Most lawyers using AI are leaving a significant productivity gain on the table — not because they're using the wrong tools, but because they're using the wrong prompts. A generic prompt like "review this contract" hands the model zero context about your role, your priorities, your jurisdiction, or your risk tolerance. The output reads like it was written for nobody in particular. That's because it was.

The best AI prompts for legal work share three characteristics: they assign a specific professional role, they constrain the output format to something professionally useful, and they provide enough context that the model can apply legal expertise rather than produce generic guidance. The eight prompts below are built on this foundation. Each one pulls from PromptSonar's legal library, which covers the full spectrum of tasks that make up the day-to-day work of attorneys and in-house counsel.

⚠️ Important

These prompts produce first drafts and preliminary analysis — not final legal advice. They are tools for trained professionals, not replacements for professional judgment. Always apply your expertise and verify output before relying on it.

1

Contract Review

Use case: Initial risk pass on any commercial agreement — vendor contracts, SaaS terms, partnership agreements. Feed it the contract and get a structured risk register in minutes. The prompt is designed for the reviewing party (buyer/licensee), but swap the role to fit any transaction.

Contract Review Prompt
View full prompt →
Act as a senior contract attorney. Review the following contract and provide a comprehensive analysis covering: 1) Key obligations for each party, 2) Potential risk areas and ambiguous language, 3) Missing standard clauses (limitation of liability, indemnification, IP ownership), 4) Unfavorable terms that should be negotiated, 5) A plain-English summary of what I'm agreeing to. Flag any red flags with HIGH/MEDIUM/LOW severity. [PASTE CONTRACT HERE]
Why it works: The severity framework (HIGH/MEDIUM/LOW) maps directly to how legal teams prioritize negotiation points. Asking for a plain-English summary prevents the output from burying the key risks in legalese.

Use case: First-draft legal memorandum on an employment dispute. Specify the situation, jurisdiction, and client profile and the output follows the standard legal memo format: TO/FROM/DATE/RE headers, ISSUE PRESENTED, BRIEF ANSWER, FACTS, DISCUSSION, CONCLUSION. Useful for employment attorneys, HR counsel, and in-house teams handling workplace claims.

Employment Law Memo Prompt
View full prompt →
You are an employment law attorney. A client has presented the following situation: [DESCRIBE SITUATION]. Draft a legal memorandum analyzing: 1) Applicable federal and state employment laws, 2) Strength of potential claims, 3) Employer's likely defenses, 4) Recommended course of action with risk assessment, 5) Key evidence to preserve immediately. Format as a proper legal memo with TO/FROM/DATE/RE headers.
Why it works: Asking for the employer's defenses forces the model to think adversarially — which produces a more balanced and realistic assessment than a one-sided analysis. The "evidence to preserve immediately" instruction is practically valuable and easy to forget under time pressure.
3

NDA Negotiation Talking Points

Use case: Pre-negotiation prep for any NDA where specific clauses are problematic. List the clauses that concern you and your priorities, and get clause-by-clause analysis: why each is problematic, proposed alternative language, and when to stand firm vs. concede based on your leverage position. Particularly valuable before high-stakes enterprise or investor negotiations.

NDA Negotiation Prompt
View full prompt →
I'm about to negotiate an NDA with [COUNTERPARTY TYPE]. Review these specific clauses I find problematic: [LIST CLAUSES]. For each clause, provide: 1) Why it's problematic for me, 2) The business risk in plain terms, 3) A proposed alternative language that protects both parties, 4) My negotiating leverage and when to stand firm vs. concede. My key priorities are: [LIST PRIORITIES].
Why it works: The "stand firm vs. concede" instruction forces the model to consider leverage dynamics — something generic NDA analysis completely ignores. The alternative language output is ready to paste into a redline.
4

Cease and Desist Letter

Use case: First draft of a cease and desist letter for any infringement situation — IP, trademark, non-compete violation, harassment. Describe the situation and the output identifies the infringing party, specifies what they must stop, references applicable law, sets a compliance deadline, and outlines consequences. Firm tone without crossing into threats that could undermine enforceability.

Cease and Desist Prompt
View full prompt →
Draft a cease and desist letter for the following situation: [DESCRIBE INFRINGEMENT/VIOLATION]. The letter should: 1) Clearly identify the infringing party, 2) Specify exactly what they must stop doing, 3) Reference specific laws or rights being violated, 4) State the deadline for compliance (14 days is standard), 5) Outline consequences of non-compliance, 6) Maintain a firm but professional tone. Do not include threats of violence or language that could be construed as harassment.
Why it works: The explicit instruction to avoid threatening language is practically important — aggressive C&D letters can be turned against the sender or weaken a subsequent legal position. This constraint produces output that's professionally defensible.
5

Privacy Policy Generator

Use case: Full privacy policy for a business needing GDPR, CCPA, and COPPA compliance. Provide business type, data collected, third-party services, and primary markets. Output covers all required sections: collection, use, sharing, retention, user rights, and contact information — in language users can actually understand. Useful for startup counsel, compliance teams, and solo practitioners with small business clients.

