After 35 years in securities law, regulatory compliance, and forensic document examination, I've launched defensible.dev — forensic AI, app, and website design-auditing for law firms, corporate legal departments, and legal-tech companies.
Here's the problem I keep seeing: plaintiff attorneys and regulators don't check whether your website looks good. They scan it for liability. Invisible tracking pixels leaking patient data. Intake chatbots crossing UPL lines. Accessibility gaps that invite demand letters. "We didn't know" has never been a valid legal defense.
One question I now ask every firm with a chatbot or intake widget:
Could it reasonably serve a user physically in the EU? If yes, the EU AI Act already applies to you — disclosure, human oversight, and penalties up to €35M or 7% of global turnover. Most law-firm sites are not built for this.
If you're a solo or small-firm attorney, a legal-tech founder, or a fintech/real estate operator in regulated space, I'd welcome a conversation.