Trust Index limitations & response policies

About this page

The Lawnise Trust Index methodology measures how accurately AI systems answer questions about regulated industries. Every score carries a confidence interval, a methodology reference, and an evidence chain. This page explains the limits of what a Trust Index score can support, the policies that govern when entities can be named, and the procedures Lawnise follows when someone disagrees with a finding. These policies govern the methodology, Lawnise's internal measurement, and any deliverables Lawnise shares externally.

It applies to any Lawnise Trust Index artifact — scores, derived reports, and anything that cites a Lawnise Trust Index score.

If you are looking for how the Trust Index is calculated, read our methodology. For how verification works, see the verification section below.

What a Trust Index score reports, and what it doesn't

Per-jurisdiction aggregates

The default unit of a Lawnise Trust Index score is a per-jurisdiction aggregate. A typical score reads "Malaysian banking-sector AI accuracy, March 2026: 73% ± 6 percentage points (preliminary)." The headline is anchored to a jurisdiction, a sector, and a time period — never to a specific named institution in a way that attributes a low score, a regulatory shortfall, or a factual error to that institution.

A Trust Index score reports at three levels of detail:

• A jurisdiction-wide headline (the figure most likely to be cited).
• Sector breakdowns within a jurisdiction (banking, insurance, capital markets) where coverage permits.
• AI-provider breakdowns within the jurisdiction (showing how different AI systems compare on the same prompt set).

We do not rank jurisdictions against each other in version 1.1 of our methodology. Each jurisdiction is presented on its own terms with its own confidence interval and sample-quality footnotes. Cross-jurisdiction comparisons are valid only at the trend level (for example, "both Malaysia and Singapore showed improving accuracy over the past six months") and never as ranked comparisons.

When we name an entity (factual-preservation carve-out)

We may name a specific entity only when doing so preserves a positive or neutral factual record — for example, confirming that a regulator's published deposit-insurance limit was accurately reflected across all four AI surfaces we scanned, with the institution that holds that policy named for context. This carve-out is narrow and deliberate:

• it never names an entity in a negative or below-average context;
• every named callout is reviewed through Lawnise's structured governance process before external use;
• the entity has not opted out of Lawnise scanning;
• it is rare in practice. Lawnise's research methodology does not use this carve-out.

How we keep entity names out of negative claims

The baseline rule

No Lawnise Trust Index output names a specific institution in connection with a negative finding, a below-average score, a regulatory shortfall, or any other adverse outcome. This is a hard rule, not a guideline. It applies uniformly across:

• the /trust-index surfaces,
• any Trust Index report or summary,
• regulator-facing summaries and citation responses,
• charts, graphics, and social-media assets.

When a claim risks identifying an entity in a negative context — even indirectly through inference from sector size or market structure — our remediation options are, in order of preference: aggregate the finding to a higher level (sector or jurisdiction), anonymise the entity if the data is still useful, or remove the claim entirely. We never name an entity to make a negative finding more "concrete" or "newsworthy."

Small-market considerations

In a small market, even an "anonymised" distribution can point to a single institution if a careful reader brings external knowledge. Two safeguards address this:

First, we suppress any sector-level distribution where fewer than five entities contribute data for the period. If only three or four institutions in a jurisdiction's sector have been scanned, we report the jurisdiction-wide figure but withhold the sector breakdown.

Second, we apply extra reviewer scrutiny to any far-outlier score — defined as more than two standard deviations below the sector mean — in a small market. Where re-identification risk cannot be eliminated by aggregation, we withhold that breakdown from any external reporting.

These rules apply equally to extreme positive outliers, even though they do not raise defamation risk, to keep the reported distribution self-consistent.

Relationships and scoring firewall

Some entities included in our scans have commercial relationships with businesses affiliated with Lawnise. Lawnise itself currently has no direct commercial relationship with any scanned entity. We do not report entity-level scores. Commercial relationships do not influence which entities we scan, how we score responses, which observations we exclude under governance rules, what we report, or how we handle right-to-reply and correction requests. Entity-slate selection follows objective criteria documented in our internal slate-selection record, and scoring is firewalled from commercial considerations.

Right to reply

What it covers

If your entity is named in a Lawnise Trust Index finding, or you believe your entity is identifiable from an anonymised aggregate, you have the right to reply. The right to reply covers:

• a factual error in the reference data Lawnise used about your entity (for example, an outdated deposit-insurance limit);
• a claim about your entity that you dispute on factual grounds;
• an anonymised aggregate finding from which you believe your entity can be re-identified, especially in small markets.

It does not cover:

• disagreement with the Lawnise methodology itself — methodology changes follow the methodology versioning process and are not handled through right-to-reply;
• requests to suppress an unfavourable score that is factually accurate;
• pre-release preview rights, advance notice of upcoming findings, or veto over if or when a finding is shared.

