Data Sovereignty Routing Agent for Melbourne In-House Counsel: Keep AU-Resident Matter Data Inside Australian Jurisdiction

Your CEO asked the GenAI assistant to summarise the board pack. Your sales team is drafting customer responses through a US-hosted copilot. Procurement just signed an AI vendor whose data-processing addendum quietly mentions “global routing for model availability”. You are the in-house counsel who has to answer the board’s next question: where did our privileged material go, and can we honestly say we complied with our professional conduct obligations? The Data Sovereignty Routing Agent is built so the answer is documented before the question is asked.

The problem

The Australian Solicitors’ Conduct Rules sit on every in-house solicitor admitted to practice — they don’t switch off when you move from a firm to a corporate legal team. Rule 9 (confidentiality), Rule 4 (honesty and integrity), and the broader duty to the administration of justice all extend to how privileged and confidential material is handled by any tool you use, including AI assistants embedded in your business stack. The harder problem for in-house counsel in 2026 is operational: most enterprise AI tooling routes inference through international data centres by default, vendor DPAs change without notice, and the legal team is usually told after matter content has already been processed offshore. When the audit committee, the regulator, or opposing counsel asks where confidential material was processed, “we assume the vendor handled it appropriately” is not a defensible answer. Disclosure obligations to clients (internal business units are your clients) and the duty to avoid misleading conduct require you to know, not assume.

What the Data Sovereignty Routing Agent does

The Data Sovereignty Routing Agent ensures AI processing on legal and matter content respects data sovereignty — AU-resident data stays AU-resident. It sits between the legal team’s workflows and the AI tooling layer, classifying each request by sensitivity and jurisdictional posture, then routing it to a model endpoint that satisfies the residency requirement attached to that material. Requests that cannot be routed to an AU-resident endpoint are blocked or escalated rather than silently failing open. Every routing decision is logged with the timestamp, classification, endpoint region, and policy version, producing the audit trail you need for ASCR compliance reviews, board reporting, and AI-use disclosure to internal stakeholders.

How it works

1. Policy intake. Your sovereignty policy (which matter classes must stay AU-resident, which may use offshore endpoints, which are blocked entirely) is encoded as deterministic routing rules — not model-inferred, not LLM-judged.
2. Request classification. Each AI request from a connected workflow is tagged with matter class, sensitivity, and any client-specific residency obligations.
3. Endpoint selection. The agent matches the classified request against the available AU-resident model endpoints registered in its configuration and routes accordingly. Non-compliant routes are refused at the gateway.
4. Decision logging. Every route, block, and escalation is written to an immutable audit log with the policy version that produced the decision.
5. Disclosure report. On demand (monthly, quarterly, or for a specific matter) the agent produces a routing report suitable for internal AI-use disclosure, board governance packs, or client transparency requests.

Why this matters in Melbourne

Melbourne in-house counsel operate under the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015, which gave the ASCR direct effect in Victoria from 1 July 2015. The Uniform Law framework means a Melbourne-based GC carries the same professional conduct obligations as a partner in a firm — and the same exposure when confidential material is mishandled. Victorian corporates with operations across the Uniform Law jurisdictions (NSW, Victoria, WA) face an additional layer: vendors selected centrally in Sydney or Perth still need to satisfy your sovereignty posture for the matters routed through your team. The Data Sovereignty Routing Agent gives in-house teams a concrete, auditable mechanism to demonstrate that AI-assisted work product was processed in a way consistent with their ASCR duties — rather than relying on vendor assurances that change with each contract renewal.

Sources

• Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules
• Exegesis capability — Data Sovereignty Routing Agent spec: 03_Agentic_Solutions/Data_Sovereignty_Routing_Agent.md
• RuleCheck by Exegesis (open-source verifier ecosystem): https://github.com/andrefabre/rulecheck

Join the waitlist

Join the waitlist — be the first to know when access opens for Melbourne in-house legal teams

The Data Sovereignty Routing Agent is in pre-release. We’re scoping pricing and deployment options (self-hosted gateway, managed AU-region service, or hybrid) based on what in-house teams actually need. Join the waitlist and the structure you tell us about will shape the tier you sit in.