← Free risk checker
HomeChatbot Compliance → Kira Systems (Litera) EU AI Act
LIMITED RISK — Article 50 transparency required
Deadline: 2 August 2026. Article 50 has NOT been deferred by the Digital Omnibus. You need a disclosure on your Kira Systems (Litera) chatbot before this date. Fine for non-compliance: up to €15M or 3% of turnover.

Kira Systems EU AI Act Compliance: Legal AI and Contract Review in 2026

Kira Systems — now part of Litera — uses machine learning to identify and extract provisions from contracts, supporting due diligence, lease abstraction, and regulatory review workflows. For law firms and legal departments using Kira across EU matters, the EU AI Act creates specific governance obligations.

Minimal to limited risk for most use: Kira AI used for contract review and provision extraction to support human lawyers = minimal EU AI Act risk. Kira AI used in workflows that produce outputs directly affecting individuals' legal rights (employment contracts, consumer agreements, regulatory determinations) = context-dependent risk. The professional responsibility of the supervising lawyer does not transfer to the AI.

What you need to do — step by step

  1. Establish a supervision policy: all Kira AI contract extractions must be reviewed by a qualified lawyer before being relied upon in legal advice, transactions, or filings
  2. Document AI-assisted work: note in matter files where Kira AI was used for due diligence or provision extraction, and who reviewed the AI output
  3. Do not rely on Kira AI output for high-stakes legal determinations (regulatory compliance conclusions, litigation risk assessments) without independent lawyer verification
  4. For employment matters: take particular care with AI-extracted employment contract provisions — errors in this context may create Annex III risk exposure if AI output directly affects employment decisions
  5. Update your law firm or legal department's AI use policy to include Kira Systems/Litera guidance
  6. Ensure all legal staff using Kira understand that AI contract review has known limitations with unusual clauses, non-standard drafting, and jurisdiction-specific interpretation
  7. Review your Kira/Litera data processing agreement for EU data residency and GDPR compliance — legal matters often contain personal data

Ready-to-use disclosure text for Kira Systems (Litera)

Copy one of these into your Kira Systems (Litera) bot's opening message:

This contract summary was prepared with AI-assisted review (Kira/Litera) and has been reviewed and verified by [Solicitor Name].
AI-assisted due diligence. All findings reviewed and confirmed by qualified legal counsel.
This provision extraction was generated using AI tools and verified by [Attorney Name, Bar No.].

Need this in French, German, Spanish, Dutch, Polish, Italian?

The Chatbot Compliance Pack includes 7 language variants, a T&C clause template, a privacy policy AI section, and the Article 50(2) machine-readable marking guide.

Get Chatbot Compliance Pack — €49 →
Or use the free disclosure generator →

Kira Systems and the EU AI Act: legal AI in practice

What Kira Systems does and its EU AI Act position

Kira Systems (acquired by Litera in 2022) is a machine learning platform that identifies and extracts provisions from contracts and legal documents. Its core function is to accelerate document review — finding change-of-control clauses, assignment restrictions, termination provisions, and thousands of other defined concepts across large document sets at a speed no human team can match. This is AI in a research-support role: it identifies and flags, while lawyers review, interpret, and advise.

The EU AI Act's formal high-risk categories do not include "legal document review AI" as a named category. Legal AI tools like Kira fall outside the enumerated Annex III categories for most standard use cases. This does not mean governance is unimportant — it means the governance framework is professional responsibility rather than EU AI Act mandatory compliance, for most deployments.

When EU AI Act risk escalates for Kira deployments

Two scenarios bring Kira closer to EU AI Act high-risk territory. First, AI-assisted review of employment contracts where AI extraction errors could affect individual employees' rights — incorrect extraction of non-compete provisions, notice periods, or benefits entitlements that are then relied upon in employment decisions approaches Annex III Category 4. Second, AI-assisted regulatory compliance review for highly regulated sectors (financial services, healthcare, critical infrastructure) where AI errors in identifying compliance obligations could have significant consequences for individuals' access to services — this approaches the spirit of several Annex III categories even if not a precise fit.

For both scenarios, the mitigation is the same: mandatory qualified lawyer review of all AI-extracted provisions before any reliance, documented supervision, and a clear audit trail showing human oversight of AI output.

Professional responsibility: the overlay on top of the EU AI Act

For law firms, legal professional responsibility rules add a layer of governance on top of the EU AI Act. In most EU jurisdictions, a lawyer advising a client bears professional responsibility for the quality and accuracy of that advice — regardless of whether AI tools assisted in its preparation. AI-generated contract extraction that contains errors does not excuse the supervising lawyer from professional responsibility. This means the governance standard for Kira AI output is set by professional conduct rules, not just the EU AI Act — and those rules effectively require the same human oversight the AI Act would mandate for high-risk systems.

Frequently asked questions

Is Kira Systems classified as high-risk under the EU AI Act?
Standard Kira Systems use for due diligence and contract provision extraction to support human lawyers is not formally high-risk under EU AI Act Annex III. Risk escalates when AI-extracted provisions are used in employment decisions, regulatory filings, or other contexts matching Annex III categories. For most law firm and legal department use cases, the EU AI Act governance obligation is modest — mandatory human review and documentation of AI-assisted work.
Can law firms use Kira AI for client work without disclosing AI use?
Bar association rules on AI use in client work vary by jurisdiction and are evolving rapidly. Several EU jurisdictions are developing guidance that requires disclosure of significant AI use in client matters. Independently of bar rules, best practice is to note in engagement letters and matter files where AI-assisted review tools were used. This also creates a clear record of human oversight for any future EU AI Act compliance query.
Kira was acquired by Litera — does this affect our contract or compliance obligations?
The acquisition does not change your deployer obligations under the EU AI Act or your GDPR data processing relationship. Review your contract with Kira/Litera to confirm that Litera has assumed Kira's data processing obligations, and ensure your DPA is current with the Litera entity. The technical capability and EU AI Act risk profile of the Kira platform itself has not changed materially.
What data protection obligations apply to legal matters reviewed with Kira?
Legal matters frequently contain personal data — names, addresses, financial information, health data, employment details. GDPR applies to all personal data processed via Kira. Ensure: (1) Kira/Litera is listed as a data processor in your GDPR records, (2) your DPA covers AI processing, (3) client matter data is not retained in Kira beyond the project duration without client consent, (4) EU data residency options are confirmed for EU-related matters.