DONNA — Decision-Oriented Network Notarisation for Attorneys

The legal+AI moment

You opened the matter at 6:47 a.m.

The associate's draft is in your queue. The partner meeting is at nine. The client expects a redline by lunch. Somewhere on the way to the second coffee, you do the arithmetic every lawyer at your level is doing this year. If a tool can compress two billable hours into twenty minutes, the partner-track maths changes. Realisation rates change. The conversation you have with the managing partner about headcount changes. That conversation is now happening at most firms.

Three forces shape what is coming. The closed elite tier — Harvey, Legora — sits at USD 1,200–2,000 per lawyer per month, beyond reach for most small and mid-sized firms. The open-source wave — Will Chen's Mike, Joseph Breda's vLLM PR, Omnilex's DACH legal-research engine — is filling the gap. The regulatory drumbeat — the EU AI Act binds high-risk obligations from 2 August 2026 — makes "show your work" the rule, not the aspiration. DONNA sits in the middle of that.

What DONNA is

Take the lawyer out of the process. Keep their judgment in.

Senior lawyers spend a day a week coordinating the work around the work — arranging inputs, progressing steps, copy-pasting outputs between tools. The AI handles the task. The lawyer still handles the orchestration. That coordination is where billable hours go.

DONNA takes the orchestration. The lawyer speaks the intent — "send Sarah the M&A precedent we used for Dubrovnik, ask her to redline by Tuesday, copy Marcus when she replies" — and DONNA routes it: to the right person, the right system, the right tool. Every delegated decision becomes a structured record — an IDR (Intent Decision Record) — signed and linked to the one before it, like pages in a notary's logbook. Replayable for audit. Exportable in regulator-ready formats. Built on an open protocol so any AI runtime can read and verify it.

This is not transcription. We do not store voice notes for later interpretation. Speech is a means, not the product.

The acronym, decomposed

The brand is the verb; the acronym is the explanation. Each letter maps to an engineering primitive.

Decision

The unit of work in DONNA is the Decision. Every delegated action produces a structured record — an IDR (Intent Decision Record) — not a chat log buried in someone's history. Who decided, on what evidence, with what confidence: captured at the moment it happened.

Oriented

The whole architecture orients around Decisions — not around documents (like Mike, Harvey, Legora) and not around chats (like ChatGPT). The decision itself is the first-class object; documents and conversations are inputs to it. Orientation, not interface, is what makes DONNA a different category.

Network

Two networks at once. A network of language models — DONNA routes between providers (Anthropic, OpenAI, xAI, Gemini, DeepSeek, Qwen, and self-hosted vLLM / Ollama) so the firm is never locked to one vendor or one model's failure mode. A network of attorneys and matters — delegated decisions are preserved across the firm and across firms, not a single conversation.

Notarisation

Every delegated decision is signed and linked to the one before it — like a notary's stamp on each page of a logbook. The chain cannot be quietly altered. It replays for audit, for regulators, and for any partner who needs proof of what was decided and when.

(for) Attorneys

The legal vertical, exactly. Attorneys are both the audience DONNA serves and the partners who shape what it becomes. Not adjacent professions, not generalist agents — and not a finished product without practitioner expertise. We defer to experienced lawyers to tell us what is missing and to help build it.

Why this matters now

Privilege is now an architectural question.

Munir [2026] UKUT 81 (IAC) — the leading UK authority to date on AI and privilege — confirmed that pasting privileged material into a public AI tool waives legal professional privilege irrecoverably. Where your AI runs is now a privilege-preservation decision. The Upper Tribunal (Immigration and Asylum Chamber) was direct about it:

Case · UK

Munir v SSHD [2026] UKUT 81

"To put client letters and decision letters from the Home Office into a public AI tool, … is to place this information on the internet in the public domain, and thus to breach client confidentiality and waive legal privilege."

The Tribunal also drew an explicit line between public AI platforms and "closed-source AI tools which do not place information in the public domain" — describing the latter as acceptable for exactly these tasks. Privilege is not suspended. It is gone. Permanently. The supervising solicitor was referred to the SRA. The firm was referred to the ICO.

Self-hosted, audit-chained, never-leaves-the-firm is no longer a sales pitch. It is a practising-certificate question. DONNA is built for that question.

Source: caselaw.nationalarchives.gov.uk/ukut/iac/2026/81

And the law is converging at three layers — the bench, the contracts behind the tooling, and the regulatory pipeline. Each one points the same direction.

Commentary · US

Colorado: the wrapper-contract trap

"If your legal tech product is a wrapper, it may not be all it's wrapped up to be."

