Why regulated legal services can be a startup moat — and how legal tech exploits it

I used to think regulation was just something you managed. Turns out, in the right market, it's the moat.

I used to think regulation was just something you dealt with. The cost of doing business. Something your lawyers handled so you could get back to building.

I was wrong about that. Regulation, in the right market, is one of the most durable competitive advantages a startup can have. And nowhere is this more obvious — once you see it — than in legal services.

Here's the thing about the legal industry: it's broken in a very specific, very structural way. Lawyers are expensive. Most people can't afford them. The work is mostly locked behind credentials that take years to get and don't transfer across borders. And yet $800B a year flows through this system, most of it going to a relatively small group of professionals who are protected by rules that haven't changed much in decades.

That sounds like a problem. And it is — for access to justice, for small businesses, for normal people trying to navigate a will or a lease or a dispute. But from a startup strategy perspective, that same broken structure is an invitation. If you can figure out how to position yourself correctly inside it, you inherit a moat you didn't have to build from scratch.

I want to walk through how that actually works, because I think most founders in this space either miss it entirely or stumble into it by accident.

Why regulation creates moats (not just headaches)

Most people think about regulatory moats in terms of protection — incumbents using rules to keep competitors out. That's real, but it's only half the picture. The other half is that regulation creates captive demand. When people have no choice but to interact with a system, and that system is genuinely hard to navigate, whoever helps them navigate it captures enormous value.

Legal services have three layers of this working simultaneously, and they compound:

• Licensure barriers. Admission to the bar is jurisdiction-specific, time-intensive, and non-transferable. A qualified NY attorney cannot practice in Texas without re-examination. This fragments supply and caps it by design.
• UPL restrictions. Unauthorised Practice of Law rules prohibit non-lawyers from giving legal advice in almost every jurisdiction. This creates a legal monopoly on the most valuable part of the service: judgment.
• Ethics and privilege rules. Attorney-client privilege, confidentiality obligations, and professional conduct rules mean legal work can't be handed to any vendor. Trust and compliance requirements create deep switching costs.

A licensed attorney in New York can't just set up shop in Texas. A paralegal can't give legal advice without exposing themselves to criminal liability. A company handling sensitive legal matters can't just swap out its law firm the way it swaps out its project management tool — the relationships, the privilege, the institutional knowledge, it's all tangled up in ways that create real switching costs.

And here's the insight I keep coming back to: those barriers don't just protect lawyers. They protect anyone who gets embedded in the workflow alongside the lawyers. If your software sits between a GC and their legal matters, and switching to a competitor means re-onboarding six months of contract history and reconfiguring fifteen different approval workflows — you have a moat. You didn't build that moat through technical superiority. You inherited it from the regulatory environment you were smart enough to operate inside.

Regulation doesn't just protect lawyers from competition. It protects any company that successfully positions itself on the right side of the regulatory line from competition too.

Four ways legal tech actually exploits this

When I look at the legal tech companies that have built real businesses — not just raised money, but built something with staying power — they're almost all doing one of four things.

1. Make compliance the product

Ironclad, Icertis, ContractPodAi — none of these companies give legal advice. They don't compete with attorneys. What they do is give the people managing legal work — GCs, CLOs, legal ops leads — infrastructure to do that job. And because legal workflows are embedded in how a company actually operates, once you're in, you're really in. The contract approval flow for a healthcare company or a bank isn't something you migrate away from on a quarterly planning cycle. It's infrastructure.

The insight here is that you don't need to do the legal work to capture value from legal work. You need to own the system that organises it. And in heavily regulated industries, that system becomes more valuable over time, not less, because the regulatory surface keeps growing.

2. Find the gap between information and advice

LegalZoom figured out something in the early 2000s that wasn't obvious at the time: there's a huge amount of legal work that people need that doesn't actually require a lawyer. Incorporations. Basic wills. Trademark registrations. Standard contracts. Lawyers do these things and charge for them like they're complicated, but they're mostly document assembly with a small amount of guidance on top.

