Classified Data Gateway Orchestrator for Brisbane In-House Counsel: Stop Privilege Bleeding Across Matters Inside Your AI Stack

You run legal for a Brisbane-headquartered group. The business has rolled out a general-purpose LLM assistant across the enterprise, and your team is now using it for matter triage, contract review, and litigation hold drafting. Last week you noticed a summary of a board-level dispute appearing as suggested context inside a routine procurement query. The model’s retrieval layer doesn’t distinguish between matters, doesn’t distinguish between counsel, and doesn’t distinguish between privileged communications and operational documents. The Classified Data Gateway Orchestrator is built to put that boundary back.

The problem

In-house teams adopting AI tooling at enterprise scale face a structural risk that most generic vendor implementations do not address: a single retrieval index, a single embedding store, and a single prompt context window mean that privileged material from one matter can surface inside the workflow of another. The Australian Solicitors’ Conduct Rules — adopted in Queensland as the Australian Solicitors Conduct Rules in June 2012 — frame solicitors’ duties to clients (including in-house clients), the court, and the broader administration of justice. Rule 9 (confidentiality) and Rule 11 (conflicts concerning current clients) impose obligations that do not pause when a workflow runs through a model rather than a human. If a paralegal’s procurement question retrieves a chunk of a privileged investigation memo, the breach is the same whether the disclosure happened over coffee or through a vector database.

Privilege bleed inside AI stacks tends to show up in four places: shared retrieval indexes across matters, shared fine-tuning corpora, prompt logs retained by upstream providers, and conversation memory that crosses user boundaries. None of these are visible in a typical procurement review of an AI vendor.

What the Classified Data Gateway Orchestrator does

The Classified Data Gateway Orchestrator is a routing and handling layer that sits between your in-house team’s AI workflows and the underlying models, retrieval stores, and document repositories. It enforces matter-level and classification-level segmentation on every request, so that a query raised inside Matter A cannot retrieve, embed, or reference material classified to Matter B, to another business unit, or to a confidentiality ring not covered by the requesting user’s clearance.

The deliverable is the routing and handling of classified or restricted data through AI workflows — implemented as a gateway that:

• Tags every document, embedding, and prompt with a matter ID, classification level, and confidentiality ring at ingest
• Enforces those tags at retrieval time, so cross-matter contamination cannot occur through the vector store
• Routes high-classification material to local or on-premise inference paths and refuses egress to external model providers
• Produces an audit trail per request showing what was retrieved, what was excluded, and on what basis

How it works

1. Classification at ingest. Documents, transcripts, and notes are tagged with matter ID, ASCR-relevant confidentiality flags (privileged, work product, client-confidential, general), and the ring of personnel cleared to see them.
2. Policy compilation. Your firm or in-house team’s confidentiality and conflicts policy is compiled into a machine-readable routing policy — which matters can share context, which cannot, which classifications must stay on-premise.
3. Request mediation. Every AI workflow call passes through the orchestrator. The requesting user’s identity, current matter, and clearance are checked against the routing policy before any retrieval or model call is made.
4. Inference routing. Restricted material is sent only to inference endpoints that match its classification — on-premise or sovereign-hosted for the most sensitive tiers, never to a third-party API where prompt retention terms are not under your control.
5. Audit log. Each request produces a structured log entry recording the user, matter, classification of retrieved material, inference endpoint, and any items excluded by policy — suitable for evidence in a conflicts review or a regulator inquiry.

Why this matters in Brisbane

Queensland adopted the ASCR in June 2012, and Brisbane in-house teams operate under those rules whether their counsel sit in a commercial group, a statutory authority, or a listed company’s legal function. Rule 9’s confidentiality duty, Rule 10’s duty on former-client confidential information, and Rule 11’s current-client conflict rule were drafted on the assumption that information moves through people. When information moves through a shared embedding store instead, the duty does not change — but the controls have to. A Brisbane GC who cannot point to a routing layer that enforces matter segmentation inside their AI stack is relying on the goodwill of an external vendor’s data handling for compliance with rules that the solicitor, not the vendor, is bound by.

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules
• Exegesis capability reference — Classified Data Gateway Orchestrator (03_Agentic_Solutions/Classified_Data_Gateway_Orchestrator.md)
• RuleCheck by Exegesis (open-source citation verifier): https://github.com/andrefabre/rulecheck

Join the waitlist

The Classified Data Gateway Orchestrator is a T3 build — scoped per in-house team, deployed against your existing identity, document, and matter management stack. We’re opening the waitlist for Brisbane in-house teams who want to scope a deployment and shape how the routing policy schema handles their conflicts and confidentiality model.

Join the waitlist — Classified Data Gateway Orchestrator for Brisbane in-house counsel