top of page

Standardisation Was Supposed to Remove Human Error. It Just Concentrates It.

  • Writer: Marc May
    Marc May
  • May 20
  • 3 min read

Imagine a system trained on thousands of your firm's past contracts — every redline

accepted, every clause fought over, every position conceded. It knows your playbook

better than your newest associate. It can review a third-party NDA in seconds, flag

deviations, and suggest responses consistent with your historical positions. It negotiates at

scale, without fatigue, without the 11pm copy-paste errors.


This is not a thought experiment. AI negotiation playbooks built on proprietary legal

knowledge are here. And they are genuinely powerful.


Which is precisely why the risk they introduce deserves more attention than it is getting.


Standardisation Is Eating the World


The AI playbook is the latest iteration of a broader movement. OneNDA is now used by

over 6,000 organisations across 56 countries. Regulators have joined in — the EU Data Act

mandates standard contractual clauses for data access. Generative AI tools are

accelerating convergence further by homogenising outputs across organisations.


The result: you no longer always choose your standard. You receive it. And when market

forces or regulators dictate the architecture, negotiation doesn't disappear — it shifts.

Towards governance. Towards liability. Towards questions nobody has assigned to anyone

yet.


The Monoculture Problem


Cybersecurity has documented this dynamic well: standardised environments are efficient

until they aren't, because a single flaw propagates everywhere simultaneously. Gregory

Shill demonstrated the same mechanism in finance: ISDA's close-out netting clauses,

designed to reduce individual counterparty risk, amplified collective systemic risk in 2008.


AI playbooks introduce the same failure mode into legal. When the same template,

trained on the same data, reviewed by the same automated logic, is deployed across

thousands of contracts — a design flaw doesn't surface in one deal. It surfaces everywhere

at once.


And the natural circuit-breaker — human judgment capable of spotting the anomaly — is

quietly being trained out of the system.


The Real Question Isn't About AI


Here is the uncomfortable truth: a lawyer who doesn't think will misuse AI. But would they

have done meaningfully better before?


The boilerplate NDA signed without being read. The reversibility clause drafted by

someone who has never managed a data migration. The junior associate copying last

year's template into this year's deal without understanding what changed.


AI and standardisation don't create the problem of legal judgment. They reveal it — and

when they propagate an error, they do so at infrastructure scale.


The question was never "human versus machine." It is: which failure mode do you prefer?

Distributed, random human error — or concentrated, systematic propagation? Those are

different risk profiles. Neither is obviously safer. Both require governance.


No Standardisation Without Governance


Three conditions make standardisation acceptable rather than dangerous.


Transparency. Who owns the standard, and who can deviate from it? OneNDA is

community-driven under Creative Commons. EU SCCs are issued by the Commission.

Your AI playbook was probably built by someone who has since left. Whoever controls the

standard holds a durable advantage — and that should be a named person with a

mandate, not an implicit assumption.


Concretely: document who reviews your standard annually and under what conditions a

deviation is permitted. If that process doesn't exist, the standard is already ungoverned.


Enforceability. In practice, reversibility clauses are the ultimate (but not the only one) test

of an IT contract — elegant on paper, rarely executable. The contract should not only

declare a right to exit; it should specify who carries the data, in what format, within what

timeframe, and at what cost. Test your clauses before signing, not after.


Concretely: run a tabletop exercise on your top three exit scenarios. If no one can answer

the operational questions, the clause is decorative.


Liability. When the standard fails, who pays? Existing frameworks do not cleanly resolve

what happens when an automated standard propagates an error across an entire market.


That gap won't stay theoretical.


Concretely: assign a named owner to every AI playbook with an explicit obligation to

update it when the underlying standard changes. No owner means no accountability —

and no accountability means the risk sits with whoever signs the contract.


The Contract as Infrastructure


Standardisation is inevitable. In many cases, it is genuinely desirable. But it is not a drafting

optimisation — it is an infrastructure decision, with all the governance that implies.


The real question is not whether your contracts are standardised. They will be. It is whether

anyone in your organisation still understands why — and can take back control the day the

template no longer fits.


Infrastructure doesn't fail because it's automated. It fails because nobody tested it when it

mattered.


Quentin Peltier

Legal Technology Consultant

Comments


bottom of page