Advanta is currently undergoing final system calibration ahead of launch. Selected infrastructure and experiences may still be in active refinement.

advanta

HomeModule Library

Module MAT-03 sigil: Maturity pillar, Strategy layer, maturity bands 1 to 3.Deterministic sigil for Module MAT-03. The Pillar geometry encodes Maturity (Pillar 7); the top-right marker S encodes the Strategy layer; the baseline meter encodes maturity bands 1 to 3.SMAT-03

P7

L-M

MAT-03

Gap Analysis Template

Structured 6-step gap analysis to map current vs. target Legal AI maturity, risk exposure, and roadmap.

ModuleFoundationalQuarterlyAdoption lensDefensibility lens

Audience

GC / CLOLegal Operations

·

2–4 days for baseline; 1 day for quarterly and annual refreshes

Executive Summary

MAT-03 is the Legal AI Gap Analysis Module for systematically mapping where a legal function is today, where it needs to be, and how to get there safely. It combines 2D maturity positioning (adoption stage × augmentation sophistication) with an 8‑pillar scorecard, a Risk Taxonomy 2026 Exposure assessment, and an Agentic Tier readiness check for Level 4 tools. The module produces a quantified view of gaps, a risk‑adjusted prioritisation, and a phased implementation roadmap. Outputs plug directly into MAT‑02 (readiness score recalibration), MAT‑04 (quarterly progress tracking), and the DPS Defensibility portfolio. It is designed for General Counsel and Legal Operations to run at baseline, then on a quarterly and annual cadence, aligning AI investments with ROAI, risk appetite, and regulatory expectations while preventing shadow AI and compliance drift.

Purpose and Scope

MAT-03 provides a structured, repeatable gap analysis framework for legal departments adopting AI. It translates abstract maturity concepts into quantified gaps, risk-informed priorities, and a phased roadmap.

The module covers:

  • 2D maturity positioning (Adoption Stage × Augmentation Sophistication)
  • 8-pillar current-state scoring (0–100 per pillar)
  • Risk Taxonomy 2026 Exposure (9 risk classes)
  • Agentic Tier readiness for Level 4 autonomous tools
  • Gap identification, prioritisation, and implementation planning

All outputs integrate with MAT-01 (baseline maturity), MAT-02 (readiness score), MAT-04 (quarterly tracking), and the DPS Defensibility evidence portfolio.

Metric 0 pre-checks (Task Force, AI Use Policy, MAT-01, MAT-02, AI BoM) should be completed before running MAT-03. Without them, gap scores will be unreliable and harder to defend.

1. Current State Assessment

1.1 2D Maturity Positioning

Position the legal function on:

  • Adoption Stage (Bands 1–5): Exploring, Planning, Implementing, Scaling, Realising.
  • Augmentation Sophistication (Levels 1–4): Advisor, Assistant, Co‑Creator, Executor (Agentic).

Use MAT-01 and MAT-02 evidence to select the band and level that best match actual practice, not aspirations.

1.2 8-Pillar Current State Scoring

Score each pillar 0–100, anchored in evidence (AI BoM, GOV-03 Risk Register, training records, vendor scorecards):

  • P1 Strategy, Sponsorship & Value
  • P2 Data & Infrastructure
  • P3 Talent & Change Management
  • P4 Governance, Risk & Defensible AI
  • P5 Use Cases, Execution & Measurement
  • P6 Vendor Benchmarking & Technology
  • P7 Legal AI Maturity Mapping
  • P8 Sustaining Long-Term Value

Document component-level scores and comments to support later root-cause analysis.

1.3 Risk Taxonomy 2026 Exposure

For each of the 9 risk classes, score current control strength (0–100). Any score <50 is a governance priority; Class 6 (Shadow AI) <30 requires immediate escalation to STR-07.

1.4 Agentic Tier Readiness (if Level 4 in scope)

Assess six provisions: kill-switch, intervention logging, scope limitation, escalation protocol, continuous bias monitoring, and AI Governance Manager role. Any provision marked Absent blocks Level 4 deployment.

2. Desired State Definition

2.1 Strategic Alignment

Clarify why the organisation is investing in AI (efficiency, client service, risk management, talent, innovation, regulatory compliance, agentic readiness). Select a target timeline (6–36 months) and resource posture (conservative, moderate, aggressive).

2.2 Target Maturity

Set target:

  • Adoption Stage (e.g. move from Planning to Implementing).
  • Augmentation Sophistication (e.g. from Assistant to Co‑Creator; Executor only when Agentic Tier gaps are closed).

