DONNA — Decision-Oriented Network Notarisation for Attorneys

The legal+AI moment

You opened the matter at 6:47 a.m.

The associate's draft is in your queue. The partner meeting is at nine. The client expects a redline by lunch. Somewhere on the way to the second coffee, you do the arithmetic every lawyer at your level is doing this year. If a tool can compress two billable hours into twenty minutes, the partner-track maths changes. Realisation rates change. The conversation you have with the managing partner about headcount changes. That conversation is now happening at most firms.

Three forces shape what is coming. The closed elite tier — Harvey, Legora — sits at USD 1,200–2,000 per lawyer per month, beyond reach for most small and mid-sized firms. The open-source wave — Will Chen's Mike, Joseph Breda's vLLM PR, Omnilex's DACH legal-research engine — is filling the gap. The regulatory drumbeat — the EU AI Act binds high-risk obligations from 2 August 2026 — makes "show your work" the rule, not the aspiration. DONNA sits in the middle of that.

What DONNA is

Take the lawyer out of the process. Keep their judgment in.

Senior lawyers spend a day a week coordinating the work around the work — arranging inputs, progressing steps, copy-pasting outputs between tools. The AI handles the task. The lawyer still handles the orchestration. That coordination is where billable hours go.

DONNA takes the orchestration. The lawyer speaks the intent — "send Sarah the M&A precedent we used for Dubrovnik, ask her to redline by Tuesday, copy Marcus when she replies" — and DONNA routes it: to the right person, the right system, the right tool. Every delegated decision becomes a structured record — an IDR (Intent Decision Record) — signed and linked to the one before it, like pages in a notary's logbook. Replayable for audit. Exportable in regulator-ready formats. Built on an open protocol so any AI runtime can read and verify it.

This is not transcription. We do not store voice notes for later interpretation. Speech is a means, not the product.

The acronym, decomposed

The brand is the verb; the acronym is the explanation. Each letter maps to an engineering primitive.

Decision

The unit of work in DONNA is the Decision. Every delegated action produces a structured record — an IDR (Intent Decision Record) — not a chat log buried in someone's history. Who decided, on what evidence, with what confidence: captured at the moment it happened.

Oriented

The whole architecture orients around Decisions — not around documents (like Mike, Harvey, Legora) and not around chats (like ChatGPT). The decision itself is the first-class object; documents and conversations are inputs to it. Orientation, not interface, is what makes DONNA a different category.

Network

Two networks at once. A network of language models — DONNA routes between providers (cloud, self-hosted, on-device) so the firm is never locked to one vendor or one model's failure mode. A network of attorneys and matters — delegated decisions are preserved across the firm and across firms, not a single conversation.

Notarisation

Every delegated decision is signed and linked to the one before it — like a notary's stamp on each page of a logbook. The chain cannot be quietly altered. It replays for audit, for regulators, and for any partner who needs proof of what was decided and when.

(for) Attorneys

The legal vertical, exactly. Attorneys are both the audience DONNA serves and the partners who shape what it becomes. Not adjacent professions, not generalist agents — and not a finished product without practitioner expertise. We defer to experienced lawyers to tell us what is missing and to help build it.

Why this matters now

Privilege is now an architectural question.

In November 2025, the UK Upper Tribunal handed down Munir v Secretary of State for the Home Department — the first English judgment to address whether public AI services destroy legal privilege. The ruling was unequivocal:

Case · UK

Munir v SSHD [2026] UKUT 81

"To put client letters and decision letters from the Home Office into a public AI tool, … is to place this information on the internet in the public domain, and thus to breach client confidentiality and waive legal privilege."

The Tribunal also drew an explicit line between public AI platforms and "closed-source AI tools which do not place information in the public domain" — describing the latter as acceptable for exactly these tasks. Privilege is not suspended. It is gone. Permanently. The supervising solicitor was referred to the SRA. The firm was referred to the ICO.

Self-hosted, audit-chained, never-leaves-the-firm is no longer a sales pitch. It is a practising-certificate question. DONNA is built for that question.

Source: caselaw.nationalarchives.gov.uk/ukut/iac/2026/81

And the law is converging at three layers — the bench, the contracts behind the tooling, and the regulatory pipeline. Each one points the same direction.

Commentary · US

Colorado: the wrapper-contract trap

"If your legal tech product is a wrapper, it may not be all it's wrapped up to be."

Carolyn Elefant — lawyer, AI-skills trainer, founder of MyShingle.com — flagged the structural risk in a recent LinkedIn analysis. A federal district court in Colorado ruled that AI tools may be used on documents under protective order only if contractual privacy protections exist: no training on the data, no third-party disclosure, deletion on request.

The trap for legal-tech: most products are wrappers on a foundation model owned by someone else. The Colorado standard requires the contractual protections to run at both layers — between the firm and the legal-tech vendor, AND between the vendor and the foundation-model provider behind the curtain.

