[EDRM Editor’s Note: This article was first published here on August 24, 2025, and EDRM is grateful to Rob Robinson, editor and managing director of Trusted Partner ComplexDiscovery, for permission to republish.]
ComplexDiscovery Editor’s Note: Results—not rhetoric—define this month’s issue of the ComplexDiscovery OÜ newsletter. From corporate boardrooms to military command centers, the conversation around AI has matured. It’s no longer about if AI should be used, but how to embed it safely, ethically, and effectively into workflows that demand confidentiality, defensibility, and trust. This issue connects the dots across cybersecurity, legal tech, and information governance, offering practitioners a candid snapshot of emerging challenges and proven strategies. We also take a moment to honor the late Kaylee Walstad, whose dedication to mentorship and inclusion left a lasting mark on our field. Whether examining MIT’s latest analysis on AI outcomes, recapping pivotal conversations from ILTACON 2025, or tracking policy shifts on encryption and AI in military contexts, one theme persists: systems that work are built on governance, guided by accountability, and sustained by people who care deeply about doing the job right and foresight.
Welcome to the August 2025 issue of the ComplexDiscovery OÜ newsletter.
This month, we explore a single narrative that spans cybersecurity, information governance, and eDiscovery: results over rhetoric. Leaders are asking not whether to adopt AI, but how to adopt it responsibly—without compromising confidentiality, evidentiary integrity, or public trust. We also note, with deep sadness, the recent passing of Kaylee Walstad (1962–2025), whose leadership and kindness strengthened this community; we honor her by continuing the work she championed.
Leaders are asking not whether to adopt AI, but how to adopt it responsibly—without compromising confidentiality, evidentiary integrity, or public trust.
Rob Robinson, Editor and Managing Director, ComplexDiscovery.
We open with the new MIT analysis on corporate AI outcomes, which lands like a cold splash of water amid the hype. Despite staggering investment, most initiatives still struggle to produce measurable value. The lesson for practitioners is practical rather than pessimistic: start with the workflow, not the model; hardwire governance and risk controls at design time, not after a proof of concept; and measure what matters—cycle time, quality, safety, and cost—rather than vanity metrics. Data readiness, process fit, and clear decision rights separate pilots that fade from platforms that scale. In short, choose problems deliberately, instrument processes thoroughly, and treat AI as an operating capability, not a bolt‑on gadget.
That framing carried directly into ILTACON 2025, where Reena SenGupta urged the legal industry to rethink its roots. Drawing on nearly three decades of research and advisory work, she described the modern legal enterprise as a living system—less machine, more mycelium—where value emerges from the quality of the connections. Her seven “evolutions” translate vision into practice: proactive services instead of reactive firefighting; multidisciplinary teams blending legal, data, and design; predictive tools that enhance human judgment. The message for legal technologists was unmistakable: invest in the connective tissue—data stewardship, user experience, and change management—with the same intent you bring to technology selection.
That blend of realism and reinvention animated the Discovery & Litigation Support Roundtable at ILTACON, moderated by David Horrigan (Relativity) with Janis Cheston (Miller Thomson LLP), Scott Milner (Morgan, Lewis & Bockius LLP), Melissa Weberman (Arnold & Porter Kaye Scholer LLP), and Phil Weldon (Hecker & Fink LLP). The conversation traced a memorable arc from Bates Stamps to bots—linking the methodical rise of TAR to the sprint of generative AI. What endured were the operational constants: cooperation and proportionality, billing that rewards value rather than volume, and governance that keeps innovation auditable. Tools change; disciplined thinking is the throughline that makes discovery defensible.
As AI moves from experimentation to everyday use, confidentiality has become the sharp edge of the learning curve. Public comments from OpenAI leadership made plain that standard ChatGPT interactions do not carry attorney–client privilege. For law firms and corporate legal departments, that reality reframes risk. Prompts, outputs, and logs may be discoverable; client identifiers and matter details can slip into experimentation; subpoenas could follow. The path forward is concrete: dedicate secure environments, apply matter‑based access controls, update client disclosures, red‑team prompts and outputs, and calibrate retention for audit and discovery. Digital discretion must be deliberate, not assumed.
As AI moves from experimentation to everyday use, confidentiality has become the sharp edge of the learning curve. Public comments from OpenAI leadership made plain that standard ChatGPT interactions do not carry attorney–client privilege.
Rob Robinson, Editor and Managing Director, ComplexDiscovery.
Encryption policy, often treated as abstract doctrine, produced a tangible outcome this month. Apple’s successful pushback against a UK Technical Capability Notice—withdrawn after sustained U.S. diplomatic engagement—reaffirmed end‑to‑end encryption as a strategic asset for both privacy and compliance. For global enterprises, that means more than headline relief. Strong cryptography preserves the chain of custody, stabilizes cross‑border data transfers, and reduces the operational fragility that comes with fragmented, jurisdiction‑specific “backdoor” obligations. In an era of escalating breach costs and expanding evidence volumes, robust security controls are not obstacles to lawful process; they are its foundation.