2.3 Pillar and Risk Class Targets

Define target scores (0–100) for each pillar and each Risk Taxonomy 2026 class. Use 70/100 as the minimum target for each risk class, with higher targets where regulatory exposure is acute.

Incorporate MAT-05 peer benchmarks where available to ensure targets are realistic and competitive.

3. Gap Identification and Analysis

3.1 Pillar Gap Calculation

For each pillar, calculate:

  • Gap = Target Score – Current Score
  • Link each gap to the Legal AI OS modules that close it (e.g. GOV-02, TAL-02, VEN-04, SUS-05).

3.2 Risk Taxonomy 2026 Gaps

For each risk class, compute the gap and classify root causes (policy absence, partial controls, monitoring gaps, training gaps, vendor issues). Map each to specific closing actions and modules.

Apply the Class 6 Shadow AI escalation rule where the gap is ≥40 points.

3.3 Agentic Tier Gaps

Where Level 4 tools are in scope, identify which of the six provisions are Partial or Absent and specify required actions (e.g. implement kill-switch, design escalation runbooks, appoint oversight role).

3.4 Root Cause Analysis by Pillar

For any pillar with a gap ≥20 points, record up to three primary root causes (e.g. no executive sponsor, no AI Use Policy, no AI literacy programme, no AI BoM). This drives targeted interventions rather than generic remediation.

4. Gap Prioritisation Framework

4.1 Multi-Dimensional Scoring

For each identified gap, rate:

  • ROAI impact (High/Medium/Low)
  • Implementation feasibility (High/Medium/Low)
  • Resource requirement (High/Medium/Low)
  • Risk class severity (High/Medium/Low, informed by Risk Taxonomy 2026)

Use these ratings to assign an overall priority band (P1–P4) using the ruleset in the template.

4.2 Interdependencies

Respect key sequencing dependencies, including:

  • GOV-02 before broad deployment
  • AI BoM before adding tools
  • MAT-02 before scaling TAL-02
  • TAL-02 before full TAL-04 role rollout
  • All Agentic Tier provisions before Level 4 deployment.

4.3 Risk-Adjusted Prioritisation

Apply severity multipliers for high-risk gaps (e.g. Class 6, Class 7, hallucination, bias) and for missing Agentic Tier provisions. This ensures governance-critical work is not deprioritised against purely efficiency-driven initiatives.

5. Implementation Roadmap

5.1 Phased Plan

Organise gap-closure actions into four phases:

  • Phase 1 (Months 1–6): Foundation building and P1 gaps (Task Force, AI Use Policy, AI BoM, MAT-02 baseline, initial TAL-02, Class 6 controls).
  • Phase 2 (Months 6–12): Core governance and high-ROAI gaps (GOV-03, GOV-04, GOV-06, VEN-04, DAT-03, USE-06, initial TAL-04 roles).
  • Phase 3 (Months 12–18): Scaling and optimisation (expanded TAL-04 roles, VEN-05/06, SUS-03, SUS-04, MAT-04, MAT-05, Agentic Tier closure if applicable).
  • Phase 4 (18+ Months): Continuous improvement (SUS-05 cycle, DPS portfolio completion, ongoing MAT-04 tracking, Class 6 trend analysis, Agentic audits).

5.2 Resource and Governance Model

Estimate resource requirements across technology, training, external advisory, governance, and internal time. Define ownership (GC, Legal Ops, Risk, IT) and cadence for STR-07 AI Task Force oversight.

Embed checkpoints where MAT-04 is updated and where major decisions (e.g. Level 4 deployment) require evidence of closed gaps.

6. Success Measurement and Continuous Improvement

6.1 Metrics

Track gap closure and ROAI outcomes using:

  • Overall and per-pillar maturity scores
  • Risk Taxonomy 2026 average and per-class scores
  • Class 6 Shadow AI incident rate
  • AI BoM completeness
  • Agentic Tier provisions in place
  • DPS evidence coverage

Link these to PROTECT, COMPLY, GROW, and TRANSFORM outcomes.

6.2 Cadence

  • Monthly: ROAI and training metrics; Class 6 monitoring.
  • Quarterly: MAT-04 updates; risk exposure re-scoring; STR-07 review.
  • Annually: Full MAT-03 refresh; SUS-05 cycle; readiness recalibration; peer benchmarking.
  • Event-driven: Re-run gap identification when new tools are added or material incidents occur.

