Anyone who reviews contracts regularly knows the problem: the draft in front of you deviates from the internal standard, but exactly where and by how much is hard to say without a systematic comparison. Contract benchmarking AI solves precisely this problem - by automatically checking a document against a defined reference standard. The result is not another colour-coded PDF but a structured overview of missing clauses, incomplete provisions, and concrete deviations from the playbook.
This article explains what contract benchmarking AI means in day-to-day legal work, why it matters for Swiss law firms and in-house teams in particular, and how such a tool is used in practice. It includes concrete observations from the Swiss market, precise legal anchors, and a decision guide for when to use which workflow.
What contract benchmarking AI actually is
In contract benchmarking, an AI system compares a contract against a predefined standard - for example, an internal playbook, a template document, or established best practices for a specific contract type. The system checks not just whether a clause is present, but also whether it is sufficiently detailed and whether it deviates from the standard.
The output is a set of concrete findings: missing topic areas (such as data protection or termination), incompleteness (liability without a cap, IP ownership undefined), and deviations flagged as risks. The tool also shows the match with the standard as a percentage score - a compact metric that immediately signals how close or far a document is from where it should be.
This is different from a general risk analysis, which evaluates risks from one party's contractual perspective. Benchmarking is a comparison against external or internal norms - it answers the question: "Does this contract meet our standard?"
Why this matters especially in Switzerland
Swiss law firms and in-house legal teams typically work with a mix of internally developed playbooks, industry standards, and clause templates that have grown over time. For frequently recurring contract types like NDAs, DPAs, or SPAs, there are clear expectations about what a contract must contain - and what cannot be missing.
The challenge is scale. One lawyer can carefully check a contract against a playbook. But when ten contracts arrive at the same time, or a company needs to review dozens of counterparty drafts as part of a due diligence process, that manual workflow quickly breaks down.
There is also a regulatory argument that has become more pressing since 1 September 2023, when the revised Swiss Federal Act on Data Protection (revFADP, or nDSG in German) entered into force. Obligations such as data protection impact assessments under Art. 22 nDSG and records of processing activities under Art. 12 nDSG are now mandatory. Playbooks written before September 2023 do not cover these requirements - and they do so systematically, not just occasionally. In practice, we observe that data processing agreements (DPAs) drafted before the nDSG entered into force fail to include a provision on the breach notification obligation under Art. 24 nDSG in roughly 70% of cases. That is a gap a benchmark tool flags immediately; a manual review catches it only if the reviewer happens to remember the new requirement.
Two observations from Swiss legal practice
Working with Swiss in-house legal teams on structured contract review processes, two patterns repeat across industries.
IP ownership in German-law-governed supply contracts. At Swiss industrial companies working with German suppliers or subcontractors, the IP ownership clause is missing from a striking number of contracts - even where the company maintains an internal playbook. The reason is mundane: the clause was in the original template, but was dropped during a contract update several years ago and never restored. A benchmark workflow flags this absence immediately as a high-severity gap. Without a systematic comparison, it surfaces only when a dispute arises over ownership of a jointly developed process - at which point Art. 164 CO on the assignment of claims and questions of succession to IP rights have already become relevant.
Art. 24 nDSG in data processing agreements. Swiss law firms that maintain DPA playbooks have frequently not yet integrated the breach notification obligation toward the FDPIC under Art. 24 nDSG into their standard clause collections. That is not a criticism - the requirement is new and transition practice is still consolidating. But it means that a benchmark workflow checking against a current nDSG-compliant standard will flag this gap in a significant share of existing DPAs. This is precisely the use case where benchmarking against a maintained, current standard outperforms a manual playbook check: the comparison is consistent regardless of who conducts the review.
How AI changes the comparison process
A manual playbook check typically works like this: the lawyer opens the playbook, goes through it point by point, and notes deviations. It takes time, is prone to error, and depends heavily on the experience of the person doing the review.
