The vendor's sales deck says "SOC 2 compliant." Your security officer asks: Type I or Type II? The sales rep says they'll check. That question should have been the first one on your list, not a follow-up.
About This Guide
This is our analysis of SOC 2 compliance for legal AI vendor procurement in 2026, written for law firm technology officers, legal ops professionals, and lawyers responsible for evaluating AI tool security before deployment. LawyerAI built this guide. We earn no affiliate revenue from these tools.
Here are the 4 rules we set for ourselves before writing this:
- Each platform gets a real limitation. Even tools we recommend.
- We state pricing when published, and mark "not published" when vendors don't disclose.
- Accuracy numbers come only from independent benchmarks (Stanford RegLab, etc.). Vendor-authored accuracy claims don't count.
- The decision tree near the end sends you to the right tool for your primary job.
We re-review this list every quarter.
Short Answer
Short answer: SOC 2 Type II is the minimum requirement for any legal AI tool handling confidential client data · ISO 27001 is the additional certification BigLaw and enterprise in-house teams should require · SOC 2 does not cover training data practices, model accuracy, or hallucination rates — those require separate inquiry · HIPAA Business Associate Agreements are required for healthcare-adjacent legal practices.
Security Certification Comparison
| Tool | SOC 2 Type | ISO 27001 | HIPAA BAA | FedRAMP | Training Data Policy |
|---|---|---|---|---|---|
| Harvey AI | Type II | Yes | Not standard | No | No-training DPA |
| Lexis+ AI | Type II | No (AICPA) | Enterprise inquiry | No | No-training (enterprise) |
| Spellbook | Type II | No | No | No | DPA available |
| Clio | Type II | No | Yes (available) | No | DPA available |
| Everlaw | Type II | Yes | Yes (available) | In progress (vendor-reported) | DPA available |
Understanding SOC 2 for Legal AI Procurement
What SOC 2 Is
SOC 2 (Service Organization Control 2) is an audit framework developed by the American Institute of Certified Public Accountants (AICPA). It evaluates a service organization's controls against the Trust Services Criteria — five principles that govern how a service organization manages data security:
Security (CC) — The Common Criteria, sometimes called the Security criterion. This is the only criterion required in every SOC 2 report. It covers logical and physical access controls, change management, risk assessment, and incident response. All SOC 2 reports include Security.
Availability (A) — Whether the system is available for operation and use as committed or agreed. Relevant for tools where uptime is critical to legal work timelines.
Processing Integrity (PI) — Whether system processing is complete, valid, accurate, and timely. Relevant for tools performing automated document processing or analysis.
Confidentiality (C) — Whether information designated as confidential is protected as committed or agreed. This is the criterion most directly relevant to attorney-client privilege concerns.
Privacy (P) — Whether personal information is collected, used, retained, disclosed, and disposed of in conformity with commitments in the entity's privacy notice and with AICPA privacy criteria. Relevant for tools processing EU client personal data under GDPR.
When a vendor says "SOC 2 compliant," ask which Trust Services Criteria are covered. A SOC 2 report covering only Security tells you less than a report covering Security + Confidentiality + Privacy. For legal AI tools, the Confidentiality and Privacy criteria are directly relevant to your risk assessment.
Type I vs. Type II: The Distinction That Matters
This is the most important SOC 2 distinction for legal AI procurement and the one that sales reps most commonly obscure.
SOC 2 Type I is a point-in-time audit. An independent auditor reviews the organization's description of its controls and confirms that those controls appear to be suitably designed as of a specific date. Type I answers the question: "Does this organization claim to have appropriate controls, and do those claimed controls seem reasonably designed?" It does not test whether the controls actually operated effectively over any period of time.
SOC 2 Type II is a historical audit covering a defined period — typically 6 to 12 months. The auditor tests whether the controls the organization claimed to have were actually in operation and functioning effectively throughout the audit period. Type II answers the question: "Did this organization's controls actually work as described over the past six to twelve months?"