"A robust no-training clause in your contract with the legal tech company does not help if the contract between the legal tech company and the foundational model lacks the same commitment."

DONNA's architectural answer: eliminate the second layer. Self-hosted on the firm's infrastructure, pointed at whatever model the firm hosts alongside it. The architectural answer to a contractual problem.

Source: Carolyn Elefant on LinkedIn · Federal District Court, Colorado (2026)

Regulation · EU + US

The regulatory pipeline is arriving

"Show your work" — the rule, not the aspiration.

Three pieces are landing on the same architectural answer in 2026.

EU AI Act — high-risk-system obligations bind from 2 August 2026. Article 13 requires transparency about how the system reaches its outputs. Article 12 mandates automatic event logging. Article 14 requires meaningful human oversight, not nominal. Each is satisfied automatically by an audit chain that signs every delegated decision and replays end-to-end.

California Rules of Professional Conduct — the State Bar has proposed amendments to six rules requiring attorneys to perform AI analysis, review, and transparency as part of legal-AI use. The proposed rules don't ask lawyers to think differently about AI — they ask for the artefacts (analysis + review + transparency) that an IDR audit chain produces as a side effect.

Personal-sanctions precedent already exists. A US Magistrate Judge sanctioned a lawyer for AI-fabricated citations in May 2026 — a marker that supervisory failure on AI is now a discipline matter, not an abstract guideline.

DONNA is built for these. The IDR primitive is the proof the firm assigns to itself, automatically.

Sources: EU AI Act (Reg. 2024/1689) · State Bar of California (proposed RPC amendments, May 2026) · This Week in Legal AI (Veronica Lopez, 6 May 2026)

The journey

A clear starting point and a clear direction.

We are alpha. We publish the roadmap before the launch precisely because we are not finished. "A clear starting point and a clear direction makes being incomplete acceptable." Five waypoints from where we are today to the full Delegation Orchestration Layer. Each one is an invitation, not a promise.

Waypoint 1

Voice intent surface

Captures unstructured spoken intent — speaker, recipients, constraints, success criteria. Not transcription.

Current · alpha

Waypoint 2

Skill orchestration

Routes structured intent to the right destination — person, system, tool. Connectors, not replacements.

Next 3 months

Waypoint 3

IDR audit chain

Every delegated decision becomes a signed, chained, replayable record. Open protocol; engine licensed.

In flight

Waypoint 4

AI-agent PR review

Multi-model deliberation on PRs. DONNA eats its own substrate first — every PR leaves an audit trail.

Building

Waypoint 5

Full Delegation Orchestration Layer

The destination: a layer between intent and execution that absorbs the day-a-week of coordination.

The vision

DONNA is the only legal AI that listens like a partner and signs like a notary.

— DONNA probat.

How someone might describe it

"DONNA handles the work around the work — so judgment stays with the lawyer."

"From intent to outcome. Without managing software."

"You speak. DONNA handles. Judgment stays yours."

Acknowledgements

DONNA is not downstream of Mike. DONNA is a different layer.

Mike, Harvey, and Legora generate the artefact — the draft, the summary, the redline. Extraordinary tools at that. But for a regulated practice, generation on its own is not enough. Every decision needs to be captured. Every output needs an evidence trail. Every step needs to replay for an auditor. That is the layer DONNA provides — discipline, diligence, rigour. The structural coherence a regulator can verify.

We do not replace Mike. We compose with it. Mike writes the work; DONNA records what was decided around the work. Generation and verification are different jobs. A serious legal practice needs both — and the open legal stack now makes both possible.

Mike

Will Chen · document layer

Open-source legal AI for drafting, summarisation, redlining. Shipped 29 April 2026. AGPL-3.0.

Mike PR #20

Joseph Breda · local-LLM provider

vLLM-based self-hosted inference for Mike — the architectural primitive that makes Mike usable inside regulated firms.

Omnilex

Ismael Seck & Marco Henri · knowledge layer

Zurich-built legal-research engine focused on DACH legal systems. Raised USD 4.5M in November 2025 to expand its reasoning engine.

happi.md v1.1

Open audit-chain protocol

The protocol DONNA implements. Passport for AI agents. Open and stable; any runtime can read it.

CloseVector

Dean Hoffman · search-layer audit

On-premises AI document search with cryptographic verification of every retrieval. Patent pending; proprietary. Audit-chain primitive at the search layer (DONNA does the same at the delegation layer). The market is converging on the answer — different layers, same architectural insight.

Join us

Be part of the story we write together.

DONNA is alpha and we say so. The roadmap is published, the gaps are named, and the door is open. If your firm needs something that we have not yet built, tell us. If something here is missing, tell us. The path is shared.

— or —

View on GitHub Read happi.md v1.1

DONNA handles the work around the work.