Industry Vocabulary Reference

Legal & Regulatory Technology (RegTech / LegalTech)

Comprehensive enumeration library for the Legal & Regulatory Technology (LegalTech / RegTech) vertical. Covers every subdomain where agentic AI is actively deployed as of March 2026: contract lifecycle management (WorldCC / IACCM), legal document classification (Akoma Ntoso / LegalXML), regulatory filing and submission management (SEC EDGAR, XBRL, ESMA, FINRA CAT), ESG and sustainability disclosure (ISSB IFRS S1/S2, EU CSRD ESRS, SEC Climate Rule), litigation and e-discovery workflow (EDRM), legal research and case law analysis, compliance obligation management, anti-money laundering and financial crime compliance (FATF, FinCEN, AMLD6), sanctions and watchlist screening (OFAC, UN, EU), data privacy compliance programme management (GDPR, CCPA, CPRA), and AI-specific legal risk governance. Designed for use as OTel span attributes in an agentic AI SDK and as policy vocabulary in an OPA Rego GRC portal.

v2026.03.1621 enum categories2.2 schema8 subdomains29 standards

Back to industry coverage library

Download mirrored JSON Open vertical SDK quick start Get API access

How to use this reference

Start with the core file if you need the cross-industry governance baseline.
Then move into the vertical file to see the regulated workflow vocabulary, policy surfaces, and implementation pressure unique to this market.
Use the OTel attributes and policy paths here as the common language across SDK instrumentation, governance review, and evidence export.

March 2026 deployment context

As of March 2026, agentic AI in legal and RegTech is deployed across: autonomous contract drafting, redlining, and negotiation support (CLM platforms), AI-driven regulatory change management and obligation mapping, automated SEC/ESMA/XBRL filing preparation and validation, ESG data collection and CSRD/ISSB disclosure assembly, AI-powered e-discovery document review and privilege log generation (EDRM), legal research and case law analysis (Westlaw AI, LexisNexis Protégé, Harvey), AML transaction monitoring and SAR narrative generation (FinCEN, FATF), sanctions and watchlist screening with fuzzy name matching, GDPR/CCPA data subject rights request automation, regulatory examination response preparation, and AI-generated legal opinions and compliance advice (subject to jurisdiction-specific UPL rules). The EU AI Act does not explicitly classify most LegalTech AI as Annex III high-risk, but AI systems used to assist courts, tribunals, and administrative bodies in legal interpretation are restricted under Article 5 if they manipulate judicial decision-making. Legal professional privilege, attorney-client confidentiality, and work product doctrine create distinct data governance constraints on LegalTech AI that differ from other verticals — AI vendor contracts must carefully scope privilege waivers.

Risk note: EU AMLD6 (2024/1640) and the EU AML Regulation (2024/1624) entered force July 2024 with transposition required by July 2027. The EU AML Regulation is directly applicable (no transposition needed) and establishes AMLA as a supranational supervisor for high-risk financial entities from 2025. AI-driven AML transaction monitoring systems must now comply with AMLA's technical standards — which are still being developed. DORA (EU) 2022/2554 entered into full application January 17, 2025 — all EU financial entities must have tested their digital operational resilience including AI systems. The SEC Climate Disclosure Rule (2024) was partially stayed pending litigation as of early 2026 — the Scope 3 emissions disclosure requirement is particularly contested. CSRD ESRS mandatory standards apply to large EU companies for FY2024 (first reports 2025) and to listed SMEs for FY2026. The unauthorized practice of law (UPL) risk for AI agents providing legal advice without attorney supervision varies significantly by jurisdiction and is the primary liability vector for agentic LegalTech deployments.

