How to spot a credible AI consultant: check the legal notice

These days it feels like every second person calls themselves an AI consultant. The tools are cheap, the promises are big, and in the mid-market the uncertainty is high. The good news: you do not need a technical degree to tell substance from show. The most honest test takes two minutes and sits at the very bottom of every website.

I look at this as someone who audits rather than sells. In five industries and five countries I have run audits, from aviation to precision manufacturing. What an auditor learns: the one polished act says little. The small, unvarnished details say everything.

The cheapest test almost nobody runs

Scroll to the bottom of the consultant website and open the legal notice, in Germany the Impressum. If it still references the Telemediengesetz, the TMG, that is a first, quiet warning sign. The TMG was replaced in May 2024 by the Digital Services Act, the DDG. The obligation to publish a legal notice now sits in Section 5 DDG, not in the TMG anymore.

Sounds like a tiny detail. It is not. Many of these pages were written by an AI, or at least clicked together with one. And if someone never even proofread their own legal notice, then they did not check the output of their AI. On the very text that makes them legally easiest to attack.

Anyone who does not check their own AI output is not someone I would trust with another companys processes.

This is not legal advice and not a call to send warning letters. It is an assessment. An outdated legal notice does not make anyone a bad person. But it says something about the care with which someone works. And care is exactly what you expect from a person who is meant to touch your data and your processes.

What an outdated legal notice also reveals

The legal notice is a small, clearly regulated mandatory text. If even that is wrong, it hints at how someone works in general. Watch for these patterns:

• A reference to the TMG instead of the DDG, even though the DDG has applied since May 2024.
• A dead link to online dispute resolution that leads nowhere.
• Vague, generic wording that sounds like an unedited template.
• No named, accountable person for the content.
• Technical terms that do not fit together because they come from different templates.

Each single sign is harmless on its own. Several together form a pattern. And patterns are exactly what an auditor watches for: not the one mistake, but the accumulation that shows how carefully or carelessly someone works. A single typo is human. A consistently unchecked web presence is a statement.

And yes, the same applies to my own trade. I have my legal notice checked regularly too. Not because I fear warning letters, but because I expect from others the same care I deliver myself. Anyone who sells scrutiny has to apply it to themselves first.

Three sentences that make me listen closely

In conversation a pretender gives themselves away faster than they would like. Three sentences make me sit up immediately:

• We will just build you an AI agent that handles it. Before anyone has understood the process.
• The AI does that fully automatically, you do not need to check anything. The exact opposite of accountability.
• We will deliver the numbers later. When the needs analysis ends without a tangible result on the table.

None of these sentences is a crime in itself. But they reveal an attitude: technology before process, speed before care, promises before evidence. That order is exactly what leads to expensive surprises in operations.

Process first, then the tool

The most important sign shows in the first question. A credible advisor asks about your process first. A pretender talks about their tool immediately. Anyone who wants to build you an AI agent in the first meeting, without understanding your workflow, is not selling you a tool, but a risk.

Take three typical mid-market cases. An AI that pre-sorts applications. A camera with a model that inspects parts in final control. An AI that creates orders in the ERP. In all three the technology is the easy part. The hard part is the process behind it: who decides, who checks, what happens when it fails.

A picture from the shop floor: you would not buy an expensive CNC machine before it is clear which part it should make, in what quantity and to what tolerance. First the part, then the process, then the machine. With AI it is exactly the same. Put AI on a broken process and it just automates the mess, faster and more expensively. You get the same error, now a thousand times over and stamped objective.

A good advisor therefore brings order to the workflow first and asks about the tool second. That is less comfortable, because it sounds less like the future and more like homework. But it is the only path where something usable stands at the end.

First the process. Then the tool. And only after that the AI.

A needs analysis is not an end in itself

A needs analysis that ends with no tangible output, only the recommendation to keep consulting, is a warning sign. You then pay for the consultants learning curve, not for your own progress. Ask up front what concretely lands on the table at the end: a decision basis, a process map, a clear make-or-buy comparison.

Credible consulting makes itself redundant by making you capable. Poor consulting makes itself indispensable by building dependency. You tell them apart by whether something stays in your house after each meeting, something that carries on even without the consultant.

Why an auditor asks differently than a salesperson

A salesperson wants you to buy. An auditor wants it to hold. That difference sits in every question. The salesperson shows you what the AI could do. The auditor asks what happens when it gets it wrong, who notices, and how fast. For your business you need the second kind of person, even if the first sounds more pleasant.

This stance costs speed in the short term and saves money in the long run. I have seen enough businesses buy an expensive solution because the presentation was good, only to find a year later that nobody in the house could operate, check or, in an emergency, switch the thing off. The bill then comes twice: once for the tool and once for the cleanup.

The accountable human on the letterhead

Artificial intelligence does not carry liability. In the end a human always stands accountable, with their name, on the letterhead. A credible advisor knows this and names clearly who carries responsibility, instead of delegating it to a model.

Ask concretely: who checks the output? By what rule? Who signs at the end? If the answer is a shrug, you have your answer. A named person with a simple checking rule is worth more than any glossy presentation.

This same stance sits inside a management system for AI under ISO/IEC 42001: named accountability, checked output, documented processes instead of gut feeling. In the end an audit checks nothing other than whether there is a clear-headed human behind the tool and whether they can prove what they claim.

Your quick check for the next consultant meeting

You do not need to be an AI expert to ask the right questions. These five are enough to separate substance from show before you sign a contract.

• Does the legal notice cite the DDG or still the old TMG?
• Does the advisor ask about my process first or about their tool first?
• Can they show what the AI does on a real example, instead of just slides?
• Who carries responsibility after the rollout, by name?
• What happens when the AI gets it wrong, and who even notices?

Anyone who answers these five confidently and concretely has understood what matters. Anyone who dodges, shows slides and talks about big promises without letting you touch a single example has not. And that is an answer in itself.

One closing thought that goes beyond the single meeting. Choosing a consultant is not just choosing a tool, but a dependency. You hand someone your workflows, your data and a piece of your future. That decision deserves the same standards as a new supplier in production: references, traceability, clear accountability. Nobody would put a supplier into the series without checking, just because sales were likeable. With AI consulting that happens surprisingly often.

The legal-notice test is only the first, cheap filter. It does not replace a thorough check, but it sorts out the obvious cases quickly. If someone cannot even keep their own mandatory text clean, you do not need to discuss the hard questions at all. And if the legal notice is fine, the good questions only begin. Either way it is time well spent, long before the first euro changes hands.