SDK Quick Start — Legal & Regulatory Technology (RegTech / LegalTech)

Getting started: Legal & Regulatory Technology (RegTech / LegalTech)

This guide takes you from install to your first attributed governance record in legal & regulatory technology (regtech / legaltech). You will install the SDK, configure a provider, instrument a workflow step with the real OTel attribute vocabulary from this vertical, and have a reviewable evidence record in your portal within an afternoon. There is no scaffolding project — just your API key and the three steps below.

Why this matters right now. As of March 2026, agentic AI in legal and RegTech is deployed across: autonomous contract drafting, redlining, and negotiation support (CLM platforms), AI-driven regulatory change management and obligation mapping, automated SEC/ESMA/XBRL filing preparation and validation, ESG data collection and CSRD/ISSB disclosure assembly, AI-powered e-discovery document review and privilege log generation (EDRM), legal research and case law analysis (Westlaw AI, LexisNexis Protégé, Harvey), AML transaction monitoring and SAR narrative generation (FinCEN, FATF), sanctions and watchlist screening with fuzzy name matching, GDPR/CCPA data subject rights request automation, regulatory examination response preparation, and AI-generated legal opinions and compliance advice (subject to jurisdiction-specific UPL rules). The EU AI Act does not explicitly classify most LegalTech AI as Annex III high-risk, but AI systems used to assist courts, tribunals, and administrative bodies in legal interpretation are restricted under Article 5 if they manipulate judicial decision-making. Legal professional privilege, attorney-client confidentiality, and work product doctrine create distinct data governance constraints on LegalTech AI that differ from other verticals — AI vendor contracts must carefully scope privilege waivers. EU AMLD6 (2024/1640) and the EU AML Regulation (2024/1624) entered force July 2024 with transposition required by July 2027. The EU AML Regulation is directly applicable (no transposition needed) and establishes AMLA as a supranational supervisor for high-risk financial entities from 2025. AI-driven AML transaction monitoring systems must now comply with AMLA's technical standards — which are still being developed. DORA (EU) 2022/2554 entered into full application January 17, 2025 — all EU financial entities must have tested their digital operational resilience including AI systems. The SEC Climate Disclosure Rule (2024) was partially stayed pending litigation as of early 2026 — the Scope 3 emissions disclosure requirement is particularly contested. CSRD ESRS mandatory standards apply to large EU companies for FY2024 (first reports 2025) and to listed SMEs for FY2026. The unauthorized practice of law (UPL) risk for AI agents providing legal advice without attorney supervision varies significantly by jurisdiction and is the primary liability vector for agentic LegalTech deployments.

How the layering works

You are not adopting a separate product surface for this vertical. You are adding a market-specific vocabulary layer on top of the same core session model used everywhere in VeriProof.

If you need the cross-industry baseline first, open the core SDK reference, Python core, or .NET core before continuing here.

Step 1 — Install

TypeScript / Node.js

npm install @veriproof/sdk-core

Python

pip install veriproof-sdk

.NET

dotnet add package Veriproof.Sdk

Step 2 — Configure

Call the configuration helper once, before any AI framework initialises. After that call, every OTel span in the process — whether emitted by your code or by a framework adapter — is exported automatically to VeriProof.

Your API key comes from the VeriProof portal. Try a live demo to see the portal before you register, or start a free Builder account and use the environment variable pattern above directly.

Need a production credential path rather than sandbox exploration? Get API access for a Builder account, or contact the team if you need an architecture or compliance review alongside implementation.

Step 3 — Instrument your workflow

The governance vocabulary for this vertical lives in the Legal & Regulatory Technology (RegTech / LegalTech) reference. Use the OTel attribute names below — they are the same names the portal uses in evidence records and the same names your policy engine will evaluate. Consistency here is the point.

TypeScript example

import { configureVeriproof, VeriproofClient, VeriproofSdkOptions, SessionMetadata } from '@veriproof/sdk-core';
import { ContractLifecycleStage, ContractLifecycleStageMeta, ContractObligationCategory, ContractObligationCategoryMeta } from '@veriproof/sdk-core/verticals/legal-regtech-legaltech';

// Call once at application startup
configureVeriproof(
  VeriproofSdkOptions.createProduction({
    apiKey: process.env.VERIPROOF_API_KEY!,
    applicationId: 'legal-regtech-legaltech-app',
  }),
  { serviceName: 'legal-regtech-legaltech-app', setGlobal: true },
);