Loading Model

Mirrored file: 10_vertical_legal_regtech_legaltech.json
Kind: vertical

OTel Namespaces

legaltech

Primary Standards

Akoma Ntoso (AKN) 1.0 — Architecture for Knowledge-Oriented Management of African Normative Texts; adopted as OASIS Standard for legal documents (2018)
LegalXML / OASIS LegalDocML — XML standards for legal document interchange
XBRL International — eXtensible Business Reporting Language for financial and regulatory filings
EDGAR XBRL US GAAP Taxonomy 2024 — SEC filing taxonomy
ESMA ESEF Regulation — European Single Electronic Format (XBRL iXBRL) for EU annual reports
FINRA CAT — Consolidated Audit Trail reporting specifications
SEC EDGAR — Electronic Data Gathering, Analysis, and Retrieval system
EDRM — Electronic Discovery Reference Model (e-discovery lifecycle)
WorldCC / IACCM — Contract Management Framework (contract lifecycle standard)
ISSB IFRS S1 — General Requirements for Disclosure of Sustainability-related Financial Information (2023)
ISSB IFRS S2 — Climate-related Disclosures (2023)
EU CSRD (2022/2464) — Corporate Sustainability Reporting Directive
EU ESRS — European Sustainability Reporting Standards (ESRS 1, ESRS 2, ESRS E1–E5, ESRS S1–S4, ESRS G1)
SEC Climate-Related Disclosures Rule (2024) — 17 CFR Parts 210, 229, 232, 239, 240
SEC Cybersecurity Disclosure Rule (2023) — 17 CFR Parts 229 and 249
FATF Recommendations (2023 update) — Financial Action Task Force AML/CFT standards
EU AMLD6 (2024/1640) — Sixth Anti-Money Laundering Directive (in force July 2024; transposition by July 2027)
EU AML Regulation (2024/1624) — AML/CFT directly applicable regulation (in force July 2024)
EU AMLA — Anti-Money Laundering Authority (established 2024, operational 2025)
FinCEN AML/CFT Programme Rule (2024) — Updated beneficial ownership and SAR requirements
OFAC SDN List — US Office of Foreign Assets Control Specially Designated Nationals
EU Sanctions Regulation — EU Consolidated Sanctions List
UN Security Council Sanctions Lists — Consolidated List
EU AI Act (2024/1689) — AI systems used in legal assistance, adjudication support, and regulatory compliance
EU GDPR (2016/679) — Data privacy compliance programme management
CCPA/CPRA (California) — Consumer Privacy Rights Act
DORA (EU) 2022/2554 — Digital Operational Resilience Act for financial entities (in force Jan 2025)
Basel Committee BCBS 239 — Principles for Effective Risk Data Aggregation and Risk Reporting
ISO/IEC 27701:2019 — Privacy Information Management System (PIMS)

Source URLs

Subdomains

Subdomain	Categories	Sample Attributes
Contract Lifecycle Management	3	legaltech.contract.lifecycle_stage, legaltech.contract.obligation_category, legaltech.contract.risk_flag
Legal Document Classification & Management	2	legaltech.document.classification, legaltech.document.privilege_status
Regulatory Filing & Submission Management	3	regtech.filing.status, regtech.xbrl.validation_error_type, regtech.sec.form_type
ESG & Sustainability Disclosure	3	regtech.esg.disclosure_category, regtech.esg.materiality_outcome, regtech.esg.data_quality_tier
E-Discovery & Litigation Support	2	legaltech.ediscovery.lifecycle_stage, legaltech.ediscovery.review_decision
AML, Financial Crime & Sanctions Compliance	3	regtech.aml.alert_disposition, regtech.kyc.cdd_risk_level, regtech.sanctions.match_type
Data Privacy Compliance Programme	3	regtech.privacy.dsr_request_type, regtech.privacy.dsr_response_status, regtech.privacy.pia_outcome
Compliance Obligation & Regulatory Change Management	2	regtech.obligation.status, regtech.regulatory_change.significance

Implementation examples

Contract Lifecycle Management: Contract Lifecycle Stage. AI CLM agent tracks every contract through its lifecycle. OPA policy enforces that transitions from 'approved' to 'executed' and any change to an 'active' or 'executed' contract require human authorisation — AI may not autonomously bind the organisation or modify binding terms. (Eu AI Act Art13: EU AI Act Article 13 — If AI CLM is used in contracts with consumers, transparency about AI involvement in drafting must be provided)
Contract Lifecycle Management: Contract Obligation Category. AI contract analysis agent extracts obligations at execution and populates the obligation register. 'Data_processing_obligation' and 'regulatory_compliance_obligation' categories trigger automatic cross-referencing against the compliance obligation register. 'Payment_obligation' deadlines are surfaced to accounts payable.
Contract Lifecycle Management: Contract Risk Flag. AI redlining agent flags non-standard clauses against the organisation's contract playbook. 'Unlimited_liability_exposure' and 'data_processing_non_gdpr_compliant' flags block automated contract advancement — attorney review is mandatory before escalation. (Dora Art30: DORA Article 30 — 'missing_dora_ict_clause' flag required for all ICT service provider contracts in EU financial sector)
Legal Document Classification & Management: Legal Document Classification. AI legal document classification agent ingests documents and assigns type before routing. 'Legal_opinion_memorandum' documents trigger privilege protection workflow — AI may not disclose or summarise these documents to unauthorised parties. 'Evidence_exhibit' documents in litigation context trigger EDRM chain-of-custody logging.

Illustrative policy patterns

enforce attorney referral for upl sensitive contract advice

Block Contract Q&A agents from answering non-attorney requests that cross the legal-advice boundary, including signing recommendations and deadline calculations that create business reliance. The only compliant path is a factual clause summary plus attorney referral or supervising-counsel approval.