6.3 Lessons Learned

For each closed gap, capture timeline accuracy, resource variance, realised vs. projected ROAI, risk incidents prevented, and DPS evidence generated. Feed insights into the next planning cycle.

image pending

Diagram showing the MAT-03 gap analysis flow from current state assessment through prioritisation to roadmap and tracking.

MAT-03 connects current-state scoring, risk exposure, and agentic readiness into a single, defensible roadmap.

Defensibility Evidence

Produces a dated, evidence-backed record of AI maturity scores, risk exposure assessments, prioritisation logic, and roadmap decisions, demonstrating that AI adoption is governed, risk-informed, and aligned with documented policies and regulatory expectations.

Operational Artefacts

  • MAT-03 Gap Analysis Workbook

    xlsx · v2026.1

    Gated

  • MAT-03 Assessment & Interview Guide

    docx · v2026.1

    Gated

  • MAT-03 Governance & Risk Checklist

    checklist · v2026.1

Framework Crosswalk

NIST AI Risk Management Framework

NIST

Maps pillar and risk class gaps to NIST AI RMF functions (Govern, Map, Measure, Manage) and supports risk-based AI control design.

ISO/IEC 42001 AI Management System

ISO/IEC

Supports establishment and continual improvement of an AI management system by providing structured gap analysis inputs and evidence.

EU AI Act Governance Requirements

European Union

Aligns risk class and governance gaps with EU AI Act obligations for high-risk and general-purpose AI systems in legal workflows.

ABA Formal Opinion 512 on AI in Legal Practice

American Bar Association

Uses gap analysis to evidence reasonable supervision, competence, confidentiality, and transparency in AI use by lawyers.

Operational Details

Inputs

  • · MAT-01 Maturity Assessment output and adoption band
  • · MAT-02 Readiness Score baseline
  • · AI BoM (AI Bill of Materials) current inventory
  • · GOV-02 AI Use Policy and related communications
  • · GOV-03 Risk Register and last 12 months of incidents
  • · VEN-04 Vendor Compliance Scorecard results
  • · Training completion data for TAL-02 and TAL-04
  • · Stakeholder survey and interview responses
  • · Class 6 Shadow AI incident logs

Outputs

  • · 2D maturity position (Adoption Stage × Augmentation Sophistication)
  • · 8-pillar current and target maturity scores with quantified gaps
  • · Risk Taxonomy 2026 Exposure scores and gap profile
  • · Agentic Tier readiness assessment and gating decision
  • · Prioritised gap register with root causes and closing modules
  • · Phased implementation roadmap with milestones and owners
  • · Updated inputs for MAT-02 readiness recalibration
  • · Baseline for MAT-04 quarterly progress tracking
  • · DPS Defensibility evidence package for AI governance

Owner

General Counsel + Legal Operations

Telemetry & Observability

Telemetry-ready

Key Takeaways

  • Quantify current Legal AI maturity across all 8 pillars using a consistent 0–100 scoring model.

  • Map maturity against Risk Taxonomy 2026 Exposure and Agentic Tier readiness for Level 4 tools.

  • Define target states aligned to ROAI, business strategy, and regulatory risk appetite.

  • Identify and analyse gaps by pillar, risk class, and agentic provision with clear root causes.

  • Prioritise gaps using ROAI impact, feasibility, resource needs, and risk severity multipliers.

  • Build a phased implementation roadmap with linked Legal AI OS modules and DPS evidence.

  • Feed gap closure data into MAT-02 readiness recalibration and MAT-04 quarterly tracking.

Get This Module

This module is available as part of an Advanta Advisory engagement.

Explore Advisory

Module Details

Type

Pillar

P7

Layer

M · Measurement

Duration

2–4 days for baseline; 1 day for quarterly and annual refreshes

Advisory

Yes

Access

Member access

Certification

Practitioner

Maturity Bands

FoundationalOperationalIntegratedOptimisedDefensible

Risk Classes Mitigated

Available Through

Related Resources

P7 · MaturityModule Library →Take the Free Baseline Diagnostic →

Governance

Methodology
v2026.1
Last reviewed
23 May 2026
Verified
23 May 2026

ADVISORY

Need help implementing this — and the 49 modules around it?

Advanta Advisory works with legal departments to deploy the full Legal AI OS framework — governance design, implementation roadmap, and team capability — structured around your maturity baseline.

Explore Advisory →Run the Diagnostic first
← Back to Module Library