The "The AI Did It" Defense Fails in Court
Automated redaction tools have created a new category of legal risk: the inability to explain, document, or defend the redaction decisions an AI system made. When a judge, opposing counsel, or discovery special master asks why a specific piece of content was redacted, "the algorithm flagged it" is not an answer that satisfies Federal Rule of Civil Procedure 26(b)(5) privilege log requirements.
FRCP Rule 26(b)(5) requires parties withholding discoverable information under a claim of privilege or protection to "expressly make the claim" and "describe the nature of the documents, communications, or tangible things not produced or disclosed — and do so in a manner that, without revealing information itself privileged or protected, will enable other parties to assess the claim."
For automated redaction systems that produce "we removed this because the ML model said so" outputs, that description is insufficient. The privilege claim cannot be assessed without knowing what the system detected and why.
The Morgan Lewis Analysis: Over-Redaction as Active Dispute
The Morgan Lewis Q1 2025 e-discovery key themes report identified over-redaction as an active source of e-discovery disputes in federal litigation. The trend reflects the adoption of automated redaction tools combined with the failure to configure those tools with appropriate precision thresholds.
When an ML-only redaction system applies uniform detection with high sensitivity — designed to ensure recall, catching everything that might be sensitive — it inevitably flags non-privileged content as privileged. Dates that are material events get redacted because they happen to appear near a name. Numbers that are exhibit references get redacted because the detection engine has no document context.
The result is a production where opposing counsel challenges specific redactions as unjustified. The producing party must then explain each challenged redaction — and if the redaction was made by a system that cannot provide per-entity rationale, the explanation is not available.
What Defensible Automated Redaction Requires
Courts evaluating challenged redactions apply a document-specific standard. The question is not "was this system generally accurate?" It is "for this specific redaction in this specific document, what is the basis for withholding this content?"
Defensible automated redaction requires three capabilities that many AI redaction tools do not provide:
Per-entity confidence scoring: Each redaction must be traceable to a detection event with a documented confidence level. "Name detected with 94% confidence based on NLP model" is defensible. "Flagged by ML" is not.
Entity type classification: Each redaction must be traceable to an entity type (person name, SSN, date of birth, etc.) that maps to a recognized privilege category. This allows the privilege log to describe the basis for withholding without revealing the protected content.
Threshold auditability: The configuration must be documentable — what sensitivity thresholds were applied, which entity types were included, which were excluded. When opposing counsel challenges a redaction, the producing party must be able to produce the configuration used and explain why it was appropriate.
The 83% Governance Mandate
IAPP research from 2025 found that 83% of AI governance frameworks mandate data minimization at the AI input layer. This represents a significant evolution: AI governance frameworks are no longer focused exclusively on AI model outputs. They increasingly address what goes into AI systems — and specifically, whether sensitive data has been minimized before reaching the AI provider.
For legal teams using AI tools in document review, this governance mandate has a direct implication: the same obligation to minimize PII before AI processing applies to the AI tools used in the document review process itself. A legal team using an AI document review tool must ensure that the tool's inputs are appropriately minimized.
The combination of confidence score audit trails (for defensibility in privilege disputes) and input minimization (for AI governance compliance) defines the compliance posture for AI-assisted legal work in 2025.
Building the Audit Trail
For legal teams implementing defensible automated redaction, the audit trail must capture:
- Document identifier
- Entity detected (type and confidence score)
- Redaction operator applied (replacement with "[PERSON NAME]" vs. black rectangle)
- Configuration version used
- Date and time of processing
This audit trail serves double duty: it supports the privilege log requirements for disputed productions, and it demonstrates to regulators and AI governance auditors that the data minimization obligation was met before sensitive content reached external AI systems.
The investment in configurability and audit trail generation is not overhead. It is the foundation of a redaction practice that can be defended to a judge, opposing counsel, a supervisory authority, or an internal AI governance committee.
Sources: