// Trust & Security Report

    Lex Machina, Inc. (LexisNexis division, RELX Inc.) logo

    Lex Machina, Inc. (LexisNexis division, RELX Inc.)

    Lex Machina Legal Analytics—a comprehensive legal analytics platform delivering case analytics, judge behavior, attorney/party insights, and settlement data across federal and select state courts. Integrates LexisNexis Protégé AI for generative legal research. Sub-products: Federal Court Analytics (94 district courts, 13 courts of appeal), State Court Analytics (enhanced coverage), Patent Litigation Analytics, Class Action Analytics, Appeals Analytics, and API integration option.

    Certifications held

    11

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 1
    HELD

    LexisNexis holds extensive certifications including SOC 2 Type 1 & 2 compliance verified through independent third-party audits.

    Verify on trust.lexisnexis.com
    SOC 2 Type 2
    HELD

    LexisNexis maintains current attestations for SOC 2 Type 1 & Type 2 focusing on security, availability, and confidentiality service controls.

    Verify on trust.lexisnexis.com
    ISO/IEC 27001
    HELD

    LexisNexis holds ISO/IEC 27001 certification for information security management with Statement of Applicability available.

    Verify on trust.lexisnexis.com
    ISO 9001:2015
    HELD

    LexisNexis holds ISO 9001:2015 certification as part of its extensive certification portfolio.

    Verify on trust.lexisnexis.com
    ISO 14001
    HELD

    LexisNexis holds ISO 14001 environmental management certification.

    Verify on trust.lexisnexis.com
    ISO 22301:2019
    HELD

    LexisNexis holds ISO 22301:2019 business continuity management certification.

    Verify on trust.lexisnexis.com
    GDPR Compliance
    HELD

    LexisNexis explicitly confirms GDPR compliance as a corporate-level commitment, available in the Trust Center.

    Verify on trust.lexisnexis.com
    HIPAA Compliance
    HELD

    LexisNexis maintains dedicated HIPAA/HITECH attestation report for healthcare compliance verification.

    Verify on trust.lexisnexis.com
    CCPA Compliance
    HELD

    LexisNexis holds CCPA compliance certification.

    Verify on trust.lexisnexis.com
    NIST Cybersecurity Framework
    HELD

    LexisNexis holds NIST CSF compliance certification.

    Verify on trust.lexisnexis.com
    Cyber Essentials
    HELD

    LexisNexis holds Cyber Essentials certification.

    Verify on trust.lexisnexis.com
    > Show 3 unconfirmed / not-held certifications
    ISO/IEC 42001 (AI Management System)
    NOT CONFIRMED

    No public evidence found of ISO/IEC 42001 certification for LexisNexis or Lex Machina despite this being the emerging AI governance standard.

    source: trust.lexisnexis.com
    CSA STAR AI
    NOT CONFIRMED

    No public evidence found of CSA STAR AI certification.

    source: trust.lexisnexis.com
    FedRAMP
    NOT CONFIRMED

    No public evidence found of FedRAMP authorization; CMMC Level 2 held by LexisNexis Special Services for government contracts.

    source: trust.lexisnexis.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Not publicly specified; LexisNexis uses trusted enterprise-grade cloud providers. Customer data residency not documented in public materials.

    LexisNexis explicitly states 'We never use customer data to train AI models.' Customer data is not used to improve performance for other users. Identifiable information is removed from AI interactions to enable performance improvements without compromising privacy. Users can adjust personalization settings and opt out of data sharing if desired.

    // Security controls

    Encryption in Transit

    TLS 1.2+ (OAuth 2.0 authentication for API)

    lexisnexis.com

    Encryption at Rest

    AES-256 encryption

    lexisnexis.com

    Access Controls

    Role-based access controls (RBAC), firm-wide throttling, audit logging

    trust.lexisnexis.com

    Network Security

    Network firewalls, real-time monitoring, multi-layered IT/IS security

    trust.lexisnexis.com

    Third-party Audits

    Regular independent third-party security audits

    trust.lexisnexis.com

    Advanced Security Option

    Security & Data Pro add-on with BYOK/HYOK (Bring Your Own Key / Host Your Own Key) capabilities

    lexisnexis.com

    Privacy Framework

    Privacy by design principles at every stage; responsible AI framework (RELX Responsible AI Framework addressing bias mitigation, transparency, human oversight)

    lexisnexis.com

    // Products & data scope

    Lex Machina Legal Analytics (Core)Legal Analytics / Intelligence

    data: Public court documents, case records, judge information, attorney/counsel data, party information. Covers federal district courts (94), courts of appeal (13), PTAB, specialty venues.

    Trusted by 90%+ of largest law firms. Accesses 45M customer-facing documents across 10M+ cases, 8K+ judges, 6K+ expert witnesses, 146M+ counsel mentions, 149M+ party mentions.

    Patent Litigation AnalyticsLegal Analytics / IP Litigation

    data: Patent dispute data, PTAB proceedings, court records

    Specialized analytics for patent litigation strategy and counsel evaluation.

    Class Action AnalyticsLegal Analytics / Class Actions

    data: Class action settlement data, attorney fees, class representative awards, timelines, damages trends

    Helps forecast litigation budgets and manage client expectations.

    State Court AnalyticsLegal Analytics / State Courts

    data: Enhanced state court coverage; 40+ motion types with judge/court motion metrics

    Motion practice and timing analytics for state court litigation.

    Lex Machina with Protégé AILegal Analytics + Generative AI

    data: Analytics data + generative legal research/drafting via Protégé AI assistant

    Integrates LexisNexis Protégé (personalized legal AI) with Lex Machina analytics. Does not train on customer data. AI removes identifiable information for performance improvement.

    Lex Machina APIIntegration / Embedded Analytics

    data: Programmatic access to litigation analytics data

    Allows firms to integrate legal analytics into custom workflows or applications. Uses OAuth 2.0, TLS 1.2+, audit logging.

    // What to watch

    • Product-level certification: Lex Machina is not explicitly listed with separate certifications in LexisNexis Trust Center; it inherits parent company (LexisNexis / RELX Inc.) certifications. This is typical for products within large enterprises but means audit scope may not explicitly cover Lex Machina's specific systems.
    • AI governance gap: No ISO/IEC 42001 or CSA STAR AI certifications found despite Protégé AI integration and emergence of AI governance standards in 2026.
    • Data residency opaque: LexisNexis does not publicly specify geographic data residency for Lex Machina. For customers with data localization requirements (EU, Canada, APAC), this requires direct inquiry.
    • HIPAA applicability unclear: While LexisNexis holds HIPAA compliance, Lex Machina processes primarily public court records. HIPAA is most relevant if used to store or process health-related case information (PHI) or when integrated with healthcare legal workflows.
    • API trust assumptions: Lex Machina API inherits corporate security standards (TLS 1.2+, OAuth 2.0) but product-specific penetration testing, threat modeling, or API-specific audit evidence not found in public materials.

    // At a glance

    Pricing model

    Subscription-based SaaS; premium tiers available (e.g., Security & Data Pro add-on for advanced controls)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Lex Machina, Inc. (LexisNexis division, RELX Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.lexisnexis.com

    > Browse all vendor trust reports