// Trust & Security Report
Lex Machina, Inc. (LexisNexis division, RELX Inc.)
Lex Machina Legal Analytics—a comprehensive legal analytics platform delivering case analytics, judge behavior, attorney/party insights, and settlement data across federal and select state courts. Integrates LexisNexis Protégé AI for generative legal research. Sub-products: Federal Court Analytics (94 district courts, 13 courts of appeal), State Court Analytics (enhanced coverage), Patent Litigation Analytics, Class Action Analytics, Appeals Analytics, and API integration option.
Certifications held
11
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.lexisnexis.com“LexisNexis holds extensive certifications including SOC 2 Type 1 & 2 compliance verified through independent third-party audits.”
Verify on trust.lexisnexis.com“LexisNexis maintains current attestations for SOC 2 Type 1 & Type 2 focusing on security, availability, and confidentiality service controls.”
Verify on trust.lexisnexis.com“LexisNexis holds ISO/IEC 27001 certification for information security management with Statement of Applicability available.”
Verify on trust.lexisnexis.com“LexisNexis holds ISO 9001:2015 certification as part of its extensive certification portfolio.”
Verify on trust.lexisnexis.com“LexisNexis holds ISO 14001 environmental management certification.”
Verify on trust.lexisnexis.com“LexisNexis holds ISO 22301:2019 business continuity management certification.”
Verify on trust.lexisnexis.com“LexisNexis explicitly confirms GDPR compliance as a corporate-level commitment, available in the Trust Center.”
Verify on trust.lexisnexis.com“LexisNexis maintains dedicated HIPAA/HITECH attestation report for healthcare compliance verification.”
Verify on trust.lexisnexis.com“LexisNexis holds NIST CSF compliance certification.”
Verify on trust.lexisnexis.com“LexisNexis holds Cyber Essentials certification.”
> Show 3 unconfirmed / not-held certifications
source: trust.lexisnexis.comNo public evidence found of ISO/IEC 42001 certification for LexisNexis or Lex Machina despite this being the emerging AI governance standard.
source: trust.lexisnexis.comNo public evidence found of CSA STAR AI certification.
source: trust.lexisnexis.comNo public evidence found of FedRAMP authorization; CMMC Level 2 held by LexisNexis Special Services for government contracts.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Not publicly specified; LexisNexis uses trusted enterprise-grade cloud providers. Customer data residency not documented in public materials.
LexisNexis explicitly states 'We never use customer data to train AI models.' Customer data is not used to improve performance for other users. Identifiable information is removed from AI interactions to enable performance improvements without compromising privacy. Users can adjust personalization settings and opt out of data sharing if desired.
// Security controls
Access Controls
Role-based access controls (RBAC), firm-wide throttling, audit logging
trust.lexisnexis.comNetwork Security
Network firewalls, real-time monitoring, multi-layered IT/IS security
trust.lexisnexis.comAdvanced Security Option
Security & Data Pro add-on with BYOK/HYOK (Bring Your Own Key / Host Your Own Key) capabilities
lexisnexis.comPrivacy Framework
Privacy by design principles at every stage; responsible AI framework (RELX Responsible AI Framework addressing bias mitigation, transparency, human oversight)
lexisnexis.com// Products & data scope
data: Public court documents, case records, judge information, attorney/counsel data, party information. Covers federal district courts (94), courts of appeal (13), PTAB, specialty venues.
Trusted by 90%+ of largest law firms. Accesses 45M customer-facing documents across 10M+ cases, 8K+ judges, 6K+ expert witnesses, 146M+ counsel mentions, 149M+ party mentions.
data: Patent dispute data, PTAB proceedings, court records
Specialized analytics for patent litigation strategy and counsel evaluation.
data: Class action settlement data, attorney fees, class representative awards, timelines, damages trends
Helps forecast litigation budgets and manage client expectations.
data: Enhanced state court coverage; 40+ motion types with judge/court motion metrics
Motion practice and timing analytics for state court litigation.
data: Analytics data + generative legal research/drafting via Protégé AI assistant
Integrates LexisNexis Protégé (personalized legal AI) with Lex Machina analytics. Does not train on customer data. AI removes identifiable information for performance improvement.
data: Programmatic access to litigation analytics data
Allows firms to integrate legal analytics into custom workflows or applications. Uses OAuth 2.0, TLS 1.2+, audit logging.
// What to watch
- Product-level certification: Lex Machina is not explicitly listed with separate certifications in LexisNexis Trust Center; it inherits parent company (LexisNexis / RELX Inc.) certifications. This is typical for products within large enterprises but means audit scope may not explicitly cover Lex Machina's specific systems.
- AI governance gap: No ISO/IEC 42001 or CSA STAR AI certifications found despite Protégé AI integration and emergence of AI governance standards in 2026.
- Data residency opaque: LexisNexis does not publicly specify geographic data residency for Lex Machina. For customers with data localization requirements (EU, Canada, APAC), this requires direct inquiry.
- HIPAA applicability unclear: While LexisNexis holds HIPAA compliance, Lex Machina processes primarily public court records. HIPAA is most relevant if used to store or process health-related case information (PHI) or when integrated with healthcare legal workflows.
- API trust assumptions: Lex Machina API inherits corporate security standards (TLS 1.2+, OAuth 2.0) but product-specific penetration testing, threat modeling, or API-specific audit evidence not found in public materials.
// At a glance
Pricing model
Subscription-based SaaS; premium tiers available (e.g., Security & Data Pro add-on for advanced controls)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Lex Machina, Inc. (LexisNexis division, RELX Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.lexisnexis.com