| Maturity Level |
Characteristics |
Business Value |
| **Level 1: Static Files** |
Contracts stored as PDFs or Word documents on shared drives. Basic storage with limited accessibility. |
Foundational organisation. Contracts are centralised in a shared location. |
| **Level 2: Repository** |
Centralised storage with basic metadata (party, date, type). Search capability enables contract discovery. |
Findability. The legal team can locate contracts through searchable fields. |
| **Level 3: Workflow** |
Automated approval routing, version control, e-signature integration. Templates and clause libraries available. |
Cycle time reduction. Standardised processes accelerate execution and enhance consistency. |
| **Level 4: Intelligence** |
AI-powered clause extraction, obligation tracking, risk scoring. Analytics dashboards with portfolio-level visibility. |
Decision support. The organisation gains strategic visibility into contract portfolio composition, risk profile, and value. |
| **Level 5: Platform** |
CLM integrated with CRM, ERP, procurement, and compliance systems. Contracts operate as data sources for enterprise decision-making. Self-service interfaces for the business. |
Revenue enablement. Contracts become a strategic asset class, accelerating deals, enforcing compliance, and generating enterprise intelligence. |
Most organisations sit between Levels 2 and 3. The jump to Level 4 requires robust data normalisation. The jump to Level 5 requires the integration architecture and governance frameworks described elsewhere in this competency.
### Digital Playbooks: Embedding Institutional Knowledge
The digital playbook is the mechanism that transforms institutional knowledge about negotiation into a scalable, machine-readable asset. A well-built playbook codifies the organisation’s approved positions, acceptable deviations, and escalation triggers for every material clause type.
### Playbook Architecture
A digital playbook has four layers:
**Layer 1: Standard Position.** The organisation’s preferred clause language for each material term — the starting point for every negotiation. This language appears in the first draft generated from the template.
**Layer 2: Acceptable Deviations.** The range of modifications the organisation will accept without escalation. For a limitation of liability clause, this might be: “Cap at 2x contract value (standard), acceptable down to 1x contract value (deviation), anything below 1x requires Legal Director approval (escalation).”
**Layer 3: Fallback Language.** Pre-approved alternative formulations that can be offered when the standard position is rejected. Having fallback language ready eliminates the delay of drafting new clause language mid-negotiation.
**Layer 4: Escalation Triggers.** The specific conditions under which a deviation must be escalated to senior counsel or the business sponsor. Triggers should be defined in measurable terms (dollar thresholds, counterparty categories, jurisdictional risks) to eliminate ambiguity.
### Playbook Integration with CLM
In a mature CLM deployment, the playbook is embedded directly in the contract authoring and review workflow:
- When a user generates a first draft, the template populates with Layer 1 standard positions
- When a counterparty redline is received, the CLM highlights deviations and maps them against Layer 2 acceptable ranges
- If a deviation falls within acceptable range, the system suggests Layer 3 fallback language automatically
- If a deviation exceeds acceptable range, the system triggers a Layer 4 escalation to the appropriate reviewer
This integration means that a commercial team member — not a lawyer — can manage a standard negotiation within pre-approved parameters. Legal bandwidth is reserved for genuinely non-standard situations. The result: dramatically reduced cycle times for routine agreements and higher-quality deployment of legal judgment where it is actually needed.
The digital playbook is the highest-ROI investment in the CLM ecosystem. A CLM without a playbook is a faster way to manage contracts. A CLM with a playbook is a fundamentally different operating model — one where legal expertise is embedded in the system rather than bottlenecked through individual lawyers.
### CLM Integration: The Enterprise Nervous System
### CRM Integration (Salesforce, HubSpot, Dynamics)
The CRM-CLM integration creates a seamless handoff from sales process to contract execution. The integration points:
**Deal data push.** When a sales opportunity reaches the contract stage, the CRM pushes deal data (customer name, deal value, product/service selection, pricing) to the CLM, which generates a first draft from the appropriate template with fields pre-populated. Zero re-keying, zero data discrepancy.
**Status sync.** Contract status (draft, in negotiation, pending approval, executed) is synced back to the CRM in real time. Sales representatives see contract status without leaving their CRM — eliminating the emails that consume legal team bandwidth.
**Revenue data flow.** Upon execution, the signed contract terms (value, duration, renewal date, pricing tiers) flow from the CLM to the CRM. Sales forecasting now reflects executed contract terms rather than pipeline estimates.
