Tutorial 06: Legal Workflows with ChatGPT and Custom GPTs

Master legal workflows with Custom GPTs for contract review, NDA triage, legal research planning, clause comparison, and compliance checking.

What You'll Learn

This tutorial walks you through achieving legal workflows with ChatGPT and Custom GPTs. OpenAI does not offer a dedicated Legal Plugin like Claude; instead, you use Custom GPTs with custom instructions and structured prompts to achieve similar outcomes: contract review, NDA triage, and other legal tasks.

Learning Objectives

By the end of this tutorial, you will:

Understand how to replicate legal plugin workflows with Custom GPTs
Master contract review, NDA triage, and briefing workflows
Configure your organization's playbook in a Custom GPT
Understand how Custom GPTs compare to dedicated legal tools (e.g., Harvey, Legora)

Part 1: Legal Workflows with Custom GPTs Overview

What Are Legal Workflow GPTs?

Custom GPTs can provide legal-focused workflows similar to a dedicated Legal Plugin:

Pre-built workflows for common legal tasks via custom instructions
Configurable playbook integration
Risk-flagging with color-coded assessments (RED/YELLOW/GREEN)
Redline suggestions with specific language
Structured prompts for consistent output

How It Compares to Competitors

Feature	ChatGPT Custom GPTs	Claude Legal Plugin	Harvey	Legora
Contract Review	Custom GPT + prompts	/review-contract	Workflows	Tabular Review
NDA Triage	Custom GPT + prompts	/triage-nda	Yes	Yes
Custom Playbook	Full control	Full control	Varies	Varies
Risk Ratings	RED/YELLOW/GREEN	RED/YELLOW/GREEN	Yes	Yes
Redline Suggestions	Yes	Yes	Yes	Yes
Bulk Processing	Manual/conversation	Varies by product	Enterprise	Enterprise
Pricing Model	Public plans (verify current)	Public plans	Enterprise	Enterprise

Harvey and Legora features are from vendor materials; verify capabilities and current offerings with each vendor.

Requirements

What You Need

ChatGPT plan that supports Custom GPTs (e.g., Plus, Pro, Business, Enterprise—verify current plans at OpenAI)
Ability to create Custom GPTs
Optional: Playbook configuration in GPT instructions

Pricing and plan names are set by OpenAI and may change. Verify current pricing and feature availability on the official OpenAI site.

Part 2: Workflow Reference

Contract Review - Clause-by-Clause Analysis

Purpose: Comprehensive contract analysis against your playbook

How to Use: Create a Custom GPT with your playbook in the instructions. Then upload a contract and use:

Review this contract against our playbook.
Provide a clause-by-clause analysis with risk ratings (GREEN/YELLOW/RED).
Flag any deviations from playbook positions and recommend negotiation strategy.

What It Does:

Identifies contract type and parties
Analyzes each material clause
Compares to your configured playbook positions
Assigns risk ratings (GREEN/YELLOW/RED)
Provides specific redline suggestions
Generates negotiation priority list

Example Output Structure:

## CONTRACT ANALYSIS: Software License Agreement
**Contract Type**: SaaS Subscription Agreement
**Our Role**: Customer/Licensee
**Counterparty**: Acme Software Inc.

### CLAUSE ANALYSIS

#### 1. LICENSE GRANT (Section 2.1)
GREEN - Acceptable
- Grants non-exclusive, worldwide license
- Includes affiliate usage rights
- Standard use restrictions

#### 2. LIMITATION OF LIABILITY (Section 8)
RED - Must Negotiate
Current: "Vendor's liability shall not exceed $10,000"
Issue: Cap is far below contract value ($150,000 ACV)
Playbook Position: Minimum 12 months fees ($150,000)

**Suggested Redline**:
"Vendor's liability shall not exceed ~~$10,000~~ the greater
of (a) fees paid in the twelve (12) months preceding the
claim or (b) $150,000."

#### 3. INDEMNIFICATION (Section 7)
YELLOW - Should Negotiate
Current: IP indemnity excludes "modifications by Customer"
Issue: Overly broad exclusion could limit protection
Playbook Position: Narrow exclusions to material modifications

**Suggested Redline**:
Add: "provided such modification materially alters the
functionality of the Service in a manner not contemplated
by the Documentation"

### NEGOTIATION PRIORITIES
1. RED Liability Cap (critical gap)
2. RED Data Breach Indemnity (missing entirely)
3. YELLOW Indemnity Exclusions (overbroad)
4. YELLOW Termination Notice (60 vs 30 days)
5. GREEN Auto-renewal period (acceptable at 30 days)

### CUMULATIVE RISK SCORE: 7 (HIGH)
Recommend: Partner review before signing

NDA Triage - Rapid Pre-Screening

Purpose: Quickly categorize incoming NDAs for appropriate handling

How to Use: Create a Custom GPT for NDA triage. Upload the NDA and prompt:

Triage this NDA. Categorize as:
- GREEN - STANDARD APPROVAL: Matches our standard or better
- YELLOW - COUNSEL REVIEW: Minor deviations
- RED - FULL REVIEW: Significant issues

For each category, list specific concerns and recommended action.