For legal AI procurement, always require SOC 2 Type II. A Type I report tells you almost nothing about whether the vendor's security is actually operating. A vendor can achieve Type I in a matter of weeks by documenting controls and inviting an auditor to review the documentation. Type II requires operational history. The temporal coverage matters: ask for the most recent Type II report and check the audit period end date — a Type II report from 18 months ago tells you about controls from 2 years ago, which may not reflect the vendor's current operations.
Request the actual SOC 2 report, not a summary or a one-page "attestation letter." The report contains the auditor's findings, any exceptions noted, and the management's response to exceptions. Exceptions — where controls were found to have failed during the audit period — are disclosed in the Type II report, and they matter for your risk assessment.
What SOC 2 Does Not Cover
This is the section where the most procurement mistakes are made. SOC 2 is a security controls audit. It does not cover:
Whether the vendor trains on your data. SOC 2 does not audit training data practices. A vendor with SOC 2 Type II certification may train on customer data. The no-training commitment lives in the data-processing-agreement, not in the SOC 2 report. These are separate inquiries that must both be completed.
Model accuracy or hallucination rates. SOC 2 audits security controls, not AI output quality. A vendor with SOC 2 Type II and a 15% hallucination rate on legal citations has a security-compliant product with an accuracy problem. See our ai-hallucination post and the citation-validation glossary entry for how to assess AI accuracy.
The vendor's subprocessors' security posture. The SOC 2 audit covers the vendor's own systems and controls. If the vendor's inference provider or cloud infrastructure provider has security gaps, those gaps are not covered by the vendor's SOC 2 report (unless the vendor specifically includes subprocessor controls in scope, which most do not). Request the subprocessor list separately and verify that key subprocessors have their own SOC 2 reports.
GDPR compliance. SOC 2 is a US-origin standard. GDPR compliance requires separate analysis — the Article 28 DPA, Schrems II transfer mechanism, and EU-specific technical and organizational measures. SOC 2 provides evidence of technical security controls that support GDPR Article 32 compliance, but it does not constitute GDPR compliance on its own. See gdpr-compliance-ai for the full GDPR analysis.
The security of AI model weights themselves. SOC 2 audits data security in the vendor's systems. The security of the model weights — whether the model can be extracted, whether fine-tuning on your data creates extraction risk — is not a SOC 2 question. This is an emerging area of security inquiry specific to AI vendors.
SOC 2 vs. ISO 27001
SOC 2 and ISO 27001 are complementary security frameworks with different origins, scope, and geographic acceptance.
SOC 2 is US-origin (AICPA), reports-based (rather than certification-based), and primarily recognized in North American procurement contexts. It produces a point-in-time or period-of-time audit report. Renewal requires a new audit each period; there is no ongoing certification maintenance between audits.
ISO 27001 is internationally recognized (International Organization for Standardization), certification-based, and accepted in European procurement contexts. It covers a broader information security management system (ISMS) framework including risk assessment, risk treatment, and management review processes — not just technical controls. ISO 27001 certification requires initial audit plus annual surveillance audits and tri-annual recertification. The ongoing maintenance requirement makes ISO 27001 certification a stronger signal of sustained security investment than a one-time SOC 2 audit.
For BigLaw and enterprise in-house procurement, ISO 27001 is the additional certification to require for AI tools handling the most sensitive client data (M&A, regulatory investigations, litigation strategy). For smaller firm procurement, SOC 2 Type II is the minimum standard.
A vendor with both SOC 2 Type II and ISO 27001 has the strongest certification profile in the market. As of 2026, Harvey AI and Everlaw have both; the other tools in this guide have SOC 2 Type II without ISO 27001.
HIPAA: Relevant Only for Healthcare-Adjacent Legal Work
The Health Insurance Portability and Accountability Act (HIPAA) applies to covered entities (healthcare providers, health plans, healthcare clearinghouses) and their business associates. Law firms become HIPAA business associates when they receive protected health information (PHI) from a covered entity client in connection with legal services.