Regulatory basis: Unauthorized practice of law guardrails; ABA Model Rule 5.5; EU AI Act Article 14 human oversight for high-impact legal assistance; law-firm professional-responsibility controls requiring licensed attorney supervision before actionable legal advice is delivered

package legaltech.contract_boundary

upl_sensitive_requests := {
  "signing_recommendation",
  "legal_deadline_calculation",
  "counterparty_acceptance_recommendation"
}

deny[msg] {
  input.legaltech_document_classification == "contract_agreement"
  input.request_type in upl_sensitive_requests
  input.requestor_is_attorney != true
  not input.attorney_referral_created == true
  msg := sprintf("UPL boundary: request type '%v' for contract '%v' requires attorney referral before any actionable guidance is delivered to a non-attorney requester.", [input.request_type, input.contract_id])

require partner signoff for privileged legal opinions

Require supervising-partner sign-off before AI-generated legal opinion memoranda, litigation recommendations, or other privileged work-product is released outside the drafting workflow. This makes the Legal sandbox surface the same partner-approval boundary used in the litigation orchestrator and privilege-review scenarios.

Regulatory basis: Attorney-client privilege doctrine; work-product doctrine under FRCP 26(b)(3); ABA Model Rules 1.1, 1.6, and 5.3; EU AI Act Article 14 for human oversight on consequential legal analysis outputs

package legaltech.partner_review

protected_outputs := {
  "legal_opinion_memorandum",
  "brief_submission",
  "motion_application"
}

protected_privilege_statuses := {
  "attorney_client_privileged",
  "work_product_doctrine",
  "attorney_client_and_work_product",
  "privilege_review_required"
}

From enum to evidence

The same vocabulary should carry from instrumentation through review. The OTel attribute names here become emitted metadata, those attributes become policy inputs, and those same labels should still be intelligible when a reviewer opens the decision record later.

import { VeriproofClient, VeriproofSdkOptions, SessionMetadata } from '@veriproof/sdk-core';
import { ContractLifecycleStage, ContractLifecycleStageMeta, ContractObligationCategory, ContractObligationCategoryMeta, ContractRiskFlag, ContractRiskFlagMeta } from '@veriproof/sdk-core/verticals/legal-regtech-legaltech';

const client = new VeriproofClient(
  VeriproofSdkOptions.createProduction({
    apiKey: process.env.VERIPROOF_API_KEY!,
    applicationId: 'legal-regtech-legaltech-production',
  }),
);

const session = client
  .startSession('legal-regtech-legaltech.review')
  .withSessionMetadata(SessionMetadata.forTransaction('txn-1001').withEnvironment('production'))
  .addStep('evaluate_workflow', { output: { status: 'completed' } })
  .withMetadata(ContractLifecycleStageMeta.otelAttribute, ContractLifecycleStage.intake)
  .withMetadata(ContractObligationCategoryMeta.otelAttribute, ContractObligationCategory.payment_obligation)
  .withMetadata(ContractRiskFlagMeta.otelAttribute, ContractRiskFlag.unlimited_liability_exposure)

await session.complete();

SDK: emit the OTel attribute shown on this page during the decision workflow.
Policy: reference the matching `opa_policy_path` in governance rules.
Evidence: surface the same label and value in the portal and exported record so reviewers are not translating between systems.

For a step-by-step getting-started walkthrough specific to this vertical, open the Legal & Regulatory Technology (RegTech / LegalTech) SDK quick start. For the full core API reference, continue with TypeScript, Python, or .NET.

Ready to connect your first workflow?

Register a free Builder account for full SDK and REST API access, enter the live demo if you want to see the portal first, or request a coverage workshop if your team wants a guided review of this vertical before implementation starts.