The Unauthorised Practice of Law rules say you can't give legal advice without a license. But you can provide legal information. You can help people fill out forms. You can sell document templates. LegalZoom very deliberately built its product in that gap, and it worked — $7B valuation at IPO in 2021. Rocket Lawyer did the same. This is regulatory arbitrage: not fighting the rules, not ignoring them, but finding the white space inside them and filling it at scale.

3. Build the operating system for regulated professionals

Clio is the example I come back to most often. Practice management software for law firms. It sounds boring. It is, in a sense, boring. But law firm operations have specific, non-negotiable regulatory requirements — IOLTA trust accounts, ethics walls, conflicts checks, court deadline tracking — that vary by jurisdiction and that no generic software handles correctly. Building something that actually works for a lawyer in California and a lawyer in Ontario took Clio years. That's not a bug, it's the point. New entrants face that same timeline, and most won't bother.

By the time Clio hit a $3B valuation, it was processing over $4B in payments annually. That's what happens when you spend a decade building compliance depth that nobody else wanted to build.

4. Accumulate data that can't be replicated

Legal work produces incredibly valuable structured data — contract terms, clause benchmarks, litigation outcomes, negotiation patterns. The firms that have been collecting and normalising this data for years — Kira, Luminance, LexisNexis, and increasingly Harvey — have something that a well-funded newcomer genuinely cannot just buy or scrape their way into. You can't train a contract analysis model on public data alone and match what a company has built from years of real deal documents. That gap is a moat, and it compounds with every new customer.

The companies actually doing this well

Harvey AI

Harvey went to the elite law firms first, not the mass market. That was the right call. By becoming the AI layer inside firms that already have the trust of the world's biggest companies, Harvey inherited relationships and data access it couldn't have built from scratch. $300M+ raised. The model isn't the moat — the data and the firm-level integrations are.

Moat type: data + distribution through trusted incumbents

Ironclad

Contract management that actually gets embedded in procurement, finance, and legal workflows simultaneously. The more regulated the customer, the harder it is to leave. I've talked to GCs at financial services companies who described ripping out their CLM as "about as easy as ripping out Salesforce." That's the goal.

Moat type: workflow integration + compliance complexity switching costs

Clio

Fifteen years of building compliance depth for law firms across dozens of jurisdictions. IOLTA accounting, ethics walls, court calendaring — all the unglamorous stuff that has to work or a lawyer loses their license. Most competitors gave up. Clio didn't. Now at $3B and deeply embedded in the referral and payment infrastructure of the legal profession.

Moat type: compliance depth + network effects within legal referral ecosystem

Axiom Law

On-demand legal talent for companies that need a lawyer but don't want to hire one full-time. What sounds simple is actually a complex credentialing and compliance operation — tracking bar admissions, jurisdictional limits, ethical walls across hundreds of attorneys. That infrastructure took years to build and is genuinely hard to replicate.

Moat type: credentialed supply + enterprise trust relationships

UPL is scary until you realise it's also a fence protecting you

Every founder I talk to in legal tech eventually asks some version of the same question: how do I avoid getting hit with an Unauthorised Practice of Law claim? It's a real risk. State bars have used UPL enforcement to kill products that got too close to the attorney's turf. You need actual legal counsel on this, not just a founder's intuition.

But here's what most people miss: successfully navigating the UPL line is itself a competitive advantage. It takes years of regulatory work, jurisdictional analysis, legal opinions, and sometimes direct engagement with bar associations. That work is not replicable overnight. If you've done it and your competitor hasn't, you have something they can't easily copy.

DoNotPay spent years building AI-assisted legal help positioned very carefully as "self-help information" rather than legal advice. The FTC issues they ran into later are a cautionary tale about where the line is, but the underlying insight was right: there's massive unmet demand in the space between Google and a lawyer, and the company that threads the UPL needle correctly at scale captures real value.