For healthcare M&A practices, health law practices, or litigation involving healthcare clients, any AI tool that processes PHI from those matters requires a HIPAA Business Associate Agreement (BAA) from the vendor. The BAA governs how the vendor handles PHI and creates direct accountability to the law firm for HIPAA compliance.
SOC 2 and ISO 27001 do not make a vendor HIPAA-compliant. A HIPAA BAA is a separate contractual requirement. Not all AI vendors offer BAAs — Harvey AI does not offer a standard HIPAA BAA as of 2026 (verify directly); Clio and Everlaw offer BAAs for healthcare-related use cases. If your practice includes healthcare work, HIPAA BAA availability is a threshold procurement requirement.
The hipaa-ai-legal glossary entry covers the full HIPAA BAA requirements for legal AI tools.
The 20-Point Procurement Security Checklist
Before signing any legal AI vendor contract, obtain written answers to each of these questions:
- Do you have SOC 2 Type II certification? What is the audit period end date? Which Trust Services Criteria are covered?
- Do you have ISO 27001 certification? What is the certification date and next surveillance audit date?
- Can we receive a copy of your most recent SOC 2 Type II report under NDA?
- Do you use customer data for model training, fine-tuning, or any form of product improvement?
- What is your data deletion timeline for customer data after session end?
- What is your data deletion timeline for customer data after contract termination?
- Do you have a GDPR-compliant Article 28 data processing agreement available for EU client data?
- Do EU Standard Contractual Clauses apply to data transfers to your US systems?
- What are all subprocessors that access customer data? Are they bound by equivalent data protection obligations?
- Do your subprocessors (inference providers, cloud providers) have their own SOC 2 Type II reports? Can we receive them?
- Is your inference provider (OpenAI, Anthropic, etc.) under an enterprise API contract with a no-training commitment?
- Do you offer a HIPAA Business Associate Agreement for healthcare-adjacent legal work?
- Do you have FedRAMP authorization or do you intend to pursue it?
- What encryption standards apply to data in transit and at rest?
- What are your access controls for employee access to customer data?
- What is your breach notification timeline and process?
- Do you have cyber liability insurance? What is the coverage limit?
- What is your vulnerability management and patching cadence?
- Do you conduct third-party penetration testing? How frequently? Can you share the most recent summary?
- What is your process for responding to government requests for customer data?
Tool Analysis by Security Profile
Harvey AI
Harvey AI has the strongest security certification profile among the legal AI tools in this guide. SOC 2 Type II certification covers the Security, Confidentiality, and Privacy criteria. ISO 27001 certification adds the international ISMS framework. The explicit no-training DPA is standard in enterprise agreements.
What works: The combination of SOC 2 Type II, ISO 27001, and a contractual no-training commitment covers the three primary security dimensions for BigLaw procurement: audit-demonstrated controls, international ISMS framework, and data handling commitments. For Am Law 200 firms and enterprise in-house teams with sophisticated security procurement requirements, Harvey's certification profile is the starting point.
Real limitations: Harvey does not offer a standard HIPAA BAA, which limits its use for healthcare law practices that process PHI. Verify the BAA situation directly with Harvey for healthcare M&A or health law work. EU data residency is US-based by default, requiring SCCs for GDPR compliance. At $140,000+/year, the security infrastructure is accessible only to enterprise customers who can negotiate the full enterprise agreement — the same security posture is not available to smaller customers on different pricing tiers.
Lexis+ AI
LexisNexis has operated enterprise security programs for decades. Lexis+ AI's SOC 2 Type II report covers security controls for the platform. LexisNexis's AICPA-compliant security framework is well-established, though ISO 27001 certification for the specific Lexis+ AI product should be verified directly.
