Back to Blog
·8 min read

Courts Are Restricting AI in Discovery: What Morgan v. V2X and Jeffries v. Harcros Mean for Your Practice

Two federal decisions have created a compliance gap that affects every litigator using AI. Here is what happened, what it means, and how to stay compliant.

If you use AI tools in litigation discovery, two recent federal decisions have fundamentally changed the rules. Morgan v. V2X, Inc., No. 25-1991 (D. Colo. Mar. 30, 2026) and Jeffries v. Harcros Chemicals, Inc., No. 25-2569-KHV-ADM (D. Kan. 2026) have established a framework of protective order requirements that prohibit consumer AI platforms from processing discovery materials. For solo practitioners and small firms, this creates an acute problem: enterprise eDiscovery platforms cost $75,000 to $300,000 per year, but the tools you can actually afford are now prohibited by court order.

This article breaks down both decisions, explains the compliance requirements they impose, and describes the self-hosted AI architecture that JD Woods Law PLC has built to solve this problem.

Morgan v. V2X: The Three-Prong Test

In Morgan v. V2X, the District of Colorado addressed a dispute over AI tools being used to process confidential discovery materials. The court held that any AI tool processing documents designated CONFIDENTIAL or higher must satisfy three contractual safeguards:

  1. No training on inputs. The AI system must not use any submitted documents to train, fine-tune, or otherwise modify its model. Documents are inference inputs only.
  2. No third-party disclosure. No submitted data may be disclosed to any third party beyond what is essential for service delivery. This effectively prohibits cloud-based AI platforms where data passes through vendor servers.
  3. Right to delete. The producing party must retain the ability to require complete deletion of all confidential information, with written documentation of the protections in place.

The court required that these protections be documented in writing and retained for the duration of the litigation. In practice, this means the party using AI tools must be able to produce a sworn declaration or affidavit describing their system's architecture and data handling procedures.

Jeffries v. Harcros: The Expansion to All Discovery Materials

Jeffries v. Harcros went further than Morgan. The District of Kansas restricted “open” AI tools for ALL discovery materials, not just those designated confidential. The court's reasoning rested on two findings:

  1. Data incorporated into model training is irrecoverable. The court found that once data enters a consumer AI model's training pipeline, it is “impossible as a practical matter” to retrieve or delete. This makes meaningful clawback impossible.
  2. Broad restrictions prevent perverse incentives. If only confidential materials were restricted, parties might strategically under-designate documents to enable AI processing, or over-redact to reduce the volume requiring compliant tools. Restricting all materials eliminates this gamesmanship.

Under Jeffries, no publicly accessible, cloud-hosted, or consumer-grade AI tool may be used on any discovery material in the case, regardless of confidentiality designation.

The Compliance Gap: Who This Hurts Most

Large firms with enterprise eDiscovery licenses (Relativity, Everlaw, DISCO) will adapt their existing contracts and infrastructure. The firms most affected are:

  • Solo practitioners handling contingency cases with significant document volumes
  • Small litigation firms (5 to 50 attorneys) that rely on consumer AI for document review efficiency
  • Pro se litigants whose AI use has already been challenged in court (see In re Heppner, S.D.N.Y. 2026)
  • Plaintiff's firms on tight budgets facing well-funded defendants who will weaponize protective orders against AI use

The irony is that AI-assisted document review is often the only way these practitioners can afford to handle large discovery volumes at all. The court decisions do not prohibit AI in discovery. They require specific architectural safeguards. The problem is access to systems that meet those requirements.

What a Compliant Architecture Looks Like

To satisfy both Morgan and Jeffries, an AI document processing system must meet every one of the following requirements:

  • Self-hosted hardware. The AI model runs on physical hardware under the direct control of the processing party or its designated vendor. No cloud servers. No SaaS platform.
  • Air-gapped inference. The inference engine operates without outbound internet connectivity during document processing. Documents cannot be transmitted externally by design, not just by policy.
  • Open-source models. The model weights are locally stored and inspectable. No proprietary “black box” AI where data handling is governed by opaque terms of service.
  • No model training. Documents are processed as inference inputs only. The model's weights remain identical before and after every engagement. No fine-tuning, no adaptation, no learning from client data.
  • Verified secure destruction. Upon engagement completion, all documents and derivative data are permanently destroyed using a verifiable protocol (such as DoD 5220.22-M three-pass overwrite), with a destruction certificate issued per engagement.
  • Sworn documentation. The operator can produce affidavits and declarations describing the technical architecture, data handling procedures, and compliance with specific protective order language.

