A grand jury subpoena, a Section 2 notice, or an SEC document request is not an ordinary discovery event. It is a step inside a criminal or quasi-criminal proceeding in which the recipient is, simultaneously, a witness, a custodian of evidence, and a potential target. Unlike civil discovery — where mistakes can usually be cured with a supplemental production or a clawback under Federal Rule of Evidence 502(d) — the errors made in the first 48 hours of a regulatory matter are largely uncorrectable. A spoliation event, an inadvertent privilege waiver, or a sloppy interview memo can become an exhibit at indictment.
Four things must happen at once. Preservation must be put in writing across every potentially relevant custodian and system, on a hold notice that contemplates criminal exposure rather than civil exposure. Scoping must be done on the face of the subpoena itself — including a careful read of the categories of documents demanded, because, as United States v. Hubbell, 530 U.S. 27 (2000), makes clear, the breadth of the categories controls whether the act of production is itself testimonial. Privilege protection must be designed in advance, before any interview is conducted, because the choice between an investigation conducted under privilege and one conducted as a compliance exercise will turn on facts that exist on day one. And the tone of the relationship with the regulator — cooperative, adversarial, or reserved — must be set deliberately by counsel, not accidentally by a junior in-house lawyer who returns the regulator's call.
The argument of this article is that each of those four moves is anchored in a small set of authorities that every litigator handling investigations should be able to cite from memory: Hubbell on the Fifth Amendment act-of-production doctrine; the SFO's powers under Section 2 of the Criminal Justice Act 1987 as construed in R (KBR Inc) v. Director of the SFO [2021] UKSC 2; the Court of Appeal's litigation-privilege framework in Director of the SFO v. ENRC [2018] EWCA Civ 2006; and the Three Rivers (No 5) / Upjohn divergence on what counts as a privileged communication inside a corporation. The remainder of this article walks through each one, in the order in which they actually matter when a subpoena lands on the general counsel's desk.
In United States v. Hubbell, 530 U.S. 27 (2000), Webster Hubbell was served with a subpoena demanding eleven broad categories of documents. He invoked the Fifth Amendment, was granted statutory immunity under 18 U.S.C. §§ 6002–6003, produced 13,120 pages, and was then indicted on tax and fraud charges built from those very documents. The Supreme Court held that the indictment had to be dismissed: the act of producing the documents was itself testimonial, because by complying Hubbell had implicitly admitted that “the papers existed, were in his possession or control, and were authentic.” Hubbell, 530 U.S. at 40–41.
Two practical points fall out of Hubbell. First, the doctrine protects the testimonial act of production, not the contents of voluntarily created documents. The contents of an email written years before any investigation are not privileged under the Fifth Amendment, no matter how incriminating they are. Second, the “foregone conclusion” exception — the doctrine that lets the government compel production where it can already prove the documents' existence, possession, and authenticity with reasonable particularity — did not apply on the Hubbell facts because the government had used Hubbell's mind to identify the universe of responsive material. Hubbell, 530 U.S. at 43–45.
For an organization — which has no Fifth Amendment privilege of its own — the direct application is narrower than for an individual. But the doctrine still matters in two recurring scenarios. The first is compelled decryption: the question whether a custodian can be forced to enter a passcode on an encrypted device is squarely governed by the Hubbell framework, and lower courts continue to split on it. The second is the broad-and-vague subpoena that asks the recipient to characterize, sort, and identify documents whose existence the government cannot independently establish. In that posture, an individual custodian served alongside the corporation may have a real Hubbell objection that the corporation does not, and the response strategy has to account for both.
Section 2 of the Criminal Justice Act 1987 gives the Director of the Serious Fraud Office one of the most powerful compulsory tools in any common-law jurisdiction. Under Section 2(2) the Director can compel any person — suspect, witness, or third party — to attend and answer questions, and under Section 2(3) the Director can compel production of specified documents. Failure to comply is a criminal offence under Section 2(13). The compulsion is real: Section 2(8) provides only a limited use immunity, restricting the use of compelled statements against the maker in subsequent criminal proceedings, and Section 2(9) preserves legal professional privilege. There is no general privilege against self-incrimination on Section 2 compulsion, and there is no equivalent to the U.S. proportionality framework.
The territorial scope of those powers was the central question in R (on the application of KBR, Inc) v. Director of the Serious Fraud Office [2021] UKSC 2. The SFO had served a Section 2(3) notice on KBR Inc — a U.S.-incorporated parent of a UK subsidiary under investigation — during a meeting in London, demanding production of documents held in the United States. The Supreme Court allowed KBR's appeal and held that Section 2(3) does not have extraterritorial effect: the Director has no power to compel a foreign company with no UK presence to produce documents held abroad. The Court relied on the presumption against extraterritoriality and noted that it was “inherently improbable” that Parliament had intended the SFO to bypass mutual-legal-assistance machinery by unilateral demand. KBR, [2021] UKSC 2 at ¶¶ 21, 41, 66.
For an in-house team responding to a Section 2 notice, the post-KBR playbook is straightforward in outline and difficult in execution. First, identify whether the recipient is a UK entity with a real UK presence or a foreign affiliate. Second, segregate UK-located ESI from foreign-located ESI — a technical question that requires a defensible map of where data actually sits. Third, where the demand reaches foreign data, push the regulator into the mutual-legal-assistance channel rather than complying voluntarily: voluntary compliance can collapse the jurisdictional argument and expose the parent to a precedent it does not want. The Court of Appeal's later application of KBR to the Competition and Markets Authority in CMA v. Volkswagen & BMW confirms that the framework is now the controlling lens for any UK regulator's information-gathering powers.
