-design standard in their joint statement on generative AI, which includes proper logging and accountability for AI outputs. For any firm handling client data in AI-powered workflows, treat LangSmith as a governance requirement from the start. LangChain and LangGraph build the capability; LangSmith documents what that capability does.
Where will you actually meet these tools?
In an owner-managed UK services firm, you will most likely encounter these tools inside a developer’s proposal or a technical specification from an AI agency. Your team interacts with the product built on top, not the framework itself. But the design decisions your developer makes about which layer to use, and how LangSmith is configured, determine whether you can meet your ICO and FCA oversight obligations.
You will also see these terms in cloud provider documentation. Azure OpenAI Service, which can be configured to keep data within UK and EU regions, is a common model choice for UK firms and integrates directly with LangChain. If your developer is building a retrieval-augmented generation system, often shortened to RAG, so that staff can query internal documents using AI, LangChain is the framework that makes the retrieval layer work.
One practical question to raise before sign-off: is LangSmith tracing active in production? Tracing switched off by default gives you none of the audit trail the ICO expects. Ask to see a sample trace before the system goes live. That single question will tell you a great deal about whether the development team has thought through compliance or treated it as someone else’s concern.
When should you ask about this, and when can you ignore it?
If your firm uses off-the-shelf AI products such as Microsoft 365 Copilot or a commercial SaaS chatbot, you do not need to think about LangChain, LangGraph, or LangSmith. Those platforms manage the orchestration layer internally. You need to engage with this stack only when your firm is commissioning custom AI features and you have developer resource available, whether in-house or outsourced.
When that is the case, four questions are worth raising with your developer or agency. First, which AI model are you connecting to, and where does the data go? Azure OpenAI and similar enterprise-grade services offer UK and EU data residency; open-source model hosts may not. Second, is LangSmith tracing active in production? Third, has a DPIA been completed under ICO guidance? Fourth, what happens to the audit trail if you switch AI providers later?
The FCA and Bank of England’s survey on machine learning in UK financial services found that data governance and explainability were the top reported challenges for firms already using AI, ahead of the technology itself. Both come down to decisions made at the design stage. Getting clear on which of these three layers your project actually needs, and insisting that LangSmith tracing is on from day one, addresses a significant share of those governance gaps before they surface as complaints or audit findings.
What else sits alongside this in the AI stack?
Retrieval-augmented generation, usually shortened to RAG, is the first pattern developers build on LangChain when a firm needs AI to work with its own documents. RAG lets an AI model answer questions using your firm’s actual files rather than its general training data. Vector databases, which store document content in a form AI models can search quickly, are the underlying infrastructure for any RAG system and worth asking about in any proposal.
The EU AI Act, which already applies to some UK firms serving EU clients, introduces logging and technical documentation requirements for high-risk AI systems. LangSmith’s tracing and evaluation features map directly onto those requirements. For a UK SME, the high-risk classification is unlikely to cover internal productivity tools, but if your firm uses AI to assess clients, score applications, or make decisions with individual consequences, checking the Act’s classification criteria before you build is worthwhile.
If you are at the stage where a developer is proposing a LangChain-based system for client-facing work and you want an independent view on whether the approach makes sense, book a conversation and we can walk through the proposal together.
