A subpoena lands on your desk — or more likely, in your inbox at 4:47 PM on a Friday. The response deadline is Monday morning. You have somewhere between 24 and 72 hours to identify relevant documents, review them for privilege, apply redactions, generate a privilege log, and produce a defensible set. For most legal teams, this scenario triggers immediate panic, and for good reason: the traditional eDiscovery workflow was never designed for this kind of speed.
The reality is that most organizations do not have an eDiscovery platform ready to go when a subpoena arrives. They do not have processing infrastructure standing by. They do not have review protocols drafted. They are starting from zero at the worst possible moment. The result is predictable: frantic calls to vendors, rushed review, missed documents, and productions that are either incomplete or over-inclusive — both of which carry significant legal risk.
Subpoena response is fundamentally different from litigation-driven document review. In litigation, you have weeks or months to build your review workflow. With a subpoena, especially a third-party subpoena or a government enforcement action, the timeline is compressed to hours. The margin for error is razor-thin. A late or deficient response can result in contempt findings, adverse inferences, or sanctions. And unlike litigation discovery, where the scope is negotiated over time, a subpoena often arrives with a fixed scope and a hard deadline.
This guide walks through a practical, hour-by-hour workflow for responding to a subpoena within 24 hours. It is designed for legal teams that may not have dedicated litigation support staff, enterprise eDiscovery platforms, or the luxury of time. The goal is not perfection — it is a defensible, reasonable response delivered on time.
The first hour is critical. Before you touch a single document, read the subpoena carefully and assess its scope. Identify exactly what is being requested: specific document categories, date ranges, custodians, and subject matter. Determine whether the subpoena is a subpoena duces tecum (requiring document production), a subpoena ad testificandum (requiring testimony), or both. Note the response deadline, the producing party obligations, and any specific format requirements.
Simultaneously, issue a litigation hold to all custodians whose data may be responsive. Even if you believe the subpoena is overbroad or subject to a motion to quash, preservation obligations attach immediately upon receipt. The hold notice should identify the matter, the types of data that must be preserved, and the custodians' obligation not to delete, modify, or move potentially responsive information. Suspend any automatic deletion policies that might affect relevant data sources.
Assess whether there are grounds to challenge the subpoena. If the requests are unduly burdensome, overbroad, or seek privileged material, you may be able to file a motion to quash or modify. In many jurisdictions, you can also negotiate scope with the requesting party informally. However, do not let the possibility of a challenge stop your preservation and collection efforts. Courts take a dim view of parties who waited to challenge a subpoena but also failed to preserve documents in the interim.
Finally, assemble your response team during this first hour. Identify who will manage collection, who will handle review, and who will be responsible for production. If you need outside help — a managed eDiscovery service, contract reviewers, or technical support — make those calls now. Every hour of delay in this phase compounds the pressure in later phases. A clear division of responsibility established in the first 60 minutes will prevent confusion and duplication of effort throughout the rest of the process.
With the subpoena assessed and preservation in place, the next three hours focus on mapping data sources and collecting documents. Start by identifying where responsive data lives. This typically includes email systems (Exchange, Gmail, Google Workspace), file shares, document management systems, cloud storage (SharePoint, OneDrive, Google Drive), and local drives. For each custodian identified in the subpoena, determine which systems contain their data and how to access it.
Collection must be defensible, meaning it must preserve the original metadata of documents and maintain a clear chain of custody. Use forensic collection tools where possible. For email, export PST or MBOX files with complete metadata. For file shares, copy files with their original timestamps intact. Document every step of the collection process: who collected what, from where, at what time, and using what method. This documentation forms part of your defensibility record.
Be strategic about scope. If the subpoena requests "all documents relating to Project X from 2020 to present," start by collecting from the custodians most likely to have responsive material. Prioritize the highest-yield data sources and expand from there if time permits. In a 24-hour window, you cannot boil the ocean. Focus on the data sources that will produce the most responsive material with the least collection effort.
Maintain a chain of custody log throughout this phase. Record the source of each collection, the hash values of collected files (MD5 or SHA-1), the custodian, the date and time of collection, and the collector's identity. This log is essential if the adequacy of your collection is ever questioned. Even under extreme time pressure, cutting corners on chain of custody documentation creates far more risk than the few minutes it takes to maintain proper records.
Once data is collected, it must be processed and culled before review can begin. Processing involves extracting text and metadata from collected files, expanding container files (PSTs, ZIPs, RARs), and converting files into reviewable formats. This is where traditional eDiscovery workflows often break down under time pressure — processing large volumes of data can take days with conventional tools.
De-duplication is the single most effective culling technique. In a typical email collection, 30-50% of documents are exact or near duplicates. Remove them. Next, apply date range filters to eliminate documents outside the subpoena's scope. Then filter by file type — if the subpoena requests correspondence and contracts, you can safely exclude system files, executables, and media files from review. These three filters alone can reduce the review universe by 60-80%.
