Detail the architectural considerations for designing a secure, scalable, and legally compliant document management system (DMS) for sensitive corporate legal documents, including strategies for access control, immutable audit trails, data residency, and integration with e-discovery tools, ensuring adherence to legal holds and chain of custody requirements.

MECE Framework: 1. Security Architecture: Implement zero-trust principles, granular RBAC, and end-to-end encryption (at-rest/in-transit). Utilize HSMs for key management. 2. Scalability & Performance: Design for cloud-native elasticity (microservices, containerization) with object storage for documents and a distributed database for metadata. Implement CDN for global access. 3. Legal Compliance & Governance: Enforce immutable audit trails via blockchain or WORM storage. Implement automated data residency rules based on document classification. Integrate with e-discovery platforms via APIs, ensuring legal hold functionality and robust chain of custody logging. 4. Integration & Interoperability: Standardize APIs (RESTful) for seamless integration with existing legal tech stack (CLM, e-billing). Employ event-driven architecture for real-time updates.

Designing a legally compliant DMS requires a multi-faceted approach. Architecturally, we'd adopt a zero-trust security model with granular, attribute-based access control (ABAC) and multi-factor authentication. All data, both at rest and in transit, must be encrypted using FIPS 140-2 validated modules, with cryptographic keys managed via Hardware Security Modules (HSMs). For scalability, a cloud-native, microservices-based architecture leveraging object storage (e.g., AWS S3, Azure Blob) for documents and a distributed NoSQL database for metadata is essential. Immutable audit trails would be implemented using write-once-read-many (WORM) storage or blockchain technology, ensuring non-repudiation and evidential integrity. Data residency requirements necessitate geo-fencing and data localization policies, with automated classification and routing based on jurisdictional rules. Integration with e-discovery tools would occur via robust APIs, enabling automated legal hold placement, defensible data collection, and preservation in place. Chain of custody is maintained through comprehensive logging of all document actions, including access, modification, and transfer, with cryptographic hashing to verify integrity.