// Trust & Security Report

    LexisNexis (RELX Group subsidiary) logo

    LexisNexis (RELX Group subsidiary)

    Legal AI research, drafting, and analysis tools centered on Protégé™ AI assistant, including Lexis+ with Protégé, Lexis Create+, CaseMap+ AI, Lex Machina, Intelligize+ AI, and enterprise legal solutions

    Certifications held

    15

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    SOC Type I & II compliance for key products, verified through independent third-party audits

    Verify on trust.lexisnexis.com
    SOC 2 Type 1
    HELD

    SOC 2 Type 1 audit completed for Lexis+ AI solution with continuous monitoring and independent audits

    Verify on trust.lexisnexis.com
    SOC 3
    HELD

    SOC 3 certification published in trust center

    Verify on trust.lexisnexis.com
    ISO/IEC 27001
    HELD

    ISO/IEC 27001 certified for information security management systems

    Verify on trust.lexisnexis.com
    ISO 9001:2015
    HELD

    ISO 9001:2015 quality management certification

    Verify on trust.lexisnexis.com
    ISO 14001:2015
    HELD

    ISO 14001:2015 environmental management certification

    Verify on trust.lexisnexis.com
    ISO 22301:2019
    HELD

    ISO 22301:2019 business continuity management certification

    Verify on trust.lexisnexis.com
    GDPR
    HELD

    Certified to the EU-U.S. Data Privacy Framework with data protection representatives appointed for EEA and UK

    Verify on lexisnexis.com
    HIPAA
    HELD

    HIPAA and HITECH requirements adherence available as attestation for secure download

    Verify on trust.lexisnexis.com
    CCPA
    HELD

    California Consumer Privacy Act compliance measures implemented

    Verify on trust.lexisnexis.com
    NIST Cybersecurity Framework
    HELD

    NIST CSF compliance verified in trust center

    Verify on trust.lexisnexis.com
    ISAE 3402
    HELD

    ISAE 3402 attestation on file

    Verify on trust.lexisnexis.com
    Cyber Essentials
    HELD

    Cyber Essentials certification in trust center

    Verify on trust.lexisnexis.com
    WCAG 2.2 AA
    HELD

    Web Content Accessibility Guidelines 2.2 Level AA compliance

    Verify on trust.lexisnexis.com
    VPAT
    HELD

    Voluntary Product Accessibility Template provided

    Verify on trust.lexisnexis.com
    > Show 6 unconfirmed / not-held certifications
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification on vendor domain

    source: trust.lexisnexis.com
    ISO 27017
    NOT CONFIRMED

    No public evidence of ISO 27017 certification on vendor domain

    source: trust.lexisnexis.com
    ISO 27018
    NOT CONFIRMED

    No public evidence of ISO 27018 certification on vendor domain

    source: trust.lexisnexis.com
    ISO 27701
    NOT CONFIRMED

    No public evidence of ISO 27701 certification on vendor domain

    source: trust.lexisnexis.com
    ISO/IEC 42001 (AI Management System)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification; vendor follows RELX Responsible AI Framework instead

    source: trust.lexisnexis.com
    CSA STAR
    NOT CONFIRMED

    No public evidence of Cloud Security Alliance STAR certification on vendor domain

    source: trust.lexisnexis.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multi-region: US, UK, EU (Germany, France, Ireland, Netherlands), Asia-Pacific (Australia, Singapore, Philippines, India), Africa (South Africa, Mauritius). GDPR data subject rights ensured across all regions through legal frameworks and data protection representatives.

    LexisNexis explicitly commits that customer data is never used to train AI models. This is stated across multiple product pages. For Canadian customers specifically, prompts and documents are contractually prohibited from being used to train LLMs, and third-party providers are contractually restricted from accessing customer data. Lexis+ with Protégé General AI provides access to external models (OpenAI, Google, Anthropic) but user data is never used to train these external models.

    // Security controls

    Encryption at rest

    AES-256 (Advanced Encryption Standard with 256-bit keys)

    lexisnexis.com

    Encryption in transit

    TLS 1.2 or higher

    lexisnexis.com

    Access controls

    Role-based access control with detailed logging and detection systems

    lexisnexis.com

    Firewalls and network security

    Secure networks, firewalls, data encryption, detailed logging and detection systems

    lexisnexis.com

    Third-party AI model isolation

    Microsoft Azure OpenAI monitoring features disabled; monthly verification that neither Microsoft nor OpenAI can access customer data

    lexisnexis.com

    Audit and monitoring

    Regular independent third-party audits and continuous compliance monitoring

    trust.lexisnexis.com

    Data retention and deletion

    Robust data retention and deletion policies with identifiable information removed from AI interactions

    lexisnexis.com

    Breach notification

    Committed to notifying customers without undue delay upon discovering a personal data breach

    lexisnexis.com

    // Products & data scope

    Lexis+ with ProtégéLegal AI Research & Drafting

    data: Customer legal documents, research queries, drafting workspace

    Primary AI-powered legal research and drafting tool. Combines Protégé AI assistant with LexisNexis legal content. Does not train on customer data.

    Protégé General AILegal AI Assistant

    data: User queries and interactions with external AI models

    Provides access to GPT-4o, OpenAI o3, GPT-5, Claude Sonnet 4, Gemini 3 Pro. Customer data never used to train external models.

    Lexis Create+Legal AI Drafting

    data: Documents and drafting workspace integrated with Microsoft 365

    AI-powered clause suggestions and legal research integration with Microsoft 365

    CaseMap+ AILitigation Intelligence

    data: Case facts, timelines, evidence management data

    Smart fact mapping, timeline visualization, and evidence management with AI insights

    Lex MachinaLitigation Analytics

    data: Court case data, litigation history, strategic patterns

    Provides strategic insights using case analytics to help lawyers develop litigation strategies

    Intelligize+ AISecurities & Transactional AI

    data: Securities filings, transactional documents, clause data

    Focuses on securities and transactional document research with clause comparison features

    CounselLink+Enterprise Legal Management

    data: Spend management, matter tracking, vendor data

    Enterprise legal operations platform for spend management, matter tracking, and vendor optimization

    Nexis+ AIBusiness Intelligence

    data: Company research, market data, business intelligence

    Business intelligence platform for market research and company analysis

    Tolley+ with ProtégéTax & Accounting AI

    data: Tax research queries, guidance requests

    Tax research platform with AI-generated summaries and guidance

    Protégé APIAI Integration

    data: Custom integrations and internal LLM development

    API for custom integrations and internal language model development

    // At a glance

    Pricing model

    Subscription-based (annual/multi-year). Specific pricing varies by product (Lexis+, Protégé, enterprise solutions). Free trials available for Lexis+ with Protégé.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on LexisNexis (RELX Group subsidiary)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.lexisnexis.com

    > Browse all vendor trust reports