Law Firm Automation with n8n: How One Firm Got Its Mail Intake, Case Files and Deadlines Under Control
How a mid-size firm cleared the paper mountain in its back office – without ever putting its duty of confidentiality at risk
A German law firm with three lawyers and four support staff in the Neuss area had a problem every growing practice knows: the legal work was excellent – but the back office was drowning in mail intake, case-file creation and deadlines. This is the story of how we automated three of those workflows with self-hosted n8n, without ever handing a single client secret out of the building.
The Starting Situation: Strong Lawyers, Overloaded Back Office
The firm – let's call it "Berger & Partner" for confidentiality – specialises in employment and tenancy law. Three attorneys, a paralegal (in Germany a Rechtsanwaltsfachangestellte, "ReFa") named Melanie, a second part-time assistant, a bookkeeper and a trainee lawyer. A typical, well-run small firm in the German Mittelstand.
The problem wasn't legal quality. It was the engine room: the same administrative steps that accompany every piece of incoming mail, every new matter and every deadline. When we first spoke with the partner in spring 2026, she described three specific pain points.
1. Mail Intake Ate the Morning
Mail arrived through three channels at once: the German lawyers' secure electronic mailbox (the besonderes elektronisches Anwaltspostfach, beA), email, and classic paper post that got scanned. Melanie opened, reviewed and manually assigned every item to the right case file, then filed it. On busy days that cost her around two hours – time in which no one was called back, no client was helped and no brief was drafted.
2. Every New File Was Manual Labour
A new matter meant: retype the data from the client inquiry, create the file in the practice-management software, assign a case number, capture master data, set up the folder structure, write an acknowledgement. 15 to 40 minutes per matter depending on complexity – and always most stressful exactly when things were already busy.
3. Deadlines Were a Constant Background Stress
In a law firm, deadlines aren't an administrative detail – they're a liability question. A missed statutory deadline can lose an entire case and make the lawyer personally liable. So the handling was nervous: every deadline-relevant item had to be seen, correctly calculated and entered into the deadline calendar. It worked, but it sat over the back office like a permanent pressure: "Have we really captured everything?"
Why Now? Legal Tech in 2026, Between "Tried ChatGPT Once" and Real Automation
The firm isn't alone in that feeling. The German legal-tech market is visibly on the move: according to the Legal Tech Monitor 2025 by the Legal Tech Verband Deutschland, the sector has an estimated 300 active companies with up to 10,000 employees; more than 80% of providers integrate AI into their business models – mainly for document analysis and generation.
Inside the firms themselves, the picture is more nuanced. A (non-representative) 2025 legal-tech survey by legal-tech.de of around 80 mostly small firms paints an honest picture of the mood: over half of respondents already used ChatGPT frequently or occasionally – but only 16% used a dedicated, purpose-built AI tool. At the same time, 64% planned to invest in an AI tool within the next twelve months. They saw the biggest potential in document analysis, legal research and document creation.
Translated: many firms have tested the technology but haven't yet turned it into a reliable process. That's exactly the gap "Berger & Partner" wanted to close – not with another chat window, but with automations that run quietly in the background every day and dock onto the right software.
The Question That Comes First in Every Firm: Confidentiality and Data Protection
Before we built a single line of workflow, the professional-conduct question was on the table. A lawyer can't just tip client secrets into any tool. Three layers matter here (this is German law, because the firm is German):
- Duty of confidentiality (§ 43a(2) BRAO): lawyers must keep confidential everything they learn in the course of their profession – a professional-conduct obligation.
- Criminal law (§ 203 StGB): unauthorised disclosure of a client secret is a criminal offence. At the same time, § 203(3) StGB expressly permits involving assisting parties – such as external IT providers – where this is necessary; those parties are then themselves bound by criminal liability.
- Special rule for service providers (§ 43e BRAO): anyone providing IT, cloud or AI services to a firm falls under this provision. It requires a contract in at least text form with a statutory minimum content – including the provider's confidentiality obligation with an instruction on the criminal consequences, the principle of necessity (least possible access to secrets) and a rule on subcontractors.
On top of that sits the GDPR with its own instrument – in particular the data processing agreement (DPA) under Art. 28 GDPR. Important: the professional-conduct contract (§ 43e BRAO) and the data-protection DPA (Art. 28 GDPR) are two different documents. You need both, not one of them.
