Choosing a Legal AI Solution: A Buyer's Checklist for Moroccan Teams

Choosing a legal AI vendor is not a software decision. It is a trust decision.

When a firm buys a project management tool, the worst case is wasted money and a migration headache. When a legal team chooses the wrong legal AI, the worst case is a confidentiality breach, a hallucinated clause in a client deliverable, or a regulatory exposure that surfaces months later in front of the wrong audience.

The stakes change the buying process. A legal AI evaluation is closer to vetting external counsel than to buying a SaaS subscription. You are deciding who gets to sit inside your confidentiality perimeter and touch your most sensitive work.

This article gives you a practical structure for that decision. Seven dimensions to evaluate, fifteen questions to ask, the red flags to watch for, and a way to run a pilot that actually tells you something.

The seven dimensions of evaluation

A serious evaluation looks at seven dimensions. Most vendor demos cover one or two of them well, usually the impressive ones, and stay quiet about the rest. Your job is to cover all seven.

1. Security and sovereignty. Where is the data hosted? Under whose jurisdiction does the operator fall? Is there tenant isolation? What encryption applies in transit and at rest? Who are the sub-processors? For Moroccan regulated entities, this is not the last question on the checklist. It is the first.

2. Jurisdictional fit. Does the system handle French and Arabic natively, or is one language a second-class citizen? Does it understand Moroccan legal structures, or does it apply common-law assumptions to a civil-law country? A legal AI trained and tuned for the United States or the United Kingdom, dropped into Morocco unchanged, will be confidently wrong in ways that are hard to detect.

3. Source-awareness and auditability. Does every answer carry its sources? Can a lawyer click from a claim to the underlying document or text? Are AI interactions logged? Can you reconstruct, after the fact, what was asked, what was retrieved, and who validated the output? If the system cannot show its work, it cannot be trusted with legal work.

4. Workflow and document integration. Does the system operate at the level of matters and documents, or only at the level of chat? Can it work inside your actual files, or does it require you to paste content in and copy answers out? A tool that lives outside your workflow adds friction. A system that lives inside it removes friction.

5. Governance and access control. Can you control who sees what at the matter level? Can you revoke access cleanly? Can you separate roles, partner, associate, paralegal, client? Governance is not an enterprise upsell. For legal work it is a structural requirement.

6. Commercial model and transparency. How is pricing structured? What happens to your data if you leave? Is there vendor lock-in on your own documents? Are the terms about data usage clear, or buried? A vendor that is vague about what happens to your data is telling you something.

7. Support, training, and roadmap. Who trains your team? What does onboarding look like? Is there local support that understands the Moroccan context? Where is the product going, and does that direction match where your practice is going?

The fifteen questions no salesperson enjoys

Demos are designed to impress. Evaluations are designed to inform. The difference is the questions you ask. Here are fifteen that move a conversation from marketing to substance.

1. Where, physically, is our data stored, and can you put that in the contract?
2. Under which country's laws does your company operate, and which courts could compel disclosure of our data?
3. Who are your sub-processors, and where are they located?
4. Is our data used to train your models, in any form, ever?
5. What happens to our data, exactly, on the day we stop being your client?
6. Can you show me how a single AI answer traces back to its sources?
7. What does the system do when it does not know the answer?
8. How does the system handle a document that is half in French and half in Arabic?
9. Can you show me the audit log for a sample interaction?
10. Can a paralegal be prevented from seeing a partner-only matter?
11. What is your false-information rate on legal tasks, and how do you measure it?
12. What happens if the model produces a wrong citation, and how would we know?
13. Can we run a pilot on a closed, non-sensitive matter before committing?
14. Who, locally, do we call when something breaks?
15. What is on your roadmap for Moroccan and francophone legal work specifically?

You will learn as much from how a vendor answers as from what they answer. Confident specificity is a good sign. Vagueness, deflection, and "we'll get back to you" on the basics are not.

Red flags

Some warning signs are reliable across vendors.

Vagueness about hosting and jurisdiction. If a vendor cannot tell you clearly where your data lives and whose law governs it, the rest of the conversation is premature.

No citations. If the system produces fluent answers with no traceable sources, it is not a legal tool. It is a writing tool that talks about law.

No audit trail. If you cannot reconstruct what happened, you cannot meet the accountability standard the profession requires.

Common-law defaults in a civil-law country. If the demo keeps referencing concepts and structures that do not map onto Moroccan law, the product was not built for you.

One language treated as primary, the other as a bolt-on. In Morocco, this is disqualifying for most serious work.

Reluctance to pilot. A vendor confident in the product welcomes a scoped, honest pilot. A vendor that resists one is protecting something.