What works: LexisNexis's institutional security is reliable. Enterprise firms have leverage to receive the full SOC 2 Type II report and negotiate DPA terms. The no-training commitment at the enterprise tier is contractual.
Real limitations: ISO 27001 certification for Lexis+ AI specifically — as distinct from LexisNexis's broader security certifications — should be verified. The enterprise security tier (full DPA, audit access) requires enterprise pricing. Smaller firms on standard subscriptions may have less security documentation access and less DPA customization leverage.
Spellbook
Spellbook provides SOC 2 Type II certification, which covers the Security criterion. The certification is appropriate for the SMB market Spellbook serves.
What works: SOC 2 Type II is in place. The DPA includes a no-training commitment. For small law firms doing commercial contract work, Spellbook's security posture meets the minimum standard for handling confidential commercial agreements.
Real limitations: ISO 27001 is not certified. HIPAA BAA is not available. The audit rights in the DPA are less extensive than enterprise-tier vendors — SMB customers cannot negotiate the same level of security audit access that BigLaw firms obtain from Harvey or LexisNexis. For firms with sophisticated security requirements (Am Law 200 or large in-house teams), Spellbook's security posture is insufficient; Harvey or Lexis+ AI provide the enterprise security infrastructure those firms require.
Clio
Clio's SOC 2 Type II certification has been in place since 2018, one of the earlier legal tech vendors to achieve it. Clio offers HIPAA BAA availability for healthcare-related legal practices.
What works: Clio's long-standing SOC 2 Type II certification provides a solid security baseline for practice management data. The HIPAA BAA availability distinguishes Clio from most legal AI vendors and makes it usable for healthcare law practices that handle PHI. At $99–$149/month, the security profile is strong for the price point.
Real limitations: ISO 27001 certification is not in place. Clio's AI features (Duo) are practice management adjacent — billing narratives, matter summaries — rather than deep legal analysis. For firms whose primary security concern is AI analysis of highly sensitive legal documents (M&A, regulatory investigations), the security profile appropriate for practice management may be insufficient for those specific high-sensitivity use cases. Verify whether Clio's SOC 2 scope extends to Duo's AI processing specifically or covers only the core practice management platform.
Everlaw
Everlaw's security certification profile is the strongest of the eDiscovery tools in this guide. SOC 2 Type II and ISO 27001 certifications are in place. HIPAA BAA is available. FedRAMP authorization is in progress (vendor-reported) — which would make Everlaw available for federal legal work subject to FedRAMP requirements.
What works: For litigation teams handling large-scale eDiscovery with sensitive government, healthcare, or national security-adjacent content, Everlaw's certification profile is well-suited. The audit-log-legal-ai capabilities in Everlaw are strong — the platform maintains detailed audit trails of all document actions, which matters for privilege log generation and discovery protocol documentation.
Real limitations: FedRAMP authorization "in progress" (vendor-reported) is not the same as authorized — verify actual FedRAMP status before relying on it for federal work. Everlaw's pricing ($25–$45/GB + seat licenses) can escalate significantly on large matters. ISO 27001 and SOC 2 Type II together represent the best certification profile in this guide after Harvey AI.
Decision Tree
If you are a BigLaw firm or large enterprise in-house team with the highest security requirements → require SOC 2 Type II + ISO 27001 + no-training DPA + subprocessor list; Harvey AI and Everlaw (for eDiscovery) meet this standard in this guide
If you are a small or mid-size law firm → SOC 2 Type II is the minimum; verify the no-training DPA separately from the SOC 2 report; Spellbook and Clio meet this standard for their respective use cases
If you are a European practice or handle significant EU client data → require ISO 27001 + GDPR DPA + EU SCCs; ISO 27001 is the international standard accepted in European procurement; see gdpr-compliance-ai
If you are a healthcare law practice or handle PHI from healthcare clients → require a signed HIPAA BAA in addition to SOC 2 Type II; Clio and Everlaw offer HIPAA BAAs; verify Harvey's BAA availability directly for healthcare work
If you are considering federal government legal work → FedRAMP authorization is the relevant standard; Everlaw has FedRAMP in progress (vendor-reported); verify authorization status before committing
Frequently Asked Questions
What is the difference between SOC 2 Type I and Type II?