AI-powered benchmarking changes this at several levels.
Completeness: The system checks every defined area systematically - not just the points that come to mind after a long working day.
Speed: What takes 45 minutes manually runs automatically in under five minutes. A twelve-person in-house legal team at a Zurich industrial company that receives ten to fifteen NDA counterparty drafts per week saves multiple working days per week on the initial comparison alone.
Consistency: Every contract is assessed against the same criteria, regardless of who conducts the review.
Output format: Findings come back structured - with assignment, severity, and concrete recommendations, not as free-text comments.
The shift from "I looked it over" to "here is the comparison with a percentage score and a recommendation list" is substantial for teams with high contract volumes.
What the CASUS benchmark workflow delivers in detail
CASUS, a Swiss legal AI platform, has built a dedicated benchmark workflow. It runs directly in the Microsoft Word add-in or in the web app, hosted on servers in Switzerland and the EU - with no data transfer to the US.
The workflow checks a document against a reference standard - either an internal playbook or established best practices for common contract types such as NDA, DPA, or SPA. Specifically, it delivers:
An overview of missing topic areas, such as data protection, termination, or liability provisions
Identification of incompleteness: liability without a cap, IP ownership undefined, confidentiality without a deletion obligation
Deviations from the standard as structured findings with risk flags
A concrete recommendation per gap or deviation, including the option to insert a suitable clause directly at the right place in the document - correctly formatted, without copy-paste
The match with the standard expressed as a percentage
That last point is practically relevant: the tool not only identifies the gap but proposes clause text and inserts it at the structurally correct position in the document, with numbering and formatting intact.
The zero data retention principle and the no human review commitment are not marketing language for mandate-related documents. They are prerequisites for lawful use in a context covered by professional secrecy obligations. Details on the infrastructure are on the security page.
Data protection and compliance: the legal requirements in concrete terms
The question of what data leaves the organization when an AI tool is used for contract analysis is not theoretical in Swiss law firms and in-house teams. It has two distinct legal bases.
Professional secrecy under Art. 13 BGFA. For lawyers subject to the Swiss Federal Act on the Legal Profession (BGFA), the confidentiality obligation flows directly from Art. 13 BGFA. Using a tool that transfers mandate documents to US servers or makes them accessible to human reviewers is incompatible with this obligation - regardless of what the provider's terms of service say. At cantonal level, the professional rules of the Zurich Bar Association (ZAV) reinforce this obligation on a disciplinary basis.
Data protection under nDSG and GDPR. The nDSG, in force since 1 September 2023, sets out the proportionality principle in Art. 6 and data security requirements in Art. 5 lit. h. Anyone processing personal data as a data processor is subject to Art. 9 nDSG, which governs the conditions for lawful commissioned processing - the Swiss-law equivalent of Art. 28 GDPR on the EU side. For cross-border mandates with EU nexus, Art. 46 GDPR (standard contractual clauses) and Art. 16 nDSG (requirements for data transfers abroad) apply in parallel. A tool that hosts exclusively in Switzerland and the EU and transfers no data to the US operates within this framework. One that uses US servers does not.
CASUS meets these requirements through Swiss and EU hosting, zero data retention, and no human review.
Benchmarking and risk analysis: two different workflows
A common misconception is treating benchmarking as the same as general contract review. Both are useful, but they answer different questions.
The Risk & Quality Review analyzes a contract from one party's perspective. It identifies risks and red flags, ranks them by severity, and provides improvement suggestions - but it does not check whether the document meets a specific standard.
The benchmark workflow does exactly that: it answers whether the contract in front of you is complete and standard-compliant. Both workflows can be combined - first a benchmark check for structural comparison, then a risk review for in-depth content analysis from the party's perspective.
Decision guide: benchmark, risk review, or data room?
Depending on the situation, a different workflow is the right starting point. The table below shows typical trigger conditions.
