The Nippon Life v. OpenAI lawsuit is about a chatbot. A user asked ChatGPT questions. ChatGPT generated text. The user copied that text into court filings. The liability theory is that the text constituted legal advice.
That is the simple version of the problem. The harder version is already here.
The legal technology industry is moving from chatbots to agents: AI systems that do not just generate text but take actions, drafting documents, triggering workflows, sending communications, coordinating multi-step processes across systems, and increasingly executing work that used to sit inside a human legal workflow.
In Legalweek 2026 coverage and panel recaps, the chatbot-to-agent shift was a recurring theme. Anna Gressel, partner at Freshfields and global lead for AI, described agentic AI as one of the biggest AI governance challenges facing legal teams right now.
She is right. And the governance frameworks most organizations have built so far were designed for chatbots, not agents.
The Difference Between Generating and Acting
A chatbot generates a response. A human reads it, decides whether to use it, and takes the action. The human is the checkpoint. When something goes wrong, a hallucinated citation, a misapplied statute, a bad legal argument, the failure is tied to the human's reliance on the output.
An agent acts. It receives an objective, plans a sequence of steps, and executes them, potentially across multiple systems, with multiple decision points, over an extended period. A human may approve the plan, but the individual steps inside the plan may execute without per-step human review.
This is not a theoretical distinction. Legal AI vendors are already building and selling agentic workflows: document review pipelines that triage, classify, and route; contract analysis systems that extract terms, flag risks, and propose redlines; intake systems that assess eligibility, route to practice areas, and generate initial documents.
Many of these workflows contain decision points that, if made by a human, could be treated as the practice of law.
Why Chatbot Governance Does Not Transfer
Most legal AI governance frameworks built in 2024 and 2025 follow a familiar pattern: approved use cases, acceptable prompts, output review requirements, and a policy document stating that attorneys must verify AI-generated work. That framework assumes a human reviews every output before it reaches a client, a court, or a counterparty.
Agentic systems break that assumption. When an AI agent executes a twelve-step workflow, classify the matter, identify the jurisdiction, pull the relevant statute, draft the document, check for conflicts, format for filing, and route for signature, the governance question is no longer "did a human review the output?" It is: which steps require human review, what constitutes adequate review at each step, and what happens when a step executes incorrectly before a human sees it?
The Nippon case involves a chatbot where a human chose to use every output. In an agentic system, some outputs are intermediate. They are consumed by the next step in the workflow, not by a human. The governance surface expands from a single review point to every junction in the pipeline.
The Moderna Model: Legal Goes First
One of the more instructive approaches described in Legalweek-related coverage came from Henry Hagen at Moderna. Moderna deployed OpenAI's tools enterprise-wide, but the legal team went first. The reasoning was straightforward: if legal understands the guardrails, trap doors, and safe lanes before the rest of the organization adopts, the company moves faster because legal is not playing catch-up later.
That is the opposite of how many organizations adopted AI. In many companies, employees started using ChatGPT on their own, legal found out later, and the governance framework was written retrospectively to describe behavior that was already happening.
The better model treats governance as infrastructure, not policy. The legal team does not just write the rules. It uses the tools early, discovers the failure modes, and helps build the constraints into deployment before adoption scales.
For most legal organizations, that is not realistic without purpose-built systems. Moderna can devote serious internal resources to governance design. A 15-person law firm cannot. They need platforms that have already made those architectural decisions.
What Governance for Agentic Legal AI Actually Requires
The Legalweek panel recaps, including Gressel from Freshfields, Galia Amram from OpenAI, Hagen from Moderna, moderated by Bridget McCormack at the AAA, converged on a consistent message: governance is hard, imperfect, and still immature across the industry. But waiting for a perfect framework is not a real option.
That is the right framing. But what does non-chatbot governance actually look like?
Approval gates, not just output review. In an agentic workflow, the system should require human approval at defined decision points, not just at the end. An attorney should approve the jurisdiction determination before the system pulls statutes. An attorney should approve the document draft before the system routes it for signature. The architecture must define where humans intervene, not just whether they do.
Audit trails, not disclaimers. Every step an agent takes should be logged, attributed, and reviewable. When a document reaches a client, the attorney should be able to trace which steps the system executed, which data it used, and which decisions it made. This is not a compliance checkbox. It is a design requirement for professional responsibility.
Jurisdiction-aware behavior, not global defaults. An agent operating in Minnesota should behave differently than one operating in New York, not just in the content it generates, but in what it is willing to do. The unauthorized practice of law is defined differently in every state, and an agentic system that ignores jurisdictional boundaries accumulates risk in every jurisdiction it touches.
Scope constraints, not usage policies. A chatbot governance model can say "do not use this for legal advice." An agent governance model must say "this system will not do X" and enforce it in the architecture. The system should be incapable of taking actions outside its defined scope, not merely discouraged from doing so by a policy document.
The Frontier Model Problem Compounds
The companies building directly on frontier models, OpenAI, Anthropic, Google, control their governance stack. They decide what the model can do, how agents are scoped, and where human checkpoints live.
The growing number of legal AI startups building on top of those frontier models inherit the base model's capabilities but remain responsible for the governance layer. If a legal AI startup ships an agentic product that files documents, routes matters, or generates client-facing communications, the startup, not the frontier model provider, will usually carry the closer product liability surface.
New York's S7263 makes the direction of travel clear. The focus is on the proprietors who deploy the system, not just the developers who built the underlying model.
How We Think About This at FlowCounsel
FlowCounsel's architecture is designed for the agentic future, not just the chatbot present.
Our matter management system uses a specialist architecture where AI agents propose and attorneys approve. The agent drafts; the attorney reviews, edits, and authorizes. Every action is logged. Every document is traceable. The attorney's judgment is the checkpoint, and the system is designed so that checkpoint cannot be bypassed.
On the consumer side, FlowLawyers routes users to attorneys, legal aid, and legal information. It does not act on behalf of users. It does not file documents. It does not send communications to opposing parties. The system's scope is constrained by design, not by a disclaimer that users can ignore.
This is not just a product feature. It is an architectural requirement for building legal AI that will still be operating when the regulatory landscape finishes forming.
The Bigger Risk Is Not Doing Anything
The consistent message across the Legalweek governance discussions and recaps was that the governance challenge is real, imperfect, and unsolved, but waiting for someone else to solve it is not an option.
The tools are already in use. Corporate legal departments went from 44% to 87% AI adoption in a single year, according to data shared by Relativity at Legalweek. The question is no longer whether legal professionals will use AI. It is whether the tools they use are designed for the responsibilities they carry.
The firms and platforms that build governance into the product, not the policy manual, will be the ones standing when the dust settles. The ones that disclaimed their way through the chatbot era will find that disclaimers do not transfer cleanly to the agentic era.
When an AI agent acts, someone is responsible. The architecture determines who.
FlowCounsel is the AI-native operating system for legal teams. FlowLawyers is the consumer-facing legal help platform with attorney discovery, legal aid routing, state-specific legal information, and document tools. Neither provides legal advice. Attorney supervision of all AI output is required.