AI Legal Assistant in Mobile Applications
A legal AI assistant in mobile apps isn't ChatGPT with a legal header. It's a system where incorrect answers can cost lost lawsuits, missed statute limitations, or penalties. Architecture starts with understanding these constraints, not choosing an LLM.
What Distinguishes a Legal Assistant from Regular Chat
Three fundamental differences critical to design:
Jurisdiction matters. A Russian Civil Code article and the same norm in Kazakhstan's law may give opposite answers to one question. Before any response, the system must know the user's jurisdiction—from profile or explicit choice. Error here isn't "inaccurate answer" but potentially harmful advice.
RAG, not fine-tuning. An LLM fine-tuned on 2022 legislation confidently cites norms that are now repealed. The right approach—Retrieval-Augmented Generation with current regulations. Chunk documents, index via vector store (pgvector, Pinecone, Weaviate), retrieve relevant fragments on query, pass to LLM with source citation: "According to Art. 196 Civil Code RF (as of 01.07.2024)."
Disclaimer is UX, not a footnote. Before first query—explicit confirmation that the user understands: this isn't legal advice and doesn't replace a lawyer. Without this, interface doesn't open.
Implementing RAG Search for Legal Database
Core system—search pipeline on client and backend.
// iOS: legal assistant query
struct LegalQueryRequest: Codable {
let query: String
let jurisdiction: String // "RU", "BY", "KZ"
let practiceArea: LegalArea // contract, labor, tax, family, criminal
let sessionId: String
}
enum LegalArea: String, Codable {
case contract = "contract_law"
case labor = "labor_law"
case tax = "tax_law"
case family = "family_law"
case property = "property_law"
case administrative = "administrative"
}
Backend RAG pipeline: user query embedded via text-embedding-3-small, vector search (cosine similarity, top-k = 5), found norms passed to GPT-4o or Claude 3.5 with strict system prompt.
LEGAL_SYSTEM_PROMPT = """
You are a legal information assistant for {jurisdiction}.
You MUST:
1. Only answer based on the provided legal documents
2. Always cite the specific article/law you reference
3. Clearly state when a question requires professional legal advice
4. Never provide a definitive legal opinion — provide information only
5. If the retrieved documents don't cover the question, say so explicitly
Retrieved legal documents:
{retrieved_chunks}
Important: This is information only, not legal advice.
"""
If retrieval returns irrelevant chunks (similarity below threshold), LLM gets instruction to explicitly tell user the answer is outside available knowledge—instead of "making it up" from training data.
Mobile App Structure
iOS—MVVM with Combine, Android—ViewModel + StateFlow. Chat supports rich content: legal norm quotes, source links, buttons with "Consult a lawyer."
struct LegalChatMessage: Identifiable {
let id: UUID
let role: MessageRole
let content: String
let citations: [LegalCitation]? // NPA references
let disclaimer: String? // disclaimer for complex questions
let suggestsProfessional: Bool // recommend live lawyer
let timestamp: Date
}
struct LegalCitation: Codable {
let documentTitle: String
let article: String
let excerpt: String
let url: String?
let asOfDate: String // regulation date
}
When suggestsProfessional == true, a card with "Connect with lawyer" appears. This monetizes via partnerships with legal services and reduces app owner's legal risk.
Detecting High-Risk Queries
Criminal questions, specific criminal cases, medical-legal intersections—separate class. Classifier (fine-tuned BERT or keyword-based for MVP) determines category before LLM call:
enum LegalRiskLevel {
case informational // what is statute of limitations
case moderate // how to write a complaint
case high // how to avoid criminal liability
case criticalRedirect // active criminal case, arrest
}
At criticalRedirect—only emergency redirect to live lawyer, no AI response.
Data Security and Storage
Legal consultations are sensitive data. Don't store in cleartext.
On iOS, chat history encrypted via CryptoKit (AES-GCM) before Core Data. Key in Keychain, tied to biometric auth. On Android—similarly via EncryptedSharedPreferences or Room with SQLCipher.
Server-side: all LLM requests logged without user IDs (session hash only), vector store data—public regulations, no personal data.
Timeline Estimates
MVP with RAG on one jurisdiction, basic chat, disclaimer flow—3–4 weeks. Full system with multi-jurisdiction database (RU/BY/KZ), auto-updating legal base, risk classifier, lawyer partner integration, encrypted history, iOS + Android—2–3 months. Timelines depend on regulatory base volume.