How JD Woods Law Addresses This

JD Woods Law PLC has built a self-hosted AI document processing system specifically designed to satisfy the requirements of Morgan, Jeffries, and foreseeable extensions of these rulings. The system runs on dedicated hardware (Bizon X5500 G2 workstation, dual NVIDIA RTX 5090 GPUs, 64GB total VRAM) located on the firm's premises in St. Johns, Florida. The AI model (Llama 3.3 70B) runs locally via vLLM with no outbound network connectivity during processing.

The firm offers this infrastructure as a B2B litigation support service. Subscribing attorneys can engage JD Woods Law as a designated vendor in their protective orders, with pre-drafted affidavits, technical architecture documentation, and sample protective order language available to file with the court.

Available Documentation:

  • Declaration of AI Processing Practices (generic version: free download)
  • Case-Specific Declaration + Technical Architecture Affidavit ($299)
  • Full Compliance Package including Data Handling Certification and Sample Protective Order Language ($499)
  • Sample Protective Order Language (free download)

For firms that need full document processing, JD Woods Law offers Bates stamping, OCR, full-text indexing, AI-assisted document abstraction, deduplication, privilege review flagging, and responsive/non-responsive classification at $0.35 per document all-in. Every document stays on the firm's hardware. Every engagement ends with verified secure destruction and a certificate.

Why This Matters Beyond Discovery

Morgan and Jeffries are discovery-specific rulings, but the underlying principle has broader implications. Courts are recognizing that consumer AI platforms are fundamentally incompatible with the confidentiality obligations of legal practice. In re Heppner (S.D.N.Y. 2026) extended this reasoning to attorney-client privilege: using a public AI platform for legal strategy waives privilege because the platform's terms of service permit data collection, training, and third-party disclosure.

Warner v. Gilbarco (D. Or. 2026) provides the counterpoint: AI-generated work product retains protection when created under proper attorney direction with appropriate confidentiality controls. The issue is not whether AI can be used in legal practice. It is whether the architecture preserves the confidentiality and control that the law requires.

For practitioners navigating this evolving landscape, the path forward is clear: the AI must be under your control, on your hardware (or your vendor's hardware under contractual safeguards), with no data leaving the system. Anything less is a risk that courts are now explicitly prohibiting.

What To Do Now

If you are a litigator using AI tools in discovery, or anticipate facing a protective order that restricts AI use, consider these steps:

  1. Audit your current tools. Does your AI platform process data on third-party servers? Does it train on your inputs? Can you produce documentation of its data handling? If you cannot answer these questions with certainty, your tools likely fail the Morgan test.
  2. Review pending protective orders. If you have active cases with confidentiality orders, check whether they address AI use. If not, anticipate that opposing counsel may seek amendments. Be prepared to demonstrate compliance proactively.
  3. Identify compliant alternatives. Self-hosted AI solutions exist and are becoming more accessible. JD Woods Law PLC offers this infrastructure as a service specifically for attorneys facing these requirements. Learn more about our eDiscovery compliance services.
  4. Download sample documentation. Our generic Declaration of AI Processing Practices and Sample Protective Order Language are available at no cost. Use them to understand what compliant documentation looks like and to prepare for protective order negotiations.

Need compliant AI processing for an active case?

Request a Pre-Qualification Assessment

Jonathan D. Woods, Esq. is the principal of JD Woods Law PLC, a Florida law firm offering AI-enhanced legal services. He has designed and operates a self-hosted AI document processing system for litigation support that satisfies the protective order requirements of Morgan v. V2X and Jeffries v. Harcros. He can be reached at jdwoods@jdwoodslaw.com or through jdwoodslaw.com/ediscovery.

Related Articles

April 7, 2026

Why Attorney-Client Privilege Matters in AI Legal Services

March 2026

AI-Enhanced Legal Services in Florida