This is where AI-powered processing provides a decisive advantage. DecoverAI's platform processes data in hours rather than days, applying automated de-duplication, date filtering, file-type filtering, and AI-powered relevance ranking simultaneously. Instead of waiting 48 hours for a traditional processing vendor to return your data, the platform makes documents available for review within hours of upload. When you are working against a 24-hour deadline, the difference between hours and days is the difference between compliance and contempt.
During processing, also identify and segregate potentially privileged material for separate handling. AI classifiers can flag communications involving known attorneys, documents marked as privileged, and patterns consistent with attorney-client communications. Segregating these documents early prevents inadvertent production during the review phase and allows your senior attorneys to focus their limited time on the documents that require the most careful analysis.
With a culled and processed document set, review can begin in earnest. The goal of review is to tag each document as responsive, non-responsive, or privileged, and to apply any necessary redactions. In a 24-hour workflow, you do not have the luxury of a leisurely, multi-pass review. You need a focused, efficient approach that prioritizes accuracy on the documents that matter most.
Start by reviewing the documents that AI relevance ranking identifies as most likely responsive. These are the documents that contain the keywords, entities, and patterns most closely matching the subpoena's requests. By starting with the highest-confidence documents, you ensure that the most important material is reviewed even if time runs short. Work outward from the core set to lower-confidence documents as time permits.
For privilege review, focus on communications involving attorneys and documents containing privilege indicators. Every document designated as privileged must have a corresponding entry on the privilege log. In a time-compressed workflow, consider using categorical privilege log entries (grouping similar privileged communications together) rather than individual entries for each document. Many courts accept categorical logs, and they are significantly faster to prepare. Reference the Tax Credit Investigation case study, where DecoverAI enabled a team to process 30,000 documents in just 3 days, including complete privilege log generation.
Apply redactions to any responsive documents that contain information outside the scope of the subpoena or that is subject to partial privilege claims. Redactions must be properly applied — burned into the document image so they cannot be removed — and documented in a redaction log. Each redaction should note the basis (privilege, relevance, privacy, or protective order). Verify that redacted documents are flattened before inclusion in the production set to prevent metadata leakage.
The final phase transforms reviewed documents into a production-ready set. Bates numbering must be applied to every produced document in a sequential, consistent format. Agree on the Bates prefix with the requesting party if possible; if not, use a standard format like "COMPANY-000001." Ensure that Bates numbers are applied to both the document images and the corresponding load file entries so that every page can be uniquely identified and referenced.
Generate your load files in the format specified by the subpoena or agreed upon with the requesting party. Common formats include Concordance DAT, Relativity load files, and Summation DII files. The load file must include all required metadata fields: Bates range, custodian, date, author, recipients, subject, file type, and hash values. If the subpoena does not specify a format, produce in the format most commonly accepted in your jurisdiction. Reference the Federal Production Remediation case study — a case that required remediation of 360,000+ documents precisely because the original production failed to meet formatting standards.
Prepare your privilege log listing every document withheld on the basis of privilege. Include the document date, author, recipients, subject matter description (without revealing privileged content), and the specific privilege basis. Run a final QC check: verify that every privileged document appears on the log, that no privileged document appears in the production set, and that Bates ranges are sequential and complete. Test a sample of produced documents to confirm they render correctly.
Document everything with a comprehensive audit trail. Your production should be accompanied by a cover letter or transmittal that identifies the subpoena, the date range of responsive documents, the number of documents produced, the number withheld on privilege, and any objections or limitations on the production. Retain a complete copy of the production, the privilege log, the audit trail, and all QC documentation. If the adequacy of your response is ever challenged, this documentation is your defense.
The workflow described above assumes you are handling every step yourself. But for many legal teams — particularly in-house teams without dedicated eDiscovery staff, solo practitioners, and small firms — the reality is that executing a full subpoena response workflow in 24 hours is simply not feasible without outside help. This is exactly the scenario DecoverAI's managed services are designed for.
With DecoverAI's done-for-you service, you upload your collected data to the platform and our eDiscovery specialists handle the rest: processing, de-duplication, culling, AI-assisted review, privilege logging, redactions, Bates numbering, and production — all within your deadline. Our specialists work around the clock when deadlines require it, and our AI-powered platform processes data orders of magnitude faster than traditional tools.
The pricing is transparent and predictable: $60 per gigabyte for processing and hosting, plus $150 per hour for specialist review and production work. There are no per-user fees, no seat licenses, and no hidden charges for processing or export. For a typical subpoena response involving 10-20 GB of data, the total cost is a fraction of what traditional eDiscovery vendors charge — and the turnaround time is measured in hours, not weeks.
Whether you use the self-service platform or our managed services, DecoverAI provides a complete audit trail documenting every step of the process: collection, processing, review, and production. This documentation satisfies the defensibility requirements that courts expect and provides a clear record of the reasonable steps taken to comply with the subpoena. When the alternative is a late or deficient response that exposes your client to sanctions, the investment in professional support pays for itself many times over.