ESI discovery is the legal process of identifying, collecting, and producing electronically stored information (ESI) during litigation. In federal court, parties are required to disclose relevant ESI early in a case, often before the opposing side even asks for it. This process has become the backbone of modern litigation because the vast majority of business and personal records now exist in digital form.
What Counts as ESI
Electronically stored information is a deliberately broad category. It covers any data stored in an electronic or digital medium: emails, text messages, documents on laptops and servers, files in cloud storage, photos, videos, sound recordings, GPS data, social media posts, and even data from drones and satellites. Less obvious forms include computer-aided design files like blueprints, equipment control logs, and data compilations such as spreadsheets or databases.
What makes ESI different from a paper document is that it carries invisible data along with it. A Word file, for instance, doesn’t just contain the text you see on screen. It also contains metadata: information about who created the file, when it was last modified, who accessed it, and what changes were made. Courts recognize three main types of metadata. System metadata includes details like the author and creation date, which are generated automatically and harder to tamper with. Substantive (or application) metadata reflects the actual edits a user made to the document and travels with the file when it’s copied. Both types can be critical for proving when something was written, who wrote it, or whether a file was altered.
How the Process Works
The legal industry uses a nine-stage framework called the Electronic Discovery Reference Model (EDRM) to organize ESI discovery from start to finish: information governance, identification, preservation, collection, processing, review, analysis, production, and presentation. Not every case requires all nine stages in full, but the framework gives both sides and the court a shared vocabulary for managing electronic evidence.
The first real action in most cases is identification. Legal teams map out where relevant data might live: which employees (called “custodians”) had access to it, which devices and platforms stored it, and how far back in time the data goes. This typically involves interviewing custodians and department heads to understand day-to-day data usage and building an organizational data map.
Once relevant sources are identified, preservation kicks in. The duty to preserve evidence is triggered as soon as litigation is reasonably anticipated, and it applies broadly. Organizations issue what’s called a legal hold, which is a formal directive telling employees and IT systems to stop deleting or altering anything that could be relevant. Failing to preserve ESI can result in court sanctions, including adverse inferences where a judge instructs the jury to assume the destroyed evidence was unfavorable.
Collection follows preservation. Digital forensic examiners gather data from devices, email servers, cloud platforms, and social media accounts using methods designed to maintain the integrity of the evidence. This can happen on-site, remotely, or through a hybrid approach.
Processing is where the volume shrinks. Raw collected data often contains massive amounts of irrelevant material: duplicate files, system files, junk data. Processing tools filter and de-duplicate the dataset so that only potentially relevant documents move forward to review. This step directly controls cost, because attorney review is by far the most expensive part of ESI discovery.
Review and analysis happen together. Attorneys examine the processed documents for relevance and privilege (meaning information protected by attorney-client confidentiality or work-product doctrine). Modern review increasingly relies on technology-assisted review, sometimes called predictive coding, where software learns from attorney decisions to categorize large volumes of documents faster than manual review ever could. Some courts now also permit the use of generative AI tools during review, though they expect parties to discuss and validate those methods.
Production is the formal handoff. Relevant, non-privileged documents are delivered to the opposing party in an agreed-upon format. Finally, presentation is the use of that evidence at depositions, hearings, or trial.
What Federal Rules Require
Under Federal Rule of Civil Procedure 26, parties must disclose relevant ESI without waiting for the other side to request it. Specifically, each party must provide a copy or a description by category and location of all documents and electronically stored information in its possession that it may use to support its claims or defenses. These initial disclosures are due within 14 days of a required early-case conference between the parties, known as the Rule 26(f) “meet and confer.”
The meet-and-confer conference is where ESI discovery gets negotiated. Courts expect the parties to discuss several concrete issues: whether litigation holds are in place and what their scope covers (including date ranges and custodians), which categories of ESI are too inaccessible or burdensome to be worth producing, what search methods will be used to find responsive documents (search terms, technology-assisted review, or AI tools), the format documents will be produced in (native files, PDFs, or image files with load files), and how metadata and privilege disputes will be handled.
A party cannot delay its disclosures by claiming it hasn’t fully investigated the case yet or that the other side hasn’t made its own disclosures. The rule explicitly rejects those excuses. Parties joined to the case after the initial conference get 30 days to make their disclosures.
Why ESI Discovery Is Expensive
The cost of ESI discovery is driven primarily by volume. A single employee’s email archive can contain tens of gigabytes of data, and a large corporation in complex litigation may need to process terabytes. Each stage of the EDRM adds cost: forensic collection requires specialized tools, processing requires software licensing and technical staff, and review requires attorney hours for every document that makes it through filtering.
Industry pricing models vary widely. Some vendors charge per gigabyte for processing and hosting, while others use flat-fee or per-document models. The lack of standardized pricing makes budgeting difficult, especially as the use of AI-assisted review tools introduces new fee structures that the industry is still working out. What’s consistent is that the review stage accounts for the largest share of spending. Reducing the volume of data that reaches review, through better search terms, tighter date ranges, and smarter processing, is the most effective way to control costs.
Cross-Border Complications
ESI discovery becomes significantly more complex when relevant data is stored outside the United States. The most common conflict involves data held in the European Union, where the General Data Protection Regulation (GDPR) restricts the transfer of personal data to other countries. A U.S. court may order a party to produce emails stored on European servers, but doing so could violate EU data protection law.
U.S. courts use a balancing test derived from the Restatement of Foreign Relations Law to decide whether to compel production of overseas data. The five main factors are the importance of the requested information to the case, how specific the request is, whether the information originated in the U.S., whether there are alternative ways to get it, and whether compliance would undermine the interests of the foreign country. In practice, U.S. courts have largely sided with compelling production. In multiple cases from 2019 and 2020, parties raised GDPR objections, citing the EU’s strong interest in citizen privacy and the risk of regulatory penalties. Courts found those objections “unavailing,” leaving companies in the difficult position of choosing between violating a U.S. court order or violating the GDPR.
Metadata as Evidence
Metadata plays a uniquely important role in ESI discovery because it can prove things the visible content of a document cannot. In a trade-secrets case, for example, file-access metadata can show exactly when a departing employee opened confidential files. In a contract dispute, document-creation timestamps can establish which version of an agreement came first. System metadata is especially valuable because users don’t consciously create it and it’s harder to manipulate after the fact.
Whether metadata must be produced is a negotiation point during the meet-and-confer conference. Requesting parties typically want it because it strengthens authentication and builds timelines. Producing parties sometimes resist because stripping metadata is easier and cheaper than preserving it. Courts increasingly expect metadata to be preserved and produced when it’s relevant, and the format of production (native files versus image files) often determines how much metadata survives the handoff.