### ERP Integration (SAP, Oracle, NetSuite)
The ERP-CLM integration connects contract terms to financial operations:
**Obligation automation.** Payment terms, milestone schedules, and performance obligations extracted from executed contracts feed directly into the ERP for accounts payable and receivable processing. Manual spreadsheet-based tracking is replaced by system-driven automation.
**Budget alignment.** Contract commitments flow into the financial planning module, enabling real-time visibility into committed versus available budget. The CFO can see total contractual commitment exposure at any point in time.
**Renewal management.** Renewal dates, auto-renewal windows, and termination notice periods trigger automated alerts through both the CLM and ERP, ensuring proactive contract management.
### Procurement Integration
For vendor contracts, the CLM-procurement integration ensures every vendor engagement follows the approved sourcing and contracting process:
**Vendor onboarding.** New vendor requests trigger the contract workflow automatically — due diligence, risk assessment, contract generation, and approval routing happen within a unified process.
**Compliance enforcement.** Procurement cannot issue a purchase order against a vendor without an executed, valid contract in the CLM. This eliminates informal arrangements and ensures every commercial relationship is governed by appropriate terms.
### Legal-as-a-Platform: Compliance-by-Design
### The Platform Model
Legal-as-a-Platform means the legal function operates as an internal service platform that the business consumes through defined interfaces, rather than engaging through ad hoc requests. The CLM is the primary delivery vehicle in the contracting domain.
**Self-service contract generation.** Business users select the appropriate agreement type, answer guided questions, and receive a compliant first draft — without submitting a request to legal. Legal is involved only when the triage system identifies non-standard elements.
**Embedded compliance checks.** Regulatory and policy requirements are coded as automated checks within the CLM workflow. A data processing agreement is automatically required when the contract involves personal data. Sanctions screening is triggered for cross-border transactions. ESG questionnaires are generated for supplier contracts above a defined threshold.
**Audit-ready documentation.** Every contract action — creation, modification, approval, execution — is logged with timestamps, user identities, and decision rationale. When an auditor or regulator asks “who approved this deviation and why?”, the answer is in the system.
### Compliance-by-Design in Practice
The fundamental principle: compliance controls are built into the process at the point of action, not applied as a review layer after the fact. Compliance requirements are embedded in the system’s workflow, ensuring enforcement without requiring business users to manage compliance explicitly.
A practical example: an Australian financial services company subject to AML/CTF requirements builds customer due diligence (CDD) triggers into its client onboarding CLM workflow. When a new client engagement contract is initiated, the system automatically assesses the client against risk criteria, triggers enhanced due diligence for high-risk categories, generates the required CDD documentation, and blocks contract execution until all AML/CTF requirements are satisfied. The commercial team experiences this as part of the normal contracting process — not as a separate compliance burden.
Compliance-by-Design requires ongoing maintenance. Regulatory requirements change, and compliance rules embedded in the CLM must be updated accordingly. Budget for a quarterly regulatory review cycle that audits all embedded compliance checks against current requirements.
---
## Part 3: AI in Legal — The 2026 Landscape
### Generative vs. Agentic AI
Generative AI is table stakes. By 2026, every major legal technology vendor has embedded large language model (LLM) capabilities into their platform. Document summarisation, clause extraction, first-draft generation, and natural language search are commodity features. The strategic conversation has moved well beyond “whether to adopt AI” — the question is now *how* to deploy it for maximum operational impact.
The cutting edge has moved to **Agentic AI** — AI systems that do not merely generate content in response to a prompt but autonomously execute multi-step workflows, make routing decisions, interact with external systems, and adapt their approach based on intermediate results.
### Generative AI: The Content Engine
Generative AI takes an input (a prompt, a document, a dataset) and produces an output (a summary, a draft, a classification). The interaction is **single-turn**: human provides input, AI produces output, human evaluates. Every instance requires human initiation and human review.