Up front: this article describes a real-world case and is not legal advice. Which obligations apply in a given case is something firms clarify with their data-protection officer and their bar association. Germany's Federal Bar (BRAK) has published its own guidance on using AI.
The Architecture Decision: Self-Hosted n8n Instead of Public Cloud AI
That threshold question almost dictated the technical decision. We built the entire automation on n8n – an open-source workflow tool the firm runs on its own server in a German data centre. Plus a self-hosted file store (Nextcloud) and – the decisive point – a locally running language model for the sensitive steps like classification and data extraction.
Why the effort? Because data sovereignty only truly exists if the document content never leaves your own environment. If the workflow called a public cloud model like ChatGPT, the client data would be in transit – and that's exactly what the BRAK's AI guidance warns against: confidential client data does not belong in public LLM services. By keeping n8n, the file store, OCR and the language model entirely on the firm's server, there is no third-country transfer – and therefore no debate about standard contractual clauses or transfer impact assessments.
An honest caveat: self-hosting alone does not make a firm "automatically GDPR-compliant". It defuses the transfer and disclosure problem – but technical and organisational measures, the record of processing activities and, where relevant, a data-protection impact assessment remain mandatory. If you want the deeper trade-off, see our comparison n8n self-hosting vs. cloud.
The Solution: Three Automations, One System
We introduced no new practice-management software and replaced nothing that worked. The firm keeps using its cloud practice-management system (in this case Actaport), which offers a REST interface. n8n sits on top and takes over the manual labour between the systems.
Automation 1: The Digital Mail Intake
As soon as a document lands in the firm's intake store – whether as an email attachment, a scan of paper post, or a PDF exported from the beA – n8n takes over:
- The document is made searchable via OCR (a locally running component, orchestrated by n8n).
- The local language model classifies the item: what is it about? Which case numbers, opposing parties, courts are named?
- The item is assigned to the matching case file and stored in the right folder structure.
- The responsible lawyer gets a short notification with a summary and a link to the document.
- Uncertain cases aren't guessed at – they're deliberately placed in a "please assign manually" queue.
Important and deliberate: the beA itself stays in the firm's hands. n8n does not poll the lawyers' secure mailbox and does not replace a secure transmission channel – the automation only begins after a document is in the firm's own store. That leaves the legally protected channel untouched.
Built with: self-hosted n8n, a Nextcloud intake folder & IMAP mailbox, a local OCR component, a locally running language model (no cloud LLM), REST connection to the practice-management software.
Automation 2: Client Onboarding and Case-File Creation
A new matter inquiry now comes in through a structured intake form on the website. That triggers automatically:
- Master data is validated and normalised (address, opposing party, area of law).
- n8n reminds the responsible lawyer of the conflict-of-interest check – a step deliberately kept with a human.
- After approval, the file is created via the practice-management software's REST interface, the case number is assigned and the folder structure is generated.
- The client automatically receives an acknowledgement – within minutes instead of one to two days.
- Melanie only does the final check now: about five minutes instead of 15 to 40.
Built with: a web intake form, n8n, the practice-management software's REST API, automatic email dispatch. The conflict check stays a human decision – n8n only prompts for it and documents it.
Automation 3: Deadline Management with a Human in the Loop
This is the most sensitive and at the same time most valuable part – and it is deliberately not fully automatic. If the intake triage detects a possible deadline trigger (for example, the service of a court document), n8n does not create a deadline entry. Instead:
- n8n creates an approval task for the responsible lawyer – with the extracted key data: suspected deadline type, proposed date, source/document.
- The lawyer reviews the calculation and actively confirms (or corrects) it.
- Only after this human confirmation is the deadline or follow-up noted in the practice-management software.
- If no one responds, the task doesn't disappear: a timeout automatically escalates it to the partner.
The reason is simple and non-negotiable: deadline calculation is liability-critical. AI may propose and prepare here – a human must decide. The automation only ensures that no deadline-relevant item slips through unnoticed anymore, because each one creates a task that has to be acknowledged.
Built with: an n8n "Send and Wait for Response" approval, escalation logic with a timeout, logging of every confirmation, and an entry in the deadline calendar of the practice-management software only after approval.
