advanta

HomeGlossaryFramework

Framework

Framework

P4

Risk Taxonomy 2026

Audience

GC / CLORisk & ComplianceLegal OperationsCIO / CISO

DEFINITION

The canonical nine-class AI risk classification system for legal functions, versioned at 2026.1. The nine classes are: (1) Hallucination, (2) Data leakage, (3) Model drift, (4) Vendor lock-in, (5) Regulatory non-compliance, (6) Professional conduct exposure, (7) Client confidentiality breach, (8) Shadow AI proliferation, and (9) Accountability dilution. Every AI use case in the legal function is assessed and registered against this taxonomy; every Risk Register entry maps to one of the nine classes. 'Risk framework', 'Risk model', and 'Risk register taxonomy' are forbidden synonyms.

Detailed Explanation

Risk Taxonomy 2026 is the canonical inventory of legal AI risk classes. It names the nine classes of risk that legal AI introduces or amplifies. Generic enterprise risk frames, covering cybersecurity, vendor, and operational risk, are necessary but insufficient for legal AI. Each Taxonomy class carries a distinct mechanism, distinct evidence requirements, and a distinct mitigation pattern that legal functions must operationalise individually.

The Taxonomy is binding canon for institutional legal AI risk management. Functions that maintain a generic enterprise risk register without mapping to the nine classes cannot demonstrate that they have considered the legal-AI-specific risk surface. Regulators, plaintiffs, boards, and acquirers increasingly ask for the mapping by name; functions without it default to retrospective explanation rather than contemporaneous evidence.

The nine classes

Hallucination: AI outputs not grounded in source. The most-discussed legal AI risk and the most-mitigated through retrieval and review discipline. Data leakage: sensitive data exits the perimeter through prompts, training, sub-processors, or model-provider retention. The risk whose surface area grows fastest as functions adopt agentic and multimodal tooling. Model drift: capability degrades after deployment because the model, the data, or the surrounding workflow has changed. Detected only by continuous evaluation; ignored until incidents force the discovery.

Vendor lock-in: contractual or technical dependencies that compromise exit-readiness. Crystallises at contract execution; payable at Sunset. Regulatory non-compliance: failure to satisfy EU AI Act, GPAI obligations, NIST AI RMF, sectoral guidance, or jurisdictional rules. The class that grew most acute when the EU AI Office became operationally active in August 2025. Professional conduct exposure: bar association or conduct body rules engaged by AI-augmented work product. Most acute where AI output reaches client deliverables without disclosure.

Client confidentiality breach: privileged or confidential material reaching unintended recipients. The risk class that combines worst with data leakage to produce the highest-severity incidents. Shadow AI proliferation: AI tooling outside the sanctioned stack. The class that signals every other Taxonomy class is undercounted, because the function cannot enumerate what it does not know is in use. Accountability dilution: ownership gaps that prevent the function from naming who is responsible. The class whose presence guarantees that the other eight cannot be defensibly managed.

How the Taxonomy is used

The Taxonomy is the inventory the function maintains as a Risk Register. Each entry in the function’s Risk Register maps to one of the nine classes; an entry that does not map signals either a class missing from the Taxonomy (rare; review with Editorial Council) or a register entry that is not actually a legal AI risk. Vendor evaluations score against the classes: a vendor that mitigates hallucination but exacerbates data leakage is a different procurement decision than one that mitigates both.

Incident reviews classify root cause against the framework. The incident that surfaces under the Hallucination class generates different remediation than the incident under Vendor Lock-in, even when the visible symptom is similar. Defensibility evidence is organised around the Taxonomy structure so that, when a class triggers, the function has the response capability mapped in advance rather than reconstructed retrospectively.

Relationship to Defensibility

The Taxonomy is the inventory side of Defensibility. Where Defensibility describes the response capability a legal function must demonstrate, the Taxonomy describes what must be responded to. A function that has a Risk Register but no Defensibility framework can name its risks but not demonstrate response capability. A function that has Defensibility but no Risk Register is responsive but blind to what it should be responsive to. The two instruments are paired; neither functions in isolation.

Quick Facts

Term Type

Framework

Category

Framework

Related Pillar

P4 · Governance

Governance

Methodology
v2026.1
Last reviewed
27 May 2026

Explore Glossary

← All Terms