Timing

We commit to:

• Acknowledge receipt of a legitimate right-to-reply within 5 business days of intake.
• Include your response alongside the finding — once you submit one and it passes our reply-review process — within 30 calendar days of receiving your formal response.

What we offer to you:

• A 15-business-day window after our acknowledgement to submit a formal response. If you need more time, ask before the window closes — we consider extensions case by case based on the complexity of the matter and the documentation required.

We do not silently edit a finding once it has been shared. When we include your reply, it appears as a new record alongside the original claim, with its own date and audit reference. The original record remains visible. This applies whether the reply confirms our finding, disputes it, or supplements it with additional context.

How to submit

• Email: trust-index@lawnise.com
• Contact form: Submit a right-to-reply

Please include your name and role, the entity you represent, what is being disputed, and (where applicable) the specific claim or score reference. We classify legitimate intake within one business day. The 5-business-day acknowledgement clock is measured from receipt.

Entity opt-out

What opt-out does

If your entity does not want to participate in future Lawnise Trust Index branded scanning, you can opt out. Once we verify the request, we exclude your entity from all future branded scans within 30 calendar days of verified intake. Your entity name and per-entity scores never appear in future Lawnise Trust Index output.

Opt-out applies to our entity-level benchmark stream (the Market Accuracy Benchmark, which uses branded prompts about specific institutions). It does not apply to industry-level Trust Index reporting, which uses non-branded prompts and industry-level reference facts and does not include named entities in its inputs. The industry-level stream does not need opt-out because your entity is not in it.

Opt-out is reversible. You can request reinstatement at any time, and we will apply the same verification process and reinstate your entity in the next scan dispatch after we verify.

How we verify the requester

Because opt-out is durable, we apply two-factor verification before we act:

1. Email domain match — the request arrives from an email address on your entity's official domain. Personal or generic email addresses do not satisfy this factor. 2. Public-role attestation — your role at the entity is confirmed via a public source such as LinkedIn or your company's official website, and is one with reasonable authority to make this request (typically head of compliance, head of communications, legal counsel, or comparable).

If we cannot satisfy both factors within 10 business days of asking, we close the request and let you know. You can resubmit at any time with the additional verification.

Historical data: what we preserve and why

When we honour an opt-out, we retire your entity's internal reference facts and branded benchmark prompts. We do not delete or anonymise historical scan results or reference data. Those records remain unchanged in our internal database for three reasons:

1. Past Trust Index scores must remain verifiable against the inputs we actually used when they were produced. If we rewrote the historical inputs, the score chain that auditors and regulators rely on would no longer reconcile. 2. Our hash-chain integrity checks would break if the underlying data were edited after the fact. Hash-chain integrity is a commitment in our methodology, and Lawnise verifies the score chain operationally on a scheduled basis. 3. Our methodology promises auditors and regulators a fixed historical record. We honour that promise even when it would be simpler to scrub.

This historical preservation is internal-only. Lawnise's Trust Index outputs do not attribute negative performance to named entities; any positive or neutral factual-preservation callout (the narrow carve-out described above) is reviewer-gated, and we remove the entity from any such forward-looking callout as part of honouring an opt-out. The effect of opt-out, externally, is that your entity is excluded from all future scans and from any future named callout.

To request opt-out, see How to contact us.

How we correct errors

When a Lawnise Trust Index score or claim turns out to be wrong, we issue a correction as a new record. We do not silently edit the original. Three patterns govern our response:

Calculation correction — a bug in our scoring or aggregation logic produced a wrong number. We issue the corrected score with a note explaining what went wrong, what changed, and how the new figure relates to the old one. The original record remains visible with a correction marker.

Input correction — a fact in our reference data was wrong (an outdated regulatory limit, a misclassified product, a transcription error in a source document). We update the reference data, re-run the affected calculation, and issue the corrected score with the same kind of disclosure.

Methodology correction — a flaw in the methodology itself. This is the most significant pattern. We retract affected scores under the current methodology version and issue corrected scores under a new methodology version. The new methodology is documented, and the corresponding bridge document explains what changed, why, and how the new scores compare to the old.

When Lawnise issues a correction or retraction, it is a new record rather than a silent edit: a retracted score is retained with a retraction notice instead of being deleted. The audit trail behind each correction is preserved for internal governance review and for legal or audit review where appropriate.