The Result After Six Months
The figures below are the measured experience of this one firm – not an industry average and not a study, but one concrete individual case.
| Task | Before | After |
|---|---|---|
| Sorting & assigning mail intake | ~2 hrs/day | ~40 min/day |
| Case-file creation per new matter | 15–40 min | ~5 min (final check) |
| Acknowledgement to clients | 1–2 days | a few minutes |
| Deadline-relevant items left unnoticed | latent risk | 0 (each creates an acknowledged task) |
On balance, Melanie reclaimed roughly six to seven hours per week – time that now goes into client care and brief preparation instead of sorting. Over six months, every deadline-relevant item produced an acknowledged approval task; no hint slipped through unnoticed again.
Effort and running costs:
Rollout took about six weeks. Running costs are around 20 to 30 euros per month for the server; n8n itself is free of licence fees when self-hosted for internal use (Sustainable Use License). No large software project, no vendor lock-in – an infrastructure the firm owns.
Compliance in Detail: Two Contracts, No Data Outflow
To make the setup not just efficient but also clean under professional-conduct rules, the project involved more than technology:
- A § 43e BRAO contract between the firm and Lyron as the IT service provider – in text form, with a confidentiality obligation, instruction on the consequences of § 203 StGB, the necessity principle and a subcontractor rule.
- A separate data processing agreement (Art. 28 GDPR) for the data-protection side.
- No third-country transfer: n8n, Nextcloud, OCR and the language model run entirely on the German server – so no standard contractual clauses or transfer impact assessment are needed.
- The record of processing activities, the technical and organisational measures and a short staff training were updated alongside.
And the much-cited EU AI Act? The AI functions used here – classifying an incoming document and extracting fields – count as minimal risk. The AI Act triggers no specific obligations for that. But that expressly does not mean "no compliance": the GDPR and professional-conduct law (§§ 43a, 43e BRAO, § 203 StGB) continue to apply regardless.
What Can't Be Automated – and Why That's a Good Thing
An honest case study also names the limits. We automated the engine room – not the lawyering. Three things deliberately stay with a human:
- Deadline calculation – the AI proposes, the human decides and is liable.
- The conflict-of-interest check – a lawyer's judgement, not a database lookup.
- Legal assessment and advice itself – the core business that is never outsourced.
That very separation is what makes the approach workable for a firm: the automation takes the recurring load without intruding on the lawyer's responsibility. If you're thinking more fundamentally about where automation should start in a business, our piece on process automation is a good entry point.
Which Firms This Pays Off For
This path fits especially well for small and mid-size firms that lose noticeable time on mail intake and file administration, that have high confidentiality requirements, and that don't want to depend on a single cloud vendor. A firm running practice-management software with an interface has the ideal docking point – but even without one, structured file and email stores get you a long way.
The most important sentence we take away from projects like this: automation doesn't replace a lawyer. It clears her desk. We've seen similar effects in other industries too – for example at a plumbing company in NRW that reclaimed 11 hours per week this way.
Does This Sound Familiar?
If mail intake eats your morning, every new file is manual labour and deadlines run constantly in the back of your mind – then a conversation is worth it.
We offer a free initial consultation in which we look together at which workflows can be automated in a data-sovereign and professionally compliant way – and where the biggest levers are.
Book your free initial consultation now
Note: this article describes an anonymised real-world case and is for information only. It does not constitute legal advice. The statutory provisions mentioned (including § 43a, § 43e BRAO, § 203 StGB, §§ 130a, 130d ZPO and the GDPR) are summarised in shortened form; in any specific case the applicable current versions and the guidance of the competent bar association govern.
About Lyron: Lyron is an automation consultancy based near Düsseldorf/Neuss. We help small and mid-size companies – including law firms and tax advisors – automate recurring processes in a data-sovereign way and win back time.
Share this article
You Might Also Like
How a Plumbing Company in NRW Saves 11 Hours per Week Through Automation
A plumbing business in the Rhineland automates quotes, invoices and customer communication – result: 11 hours saved per week.
How a Real Estate Agent Converts 40% More Leads with n8n and AI
Case study: an agency in NRW automates lead qualification and WhatsApp follow-up – converting 40% more inquiries into viewings.
Email Automation with n8n: Answer Customer Inquiries Automatically – 24/7
How small businesses use n8n to process emails automatically – acknowledgements, routing, CRM entries and tickets.