Beyond these five focal pieces, we widen the lens to the structures that make resilience real. Drawing on Tallinn Paper No. 15 by Dr. Nataliya Tkachuk for NATO’s CCDCOE, we examine how Ukraine operationalized whole‑of‑nation cyber defense under sustained pressure: resilient architectures, clear legal authorities, volunteer mobilization, and rapid information‑sharing. The account doubles as an enterprise readiness checklist—map critical assets, pre‑commit decision rights, and practice joint incident command before the crisis.
Industry education sits at the heart of that readiness. [EDRM Workshop] Building eDiscovery Expertise: Where Education Begins—and Never Ends, an on‑demand program sponsored by HaystackID®, explores what it truly means to be “educated” in eDiscovery—and how that capability is maintained over a career. The session covers the core elements of professional learning: formal education and workplace experience; the role of CLEs, webcasts, panels, and independent study; and the go‑to sources practitioners rely on—case law, research, vendor updates, and more. Leading experts, including David Horrigan, Tom O’Connor, Ryan Costello, and Mary Bennett, discuss which upskilling methods are most in demand now and how teams can structure development paths that actually stick. Whether you are new to the field or guiding a department’s growth, the workshop offers actionable strategies for continuous learning and long‑term capability building. We also remember that this event was shaped with care by the late Kaylee Walstad, whose commitment to mentorship and inclusion continues to guide the EDRM community.
We then turn to Europe’s innovation engine through Slush’s May 2025 founder survey, where more than 600 early‑stage leaders surfaced the friction points that matter to governance professionals: capital scarcity tempered by disciplined runway management; go‑to‑market ambition constrained by compliance obligations; and the centrality of trustworthy data practices to enterprise sales. For buyers and vendors alike, it is a ground‑truth snapshot ahead of November’s gathering in Helsinki.
Closer to home for discovery practitioners, the 2H 2025 update of Andrew Haslam’s eDisclosure Systems Buyers Guide, developed with ComplexDiscovery OÜ and EDRM, reflects a marketplace in motion. With 164 supplier listings and 67 software entries—and engagement that has already surpassed last year’s totals—the guide remains a practical compass. In a landscape where categories blur and capabilities overlap, structured, vendor‑neutral insight helps teams scope needs, shortlist sensibly, and avoid procurement by anecdote.
Deal activity shows similar momentum. July’s HSR data—180 filings for the month and 1,699 year‑to‑date—signals resilient transactions amid deliberate pacing. Volume brings scrutiny. For cyber, IG, and eDiscovery teams, secure data rooms, disciplined clean‑team protocols, and audit‑ready retention are now basic conditions for timely clearances and defensible integration.
Just before we close, we address a frontier where technology, law, and ethics converge: Securing the Algorithm—AI Decision Systems, Military Operations, and the Rule of Law. Insights from CyCon 2025 in Tallinn frame the central question: as AI decision‑support systems enter military operations, can their speed and scale align with International Humanitarian Law? From NATO’s responsible‑AI strategy to India’s trust‑based approach and the United Nations’ push for global governance, the legal and cybersecurity dimensions of AI DSS are converging on a common imperative—human accountability that is real, reviewable, and retained. For cybersecurity, legal tech, and information‑governance professionals, the piece offers a high‑stakes mirror of challenges we face in civilian domains: model transparency, controllable autonomy, and audit trails that stand up under scrutiny.
We finish where ILTACON began: with Ryan Campbell’s reminder to protect the pursuits that spark genuine joy—your “pink Cadillac.” In a profession defined by relentless pace and rising expectations, resilience is not a soft metric. It is a strategic capacity plan for the humans who design systems, manage risk, and deliver results.
The throughline across this issue—MIT’s sober assessment, SenGupta’s living‑systems vision, the roundtable’s pragmatic wisdom, the wake‑up call on AI confidentiality, the encryption win, Ukraine’s resilience, the EDRM workshop’s learning blueprint, the startup pulse, the buyers‑guide signal, and the debate over AI in conflict—points to the same conclusion: sustained progress comes from aligning technology with governance, measuring what matters, and caring for the people doing the work.
Until next month.
Read the original newsletter here.
Click here to access the online version of the August 2025 newsletter.
- Click here to read the complete newsletter of the latest Five Great Reads
- Click here to view recent Five Great Reads Newsletters
- Click here to subscribe to Five Great Reads Update
About ComplexDiscovery OÜ
ComplexDiscovery OÜ is a digital publication based in Estonia, known for delivering high-quality analysis and insights at the intersection of cybersecurity, information governance, and eDiscovery. Through surveys, research, and reporting, ComplexDiscovery connects industry developments with real-world applications to support informed decision-making. Learn more at ComplexDiscovery.com.
Source: ComplexDiscovery OÜ
Assisted by GAI and LLM Technologies per EDRM GAI and LLM Policy.