The single most consequential decision an organization makes in the first week of an investigation is whether to conduct its internal fact-finding under the umbrella of litigation privilege or as an unprivileged compliance exercise. The English authority on that question is Director of the Serious Fraud Office v. Eurasian Natural Resources Corporation Ltd [2018] EWCA Civ 2006. The Court of Appeal restored the orthodox application of litigation privilege after the High Court (Andrews J) had held that ENRC's internal-investigation work product was unprivileged because criminal proceedings were not yet “reasonably in contemplation” and because the dominant purpose was compliance, not litigation.
The Court of Appeal disagreed on both points. On reasonable contemplation, it held that “ENRC was right to say that [criminal proceedings] were in reasonable contemplation when it initiated its investigation in April 2011, and certainly by the time it received the SFO's August 2011 letter.” ENRC, [2018] EWCA Civ 2006 at ¶ 101. On dominant purpose, it held that “legal advice given to head off, avoid, or even settle reasonably contemplated proceedings is as much protected by litigation privilege as advice given for the purpose of resisting or defending such contemplated proceedings.” ENRC at ¶ 102. The practical effect is that the moment a credible threat of prosecution exists — a whistleblower allegation backed by documents, a regulator's letter, an SFO contact — the investigation can be conducted under privilege if it is structured for that purpose.
Three operational consequences follow. First, the privilege determination must be made and documented at the outset, not retroactively. The contemporaneous record — engagement letters, scoping memos, board minutes — will be the evidence on which dominant purpose is later judged. Second, interview notes and forensic-accountant reports created within a properly structured investigation are protected by litigation privilege under ENRC, even though they would not be protected by legal advice privilege under Three Rivers (No 5). Third, the privilege analysis is fragile across borders: a workstream that would be privileged under Upjohn in the United States may not be privileged under Three Rivers in the United Kingdom, and vice versa.
The U.S. and English approaches to corporate attorney-client privilege diverged in 1981 and have not reconverged. In Upjohn Co. v. United States, 449 U.S. 383 (1981), the Supreme Court rejected the narrow “control group” test that had limited privilege to senior management. The Court held that privilege attaches to communications between corporate counsel and any employee, regardless of rank, where the communication is made “at the direction of corporate superiors in order to secure legal advice from counsel.” Upjohn, 449 U.S. at 394. The functional, purpose-based test is the foundation of every U.S. internal investigation and the doctrinal basis for the modern Upjohn warning — the corporate Miranda that informs an interviewed employee that counsel represents the company, not the individual.
England moved the other way. In Three Rivers District Council v. Bank of England (No 5) [2003] EWCA Civ 474; [2003] QB 1556, the Court of Appeal held that legal advice privilege protects only communications between solicitors and the specific unit within the corporation designated as the client. On the facts, the Bank of England's Bingham Inquiry Unit “and no one else” was treated as the client of Freshfields for privilege purposes, and material prepared for the “dominant purpose of putting relevant factual material before the inquiry” was held not to be privileged at all. Three Rivers (No 5), [2003] QB 1556 at ¶ 37. The decision has been widely criticised but remains the law in England and Wales.
For a cross-border investigation, the divergence is not academic. An interview of a mid-level employee conducted by U.S. counsel will almost certainly be privileged under Upjohn; the same interview conducted by English solicitors may not be protected by legal advice privilege under Three Rivers, and will only be protected by litigation privilege if the ENRC dominant-purpose test is satisfied. The practical workaround in cross-border investigations is to construct the interview workflow so that it falls inside ENRC litigation privilege from the start — which is a stronger and more durable basis than legal-advice privilege under either system — and to keep contemporaneous evidence of the litigation purpose. The cross-border eDiscovery companion piece walks through the data-protection layer that sits on top of all of this.
The compressed timeline of an investigation is not a problem the legacy eDiscovery stack was designed to solve. Per-GB processing fees that take a weekend to clear, per-document review queues that take weeks to staff, and per-user license fees that limit how many lawyers can be in the platform at once are all friction points that compound exactly when speed matters most. A platform that bills $60/GB/month, all-in, with unlimited users and no contracts — the DecoverAI pricing model — removes the procurement and licensing delays that ordinarily eat the first day of an investigation.
The product surface matches the playbook. Collected ESI is ingested, OCR'd, deduplicated, and made searchable on day one, so that scoping the subpoena against the actual document population happens in hours rather than weeks. AI-driven relevance and privilege classification narrow the responsive set quickly, which is what enables a Hubbell-aware scoping conversation with the prosecutor before production is locked in. Auto-generated privilege logs and integrated redaction support the production phase, while audit trails preserve the defensibility record that matters if the regulator later challenges the methodology. The early case assessment workflow and the subpoena response page describe the workflow in more detail.
Two case studies show what the timeline looks like in practice. In the white-collar crime matter, DecoverAI compressed a multi-custodian collection-to-production cycle into a window that traditional vendors quoted in months. In the federal production remediation matter, the platform unwound a defective production and reissued it under court deadline. Neither case turned on technology alone — both turned on the combination of speed, cost, and defensibility that the $60/GB/month model is built to deliver. For a deeper walkthrough of the practical workflow, the subpoena response guide companion piece is the right next read.