Carolyn Elefant — lawyer, AI-skills trainer, founder of MyShingle.com — flagged the structural risk in a recent LinkedIn analysis. A federal district court in Colorado ruled that AI tools may be used on documents under protective order only if contractual privacy protections exist: no training on the data, no third-party disclosure, deletion on request.

The trap for legal-tech: most products are wrappers on a foundation model owned by someone else. The Colorado standard requires the contractual protections to run at both layers — between the firm and the legal-tech vendor, AND between the vendor and the foundation-model provider behind the curtain.

"A robust no-training clause in your contract with the legal tech company does not help if the contract between the legal tech company and the foundational model lacks the same commitment."

DONNA's architectural answer: eliminate the second layer. Self-hosted on the firm's infrastructure, pointed at whatever model the firm hosts alongside it. The architectural answer to a contractual problem.

Source: Carolyn Elefant on LinkedIn · Federal District Court, Colorado (2026)

Regulation · EU + US

The regulatory pipeline is arriving

"Show your work" — the rule, not the aspiration.

Three pieces are landing on the same architectural answer in 2026.

EU AI Act — high-risk-system obligations bind from 2 August 2026. Article 13 requires transparency about how the system reaches its outputs. Article 12 mandates automatic event logging. Article 14 requires meaningful human oversight, not nominal. Each is satisfied automatically by an audit chain that signs every delegated decision and replays end-to-end.

California Rules of Professional Conduct — the State Bar has proposed amendments to six rules requiring attorneys to perform AI analysis, review, and transparency as part of legal-AI use. The proposed rules don't ask lawyers to think differently about AI — they ask for the artefacts (analysis + review + transparency) that an IDR audit chain produces as a side effect.

Personal-sanctions precedent already exists. A US Magistrate Judge sanctioned a lawyer for AI-fabricated citations in May 2026 — a marker that supervisory failure on AI is now a discipline matter, not an abstract guideline.

DONNA is built for these. The IDR primitive is the proof the firm assigns to itself, automatically.

Sources: EU AI Act (Reg. 2024/1689) · State Bar of California (proposed RPC amendments, May 2026) · This Week in Legal AI (Veronica Lopez, 6 May 2026)

The vendor-lock-in moment

Your UI is no longer the product. Your connector layer is.

In May 2026, Anthropic shipped Claude for Legal — twelve practice-area plugins, more than twenty MCP connectors (DocuSign, iManage, NetDocuments, LexisNexis, Thomson Reuters, and more), and a metered billing cutover (15 June) that moves programmatic SDK use off the Claude subscription onto credits. The same week, Anthropic's market position was being called "in freefall" on LinkedIn, with OpenAI's Codex and local-inference stacks moving in.

The same shape is visible across the field. One vendor owns the model. The same vendor owns the plugins. The same vendor owns the connectors. A firm that builds its AI workflow on top of that stack does not own its AI workflow — it rents it. The UI is a thin layer. The data model, the API, the connector contract — those are the product, and they belong to someone else.

Pattern · Industry

The closed-stack trap

"Normal SaaS thinking is dead. Your UI is no longer the product. Your API is. Your data model is. Your connector layer is."

Claude for Legal, Harvey, Legora — each ships the same shape: proprietary model, proprietary plugins, proprietary connectors. Switching cost is the moat. Migrate off and the work-product is stranded behind a contract surface designed to keep it there.

The post-Munir firm cannot accept that shape. Munir [2026] UKUT 81 (IAC) — the leading UK authority to date on AI and privilege — confirmed that pasting privileged material into a public AI tool waives legal professional privilege irrecoverably. Where your AI runs is now a privilege-preservation decision. Once that follows, so does portability: a firm that cannot move its work-product cannot guarantee where it runs next year. DONNA inverts the stack: open protocol, replaceable model, neutral connector layer. The firm owns the audit chain. The firm owns the data model. The model is a swappable component, not a landlord.

Source: David Arnoux on category strategy, May 2026 · Anthropic Claude for Legal announcement, May 2026

The replaceable-model architecture

DONNA is built on a four-layer open stack. Each layer has a defined contract; each is swappable; none of them is owned by a single vendor.

The open stack DONNA composes

GRIP — the substrate. Open critical-thinking and orchestration kernel.
HAL — the provider router. Anthropic, OpenAI, xAI, Gemini, DeepSeek, Qwen, vLLM, Ollama. One API, many backends.
MCP — the interface. The connector standard, not a vendor's plugin store.
happi.md / 1.1 — the audit envelope. Open protocol any runtime can read.
IDR — the cryptographic chain. Signed, replayable, regulator-ready.