Sample size, confidence, and "preliminary" status

Every Lawnise Trust Index score includes a confidence interval that reflects how much data we have. The wider the interval, the more cautious the interpretation should be. But interval width is only part of the picture: whether a score qualifies as definitive or preliminary also depends on how many observations contributed to it, how many AI providers and sectors were covered, how many distinct scan sessions and prompts went into the measurement, and how many observations were excluded for infrastructure-failure reasons. Our methodology defines specific thresholds across all of these dimensions, and a score only earns definitive status when every threshold is met. Falling short on any one of them — even with a tight confidence interval — keeps the score at preliminary or below.

Our verification engine itself has known precision limits, which we disclose with every score:

> _Scores reflect automated verification against curated reference facts. Engine accuracy on the development benchmark is approximately 87%. Results should be interpreted as directional indicators, not absolute measures._

This disclosure is verbatim from our methodology and accompanies any Trust Index score Lawnise reports. It means that even a high-confidence Trust Index score is a measurement, not a final truth claim — and our record is honest about that.

Two kinds of uncertainty apply, and we keep them separate. The confidence interval on a score reflects sampling uncertainty only — how much the measured proportion might vary because we measured a sample. It does not capture verification-engine error, which is a separate property of our automated verifier (post-remediation accuracy of approximately 87% on the development benchmark used to guide verifier remediation, not an out-of-sample production accuracy estimate; an audited over-flag rate of approximately 1.7% among flagged responses in our first measurement session). A tight confidence interval narrows sampling uncertainty; it does not narrow verification-engine error. We disclose both because conflating them would overstate how precise any single score is.

When our verifier flags an AI response, that flag is not automatically a "wrong answer." In our first measurement session, of the responses flagged and reviewed, roughly half were confirmed contradictions of the reference facts and roughly half were borderline cases — the AI's core answer was partly correct but its framing, scope, or precision did not meet the reference-fact standard. A small remainder were verifier over-flags we routed to engine tuning. We separate these categories in any Trust Index output rather than collapsing them into a single "inaccurate" count.

One specific case: a refusal to answer a question about publicly available information counts as inaccurate under our methodology, because the question has a known public answer the AI did not provide. We report refusal-driven inaccuracy separately from contradiction-driven inaccuracy so the two are never blurred. In Session 1 Pass 1, refusal-classified inaccurate rows were 0 of 420 reviewed risk rows; later measurement sessions are aggregated before any finding is finalised.

A worked example. A preliminary score might read: "Malaysian banking-sector AI accuracy, March 2026: 73% ± 8 percentage points (preliminary) — the interval reflects sampling uncertainty only. Based on 28 scored observations across 2 AI providers." A reader should treat this as evidence of where AI accuracy is trending in this sector, not as a precise measurement. The same headline score could be eligible for definitive status if the underlying sample grew substantially in every dimension — more scored observations, broader coverage across AI providers and sectors, more distinct scan sessions and prompts, a low ratio of excluded observations, and a narrower confidence interval. The full thresholds for each status are documented in our methodology.

A score that does not reach enough confidence to mark preliminary is calculated for internal trend-tracking and is not released externally.

What our verification surface does (and doesn't) cover

Lawnise's verification approach governs the methodology and any deliverables Lawnise shares. Where a Trust Index score is shared, the verification surface is designed to be score-level: a verification surface at verify.lawnise.com returns that score, its confidence interval, and a link to the methodology version that produced it, by jurisdiction (Malaysia, Singapore).

Per-claim or per-row verification URLs are not exposed. Per-claim verification is a possible future iteration of the verification surface, not a current capability.

If a claim in a Trust Index finding or other deliverable is challenged, the underlying scan rows and reference facts are reviewer-verified internally before the claim is finalised. We retain the full evidence trail under our hash-chain integrity discipline, which we verify on a scheduled basis against the score chain. This means a claim's evidence is reproducible internally even where it is not yet exposed via a verification URL.

How to contact us

For any Lawnise Trust Index governance matter — right-to-reply, opt-out request, factual correction, or methodology question:

• Email: trust-index@lawnise.com
• Right-to-reply contact form: Submit a right-to-reply
• Opt-out contact form: Request entity opt-out

We classify every legitimate inbound message within 1 business day of receipt and confirm the relevant service-level clock with you when we acknowledge. If your matter is urgent — for example, a finding that you believe is materially harmful and time-sensitive — write "URGENT" in the subject line and we will route the request immediately.

When you write to us, please include the entity you represent, the specific claim or score reference, what is being disputed or requested, and your contact details. The more concrete the initial message, the faster we can confirm scope and start the relevant clock.

For general Lawnise enquiries that are not about Trust Index governance, see our main contact page.

Document version + last reviewed

• Methodology version cited: Lawnise Trust Index Research Methodology v1.1 (effective 2026-06-15). Full text at /trust-index/methodology/v1.

If you find an error on this page, please email trust-index@lawnise.com referencing "page error" in the subject line, and we will route the correction through our standard correction workflow.