Classified Data Gateway Orchestrator for Melbourne In-House Counsel: Stop Privileged Material Bleeding Across Matters and Entities

You sit inside a Melbourne-headquartered group. Three subsidiaries, two joint ventures, one active regulatory investigation, and a Board that just approved firm-wide rollout of a general-purpose AI assistant. Your concern isn’t the assistant itself — it’s that a draft response to ASIC, a privileged advice from external counsel, and a board paper on a contested M&A are all sitting in the same shared workspace the assistant indexes. One badly scoped prompt from a project manager in a different business unit and privileged material walks across a Chinese wall. The Australian Solicitors’ Conduct Rules don’t pause because the leak was machine-mediated. The Classified Data Gateway Orchestrator is built to stop that class of failure at the routing layer.

The problem

Privilege bleed is what happens when material that should sit inside one matter, one client, or one ethical wall surfaces inside another — through a shared index, a fine-tuned model, a chat history, or an embedding store. For in-house teams in Melbourne, the exposure surface has expanded faster than the controls. Common patterns we see:

• A retrieval-augmented assistant indexes a shared drive that contains both privileged external-counsel advice and unprivileged operational documents, then surfaces fragments of the advice to a non-legal user via search.
• An AI summarisation tool retains conversation context across users, so a question asked by one business unit returns context drawn from another unit’s confidential matter.
• Material classified for a regulatory investigation is co-located with material that may be discoverable in unrelated litigation.
• Outputs from a model trained or tuned on the firm’s documents leak fragments of one client’s matter into responses prepared for another.

The Australian Solicitors’ Conduct Rules — adopted in Victoria under the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 — set the professional baseline. Rule 9 (confidentiality), Rule 10 (conflicts concerning former clients), and Rule 11 (conflicts of duty between current clients) all assume the practitioner controls the flow of information. When the flow is mediated by a model that doesn’t know which matter it’s working on, control is what you lose first.

What the Classified Data Gateway Orchestrator does

The Classified Data Gateway Orchestrator is the routing and handling layer that sits between your AI workflows and any document, prompt, or response classified above an “open” baseline. It does three things:

• Tags every input (document, prompt, retrieval result) with a matter / entity / classification label before it is allowed to enter an AI workflow.
• Enforces routing rules so that material classified to Matter A cannot be retrieved, embedded, or summarised inside a session scoped to Matter B — regardless of who the user is.
• Logs every cross-boundary attempt as an auditable event, so the GC has a defensible record of what the model was permitted to see and what it was refused.

It does not generate legal content. It does not replace your DLP or your information barrier policy. It is the orchestration layer that makes those policies machine-enforceable when the consumer of the data is an AI agent rather than a human.

How it works

1. Classification ingest. Existing matter / entity / privilege tags from your DMS, matter management system, or SharePoint labels are pulled into the orchestrator’s policy store. No re-tagging programme required.
2. Gateway interception. AI workflow calls (RAG retrieval, summarisation, drafting, agent tool-use) are routed through the orchestrator. Each call carries a session scope (which matter, which entity, which user role).
3. Routing decision. The orchestrator compares the classification of each candidate document against the session scope and applies the policy: allow, redact, or refuse.
4. Audit log. Every decision is written to an immutable log with the document ID, the requesting session, the policy applied, and the outcome — exportable for the GC, the audit committee, or a regulator.
5. Pre-deployment dry run. Before enabling enforcement, the orchestrator runs in observe-mode against historical workflow traffic and produces a report of how many cross-boundary requests would have been blocked, so risk and IT can size the change.

Why this matters in Melbourne

Victoria operates under the Legal Profession Uniform Law, with the ASCR adopted as the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 from 1 July 2015. For an in-house GC in Melbourne, that means the same conduct standard applies to your team’s handling of confidential and privileged material whether the material moves on paper, by email, or through a retrieval call to an internal AI assistant. The Law Council’s 2026 review of the ASCR also signals tighter scrutiny of how solicitors handle confidential client information — including obligations that limit what can be disclosed and to whom — under the AML/CTF regime taking effect from 1 July 2026. A control layer that can show, per request, which classification policy was applied and why, is the kind of evidence a regulator or a court is likely to want to see.

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references:

• Classified Data Gateway Orchestrator spec
• RuleCheck by Exegesis — open-source verifier

Join the waitlist

Join the waitlist — be the first to know when the Classified Data Gateway Orchestrator opens for Melbourne in-house legal teams

The orchestrator is a T3 service shape — scoped, configured, and deployed against your existing classification taxonomy. We are scoping pilot engagements with in-house teams now. Join the waitlist and we’ll be in touch about pilot scope, timing, and what your existing classification posture needs to look like before deployment.