**Legal applications of generative AI (mature, widely deployed in 2026):**
- **Document summarisation:** Condensing lengthy contracts, judgments, or regulatory filings into structured summaries highlighting key terms, obligations, and risks
- **First-draft generation:** Producing initial drafts of standard agreements, memos, and correspondence based on templates, playbooks, and matter context
- **Clause extraction and classification:** Identifying and categorising specific clauses across a portfolio of contracts for analytics, migration, or compliance review
- **Research assistance:** Synthesising legal research across jurisdictions, identifying relevant precedents, and drafting preliminary legal analysis
- **Translation and localisation:** Converting legal documents between languages with domain-specific accuracy
### Agentic AI: The Workflow Orchestrator
Agentic AI operates autonomously across multiple steps, making decisions at each stage based on predefined rules, contextual data, and intermediate results. The interaction is **multi-turn and autonomous**: human defines the objective and constraints, the AI executes a sequence of actions, and human actively oversees execution at defined checkpoints.
**Legal applications of agentic AI (emerging, high-impact in 2026):**
- **End-to-end NDA processing:** An AI agent receives an incoming NDA, compares it against the organisation’s playbook, classifies it by risk tier, generates redlines for non-standard terms, routes it for the appropriate level of review (or auto-approves if within parameters), and sends the response to the counterparty — with human review only for Amber and Red classifications
- **Regulatory change management:** An agent monitors regulatory sources across defined jurisdictions, identifies changes relevant to the organisation, assesses the impact against existing policies and contracts, generates a preliminary impact report, and routes it to the responsible lawyer
- **Due diligence orchestration:** An agent ingests a data room, classifies documents by type, extracts material terms from each category using specialised extraction models, flags anomalies and risks, compiles a preliminary due diligence report, and identifies items requiring human review
- **Compliance monitoring:** An agent continuously scans contract obligations, regulatory deadlines, and policy requirements, identifies items approaching their due date, escalates overdue items, and generates compliance status reports
### Generative vs. Agentic: The Comparison Matrix
| Dimension |
Generative AI |
Agentic AI |
| **Interaction model** |
Single-turn: prompt → response |
Multi-turn: objective → autonomous execution |
| **Human involvement** |
Required at every step |
Required at defined checkpoints |
| **Decision-making** |
Human decides; AI produces content |
AI decides within parameters; human oversees |
| **Error profile** |
Hallucination in output content |
Incorrect routing, missed edge cases, cascading errors |
| **Data requirement** |
Input document(s) + prompt |
Normalised data ecosystem + integration layer + rules engine |
| **Maturity in legal (2026)** |
Mature, widely deployed |
Emerging, high-potential, requires careful governance |
Agentic AI amplifies both capability and risk. An agent that processes 500 NDAs per month with 98% accuracy also makes 10 errors per month at production speed — errors that propagate downstream if the governance framework does not catch them. The higher the autonomy, the more critical the Human-in-the-Loop (HITL) checkpoints described in Part 5.
### Build vs Buy: Navigating the AI Decision
One of the most consequential decisions legal ops leaders face is whether to build custom AI solutions or purchase off-the-shelf tools. This decision has profound implications for cost, implementation timeline, ongoing maintenance, and your ability to adapt as requirements evolve.
### When to Buy Off-the-Shelf
**Buy when:** The use case is a commodity workflow that most legal operations encounter.
**Examples:** Contract summarisation, basic clause extraction, document classification, first-draft generation from templates, standard research assistance. These are use cases where vendors have invested in building generalised solutions applicable across industries and organisations.
**Advantages:**
- **Speed to deployment.** An off-the-shelf tool is available immediately. You can pilot in weeks, not months.
- **Vendor support and ongoing development.** The vendor invests in improving the tool, adding features, and ensuring it works with your existing systems. You do not carry the burden of maintenance.
- **Lower upfront cost.** Most SaaS tools have per-user or per-transaction pricing, keeping upfront investment modest.
- **Shared risk.** If the vendor’s tool produces an error, you share the liability with the vendor. Custom-built tools carry entirely your risk.
**Considerations:**
- **Customisation constraints.** Off-the-shelf tools are designed for broad applicability, which often means they do not perfectly fit your specific workflows or data structures. You will need to adapt your process to the tool.
- **Data privacy.** Most SaaS tools process your data in the vendor’s cloud environment. Ensure the vendor’s data handling practices and security certifications meet your requirements.
- **Vendor lock-in.** Once you build workflows around a vendor’s tool, switching to an alternative becomes costly. Choose vendors carefully.
- **Cost scalability.** As usage grows, per-user or per-transaction costs can become substantial. Model long-term cost trajectories.