The closed stack the market is shipping

Proprietary model bound to a single vendor's billing surface
Proprietary plugins, in a curated store, with the vendor's revenue share
Proprietary connectors, contractually fenced from competitor models
Audit logs that live inside the vendor's tenancy
Migration cost engineered to be larger than your renewal

DONNA's switching cost is zero. AGPL-3.0. The firm runs it on its own infrastructure, points it at whatever model meets the privilege test, and keeps the audit chain regardless of what the AI market does next quarter. AGORA — multi-model verification — sits on top: every important decision is checked against more than one model, and the disagreement itself is part of the record.

The journey

A clear starting point and a clear direction.

We are alpha. We publish the roadmap before the launch precisely because we are not finished. "A clear starting point and a clear direction makes being incomplete acceptable." Five waypoints from where we are today to the full Delegation Orchestration Layer. Each one is an invitation, not a promise.

Waypoint 1

Voice intent surface

Captures unstructured spoken intent — speaker, recipients, constraints, success criteria. Not transcription.

Current · alpha

Waypoint 2

Skill orchestration

Routes structured intent to the right destination — person, system, tool. Connectors, not replacements.

Next 3 months

Waypoint 3

IDR audit chain

Every delegated decision becomes a signed, chained, replayable record. Open protocol; engine licensed.

In flight

Waypoint 4

AI-agent PR review

Multi-model deliberation on PRs. DONNA eats its own substrate first — every PR leaves an audit trail.

Building

Waypoint 5

Full Delegation Orchestration Layer

The destination: a layer between intent and execution that absorbs the day-a-week of coordination.

The vision

DONNA — Decision-Oriented Network Notarisation for Attorneys

DONNA is the only legal AI that listens like a partner and signs like a notary.

— DONNA probat.

How someone might describe it

"DONNA handles the work around the work — so judgment stays with the lawyer."

"From intent to outcome. Without managing software."

"You speak. DONNA handles. Judgment stays yours."

Acknowledgements

DONNA is not downstream of Mike. DONNA is a different layer.

Mike, Harvey, and Legora generate the artefact — the draft, the summary, the redline. Extraordinary tools at that. But for a regulated practice, generation on its own is not enough. Every decision needs to be captured. Every output needs an evidence trail. Every step needs to replay for an auditor. That is the layer DONNA provides — discipline, diligence, rigour. The structural coherence a regulator can verify.

We do not replace Mike. We compose with it. Mike writes the work; DONNA records what was decided around the work. Generation and verification are different jobs. A serious legal practice needs both — and the open legal stack now makes both possible.

Mike

Will Chen · document layer

Open-source legal AI for drafting, summarisation, redlining. Shipped 29 April 2026. AGPL-3.0.

Mike PR #20

Joseph Breda · local-LLM provider

vLLM-based self-hosted inference for Mike — the architectural primitive that makes Mike usable inside regulated firms.

Omnilex

Ismael Seck & Marco Henri · knowledge layer

Zurich-built legal-research engine focused on DACH legal systems. Raised USD 4.5M in November 2025 to expand its reasoning engine.

happi.md v1.1

Open audit-chain protocol

The protocol DONNA implements. Passport for AI agents. Open and stable; any runtime can read it.

CloseVector

Dean Hoffman · search-layer audit

On-premises AI document search with cryptographic verification of every retrieval. Patent pending; proprietary. Audit-chain primitive at the search layer (DONNA does the same at the delegation layer). The market is converging on the answer — different layers, same architectural insight.

Score your firm

Three decisions that separate firms that scale from firms that stall.

Most partners know something is wrong with how their firm delegates — but cannot name it precisely enough to fix it. The Delegation Power Score is a three-minute diagnostic. Ten questions. One score. A clear list of your firm's top two bottlenecks, and where DONNA fits.

Where does the reasoning go?

When a partner decides something about a matter, that reasoning usually disappears. The next lawyer starts from scratch. The IDR is the fix.

Who actually has authority?

Delegation without a clear authority boundary means every decision migrates back up. Firms that answer this score 40 points higher on average.

Can you replay it for a regulator?

Post-Munir, "we have good practices" is not an answer. A signed, linked chain of decisions is. That chain is what DONNA builds automatically.

The quiz is structured around the same three-decision lens used in DONNA's design. It teaches even if you never use the product. Confidentiality you can verify, not confidentiality you have to trust.

Take the Delegation Power Score 3 minutes · 10 questions · no email required to see your score

Join us

Be part of the story we write together.

DONNA is alpha and we say so. The roadmap is published, the gaps are named, and the door is open. If your firm needs something that we have not yet built, tell us. If something here is missing, tell us. The path is shared.

— or —

View on GitHub Read happi.md v1.1 Read The Fold (PDF) The Confidentiality Decision (2-min brief)

Prefer it managed — with senior-review tooling, enterprise integrations, and white-glove onboarding? That is Chief of Staff Pro, the commercial surface built on DONNA.

DONNA handles the work around the work.