SOC 2 Type I is a point-in-time assessment of whether a vendor's controls are suitably designed as of a specific date. An auditor reviews the vendor's documented controls and confirms they appear reasonably designed. It can be achieved in weeks. SOC 2 Type II is an audit of whether those controls were actually operating effectively over a defined period, typically 6-12 months. The auditor tests the controls through the period and reports any exceptions. Type II is the meaningful standard for procurement decisions because it demonstrates operational performance, not just documentation. Always require Type II. A vendor that only has Type I is telling you their security exists on paper but has not been independently tested over time.
Does SOC 2 mean a vendor doesn't train on my data?
No. SOC 2 is a security controls audit. It covers access controls, encryption, change management, and incident response — it does not audit what the vendor does with your data for AI training purposes. A vendor can be SOC 2 Type II certified and still train on customer data. These are entirely separate questions. SOC 2 tells you about the security of the systems that handle your data. The training data question is answered in the data-processing-agreement — specifically in the contractual no-training prohibition. Both are required; neither substitutes for the other. See zero-data-retention-policy for what genuine ZDR commitments look like.
Do I need ISO 27001 or is SOC 2 sufficient for a law firm?
For most US-headquartered small and mid-size firms, SOC 2 Type II is the minimum required standard and is sufficient for general AI tool procurement. ISO 27001 is additionally required in three scenarios: (1) BigLaw and Am Law 200 firm security requirements, where firm-level security policies typically require ISO 27001 for AI tools handling client data; (2) procurement by UK and EU firms or for EU-client work, where ISO 27001 is the internationally recognized standard and SOC 2 is a US framework with less European recognition; (3) vendor relationships with multinational corporations as in-house counsel, where the corporation's security procurement standards may require ISO 27001. If in doubt, require ISO 27001 — the marginal cost of requesting it is zero, and a vendor that has it provides more assurance than one that does not.
What is a HIPAA Business Associate Agreement and when do I need one?
A HIPAA Business Associate Agreement (BAA) is a contract required by HIPAA whenever a covered entity (healthcare provider, health plan, or healthcare clearinghouse) shares Protected Health Information (PHI) with a service provider (business associate) for legal services. Law firms become business associates when they receive PHI from a covered entity client in the course of representing them. The BAA governs how the law firm and its service providers — including AI vendors — handle the PHI. If your practice includes healthcare M&A, health law litigation, or any representation of covered entities where PHI is involved, any AI tool that processes that PHI must be covered by a HIPAA BAA. Ask the vendor directly: "Do you offer a HIPAA BAA?" before deploying the tool for healthcare-adjacent work. See hipaa-ai-legal for the full BAA requirements.
Can I see a vendor's SOC 2 report before signing?
Yes — and you should require it. The SOC 2 Type II report is the independent auditor's findings, not the vendor's summary. The report contains the scope of the audit, the controls tested, the testing results, and any exceptions where controls were found to have failed. Vendors typically share SOC 2 reports under a non-disclosure agreement. If a vendor declines to share the report at all, that is a significant red flag — reputable vendors make their reports available to serious enterprise procurement teams under NDA. Review the report yourself (or have your security officer review it) rather than relying on a vendor summary. The exceptions section is what you are most interested in: what controls failed during the audit period, and how does management explain the failure?
Editorial Independence
LawyerAI evaluations are independent. We do not accept payment that influences our editorial scores. Featured placements are clearly labeled and do not affect our 5-dimension methodology (Accuracy / Speed / Usability / Value / Security). We re-review tools every 6 months.
If you believe any information is inaccurate, contact editor@lawyerai.directory.