There is no code review by legal. There is a talk, usually multiple talks, between legal representatives and the engineers + manager delivering something. It's the engineers and manager job to explain what the piece of work will do and help legal understand its implications so they can gather knowledge and come up with their assessment given their skills in Law.
I think you read it too literally, legal will review what is the impact of some changes in compliance and so on but you, as an engineer, is responsible to translate what the code/feature/system is doing to something that legal can understand and reason about, it's part of your job if you are anywhere senior+ level.
I had to interact quite a lot with legal in my past couple of jobs, it wasn't ever an issue because the legal department seemed to be staffed with smart people that would understand what I was telling them, or would ask relevant questions to clarify their understanding, it's a two-way street, not a button to push on the PR to "ask for legal review".
Our legal team has to review parts of our application to ensure we were in compliance with certain government programs such as ITAR and EAR. They don't do code level review but they do review business processes, UI's and messaging to make sure we're in compliance.
Usually it is more like "legal needs to be notified anytime third party dependencies are updated with a list of the licenses to make sure we aren't accidentally using GPL or proprietary code".
Other times legal gets involved earlier at the planning stages in case a feature or product falls under HIPAA or similar regulatory framework.
Actual code itself doesn't cross legal's desk anywhere that I know of.
The setup I saw is: there is an IP plan that documents whatever 3rd part IP you are using in your product (open-source or not). Someone has to sign-off on that plan, and sometimes developers do self-attestation that they have not deviated from it. Additionally, the binaries are scanned for certain things to avoid escapes of pre-release information, etc.
I think you read it too literally, legal will review what is the impact of some changes in compliance and so on but you, as an engineer, is responsible to translate what the code/feature/system is doing to something that legal can understand and reason about, it's part of your job if you are anywhere senior+ level.
I had to interact quite a lot with legal in my past couple of jobs, it wasn't ever an issue because the legal department seemed to be staffed with smart people that would understand what I was telling them, or would ask relevant questions to clarify their understanding, it's a two-way street, not a button to push on the PR to "ask for legal review".