### When to Build Custom AI
**Build when:** The use case involves proprietary workflows, unique data structures, or competitive differentiation that off-the-shelf tools cannot provide.
**Examples:** A customised AI system for drafting your organisation’s proprietary contract forms while enforcing your playbook. A system that integrates with your bespoke ERP system in ways no vendor tool supports. An AI system trained on your historical contracts and negotiation outcomes to predict counterparty responses.
**Advantages:**
- **Perfect fit.** You build precisely what you need, adapted to your workflows, data structures, and business logic.
- **Competitive advantage.** A custom tool that competitors do not have can produce meaningful advantage. If you have proprietary data (historical contracts, negotiation precedents, risk assessments) that is unique, a custom system that leverages that data is defensible.
- **Integration depth.** You can build deep integrations with your existing systems — real-time data flows, two-way updates, embedded workflows. Off-the-shelf tools typically offer integration at the boundary, not deep embedding.
- **Control.** You control the entire system — data handling, security practices, change management. No vendor surprises or forced migrations.
**Considerations:**
- **Higher cost.** Building custom AI requires hiring or contracting data scientists, ML engineers, and legal domain experts. This is expensive.
- **Longer timeline.** Building, testing, and refining a custom AI system typically takes 6-12 months minimum for non-trivial applications.
- **Ongoing maintenance.** You are responsible for maintaining, updating, and improving the system. As underlying AI models evolve (new versions of Claude, GPT, etc.), you must manage upgrades.
- **Risk concentration.** If the system fails or produces poor results, you bear the full consequences. There is no vendor to share liability or provide support.
- **Talent risk.** Custom AI depends on individuals with specialised skills. If key team members leave, knowledge walks out the door.
### The “Configure” Middle Ground
Many organisations find a middle path: purchasing a platform (like a modern CLM or matter management system) and configuring it extensively to fit your workflows, playbooks, and data structures. This approach is neither pure build nor pure buy.
**When to configure:**
- The vendor’s platform is extensible (APIs, no-code/low-code configuration tools, workflow automation).
- Your team has individuals with technical capability (the Legal Engineer role from Part 5) who can configure the platform.
- Your use case requires customisation but not fundamental technology innovation.
**The advantage:** You get much of the customisation benefit of building, at a fraction of the cost and timeline. You retain vendor support and platform development.
**The risk:** Extensive configuration creates dependency on the vendor’s platform roadmap. If your configuration relies on a feature the vendor changes or deprecates, you are exposed. Test this risk early by confirming that the features you rely on are stable and vendor-committed.
### A Decision Framework
| Domain |
Required Competency |
| **Legal** |
Understanding of legal concepts, workflows, privilege, and risk — sufficient to specify requirements and evaluate AI outputs (not necessarily a practising lawyer) |
| **Data** |
Data normalisation, taxonomy design, SQL or equivalent querying, basic statistical literacy — sufficient to prepare and maintain the data foundation AI depends on |
| **Technology** |
API integration concepts, workflow automation (no-code/low-code), CLM and matter management configuration, prompt engineering — sufficient to build and maintain AI-powered workflows |
| **Change Management** |
Stakeholder engagement, training design, adoption measurement — sufficient to drive the behavioural change that technology deployment requires |
| **Project Management** |
Agile methodology, vendor management, budget tracking — sufficient to deliver initiatives on time and within scope |
### Where Legal Engineers Come From
The Legal Engineer does not emerge fully formed. They evolve from one of three pathways:
**Pathway 1: Lawyer → Legal Ops → Legal Engineer.** A practising lawyer who transitions into Legal Ops, develops technology and data skills, and evolves into the bridging role. Strength: deep legal domain expertise. Investment area: deliberate technology skill development.
**Pathway 2: Technologist → Legal Tech → Legal Engineer.** A software engineer, data analyst, or IT professional who specialises in legal technology. Strength: strong technical foundation. Investment area: legal domain knowledge and substantive AI evaluation capability.
**Pathway 3: Paralegal → Legal Ops → Legal Engineer.** A paralegal with process expertise and operational knowledge who develops both legal and technical skills. Strength: deep understanding of how legal work actually flows. Investment area: seniority and strategic influence.
The most effective Legal Ops teams in 2026 include representation from at least two of these pathways, creating complementary skill coverage.
