AI contract review for UK governing law that returns clause-by-clause risk scores, flags US-vs-UK terminology errors, compares against market standards, and runs in a UK-data-resident closed-source environment SRA solicitors can actually use.

Source signals

• **SIG-legal-uk-jurisdiction-blindness** (RECURRING, 4 sources): "ChatGPT was trained on a mixture of global sources, including US law, which differs significantly from the legal systems of England & Wales, Scotland, and Northern Ireland... it may not cite or apply [Civil Procedure Rules] correctly, or may reference rules that don't exist at all." (advicehub.co.uk + Open University study)
• **SIG-nda-jurisdiction-aware-review** (RECURRING, 2 sources): "ChatGPT processes the text of your contract the same way it processes a recipe or a poem... it doesn't understand what the words do — how they interact with governing law, how they compare to market standards, where the asymmetries hide." (ClauseLabs NDA test + r/LegalAdviceUK confused contractor)
• **SIG-solicitor-confidentiality-chatgpt** (SINGLE, structural): "The Upper Tribunal has warned lawyers against putting client documents into ChatGPT... 'is to place this information on the internet in the public domain, and thus to breach client confidentiality and waive legal privilege.'" (Legal Futures, Feb 2026)

Reasoning

UK legal AI is a textbook ai-vertical-assistant: generic LLMs fail on three vectors simultaneously — jurisdiction confusion (UK vs US procedure), mismatch-blindness (NDA governing law vs operative clauses), and SRA confidentiality blocks (Upper Tribunal Feb 2026 ruling). Three RECURRING signals across 8 distinct sources confirm structural demand. The product is a clause-by-clause risk-report engine (not chat) running on UK-data-residency infra with a small CPR/Scots-law/UK-NDA-market-standard knowledge base. Build is 10-14 days solo for the MVP; the moat is the curated UK-contract reference dataset + SRA-readiness paperwork (ICO, Cyber Essentials, audit trail). Dual revenue: B2B for solicitors (£79-149/mo) + B2C self-serve for contractors signing NDAs (£19/mo or £9/doc).

Quick competitive read

• **ClauseLabs** (US/global) — close in positioning but not UK-jurisdiction-specific
• **Spellbook** (CA/US) — Word add-in, US/Canada focus
• **Harvey AI** (US, $100M ARR) — enterprise-only, BigLaw clients
• **AdviceHub** — UK content site warning about ChatGPT, no tool

White space at the SRA-compliant solo-solicitor / SMB-contractor £79-149/mo tier — competitive pressure 3-4/10.

Initial pricing hypothesis

B2B £79/mo Solo (50 contracts) → £149/mo Firm → £299/mo Practice; B2C £19/mo unlimited NDA review or £9/doc. UK solo solicitor billing rate £180/hr means ROI on first review of the month.

Distribution hypothesis

SEO on "UK NDA review", "is this contract enforceable UK" + r/LegalAdviceUK value posts + LinkedIn DM outreach to solo solicitors + Law Society / Bar Council webinar speaker slot on "AI without SRA confidentiality breach".

What we ship

**Core features (MVP)**

• **Paste/upload contract → clause-by-clause risk score** — UK governing law (E&W + Scots law of contract); Claude Sonnet 4.6 via UK-residency endpoint + private CPR / Scots-law / SRA-rule corpus in pgvector.
• **CPR + Scots-law + SRA-checked redlines** — each clause tagged high/med/low risk with a suggested redline and market-standard comparison drawn from UK NDA/MSA conventions.
• **US-vs-UK terminology detection** — flags "motion to dismiss" → "strike out application", "attorney" → "solicitor", non-existent CPR citations, governing-law mismatches.
• **UK-residency endpoint disclaimer + audit-trail** — banner "Runs on UK-residency Anthropic endpoint with zero retention, per-tenant encryption, 30-day auto-delete, tamper-evident log — usable under SRA Para 6.3 / 6.4".
• **Companies House counterparty lookup** — auto-resolves the other party, flags dormant / in-administration companies.

**Primary user flow**

1. Solicitor or SMB owner logs in → drag-and-drop PDF/DOCX contract (NDA, MSA, contractor agreement, lease).

2. 30-90 seconds later a risk-report appears: clause-by-clause table, US/UK errors, market-standard deviations, suggested redlines.

3. User accepts / rejects each redline → export back to Word with track-changes, or annotated PDF.

4. File auto-deletes after 30 days; audit log keeps hash + timestamp + decisions for SRA inspection.

**What it looks like**

• **Landing (GBP)**: hero "UK contract review AI — built for SRA confidentiality, not Silicon Valley", side-by-side gallery of ChatGPT US-vs-UK errors we catch, badges "UK data residency / Cyber Essentials Plus / ICO registered", prices £79 / £149 / £299/mo + £19/mo B2C.
• **Main app**: split view — left pane contract with clauses highlighted, right pane risk-report colour-coded high/med/low, bottom toolbar accept/reject redlines + export.
• **SRA Compliance pack**: dedicated "SRA Audit Trail" page with per-document hash, retention countdown, DPIA link, Cyber Essentials Plus certificate, explicit "not legal advice; consult a registered solicitor for reserved legal activities under Legal Services Act 2007" disclaimer.

**MVP build plan — 12 days**

• Day 1-2: FastAPI + Postgres (eu-west-2) + pgvector + Stripe GBP.
• Day 3-5: curate 200-300 UK NDA / MSA / contractor-agreement reference set with scored clauses (main moat).
• Day 6-8: Claude UK-residency endpoint + clause-extraction + risk-scoring pipeline.
• Day 9-10: Companies House counterparty lookup + DOCX export with track-changes.
• Day 11: Cloudflare Pages frontend + 30-day auto-delete cron + tamper-evident audit log.
• Day 12: ICO DPIA draft + soft launch with 10 SRA solo solicitors as a pilot cohort.