Live demo →Get API access →Request coverage workshop →

Highlighted Enum Categories

Enum	OTel Attribute	Values
ContractLifecycleStage Contract management lifecycle stage per WorldCC / IACCM Contract Management Standard. AI CLM agents use this to track contracts from request through archival and to gate which AI actions are permissible at each stage. Executed contracts may not be autonomously amended without HITL approval. Workflow area: Contract Lifecycle Management	legaltech.contract.lifecycle_stage	intake, drafting, redlining, negotiation, legal_review, approved, executed, active
ContractObligationCategory Category of a contractual obligation extracted and tracked by an AI contract analysis agent. Used to route obligation monitoring, deadline tracking, and breach risk alerts to the correct business owner. Workflow area: Contract Lifecycle Management	legaltech.contract.obligation_category	payment_obligation, delivery_milestone, reporting_requirement, audit_right, insurance_requirement, data_processing_obligation, confidentiality_restriction, ip_ownership_assignment
ContractRiskFlag Risk flag raised by an AI contract review agent during redlining or legal review. Flags must be reviewed by an attorney before contract advancement — AI may not approve or waive risk flags autonomously. Workflow area: Contract Lifecycle Management	legaltech.contract.risk_flag	unlimited_liability_exposure, unilateral_amendment_right, auto_renewal_with_no_cap, broad_ip_assignment, non_standard_governing_law, exclusivity_provision, most_favoured_nation_clause, change_of_control_trigger
LegalDocumentClassification Legal document type classification per Akoma Ntoso / LegalXML taxonomy. AI legal document processing agents use this to route documents to the correct workflow, apply the correct privilege assessment, and select the applicable extraction model. Workflow area: Legal Document Classification & Management	legaltech.document.classification	act_legislation, bill_proposed_legislation, statutory_instrument_regulation, judicial_opinion_judgment, court_order, pleading_complaint, motion_application, brief_submission
LegalPrivilegeStatus Legal privilege and confidentiality classification of a document. AI legal document agents must assess and log privilege status before any disclosure, summarisation, or transmission action. Inadvertent privilege waiver is an irreversible legal harm — AI must err on the side of caution. Workflow area: Legal Document Classification & Management	legaltech.document.privilege_status	not_privileged, attorney_client_privileged, work_product_doctrine, attorney_client_and_work_product, common_interest_privilege, deliberative_process_privilege, trade_secret_protected, confidential_not_privileged
RegulatoryFilingStatus Lifecycle status of a regulatory filing or submission. AI regulatory filing agents use this to track submissions from initial data collection through final acceptance by the receiving authority. Deadlines vary by filing type and authority — AI agents must enforce filing deadlines. Workflow area: Regulatory Filing & Submission Management	regtech.filing.status	draft, data_collection_in_progress, validation_in_progress, validation_failed, ready_for_submission, submitted, under_review, accepted
XBRLValidationErrorType Category of XBRL validation error detected by an AI filing validation agent. Different error types have different remediation paths — some block submission entirely, others are warnings that may be submitted with a regulator waiver. Workflow area: Regulatory Filing & Submission Management	regtech.xbrl.validation_error_type	schema_validation_error, taxonomy_element_not_found, calculation_inconsistency, label_linkbase_error, reference_linkbase_error, context_period_mismatch, unit_mismatch, duplicate_fact
SECFilingFormType SEC EDGAR filing form type for the most common AI-assisted regulatory filings. AI filing agents must select the correct form type — submitting the wrong form type results in rejection and potential SEC enforcement. Workflow area: Regulatory Filing & Submission Management	regtech.sec.form_type	10_K, 10_Q, 8_K, 20_F, 6_K, S_1, S_3, 424B
ESGDisclosureCategory ESG disclosure category aligned to ISSB IFRS S1/S2 and EU CSRD ESRS taxonomy. AI ESG data collection agents tag every data point with the applicable disclosure category for automated disclosure mapping and assurance evidence generation. Workflow area: ESG & Sustainability Disclosure	regtech.esg.disclosure_category	climate_scope1_ghg_emissions, climate_scope2_ghg_location_based, climate_scope2_ghg_market_based, climate_scope3_ghg_upstream, climate_scope3_ghg_downstream, climate_physical_risk_acute, climate_physical_risk_chronic, climate_transition_risk_policy
MaterialityAssessmentOutcome Outcome of an ESG materiality assessment for a specific topic. ISSB uses financial materiality (investor perspective); EU CSRD uses double materiality (impact materiality AND financial materiality). AI materiality assessment agents must distinguish between the two frameworks. Workflow area: ESG & Sustainability Disclosure	regtech.esg.materiality_outcome	material_financial_and_impact, material_financial_only, material_impact_only, not_material, materiality_assessment_in_progress, materiality_assessment_not_conducted, conditionally_material_sector_specific
ESGDataQualityTier Data quality tier for an ESG data point as assessed by the AI ESG data collection agent. Disclosure quality and limited/reasonable assurance requirements depend on data quality — third-party assured disclosures must meet higher quality tiers. Workflow area: ESG & Sustainability Disclosure	regtech.esg.data_quality_tier	tier_1_primary_metered, tier_2_primary_calculated, tier_3_supplier_reported, tier_4_estimated_industry_factor, tier_5_estimated_spend_based, not_available_gap
EDRMLifecycleStage Electronic Discovery Reference Model stage used to track where a matter sits in the e-discovery lifecycle and to preserve defensible chain-of-custody records for ESI handling. Workflow area: E-Discovery & Litigation Support	legaltech.ediscovery.lifecycle_stage	information_governance, identification, preservation, collection, processing, review, analysis, production

This reference page is rendered from the mirrored JSON file inside the docs app, not from a hand-written website model.

If you need the machine-readable asset for offline review, automation, or internal diffing, use the mirrored JSON download above.

Next: open the corresponding SDK reference under SDK documentation and then compare it with the public-site industry page to see how the same vocabulary is framed commercially.