The Legal Engineer is the connective tissue that enables lawyers and technologists to work together productively. This role translates legal requirements into technical specifications and translates technical constraints into legal solutions. Strong Legal Engineer teams produce tools that work both technically and operationally, delivering intended business outcomes.
---
## Part 6: In the Trenches
### The Agent That Processed 200 NDAs Per Month
A global professional services firm deployed an agentic AI system for NDA processing in early 2025. The agent’s workflow: receive incoming NDA from business development, compare against the firm’s standard NDA playbook, classify as Green (standard — auto-process), Amber (minor deviations — generate redlines and route for junior counsel review), or Red (material issues — escalate to senior counsel).
The first three months revealed an opportunity: the agent classified 12% of NDAs differently than expected — mostly false Greens (NDAs classified as standard that contained non-standard terms). The diagnosis: the playbook data used to train the agent needed enrichment with additional clause variants that counterparties commonly used.
The team invested six weeks in playbook enrichment — adding 85 additional clause variants with their risk classifications. They also added a “confidence threshold” to the agent: if the agent’s classification confidence fell below 85%, the NDA was automatically escalated to Amber regardless of the classification.
After enrichment, misclassification dropped to 2.1%. The agent processed an average of 200 NDAs per month, with 68% classified as Green (auto-processed), 26% as Amber (junior counsel review, average 20 minutes), and 6% as Red (senior counsel review). The firm estimated that the system freed approximately 140 hours of lawyer time per month — time that was redeployed to client-facing advisory work.
The critical success factor was not the AI technology. It was the quality of the playbook data — confirming, once again, that data quality determines AI effectiveness.
### The CLM That Became the Source of Truth
A mid-sized Australian technology company had a contract management problem that was also a revenue recognition problem. Their 3,200 active customer contracts lived in a combination of a legacy document management system, individual lawyers’ email archives, and a physical filing cabinet in the Sydney office (for agreements predating 2015). When the finance team needed to verify contract terms for revenue recognition under AASB 15, they relied on a spreadsheet maintained by a single paralegal — a spreadsheet that was approximately 78% accurate.
The new Head of Legal Ops proposed a CLM implementation with a dual objective: manage the contract lifecycle going forward and, through a migration project, bring all existing contracts into the system with structured metadata.
The migration was the hard part. An ALSP was engaged to review and tag the 3,200 existing contracts — extracting party names, contract values, key dates, governing law, renewal terms, and material obligations into structured fields. AI-assisted extraction handled 70% of the metadata; the remaining 30% required manual review due to non-standard formats.
Six months later, the CLM was live with both a forward-looking workflow (all new contracts originated and managed in the system) and a backward-looking repository (all legacy contracts searchable with structured metadata). The finance team retired the paralegal’s spreadsheet and built their revenue recognition processes directly on CLM data. The accuracy of contract data used for financial reporting went from 78% to 99.2%.
The CFO called it “the single most impactful legal technology investment the company has made” — because it solved problems that transcended traditional legal operations boundaries. It was fundamentally a financial reporting problem, a revenue assurance problem, and an audit risk management issue that demonstrated how contract data serves enterprise-wide decision-making.
### The Privilege Leak
A multinational corporation deployed a generative AI tool for litigation support. The tool was excellent at summarising deposition transcripts, identifying inconsistencies across witness statements, and drafting preliminary legal memoranda. Lawyers on the litigation team adopted it enthusiastically.
Six months into deployment, opposing counsel in a major dispute issued a discovery request that specifically included “all documents and communications generated by or through artificial intelligence systems in connection with this litigation.” The corporation’s outside counsel reviewed the AI system’s data architecture and discovered that the tool — a cloud-hosted SaaS platform — stored all inputs and outputs on shared infrastructure, with the vendor retaining access to the data for “product improvement” purposes. The vendor’s terms of service granted the vendor a licence to use input data for model training.
The opposing counsel’s challenge: by providing privileged litigation strategy materials to a third-party vendor with ongoing access and usage rights, the corporation had potentially waived privilege over those materials. The court’s ruling — delivered after four months of motion practice and USD 850,000 in legal fees — found privilege maintained for the specific documents at issue but signalled that future cases with more explicit vendor data usage might face different outcomes.