// Instrument a governed workflow
const client = new VeriproofClient(
  VeriproofSdkOptions.createProduction({ apiKey: process.env.VERIPROOF_API_KEY! }),
);

const session = client
  .startSession('legal.regtech.legaltech.review')
  .withSessionMetadata(SessionMetadata.forTransaction('txn-001').withEnvironment('production'))
  .addStep('evaluate', { output: { status: 'completed' } })
  .withMetadata(ContractLifecycleStageMeta.otelAttribute, ContractLifecycleStage.intake)
  .withMetadata(ContractObligationCategoryMeta.otelAttribute, ContractObligationCategory.payment_obligation)

await session.complete();

Python example

import os
from opentelemetry import trace
from veriproof_sdk import VeriproofClientOptions, configure_veriproof
from veriproof_sdk.verticals import legal_regtech_legaltech as lrl

# Call once at application startup
configure_veriproof(
    VeriproofClientOptions(
        api_key=os.environ["VERIPROOF_API_KEY"],
        application_id="legal-regtech-legaltech-app",
    ),
    service_name="legal-regtech-legaltech-app",
    set_global=True,
)

tracer = trace.get_tracer(__name__)

# Instrument a governed workflow
with tracer.start_as_current_span("legal_regtech_legaltech.review") as span:
    span.set_attribute(lrl.ContractLifecycleStage.__otel_attribute__, lrl.ContractLifecycleStage.intake.value)
    span.set_attribute(lrl.ContractObligationCategory.__otel_attribute__, lrl.ContractObligationCategory.payment_obligation.value)
    span.set_attribute(lrl.ContractRiskFlag.__otel_attribute__, lrl.ContractRiskFlag.unlimited_liability_exposure.value)
    ...

.NET example

using Veriproof.Sdk;
using Veriproof.Sdk.Core.OpenTelemetry.Verticals.LegalRegtechLegaltech;

// Configure once at application startup
builder.Services.AddVeriproof(options =>
{
    options.ApiKey = builder.Configuration["VERIPROOF_API_KEY"]!;
    options.ApplicationId = "legal-regtech-legaltech-app";
});

// Instrument a governed workflow step
using var activity = ActivitySource.StartActivity("evaluate");
    activity?.SetTag(ContractLifecycleStage.Metadata.OtelAttribute, ContractLifecycleStage.intake);
    activity?.SetTag(ContractObligationCategory.Metadata.OtelAttribute, ContractObligationCategory.payment_obligation);
    activity?.SetTag(ContractRiskFlag.Metadata.OtelAttribute, ContractRiskFlag.unlimited_liability_exposure);

How teams use this in production

• Contract Lifecycle Management: Contract Lifecycle Stage. AI CLM agent tracks every contract through its lifecycle. OPA policy enforces that transitions from 'approved' to 'executed' and any change to an 'active' or 'executed' contract require human authorisation — AI may not autonomously bind the organisation or modify binding terms. (Eu AI Act Art13: EU AI Act Article 13 — If AI CLM is used in contracts with consumers, transparency about AI involvement in drafting must be provided)
• Contract Lifecycle Management: Contract Obligation Category. AI contract analysis agent extracts obligations at execution and populates the obligation register. 'Data_processing_obligation' and 'regulatory_compliance_obligation' categories trigger automatic cross-referencing against the compliance obligation register. 'Payment_obligation' deadlines are surfaced to accounts payable.
• Contract Lifecycle Management: Contract Risk Flag. AI redlining agent flags non-standard clauses against the organisation's contract playbook. 'Unlimited_liability_exposure' and 'data_processing_non_gdpr_compliant' flags block automated contract advancement — attorney review is mandatory before escalation. (Dora Art30: DORA Article 30 — 'missing_dora_ict_clause' flag required for all ICT service provider contracts in EU financial sector)
• Legal Document Classification & Management: Legal Document Classification. AI legal document classification agent ingests documents and assigns type before routing. 'Legal_opinion_memorandum' documents trigger privilege protection workflow — AI may not disclose or summarise these documents to unauthorised parties. 'Evidence_exhibit' documents in litigation context trigger EDRM chain-of-custody logging.

Next steps

• Open the full Legal & Regulatory Technology (RegTech / LegalTech) governance reference for all 21 enum categories, policy patterns, and source standards.
• Review TypeScript SDK core for advanced session-builder options, batch export, and Merkle verification.
• Review Python SDK core for decorator-based annotations and framework adapter options.
• Review .NET SDK core for Semantic Kernel, AutoGen, and Activity-based instrumentation.
• Browse all vertical references to understand how the core governance vocabulary layers underneath vertical-specific attribute sets.
• Compare this guide with the public industry pages if you need the commercial and workflow framing behind the same vocabulary.