Privacy Policy Prompt
View full prompt →
You are a privacy law expert specializing in GDPR, CCPA, and COPPA compliance. Draft a comprehensive privacy policy for my business with the following details: - Business type: [TYPE] - Data collected: [LIST] - Third-party services used: [LIST] - User location (primary markets): [COUNTRIES] Include all required sections: data collection, use, sharing, retention, user rights, contact information. Write in plain language users can actually understand.
Why it works: Multi-regulation compliance is a common pain point for startup attorneys. Specifying all three frameworks (GDPR + CCPA + COPPA) and primary markets produces jurisdiction-appropriate output rather than a generic document that misses statutory requirements.
6

Intellectual Property Audit

Use case: Pre-transaction or annual IP audit for a company. Provide business description and product/service list; the output identifies probable IP assets owned (trademarks, patents, copyrights, trade secrets), unprotected IP at risk, potential third-party infringement issues, priority actions by business risk, and estimated protection costs. Ideal for M&A due diligence prep and Series A+ fundraising.

IP Audit Prompt
View full prompt →
Conduct an IP audit for my company. Business description: [DESCRIBE]. Products/services: [LIST]. Help me identify: 1) What IP assets I likely own (trademarks, patents, copyrights, trade secrets), 2) IP that may be unprotected and at risk, 3) Potential third-party IP I might be infringing, 4) Priority actions ranked by business risk, 5) Estimated costs for protection. Format as an actionable audit report.
Why it works: The "third-party IP I might be infringing" instruction is what separates a useful IP audit from an inventory list. It forces the model to look in both directions — what you own and what you might be exposing yourself to.
7

Employment Agreement Essentials

Use case: First-draft employment agreement for any role and company type. Provide the role, company type, state, and role description; the output covers all key sections: compensation, at-will vs. term, confidentiality, non-compete and non-solicit (with state enforceability flagged), IP assignment for work inventions, and termination procedures. Useful for employment counsel drafting new agreements or updating legacy templates.

Employment Agreement Prompt
View full prompt →
Draft an employment agreement for a [ROLE] position at my [COMPANY TYPE]. Include: 1) Compensation and benefits structure, 2) Role and responsibilities (I'll describe below), 3) At-will vs. term employment, 4) Confidentiality and trade secret protection, 5) Non-compete and non-solicit clauses (enforceable in [STATE]), 6) IP assignment for work-related inventions, 7) Termination procedures and severance. Flag which clauses vary significantly by state and what to watch out for. Role description: [DESCRIPTION]
Why it works: The instruction to flag state-by-state variation is critical for employment counsel serving multi-state employers. Non-compete enforceability varies dramatically — California, Minnesota, North Dakota, and Oklahoma have near-total bans. Having the model flag these saves research time.
8

Data Breach Response Plan

Use case: Immediate incident response when a data breach is discovered. Describe what was accessed/exposed and the states/countries you operate in; the output produces a time-ordered response plan: first 24 hours containment steps, legal notification obligations by jurisdiction (GDPR, CCPA, state breach laws), notification timelines, guidance on what to say and not say, documentation to preserve for legal defense, and regulatory penalties at stake. Designed for breach counsel and in-house privacy teams.

Data Breach Response Prompt
View full prompt →
We've experienced a potential data breach involving [DESCRIBE WHAT WAS ACCESSED/EXPOSED]. Help me create an immediate response plan: 1) First 24 hours: steps to contain the breach, 2) Legal notification obligations (GDPR, CCPA, state breach laws — we operate in [STATES]), 3) Timeline for required notifications to regulators and affected individuals, 4) What to say (and not say) in notifications, 5) Documentation to preserve for legal defense, 6) Regulatory penalties we might face. Time-sensitive — prioritize immediate actions.
Why it works: Data breach response is time-critical and jurisdiction-dependent. The "what not to say" instruction produces guidance on avoiding statements that could be used as admissions — something junior team members under pressure frequently overlook.
Pro tip: Stack these prompts

For complex matters, run multiple prompts in sequence. Use the Contract Review prompt for initial risk assessment, then the Vendor Contract Risk Analysis for a deeper pass on specific clauses. Each prompt is designed to be modular — they work alone or in combination.

How to Get the Most Out of These Prompts

A few principles that apply across all eight prompts:

  • Always specify your role in the transaction. "Review this contract" produces generic output. "Review this contract as the buyer's counsel" activates a specific adversarial lens that changes what gets flagged.
  • State your jurisdiction explicitly. Employment law, non-compete enforceability, breach notification requirements — all vary significantly by state or country. A prompt that doesn't specify jurisdiction will blend federal and state law without flagging which applies.
  • Don't trust case citations. AI models can hallucinate specific case names and citations. The structural analysis is usually sound; the specific citations require verification in Westlaw or Lexis before you rely on them.
  • Use structured output instructions. Asking for numbered lists, severity labels, and formatted headers transforms AI output from a wall of text into something you can act on. All eight prompts above include structured output instructions for this reason.

All 15 legal prompts — ready to use

Browse PromptSonar's full legal library: corporate structure, shareholder agreements, regulatory compliance, force majeure analysis, DMCA takedowns, and more.

Browse Legal Prompts →
📬

Get the best legal AI prompts weekly — free.

New prompts every Monday across law, finance, and business. No spam.

For the foundational prompt engineering principles behind all of these, see Best Practices for Writing Effective AI Prompts. For the case on why domain-specific prompts outperform generic ones by a wide margin, see Why Niche-Specific AI Prompts Win. If you're also interested in how AI is being adopted specifically in contract review and litigation support, see How to Use ChatGPT Prompts for Legal Professionals.