Standardisation Was Supposed to Remove Human Error. It Just Concentrates It.
- Marc May
- May 20
- 3 min read

Imagine a system trained on thousands of your firm's past contracts — every redline
accepted, every clause fought over, every position conceded. It knows your playbook
better than your newest associate. It can review a third-party NDA in seconds, flag
deviations, and suggest responses consistent with your historical positions. It negotiates at
scale, without fatigue, without the 11pm copy-paste errors.
This is not a thought experiment. AI negotiation playbooks built on proprietary legal
knowledge are here. And they are genuinely powerful.
Which is precisely why the risk they introduce deserves more attention than it is getting.
Standardisation Is Eating the World
The AI playbook is the latest iteration of a broader movement. OneNDA is now used by
over 6,000 organisations across 56 countries. Regulators have joined in — the EU Data Act
mandates standard contractual clauses for data access. Generative AI tools are
accelerating convergence further by homogenising outputs across organisations.
The result: you no longer always choose your standard. You receive it. And when market
forces or regulators dictate the architecture, negotiation doesn't disappear — it shifts.
Towards governance. Towards liability. Towards questions nobody has assigned to anyone
yet.
The Monoculture Problem
Cybersecurity has documented this dynamic well: standardised environments are efficient
until they aren't, because a single flaw propagates everywhere simultaneously. Gregory
Shill demonstrated the same mechanism in finance: ISDA's close-out netting clauses,
designed to reduce individual counterparty risk, amplified collective systemic risk in 2008.
AI playbooks introduce the same failure mode into legal. When the same template,
trained on the same data, reviewed by the same automated logic, is deployed across
thousands of contracts — a design flaw doesn't surface in one deal. It surfaces everywhere
at once.
And the natural circuit-breaker — human judgment capable of spotting the anomaly — is
quietly being trained out of the system.
The Real Question Isn't About AI
Here is the uncomfortable truth: a lawyer who doesn't think will misuse AI. But would they
have done meaningfully better before?
The boilerplate NDA signed without being read. The reversibility clause drafted by
someone who has never managed a data migration. The junior associate copying last
year's template into this year's deal without understanding what changed.
AI and standardisation don't create the problem of legal judgment. They reveal it — and
when they propagate an error, they do so at infrastructure scale.
The question was never "human versus machine." It is: which failure mode do you prefer?
Distributed, random human error — or concentrated, systematic propagation? Those are
different risk profiles. Neither is obviously safer. Both require governance.
No Standardisation Without Governance
Three conditions make standardisation acceptable rather than dangerous.
Transparency. Who owns the standard, and who can deviate from it? OneNDA is
community-driven under Creative Commons. EU SCCs are issued by the Commission.
Your AI playbook was probably built by someone who has since left. Whoever controls the
standard holds a durable advantage — and that should be a named person with a
mandate, not an implicit assumption.
Concretely: document who reviews your standard annually and under what conditions a
deviation is permitted. If that process doesn't exist, the standard is already ungoverned.
Enforceability. In practice, reversibility clauses are the ultimate (but not the only one) test
of an IT contract — elegant on paper, rarely executable. The contract should not only
declare a right to exit; it should specify who carries the data, in what format, within what
timeframe, and at what cost. Test your clauses before signing, not after.
Concretely: run a tabletop exercise on your top three exit scenarios. If no one can answer
the operational questions, the clause is decorative.
Liability. When the standard fails, who pays? Existing frameworks do not cleanly resolve
what happens when an automated standard propagates an error across an entire market.
That gap won't stay theoretical.
Concretely: assign a named owner to every AI playbook with an explicit obligation to
update it when the underlying standard changes. No owner means no accountability —
and no accountability means the risk sits with whoever signs the contract.
The Contract as Infrastructure
Standardisation is inevitable. In many cases, it is genuinely desirable. But it is not a drafting
optimisation — it is an infrastructure decision, with all the governance that implies.
The real question is not whether your contracts are standardised. They will be. It is whether
anyone in your organisation still understands why — and can take back control the day the
template no longer fits.
Infrastructure doesn't fail because it's automated. It fails because nobody tested it when it
mattered.
Quentin Peltier
Legal Technology Consultant



Comments