The question isn't just "how do I stay out of trouble?" It's "how do I build a product where getting the compliance right is something my competitors will also have to spend years on?" That's the reframe.

The right question isn't "how do I avoid UPL?" It's "how do I build a product where UPL compliance is itself a competitive advantage?"

AI is coming for the commodity work — and that's fine

I want to be honest about something: AI is going to destroy a lot of existing legal tech moats. The companies that built businesses on contract review, document generation, basic legal research — a lot of that is getting commoditised faster than their roadmaps can absorb. LLMs are genuinely good at legal work now, and they're getting better every few months.

But I don't think that's the end of the story. It's more like a reset.

What's getting cheaper is the execution layer — the actual reading and writing and summarising of legal documents. What's getting more valuable is the judgment layer — the M&A advice, the regulatory strategy, the cross-border transaction work, the litigation calls where someone has to stand behind an opinion and be accountable for it. Those things aren't going to AI anytime soon, and they're going to command higher prices as the commodity stuff gets cheaper.

The companies I'm watching closely are the ones building at the intersection: AI for the execution work, plus deep workflow integration and institutional trust for the judgment work. Harvey is the clearest example. They're not trying to replace partners at Cleary Gottlieb. They're trying to be the infrastructure those partners can't imagine working without. That's a very different business, and a much more defensible one.

If you're building in this space right now, the question I'd ask is: what does your company have in five years that a well-funded competitor starting today couldn't replicate? If the answer is "better product," that's not enough. If the answer is "proprietary data, embedded workflows, and regulatory compliance infrastructure" — you're building something real.

What I'd actually do if I were building here

1. Pick a vertical, not a category. Don't build "legal tech." Build compliance software for healthcare providers, or contract infrastructure for financial services, or closing software for real estate. The regulatory complexity in a specific vertical is what makes the moat, and it compounds differently depending on where you are. Two regulatory regimes intersecting is better than one.

2. Treat compliance as a product feature. Every hour you spend on the compliance architecture is an hour your competitor will also have to spend — if they even bother. Most won't. Put it in your pitch deck. Talk about it in sales calls. Regulated buyers, especially in enterprise, genuinely weight compliance confidence heavily. It's not a checkbox for them, it's a purchasing criterion.

3. Go with lawyers, not around them. The graveyard of legal tech is full of companies that tried to replace attorneys. The ones that succeeded made attorneys better, or made in-house legal look smarter to the CFO. Law firms have distribution, relationships, and credibility you can't buy. Use them.

4. Know your data flywheel before you write a line of code. What does your product generate that improves itself over time? If it's nothing, you're in a features race and you'll lose to whoever raises more. Legal data is unusually valuable and unusually hard to get — figure out how your product creates a data advantage, and make that central to the architecture from day one.

5. International is harder and worth it. Most legal tech companies punt on internationalisation. US law firms, UK firms, EU firms, Asia — they all have different enough regulatory environments that genuinely working across all of them is rare. If you do it, you have something that's genuinely hard to replicate. The pain is real but so is the payoff.

One last thing

I want to say something that doesn't usually show up in startup strategy posts: the regulatory moat in legal services exists partly because legal help is genuinely inaccessible to most people. The rules that make lawyers expensive and services hard to get — those rules are hurting real people. People who need a will and can't afford one. People navigating a landlord dispute without any help. People who got the wrong end of a contract they didn't understand.

That's not an abstraction. And I think founders who are building in this space and ignoring it are leaving something important on the table — not just morally, but commercially. The access-to-justice problem is also the biggest unserved market in legal services. The company that actually cracks it, not just for enterprise clients but for normal people, will build something enormous.

The regulation is the moat. But it's also something you can make irrelevant. The best legal tech companies will do both.

Eugene Pavlov — eugenepavlov.ai