LOCS:23 Certification

ICO approved certification criteria.

About LOCS:23

Article 42 of UK GDPR states:

​The commissioner shall encourage the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors. The specific needs of micro, small and medium-sized enterprises shall be taken into account.

What does LOCS stand for?

LOCS is an acronym for: Legal Services Operational Privacy Certification Scheme and the primary processing activities within the scope of this standard are:

  • Processing of Personal Data in the Client File
  • Ensuring protection of Client data when shared

(the full scope can be seen in the LOCS:23 Standard).

What certifications are on offer and which applies to me?


This would include the following types of organisation:

  • ​Law firms
  • Barristers
  • In-house Council


This would include the following types of organisation:

  • ​Software Providers (document management)
  • Solution providers (translation services)
  • Consultants (implementers)

LOCS:23 and ADISA?

ADISA was appointed Certification Body for LOCS:23 by the Scheme Owner 2Twenty4Consulting Limited in May 2023. UKAS have been informed of the intention to seek approval under Article 43 of the UK GDPR for this scheme and ADISA is currently building out the audit process for certification to this Standard. It is expected to move to pilot in Autumn 2023 and to seek UKAS accreditation before the end of 2023.