Triage Categories:

Category	Description	Action
GREEN - STANDARD APPROVAL	Matches our standard or better	Paralegal can execute
YELLOW - COUNSEL REVIEW	Minor deviations	Attorney quick review
RED - FULL REVIEW	Significant issues	Full legal analysis

Example Output:

## NDA TRIAGE RESULTS

**Document**: Acme Corp Mutual NDA (v2.1)
**Type**: Mutual Non-Disclosure Agreement
**Direction**: Two-way protection

### TRIAGE RESULT: COUNSEL REVIEW

**Reason**: Contains 2 non-standard provisions requiring attorney review

### FLAGGED ITEMS:

1. **Non-Solicit Clause (Section 6)**
   - Not typically included in standard NDA
   - 24-month restriction on hiring
   - May need business approval

2. **Jurisdiction (Section 9)**
   - Specifies Texas courts exclusive jurisdiction
   - Our standard: Delaware or mutual agreement
   - Acceptable but note for negotiation if sensitive deal

### STANDARD ITEMS (No Issues):
- Definition of Confidential Information
- Mutual obligations
- 3-year term
- Standard exclusions
- Return/destruction requirement

### RECOMMENDATION:
Route to associate for 15-minute review of flagged items.
If non-solicit is acceptable to business, can proceed.

Operational Impact

Triage workflows can reduce review time materially, depending on document quality, playbook maturity, and team process.

Vendor Check - Agreement Status

Purpose: Check status of agreements with known vendors

How to Use: If you have document access, create a Custom GPT that can reference your contract database. Otherwise, use a prompt with manual input:

I need a vendor status check for [vendor name].

Available information:
- [List active agreements, expiration dates]
- [Renewal dates]
- [Historical notes]

Provide: Active agreements, upcoming renewals, recommended actions.

Brief Generation - Contextual Briefings

Purpose: Create briefing documents for various needs

Prompt for Incident Response:

Create an incident response brief for [data-breach/ litigation hold/ etc.].

Include:
- Immediate actions (0-24 hours)
- Notification requirements by jurisdiction
- Template resources
- Key contacts

Prompt for Daily Brief:

Create a daily brief on my pending matters. Include:
- Matters requiring attention today
- Upcoming deadlines
- Status updates needed

Templated Legal Responses

Purpose: Generate standard responses for common requests

Prompt for DSAR:

Draft a Data Subject Access Request response template.
Include: verification statement, data categories table, rights notice,
retention caveats, supervisory authority contact. Mark internal notes
separately.

Prompt for Litigation Hold:

Draft a litigation hold notice for [situation].
Include: preservation scope, custodian list, document types,
compliance requirements, acknowledgment section.

Part 3: Configuring Your Playbook in a Custom GPT

Configuration via Custom Instructions

Create a Custom GPT and add your playbook to the instructions. Example structure:

You are a legal contract review assistant for [Firm Name].

## PLAYBOOK POSITIONS

### Liability Cap
- Standard: 12 months fees
- Minimum: contract value
- Carve-outs: indemnification, data breach, IP infringement, confidentiality, gross negligence, willful misconduct

### Indemnification
- Required from vendor: IP infringement, data breach, gross negligence
- Required mutual: third party claims from breach
- Unacceptable: customer indemnifies for vendor negligence

### Data Rights
- Ownership: customer owns all customer data
- Vendor usage: service delivery only
- Prohibited uses: AI training, analytics, marketing
- Deletion timeline: 30 days
- Breach notification: 72 hours

### Termination
- Preferred: annual with 30 days TFC
- Acceptable: 60-90 days notice
- Unacceptable: no TFC, >90 day notice

## RISK THRESHOLDS
RED: uncapped customer liability, no vendor indemnity, data used for training
YELLOW: liability cap below 12 months, limited indemnity carve-outs

## OUTPUT FORMAT
Always use RED/YELLOW/GREEN ratings. Provide specific redline suggestions for RED and YELLOW items.

Setting Up Your Custom GPT

Step 1: Create a new Custom GPT in ChatGPT Step 2: Name it (e.g., "Contract Review - [Firm Name]") Step 3: Paste your playbook into the instructions Step 4: Enable file uploads for contract documents Step 5: Test with a sample contract Step 6: Refine instructions based on output

Customize for Your Needs

The playbook drives all risk assessments and redline suggestions. Generic playbooks will produce generic results. Invest time customizing positions for your organization's risk tolerance and standard negotiation positions.

