Most Swiss law firms have AI on their agenda - but the gap between "we should look into this" and a working deployment in daily practice is wider than a tool subscription. This guide covers what actually matters when introducing AI in a law firm: the legal framework, sensible starting points, and practical steps for teams that do not want a months-long rollout.
Why AI adoption in Swiss law firms follows its own logic
In Germany and the EU, the EU AI Act introduced an AI competence obligation for companies using AI systems as of February 2025 (Art. 4 EU AI Act). Swiss firms without an EU presence are not directly subject to this rule - but those working with EU clients or processing data in EU systems will encounter its core principles regardless.
More directly relevant for Swiss firms is the revised Data Protection Act (revDSG), which has applied since September 2023. It requires that personal data be processed only for defined purposes and that data processing agreements be in place with external providers. AI tools that transfer data to the United States need a solid legal basis - or firms can choose tools that avoid US transfers entirely.
Professional law adds another layer. Attorney-client privilege under Art. 13 BGFA applies without exception to client matter data. This means AI tools that send contract content or pleadings to external servers must be secured contractually and technically to rule out unauthorised disclosure.
What comes before choosing a tool
The most common mistake in AI adoption is starting with the tool. Before evaluating any vendor, three questions are worth working through first.
Which processes actually consume the most time? Contract analysis, legal research, proofreading, and due diligence extraction are the typical candidates. Matter management or deadline monitoring are less so - those require a different category of systems.
What data is involved? If a process involves client matter data, special categories of personal data, or trade secrets, the requirements for hosting, contracts, and access controls are higher.
Who is accountable for the outputs? AI outputs do not replace legal judgment. They speed up the path toward it. Making this clear internally from the outset reduces liability exposure later.
These questions should feed into an internal AI policy - even a short, one-page version is more useful than none at all. It defines which information may flow into which tools and how outputs should be handled.
Data protection and security requirements in practice
Law firms face particularly strict requirements when adopting AI. The following points should be reviewed before signing a contract with any AI vendor.
Hosting and data residency
Where is data processed? Swiss and EU hosting is considerably easier to handle under data protection law than US hosting. With US-based providers, US access laws such as the CLOUD Act create residual risk even where standard contractual clauses are in place.
Data retention and model training
Are firm data used to train AI models? If so, this is difficult to reconcile with attorney-client privilege. Providers with a genuine zero-data-retention policy and no human review offer more legal certainty.
CASUS, a Swiss legal AI platform, hosts all data in Switzerland and the EU, does not transfer data to the United States, and operates with neither human review nor data retention. This significantly simplifies the data protection assessment for Swiss law firms. Details are available at /security.
Which use cases deliver the greatest benefit
Not all AI applications are equally well-suited for law firms. The following areas offer the most favourable effort-to-benefit ratio.
Contract analysis and risk review
Working through a 40-page contract to identify liability clauses, notice periods, and one-sided wording takes hours without support. A structured AI review can prioritise risks by severity - low, medium, or high - and link each finding directly to drafting alternatives.
CASUS' Risk & Quality Review identifies the contracting parties, analyses risks from each party's perspective, and delivers improvement suggestions that can be applied directly in Microsoft Word - no copy-paste required.
Benchmark against internal standards
Firms that regularly handle similar contract types - NDA, SPA, DPA - benefit from automated comparison against an internal playbook. Missing clauses, incomplete provisions, and deviations from the standard become immediately visible, including a percentage match score.
The Benchmark workflow in CASUS does exactly this: check a document against your own playbook or established best practices, and close gaps with a single click.
Legal research
Structured first assessments based on statutes and case law take considerable time when done manually. CASUS' Legal Research searches over 660,000 cantonal and federal court decisions as well as statutory provisions, and delivers source-based, traceable outputs - directly in the chat, without having to open individual decisions.
Due diligence and bulk document review
In M&A transactions or compliance reviews involving many documents, manually extracting clauses is inefficient. The AI Data Room supports the upload of dozens or hundreds of documents and extracts defined fields into a table - suitable for clause matrices, liability comparisons, or data protection audits.
Proofreading before sending
A pleading with a wrong cross-reference or an undefined term looks unprofessional. The Proofread module checks Swiss spelling conventions, terminology consistency, cross-references, definitions, and placeholders - without altering the legal substance.
Pilot project: what a sensible entry looks like
A 90-day pilot is more realistic for most firms than a large-scale rollout. A basic structure:
Weeks 1–2: Complete process selection and data protection review. Select the tool and sign up for a free trial or pilot.
Weeks 3–8: Test the tool in real working conditions - with actual documents, not demos. Document experience: what saves time? Where is post-correction needed? What is the effective time investment per use case?
Weeks 9–12: Evaluate. Does continued use make sense? Which processes should be expanded? What prompting rules or internal guidelines does the team need?
Realistic expectation management matters here. AI tools speed up and structure work - they do not replace legal judgment. Communicating this clearly internally avoids disappointment and reduces liability exposure.
What an internal AI policy should cover
Even small firms benefit from a short internal framework. Minimum content:
Which categories of data may go into which tools?
Who is responsible for quality control of AI outputs?
How are AI outputs labelled in pleadings or advisory documents?
Which tools are approved, and which are not?
A one-page policy is more effective than a 30-page document that nobody reads.
CASUS for Swiss law firms
Firms looking to get started with AI-supported contract work can test CASUS at no cost. The platform runs directly in Microsoft Word or in the browser, all data stays in Switzerland or the EU, and there is no data retention and no human review.
FAQ
What does a Swiss law firm need to review legally before adopting AI?
At minimum zwo things: first, where data is hosted - Switzerland or EU hosting is significantly less complicated than US hosting for attorney-client privilege purposes; second, whether the provider uses data for model training, which is generally incompatible with professional secrecy obligations.
Is the EU AI Act relevant for Swiss law firms?
The EU AI Act does not apply directly to Swiss firms without an EU presence. Firms that regularly work with EU clients or process data in EU systems should nonetheless understand its core principles - particularly the AI competence obligation under Art. 4 - and factor them into internal practice.
Can AI outputs be used directly in pleadings or legal advice?
AI outputs are working tools, not finished legal texts. They accelerate analysis, drafting, and research - but any use in a pleading or client advice document requires legal review and professional accountability.
Which use cases are best for getting started?
Contract analysis (risk review), proofreading, and structured legal research are natural starting points because time savings are immediately measurable and output quality is straightforward to verify.
How long does it take to introduce an AI tool in a law firm?
A structured pilot with a specialised legal AI tool can be set up within two to four weeks - data protection review, tool selection, and initial testing included. A firm-wide rollout takes longer, but for most firms it is not the right first step.
What is "shadow AI" and why does it matter?
Shadow AI refers to unapproved use of AI tools by staff, often through personal or free accounts with general-purpose providers. The risk: client matter data may end up in systems not covered by a data processing agreement, which is problematic under both data protection law and professional regulations.
How does CASUS differ from general AI tools like ChatGPT?
CASUS is built for legal document work, hosts data exclusively in Switzerland and the EU, does not transfer data to the United States, and operates with no human review and no data retention. General AI tools like ChatGPT are not tailored to Swiss law and typically do not meet the data protection requirements for law firms without substantial additional configuration.
Does a law firm need an internal AI policy?
Yes - even a short one. It defines which tools are permitted, which data may be processed, and who is accountable for quality control of AI outputs. Without this foundation, a regulated, liability-conscious AI deployment is difficult to achieve in practice.
