Trust Centre

We're proud to announce that Definely has successfully achieved certification against ISO/IEC 42001:2023, the world's first international standard for Artificial Intelligence Management Systems (AIMS). The certification audit was conducted by Prescient Security, an independent, accredited certification body.

This milestone builds on the commitment we shared earlier this year and complements our existing certifications — ISO/IEC 27001:2022, SOC 2 Type II, and our GDPR/UK GDPR programme — to give our customers independent assurance not just of how we secure data, but of how we govern artificial intelligence across our products and our business.

What ISO/IEC 42001 means for our customers

ISO/IEC 42001 sets a global benchmark for AI governance, risk management, transparency, and the ethical, accountable use of artificial intelligence. Achieving certification confirms that Definely operates a formal, audited management system covering the full AI lifecycle — from design and development through deployment, monitoring, and ongoing improvement.

For the law firms and in-house legal teams that rely on us, this provides documented, third-party-verified assurance that:

• AI is built responsibly by design. Our AI-powered solutions, including Enhance and Cascade, are developed within a governed framework that addresses data protection, fairness, transparency, human oversight, and risk assessment at every stage.
• Internal AI use is governed too. The standard covers not only the AI we put into our products, but how we adopt and manage AI tools internally — ensuring the same controls, oversight, and accountability apply wherever AI is used across Definely.
• AI systems are documented and accountable. Each in-scope AI system is maintained in a formal AI System Register, with impact assessments, defined ownership, and continuous monitoring of performance and risk.
• Governance is continuous, not a point in time. We operate ongoing management reviews, internal audits, and risk processes to ensure our AI controls evolve alongside our systems and the wider regulatory landscape.

Trust as our foundation

Trust and responsible innovation are foundational to how we design, build, and deliver legal technology. As AI becomes increasingly central to legal work, our customers — many of them Magic Circle and global enterprise firms operating under the most demanding regulatory expectations — need confidence that the AI they rely on is secure, transparent, well-governed, and responsibly managed.

ISO/IEC 42001 certification provides that confidence, independently verified.

Our customers can request access to our ISO/IEC 42001 certification documentation, along with our supporting materials, through the Trust Centre.

Thank you to Prescient Security for their support throughout this process.

We’re pleased to share that in February 2026, Definely successfully completed its ISO/IEC 27001:2022 recertification audit with the British Assessment Bureau (now Amtivo). The audit (dated 4 February 2026) concluded with 0 major and 0 minor nonconformities, and the auditor recommended continuing certification.

This certification provides independent assurance that Definely maintains a robust Information Security Management System (ISMS) aligned to the ISO/IEC 27001:2022 standard—supporting enterprise expectations around security governance, risk management, and continuous improvement.

Our customers can request access to our latest certification documentation through the Trust Centre.

At Definely, trust and responsible innovation are foundational to how we design, build, and deliver our AI-powered legal technology for law firms and in-house legal teams worldwide.

We are pleased to share that Definely is actively pursuing ISO/IEC 42001 certification, the world’s first international standard for Artificial Intelligence Management Systems (AIMS). This standard establishes a global benchmark for AI governance, risk management, transparency, and the ethical use of artificial intelligence, and further strengthens our existing compliance posture, including GDPR, ISO 27001, and SOC 2 Type II.

To support this journey:

We are working with British Assessment Bureau (BAB) — now part of Amtivo — a leading UKAS-accredited certification body, to independently assess our alignment with ISO/IEC 42001.

We are also partnering with Drata to continuously monitor and evidence our compliance against the standard as our systems and controls evolve.

As we continue to build and scale AI-powered legaltech solutions for enterprise customers such as Enhance and Cascade, this initiative reinforces our commitment to ensuring that our artificial intelligence is secure, transparent, well-governed, and responsibly managed by design.

We believe that strong AI governance is essential to earning and maintaining customer trust, and ISO/IEC 42001 provides a robust framework to support that commitment as the regulatory and risk landscape for AI continues to mature.

We will share further updates as we progress toward certification.

On October 28, 2025, Definely achieved its re-certification of its SOC 2 Type 2 compliance in accordance with the American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations, also known as SSAE 18.

Data privacy and security are at the heart of our business. Definely is committed to dedicate time, effort, and resources to ensure that we handle our customers' data to the best of our abilities and to conform to world-class industry standards.

Thank you to Prescient Security for their support.