Part 4: Workflow Examples

Workflow 1: End-to-End Contract Review

1. Receive contract from business team

2. Open your Contract Review Custom GPT

3. Upload contract

4. Prompt: "Review against our playbook. Provide clause-by-clause analysis with risk ratings."

5. Review output:
   - Check risk ratings
   - Review suggested redlines
   - Verify against your judgment

6. Generate response or manual drafting based on suggestions

7. Document in matter management

Workflow 2: NDA Volume Processing

Day starts: 15 NDAs in queue

1. Open NDA Triage Custom GPT

2. For each NDA:
   - Upload NDA
   - Prompt: "Triage this NDA. GREEN/YELLOW/RED with specific concerns."

3. Sort results:
   GREEN STANDARD (6): Send to paralegal for execution
   YELLOW COUNSEL (7): Quick 10-min reviews
   RED FULL REVIEW (2): Schedule detailed analysis

4. Process YELLOW queue: Quick review flagged items

5. Process RED queue: Full contract review GPT for detailed analysis

Total time: ~2 hours vs. 6+ hours manually

Workflow 3: Incident Response

1. Incident reported (potential data breach)

2. Open ChatGPT, prompt: "Create incident response brief for data breach.
   Include: immediate actions, notification requirements by jurisdiction,
   template resources, key contacts."

3. Review notification requirements

4. Prepare communications using templated response prompts

5. Document privileged analysis in separate conversation

6. Generate status updates as needed

Part 5: Best Practices

Do's

Do configure your playbook in Custom GPT instructions before heavy use
Do verify all citations and legal conclusions
Do use separate Custom GPTs or conversations for matter separation
Do review RED items carefully before accepting suggestions
Do customize templates for your jurisdiction

Don'ts

Don't rely solely on ChatGPT output for legal decisions
Don't skip verification of case citations
Don't use generic playbook for specialized matters
Don't share ChatGPT output with clients without review
Don't assume ChatGPT catches everything

Professional Judgment Required

Custom GPTs are powerful efficiency tools, but they are not a replacement for attorney judgment. Always verify critical recommendations, especially RED-flagged items and suggested redlines.

Quality Control Checklist

For every GPT-assisted review:

Verified contract type identification is correct
Confirmed our role (customer/vendor) is correct
Checked each RED item manually
Verified suggested language is appropriate
Confirmed jurisdiction-specific requirements
Reviewed for issues the GPT may have missed
Applied professional judgment to recommendations

Custom GPT Guardrail Checklist

Before deploying a legal Custom GPT to your team:

Playbook positions reflect current firm standards
Instructions explicitly state "verify all citations" and "do not provide legal advice without qualification"
File upload scope is limited to intended document types
Separate GPTs or conversations used for matter isolation
No client names or matter identifiers in GPT instructions
Sharing set to Organization only (not Public) for firm GPTs
Version or date noted in instructions for change tracking

Part 6: GPT Actions (Optional Integration)

When to Use Actions

GPT Actions let Custom GPTs call external APIs. Use them when you need:

Live data from your contract management system
Integration with legal research tools
Document retrieval from SharePoint, iManage, or NetDocuments

Limitations vs Claude Legal Plugin

Capability	Claude Legal Plugin	ChatGPT Custom GPT
Slash commands	Built-in	Simulated via instructions
MCP-style connectors	Native	Via Actions (API integration) or MCP apps (plan-dependent)
Playbook file	`~/.claude/legal-playbook.json`	In GPT instructions or knowledge file
Vendor check	`/vendor-check` + MCP	Actions + your API

If you have an internal contract API, create a GPT Action that your Custom GPT can invoke. Otherwise, use manual input or separate integrations. See OpenAI Actions documentation for setup. MCP app support varies by plan—check OpenAI Help Center for current options.

Part 7: Troubleshooting

Common Issues

Issue	Cause	Fix
Wrong risk ratings	Generic or missing playbook	Add explicit positions to instructions; include RED/YELLOW thresholds
Inconsistent output format	Vague instructions	Add "OUTPUT FORMAT" section with required structure
GPT ignores playbook	Playbook buried in long instructions	Put playbook at top; use clear headers
Wrong party role	Not specified	Add "Our Role: [customer/vendor]" to prompt or instructions
Missing redlines	Model skips suggestions	Add "For RED and YELLOW, provide specific alternative language"
Token limit exceeded	Long contract + long playbook	Split review by section; use summarization first

Start prompts with context: "We are the customer. Review against our SaaS playbook."
Request structured output: "Use RED/YELLOW/GREEN. Provide a negotiation priority list."
Add verification reminder: "Note that all citations require Westlaw/Lexis verification."

Do This Now

Create a Custom GPT with your playbook in the instructions
Run a contract review on a sample contract and review the risk ratings
Run NDA triage on an NDA and confirm the result matches your judgment
Add one workflow to your personal checklist for next week

Workflow Quick Reference

Task	Custom GPT Setup	Prompt
Contract Review	Playbook in instructions	"Review against playbook. Clause-by-clause with RED/YELLOW/GREEN."
NDA Triage	Triage criteria in instructions	"Triage this NDA. GREEN/YELLOW/RED with concerns."
Incident Brief	N/A	"Create incident response brief for [type]."
DSAR Response	N/A	"Draft DSAR response template."
Litigation Hold	N/A	"Draft litigation hold notice for [situation]."

Claude Legal Plugin - Slash commands and plugin workflows
Core Concepts - Platform-neutral legal workflow model

GPTs FAQ
How Anthropic's legal team cut review times with Claude (cross-platform workflow reference)