Company Insights

LAW supplier relationships

Explore interactive graphBrowse insights index
LAW supplier relationship map

CS Disco (LAW): supplier risk — the AWS dependency investors must price

CS Disco is a cloud-native legal software provider that sells AI-driven tools to law firms and corporate legal departments and monetizes through recurring subscriptions and professional services. The company runs its core platform on third-party cloud infrastructure and scales revenue with user adoption and seat-based contracts; operating leverage depends on gross margins from software and the stability of its cloud hosting relationship. For investors and operators assessing supplier exposure, the single dominant observable supplier relationship is Amazon Web Services (AWS) — that dependence drives concentration, operational criticality, and contract leverage considerations that should be reflected in valuation and risk frameworks.
For an organized view of supplier relationships and supplier-risk scoring, visit https://nullexposure.com/.

How CS Disco runs and bills customers — a quick operational read

CS Disco provides software-as-a-service for litigation and e-discovery workflows, charging recurring subscription fees complemented by implementation and support revenue. The company outsources the underlying hosting and many internal tools to a large cloud provider, creating a business model where software economics and uptime are tightly coupled to third-party cloud service availability and pricing. That dynamic converts infrastructure arrangements into a material operational and negotiating risk for buyers of the equity.

The single supplier relationship you need to know

AWS — cloud infrastructure provider (AMZN)

CS Disco hosts its platform and most internal operations on Amazon Web Services, which provides the cloud computing infrastructure underpinning the product. According to the company’s disclosure cited in a TradingView summary of the FY2025 Form 10‑K, AWS is the cloud infrastructure provider the company uses to host its platform and internal tools (TradingView, referencing CS Disco FY2025 10‑K, reported March 10, 2026).

Why this matters: AWS is the critical production environment for CS Disco’s SaaS delivery, and the company’s operational performance and cost base are therefore exposed to AWS availability, pricing, and contractual terms.

What the disclosures and constraints reveal about CS Disco’s supplier posture

The filing excerpts and news signal two categories of insight: company-level governance posture and a supplier-specific dependency.

  • Company-level governance signal: CS Disco states that it will continue to use the JOBS Act emerging-growth-company exemptions for attestation on internal controls, which is a public-company disclosure in the FY2025 Form 10‑K. This is a corporate governance and audit posture that investors should treat as a signal about control maturity and disclosure scope, not as a supplier relationship attribute. The 10‑K language is explicit that the company is electing that regulatory exemption (FY2025 10‑K disclosure, referenced in TradingView reporting).

  • Supplier-specific constraint: The firm explicitly identifies AWS as the provider of cloud infrastructure for hosting the platform and supporting internal operations; the relationship is described as active and operationally central in the same filings (FY2025 10‑K via TradingView, March 2026). This establishes AWS as an active service provider and a high-criticality supplier in CS Disco’s operating model.

Operational constraints translated for investors

From the filings and relationship evidence, derive these actionable operating-model characteristics:

  • Concentration risk is high. CS Disco relies on a single major cloud provider for hosting. A significant outage or contractual shock would directly impact product availability and revenue recognition timing. The company’s filings treat AWS as the primary host, which places concentration risk squarely on the balance sheet of operational exposure.

  • Criticality of the supplier is total for delivery. Because hosting is core to a SaaS product, AWS is not peripheral; it is the environment in which the service executes. Operational continuity is therefore materially dependent on the vendor.

  • Contracting posture is likely standard cloud service terms with limited unilateral negotiating leverage for the customer. Large hyperscalers like AWS use template agreements and hold substantial commercial leverage relative to a single SaaS customer of CS Disco’s scale; that dynamic compresses CS Disco’s ability to extract concessionary terms or caps without volume commitments.

  • Maturity and resilience are strong on the provider side. AWS is a highly mature, global infrastructure platform; this mitigates systemic technology risk even as it concentrates counterparty risk in one vendor.

  • Governance and control maturity are still evolving. The company’s choice to retain emerging-growth-company auditing exemptions suggests investors should evaluate internal control disclosures and third-party audit coverage as part of supplier-risk due diligence.

Valuation and operational implications investors should price

  • Price a concentration premium to account for single-cloud dependency. The probability and impact of a major outage, regional disruption, or price escalation translate into a real option on cost and availability that investors must discount from cash-flow forecasts.

  • Model downside to gross margin from cloud cost inflation. If AWS increases price or CS Disco is forced to pay for additional redundancy, margins will compress before the company can reprice customers.

  • Assess customer SLAs and indemnities. Contract terms with end customers and what CS Disco can realistically recover from AWS after an incident determine the financial exposure. Review the 10‑K’s risk factor language and any customer-facing SLA commitments for mismatch.

  • Security and compliance posture should be tested. Hosting on AWS transfers infrastructure risk but not compliance or data-governance responsibility; investors should demand evidence of SOC 2/ISO compliance and the maturity of contract clauses allocating liability.

If you want a supplier-risk scorecard calibrated for legal‑tech vendors, see a structured framework at https://nullexposure.com/.

Practical due-diligence checklist for LAW counterparties

  • Confirm the exact AWS services and regions used and whether multi-region redundancy is implemented.
  • Verify contractual protections, termination rights, and cost pass-through clauses with AWS.
  • Inspect incident history and recovery exercises showing how the company has handled major outages.
  • Validate third-party attestations (SOC 2/ISO) and penetration-testing results tied to production systems.
  • Evaluate whether management has realistic migration plans or multi-cloud strategies and the estimated cost and timing to execute them.

Final read for investors and operators

CS Disco’s supplier exposure is concentrated and operationally critical: AWS provides the production fabric for the platform, and the FY2025 10‑K explicitly identifies that dependency (TradingView summary of the company’s 10‑K, March 10, 2026). That relationship grants CS Disco the benefits of mature infrastructure and scale but transfers meaningful concentration and commercial leverage risk to the company. Investors should price these factors into multiples, stress tests, and scenario analyses while operators should accelerate contractual and technical mitigations. For a concise supplier-risk profile and independent scoring tools, visit https://nullexposure.com/.

Bold takeaway: AWS is the single material supplier for CS Disco’s hosting; treat this as a primary operational risk when assessing valuation and resilience.