Data Sovereignty Routing Agent for Perth In-House Counsel: Keep AU-Resident Matter Data on AU-Resident Infrastructure

Your board has approved an AI assistant for the legal team. Procurement signed off. Then a colleague asks the question you were hoping someone else would: when in-house counsel pastes a draft contract or a litigation brief into the tool, where does that text physically sit while the model processes it? You don’t know. The vendor’s data residency page mentions “regional processing” but the fine print routes certain workloads through US-east. You’re a solicitor admitted under the Legal Profession Uniform Law as it applies in Western Australia. The ASCR follow you in-house. The Data Sovereignty Routing Agent exists so you can give a defensible answer the next time the question is asked.

Why it matters now

The Australian Solicitors’ Conduct Rules apply to solicitors in Western Australia under the Legal Profession Uniform Law, which commenced in WA on 1 July 2022. The Rules carry the duties of confidentiality (Rule 9) and competence (Rule 4) into every matter a solicitor touches — including matters worked on in-house. When AI tooling silently routes prompt content through offshore processing, the in-house solicitor remains the person responsible for the confidentiality of client (employer) information that went through the pipe.

Two things have changed in the last 18 months. First, most general-purpose AI tools default to multi-region inference, and the marketing language (“enterprise-grade”, “secure”) does not equal AU-resident processing. Second, boards and audit committees have started asking specifically about data sovereignty for AI workloads — and “I assume it’s fine” is not a survivable answer when the workload involves privileged communications, M&A material, or employee records. The ASCR don’t mention AI. They don’t have to. The duty of confidentiality predates the tooling and absorbs it.

The 5-minute view

• In-house counsel in Perth sit inside the Uniform Law regime; ASCR Rule 9 (confidentiality) and Rule 4 (competence and diligence) apply to AI-assisted work
• “AI disclosure non-compliance” is not only about telling courts you used AI — it includes failing to know, and therefore failing to disclose to your board or audit committee, where matter data was processed
• Most off-the-shelf legal AI tools do not guarantee AU-resident processing for every prompt; “Australian data centre” sometimes refers only to storage, not inference
• A routing decision made at the prompt level — before the request leaves the network — is the only point at which sovereignty can be enforced deterministically
• The Data Sovereignty Routing Agent inspects each AI request, classifies its sensitivity, and routes to an AU-resident model endpoint (or refuses to route at all) based on policy you define
• The agent produces an audit trail per request: classification, route taken, region, timestamp — the artefact your governance team needs

What Exegesis is building

The Data Sovereignty Routing Agent is part of the Exegesis Legal stack (catalogued at 03_Agentic_Solutions/Data_Sovereignty_Routing_Agent.md). It sits between your legal team’s AI interface and the model endpoints. Every request passes through a policy layer that reads the prompt, applies a sensitivity classification (matter-privileged, employee-personal, board-confidential, general), and selects a routing destination consistent with your sovereignty policy — typically an AU-resident model endpoint for anything classified above general. Requests that cannot be safely routed are blocked at source rather than degraded silently to an offshore fallback. The routing decision and its rationale are logged for each transaction, producing the evidence trail an audit committee or external counsel needs to confirm that AU-resident data stayed AU-resident.

The deliverable

• A request-level routing layer that enforces AU-resident processing for classified workloads
• Per-request audit log: classification, region, endpoint, timestamp, policy version
• A configurable policy file in version control — your sovereignty rules become reviewable artefacts, not vendor assurances
• A monthly sovereignty report suitable for board or audit committee submission
• Block-on-fail behaviour: if AU-resident routing is unavailable, the request is refused rather than rerouted offshore
• Integration with the broader Exegesis Legal stack, including RuleCheck for pre-lodgement citation verification

CTA

Join the waitlist — be the first to know when the Data Sovereignty Routing Agent opens for Perth in-house legal teams

We’re scoping pricing based on team size and request volume. Join the waitlist and we’ll let you know when access opens — and the use cases you describe will shape which classification policies ship by default.

Sources

1. Law Council of Australia — Australian Solicitors’ Conduct Rules: https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules

Exegesis capability references:

• Data Sovereignty Routing Agent spec
• RuleCheck by Exegesis — live beta