Definely achieves ISO 42001. The global benchmark for AI risk governance and compliance.

In the legal world, trust is paramount. When AI is introduced, law firms and legal teams need to know they can understand and fully control whatever tool they are using. Quality and credibility depends on it. As AI becomes standard in legal work, law firms and enterprises are increasingly asking: can we trust the AI behind this product? 

ISO 42001 is the global benchmark for answering that question, it is the world's first international standard for AI Management Systems, a governance certification independently audited by Prescient Security.

Definely is proud to have achieved certification against ISO/IEC 42001:2023.

This is a significant milestone for us. Only a handful of legaltech companies hold ISO 42001 certification. It is an independently verified commitment to responsible AI, one that runs through everything we build and how we operate internally.

What is ISO 42001?

The standard sets a global benchmark for AI governance, risk management, transparency, and ethical use. Achieving certification means Definely’s AI systems are developed, deployed and monitored within a formal, audited management system. It assures our customers that:

• Our AI is built responsibly by design. Data protection, fairness, transparency, human oversight and risk management are addressed at every stage of development.
• Internal AI use is governed too. The same controls and accountability apply to AI tools used inside Definely, not just in our products.
• AI systems are documented and accountable. Each in-scope AI system has a formal register entry, impact assessments, defined ownership and continuous monitoring.

Governance is ongoing, not a one-time exercise. Regular audits, management reviews and evolving risk processes keep our controls sharp as AI and regulation develop.

ISO 42001 joins our existing certifications:

• AICPA SOC 2: A compliance standard developed by the American Institute of CPAs, specifying how organisations must manage and protect customer data, serving as independent verification of an organisation's commitment to information security and data privacy
• GDPR compliant: We adhere to EU law that protects how personal data must be collected, stored, processed, and protected
• SOC 2 Type 2: Verified to AICPA standards for secure, compliant data management, with continuous monitoring and independent audit
• ISO 27001: Operating under an internationally recognised information-security framework

Together, these certifications demonstrate how we secure data and how we govern artificial intelligence across our products and business. 

"Trust and responsible innovation are foundational to how we design, build and deliver legal technology. ISO 42001 certification provides that confidence, independently verified." David Silva, Head of Information Security, Definely

Customers can request access to our ISO 42001 certification documentation through the Trust Centre. 

The pace of AI in legal is only accelerating, and so are we. ISO 42001 certification ensures that as Definely grows and our products evolve, responsible AI isn't something we revisit, it's embedded in everything we build, from day one.

‍