Data-usage terms that require a lawyer to decode. The irony is intentional. If the terms about your data are written to be hard to understand, read them twice, then read them a third time.

Running a pilot that tells you something

Most pilots fail to inform the decision because they are designed to succeed rather than to test. A useful pilot has four properties.

A real but safe scope. Use closed matters, anonymised matters, or non-sensitive internal work. Real enough to be meaningful, safe enough to be responsible.

Defined tasks. Choose three or four concrete tasks your team actually does. First-draft contract review. A legal research question with a known answer. A bilingual document summary. A matter timeline reconstruction.

Honest evaluators. Put the work in front of skeptical senior lawyers, not enthusiastic juniors. The senior lawyer's "I don't trust this" is more valuable than the junior's "this is amazing."

Measurable outcomes. Decide in advance what success looks like. Time saved with quality maintained. Citation accuracy. Reviewer confidence. A vague sense that "it felt useful" is not a result.

A two-to-four week pilot, scoped this way, tells you more than ten demos.

In Morocco and francophone practice

The Moroccan context sharpens several of these dimensions.

Regulatory expectations are explicit. As covered in Article 2, deployments touching personal data fall under the CNDP and Law 09-08, and regulated or public-sector entities operate under the DGSSI and Law 05-20. A vendor evaluation in Morocco should therefore start from the regulatory file, not end with it. The first dimension, security and sovereignty, is not negotiable for these buyers.

Professional expectations matter. Moroccan firms answer to professional duties of secrecy and to their bâtonnat. A legal AI choice that cannot be explained, calmly, to a client or to a professional body is a choice waiting to become a problem.

In-house procurement is rigorous. Legal AI decisions in Moroccan banks, insurers, telecom operators, and large industrial groups go through procurement, IT security, and sometimes the board. The evaluation has to satisfy not only the legal team but also the CISO and the audit committee. A vendor that can speak to all three audiences has an advantage that has nothing to do with the quality of its model.

Local reality matters. A vendor that understands the Tribunal de commerce, OMPIC filings, CNDP declarations, bilingual production, and the rhythm of Moroccan legal practice is evaluating from inside the problem. A vendor that has read about Morocco is evaluating from outside it.

Practical example

A Moroccan bank assembles a committee to evaluate three legal AI vendors for its in-house legal and compliance teams. The committee includes the general counsel, the head of compliance, the CISO, and a procurement lead.

They structure the evaluation around the seven dimensions rather than around the demos.

Vendor A, a well-known international platform, scores high on model quality and contract analysis. It scores poorly on sovereignty, with all hosting outside Morocco and limited contractual flexibility, and it treats Arabic as a secondary language. The CISO flags it as incompatible with the bank's regulatory posture.

Vendor B, a regional player, offers more flexibility on data residency and decent bilingual handling, but cannot produce a clear audit trail or the documentation the compliance team would need for a CNDP review. Promising but not ready.

Vendor C, a Legal OS hosted in Morocco, scores well on sovereignty, audit, governance, and bilingual handling, and operates at the matter and document level. Its model is strong though not the flashiest in the demo. The committee runs a three-week pilot on closed matters, measures citation accuracy and reviewer confidence, and confirms the results.

The recommendation to the board is not "Vendor C has the best AI." It is "Vendor C is the only one that satisfies the legal team, the compliance team, and the CISO simultaneously." That is what a real evaluation produces. A decision that survives scrutiny from every direction.

This example is illustrative. Any actual procurement decision must be reviewed by qualified Moroccan legal, compliance, and information security professionals.

What this changes for Burhan

Burhan welcomes this kind of evaluation, because the seven dimensions are exactly the dimensions it was built around.

Sovereignty and hosting aligned with Moroccan expectations. Source-awareness and audit trails as defaults, not add-ons. Matter and document level operation rather than a chat window bolted onto a generic model. Role-based governance at the matter level. Native French and Arabic handling. And a posture that lets a buyer satisfy not just the legal team but also the CISO, the compliance officer, and the board.

The honest framing is this. A buyer who runs the evaluation in this article seriously, asks all fifteen questions, and runs a real pilot, is a buyer Burhan wants. Not because the answers are convenient, but because they are the answers a Moroccan legal team should be demanding from anyone.

Key points

• Choosing a legal AI vendor is a trust decision, closer to vetting counsel than buying software.
• Evaluate across seven dimensions: security and sovereignty, jurisdictional fit, source-awareness, workflow integration, governance, commercial transparency, and support.
• Ask the fifteen hard questions, and learn as much from how vendors answer as from what they say.
• Watch the red flags: vagueness on hosting, no citations, no audit trail, common-law defaults, language imbalance, and reluctance to pilot.
• Run a real but safe pilot with honest senior evaluators and measurable outcomes.