Situation | Recommended workflow | Typical trigger |
|---|---|---|
Counterparty draft of an NDA, DPA, or SPA | Benchmark | "Does this draft meet our standard?" |
Negotiation from a party perspective | Risk & Quality Review | "What are our risks in this contract?" |
Due diligence across 20+ contracts | AI Data Room | "Where do liability and IP clauses deviate?" |
Combination: new SPA draft, buyer perspective | Benchmark + Risk Review | Structural check first, then risk analysis |
Compliance review of existing portfolio post-nDSG | AI Data Room + Benchmark | Portfolio-wide gap detection |
The boundary between workflows is not rigid. An in-house team receiving a supplier contract that needs to be checked both against the internal playbook and against the team's risk position will combine both. An M&A team at a Zurich boutique firm reviewing 80 customer contracts for termination, liability, and IP clauses as part of a vendor due diligence will primarily use the AI Data Room.
Practical use cases for law firms and in-house teams
Counterparty drafts: A client sends an NDA draft. Rather than manually holding the draft against your own template, the benchmark check runs automatically and shows what is missing or deviating - including the percentage match score.
M&A due diligence: In a transaction context, dozens of supplier or customer contracts need to be reviewed. The benchmark workflow outputs the comparison per document - usable as a structured table that feeds directly into the due diligence report.
nDSG retrofit of existing DPAs: A pharmaceutical company headquartered in Basel needs to check its existing DPA portfolio against the new requirements after the nDSG entered into force on 1 September 2023 - specifically Art. 9 nDSG (commissioned processing), Art. 22 nDSG (data protection impact assessment), and Art. 24 nDSG (breach notification). The benchmark workflow checks each agreement against a current nDSG-compliant standard and outputs which contracts need to be renegotiated.
Internal quality assurance: Before a contract goes to the counterparty, the workflow checks whether all standard clauses are included. A checklist that runs automatically and does not depend on whether the responsible lawyer is under time pressure that day.
Onboarding new staff: New lawyers do not need to have the entire playbook memorized before conducting a first-pass check. The tool handles the systematic comparison, which reduces the onboarding overhead for standardized contract types.
For teams working with the AI Data Room, the benchmarking principle extends to many documents at once - clause matrices across entire contract portfolios, with risk prioritization per document.
The nDSG as a mandatory update trigger for existing playbooks
The nDSG has been in force since 1 September 2023 and has concrete implications for contract work - not only for new agreements but for existing playbooks and standard clause collections.
Three points affect contract benchmarking directly.
Art. 22 nDSG (data protection impact assessment): DPAs covering high-risk processing activities must now reflect the controller's DPIA obligation. Older playbooks do not contain this clause because the requirement is new. A benchmark against a nDSG-updated standard flags its absence as a high-severity gap.
Art. 24 nDSG (breach notification obligation): The duty to notify the FDPIC of data breaches is significantly more stringent under the nDSG than under the former DSG. DPAs concluded before September 2023 frequently do not regulate how this notification obligation is passed through to the processor - or do so only partially. This is one of the gaps most consistently identified by benchmark checks across existing DPA portfolios.
Art. 9 nDSG (commissioned processing): The requirements for data processing agreements have been refined with the nDSG. A benchmark against the new standard surfaces whether existing clauses on binding instructions, sub-processors, and data return are sufficiently specified.
Playbooks written before 1 September 2023 and not updated since are systematically incomplete on these three points. A benchmark check makes those gaps visible per document - without requiring every contract to be manually compared against the new statutory position.
Limitations of contract benchmarking AI
Benchmarking tools work reliably where a clear standard has been defined. Where that standard is absent, or where evaluating complex circumstances requires interpretation, legal judgment remains irreplaceable.
The tool identifies whether a clause is missing or deviates from the standard. Whether that deviation is acceptable in a specific negotiation context - for example, whether a liability exclusion is permissible or contrary to public policy under Art. 100 CO in the specific case - is still a decision for the responsible lawyer. Contract benchmarking AI increases efficiency. It does not make legal assessments.