The corporation immediately migrated the tool to a private-cloud deployment with contractual terms prohibiting any vendor access to input or output data. They also implemented a mandatory privilege review checkpoint in the AI workflow: before any privileged content is processed through the AI system, a lawyer confirms that the data pipeline maintains privilege protections.
The episode required nearly USD 1 million in direct legal fees and generated a privilege precedent affecting their future litigation strategy. The lesson: governance frameworks must assess both AI tool functionality and data handling to protect privilege throughout the AI lifecycle.
---
## Checklist
**Technology Landscape & Maturity**
- **Assess your technology maturity.** Using the five-stage framework in Part 1, determine where your organisation currently sits across each legal technology category (CLM, matter management, e-billing, AI, etc.). Be specific — you may be Stage 3 for CLM workflow but Stage 1 for analytics. The gap between current and target state defines your investment roadmap.
- **Map your integration priorities.** List the three enterprise systems that most need contract or legal matter data (typically CRM, ERP, and procurement). For each, define the specific data fields that should flow between systems. This mapping is the specification for your middleware or integration project.
**CLM & Digital Playbooks**
- **Assess your CLM maturity level.** Using the five-level framework in Part 2, determine where your organisation currently sits. Gap analysis between current and target state defines your CLM investment roadmap.
- **Identify your top 3 playbook candidates.** Which contract types have the highest negotiation volume and the most predictable deviation patterns? These are your first digital playbook candidates. Start documenting the standard positions, acceptable deviations, and escalation triggers for each.
- **Quantify your compliance-by-design opportunity.** Identify one regulatory requirement that is currently enforced through manual review. Estimate the annual cost of that manual review (hours × rate) and the risk exposure from inconsistent enforcement. This is the business case for embedding that requirement in the CLM workflow.
**AI Strategy & Deployment**
- **Classify your AI readiness.** For your top 5 legal workflows by volume, assess: (1) Is the underlying data normalised and structured? (2) Is there a clear, documented process that the AI would follow? (3) Is there a measurable baseline for current performance? Workflows that answer “yes” to all three are AI-ready. Workflows that require foundation work become clear priority targets.
- **Make your build vs buy decision.** For your top AI use case, determine whether the workflow is commodity (buy), proprietary (build), or partially unique (configure). Use the decision framework in Part 3 to guide your decision.
- **Identify your RAG knowledge base starting point.** What is the most curated, authoritative, and well-maintained corpus of legal documents in your organisation? This — whether it is a playbook, a policy set, a template library, or a contract portfolio — is your RAG knowledge base seed.
- **Select one pilot use case.** Apply the four selection criteria from Part 3: high volume, low risk, measurable baseline, enthusiastic users. Commit to a 90-day pilot with defined evaluation metrics.
- **Establish your error management framework.** For the selected pilot use case, determine: what is the consequence of an AI error? If the consequence is manageable (a summary that needs correction), proceed with appropriate HITL checkpoints. If the consequence is significant (an auto-executed contract with incorrect terms), maintain human review checkpoints across the full cycle until accuracy proves itself reliably.
**AI Governance**
- **Audit your AI tools for privilege risk.** For every AI tool currently in use by the legal team, answer: Does the vendor have access to input data? Does the vendor retain output data? Do the vendor’s terms permit data usage for model training? Document privilege protection status for tools processing confidential content.
- **Draft (or update) your AI governance policy.** The policy should cover: approved tools, prohibited tools, data classification rules, HITL requirements by use case, privacy impact assessment triggers, and incident response procedures. This policy is your highest-priority governance deliverable.
- **Define your HITL checkpoints.** For each AI-powered workflow, specify: who reviews the output, what depth of review is required, what happens when the reviewer identifies an error, and how review outcomes are logged. Document this in an operational procedure that guides daily work.
- **Identify your Legal Engineer candidate.** Look across your legal and legal ops team for the individual who most naturally bridges legal and technical domains. Invest in their development through formal training in data literacy, prompt engineering, or workflow automation, as this role will define the effectiveness of your AI strategy.
## Suggested Reading
- [CLOC Core 12 - Technology Competency](https://cloc.org/cloc-core-12/)
- [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework)
- [OECD AI Principles](https://oecd.ai/en/ai-principles)
- [ISO/IEC 42001 (AI Management System)](https://www.iso.org/standard/81230.html)
- [Stanford HAI - AI Index Report](https://hai.stanford.edu/ai-index)