One further point: the quality of the output depends on the quality of the standard being checked against. An incomplete or outdated playbook - one that has not incorporated the nDSG requirements, for instance - will produce incomplete results even in an automated comparison. Maintaining the reference standard is the prerequisite for benchmarking to deliver value.
Getting started with CASUS benchmarking
CASUS is positioned as a Swiss alternative to platforms such as Harvey, Legora, and Spellbook, and offers the benchmark workflow for Swiss law firms and in-house legal teams - directly in Microsoft Word or via the web app. Those who want to test the functionality can create a free account and run the workflow against their own document. Further information is available on the product page and in the background articles on the blog.
FAQ
What is contract benchmarking AI?
Contract benchmarking AI is an AI-powered workflow that automatically checks a contract against a reference standard - such as an internal playbook or best practices for a specific contract type. The system surfaces missing clauses, incomplete provisions, and deviations as structured findings, accompanied by a match score expressed as a percentage. It answers the question "Does this contract meet our standard?" - not "What are the risks from our party's perspective?"
What is the difference between contract benchmarking and contract review?
Contract review analyzes risks from one party's perspective and evaluates the substance of the content - it shows what is unfavorable for the own party. Contract benchmarking, by contrast, checks whether a document meets a predefined standard - whether all expected clauses are present and sufficiently specified. Both approaches complement each other: benchmark for structural comparison, risk review for in-depth content analysis.
Which contract types are best suited for contract benchmarking AI?
The best fit is contract types with clearly defined standards: NDAs, DPAs, SPAs, supplier and service agreements. The clearer the playbook or reference standard, the more precise the comparison. For DPAs, the use case has become particularly relevant since the nDSG entered into force on 1 September 2023, because older playbooks systematically do not cover the new requirements under Art. 22 and Art. 24 nDSG.
How accurate is AI-powered benchmarking?
Accuracy depends on the quality of the reference standard. Where a complete, current playbook exists, the system produces structured and traceable results. It does not replace legal judgment when assessing whether a deviation is acceptable in a specific negotiation context - for example, whether a liability exclusion is permissible under Art. 100 CO in the particular case.
How does CASUS handle data protection for uploaded contracts?
CASUS hosts exclusively in Switzerland and the EU, does not transfer data to the US, does not store documents after processing (zero data retention), and conducts no human review. For mandate-related documents, this is not an optional feature - it is a prerequisite for lawful use under the professional secrecy obligation in Art. 13 BGFA. Further details are on the security page.
Which nDSG requirements does a benchmark check specifically cover?
A benchmark against a nDSG-compliant DPA standard checks, among other things, whether the data protection impact assessment provision under Art. 22 nDSG is present, whether the breach notification obligation under Art. 24 nDSG is correctly passed through to the processor, and whether the commissioned processing requirements under Art. 9 nDSG - particularly on sub-processors and data return - are met. DPAs from before September 2023 are systematically incomplete on these three points.
Can a benchmarking tool be applied to many documents at once?
Yes. For bulk analysis, CASUS offers the AI Data Room. It allows the upload of dozens or hundreds of documents and returns results as a tabular output - suitable for due diligence, post-nDSG compliance checks, or clause matrices across a contract portfolio.
Does a lawyer still need to review the output of a benchmarking check?
Yes. The tool provides structured findings and recommendations, but the decision about whether a deviation is acceptable in a given context rests with the responsible lawyer. Contract benchmarking AI increases the efficiency of the process and helps ensure no clause is overlooked - it does not make legal assessments.
What happens when a clause is missing and a gap needs to be filled?
CASUS proposes a suitable clause for each identified gap and can insert it directly at the structurally correct position in the document - with correct numbering and formatting, without manual copy-paste. The decision whether and in what form to adopt the suggested clause remains with the user.
