Notion AI
Notion Labs, Inc. · EFROS US AI Vendor Governance Index entry
Composite governance score
F = inadequate posture for any regulated workload. Re-evaluate before procurement.
About this vendor
AI overlay on Notion's collaborative workspace. Used for summarization, drafting, semantic search, and database automation within Notion content.
- Enterprise tier
- Notion Business, Notion Enterprise (per-user AI add-on)
- Consumer tier
- Notion Free, Notion Plus
- Vendor homepage
- https://www.notion.so/product/ai
- Trust center
- https://www.notion.so/help/notion-trust
Twelve-axis governance scoring
Each axis is scored Yes / Partial / No / N/A against public evidence — vendor trust portals, BAAs/DPAs, SOC 2 report cover pages, published methodology documents. N/A applies when the axis is structurally inapplicable (foundation models, for example, defer Section 1557 to the downstream healthcare deployer).
| Axis | Status | EFROS note | Source |
|---|---|---|---|
| BAA / DPA available | No | Notion does not sign BAAs. Notion has explicitly stated it is not HIPAA-compliant and should not store PHI. | Notion HIPAA support article |
| Training-data opt-out | Partial | Notion AI does not train on workspace content by default for Business and Enterprise plans. Free and Plus: opt-out toggle available. | Notion AI Privacy |
| US data residency option | No | No US data residency configuration option as of May 2026. Notion uses AWS US-East default. | Notion Trust Center |
| SOC 2 Type II report | Yes | SOC 2 Type II report available via Notion Trust Center under NDA. ISO 27001:2022 also held. | Notion Trust |
| ISO/IEC 42001 attestation | No | No ISO/IEC 42001 attestation. | Public posture review |
| NIST AI RMF self-attestation | No | No public NIST AI RMF self-attestation. | Public posture review |
| Colorado AI Act readiness | No | No Colorado AI Act compliance statement. | Public posture review |
| HHS-OCR Section 1557 readiness | N/A | Not BAA-eligible — Section 1557 use case disqualified by HIPAA gap. | HHS-OCR Section 1557 — deployer scope |
| FRB SR 11-7 readiness | N/A | SR 11-7 is deployer responsibility for banking use, but the lack of BAA already disqualifies most regulated bank deployments. | FRB SR 11-7 — deployer scope |
| ABA Formal Op 512 readiness | N/A | ABA Op 512 is practitioner responsibility; no BAA significantly raises the privilege bar for law firm use. | ABA Formal Op 512 — practitioner scope |
| Subprocessor list public | Yes | Notion subprocessor list public (OpenAI as Notion AI subprocessor, AWS, Stripe, etc.). | Notion Subprocessors |
Trust-center maturity
Mature trust portal with SOC 2 + ISO under NDA. AI-specific governance documentation is thin — no Colorado AI Act, no NIST AI RMF, no ISO 42001.
Source: Notion Trust
Deep dive
Overview
Notion AI is one of the most-deployed shadow-AI vectors in the regulated mid-market. The product is good and widely loved — but the lack of BAA, lack of residency, and thin AI-specific governance documentation make it a poor fit for any regulated workload. Most firms we audit have Notion AI in use and PHI/PII in Notion without realizing the BAA gap.
Strengths
- No-train default for Business/Enterprise
- Mature SOC 2 + ISO 27001 posture
- Public subprocessor list
Weaknesses
- No BAA — not HIPAA-compliant
- No US data residency option
- No AI-specific governance documentation
- Common shadow-AI vector for regulated data
Best-fit use case
Non-regulated workspace use where no PHI, PII, or privileged data enters Notion. Internal-only knowledge management for non-regulated workloads.
Avoid when
Any environment where PHI, regulated financial data, or privileged legal content might enter a Notion workspace. DLP at the email/upload boundary is the right preventive control.
Operator's take
Deploy Notion AI when non-regulated workspace use where no PHI, PII, or privileged data enters Notion. Internal-only knowledge management for non-regulated workloads. The composite score of 33 (grade F) reflects a mixed posture for regulated US workloads. Skip the vendor when any environment where PHI, regulated financial data, or privileged legal content might enter a Notion workspace. DLP at the email/upload boundary is the right preventive control. In every deployment, treat the cells above as a snapshot — the acquisition that gets to production safely is the one that re-verifies the trust-center posture before contract signature and rebuilds the matrix at renewal.
How this scoring is computed
The composite score blends eleven scoreable axes (BAA, training opt-out, US data residency, SOC 2, ISO/IEC 42001, NIST AI RMF, Colorado AI Act, Section 1557, SR 11-7, ABA Op 512, subprocessor transparency) with the trust-center maturity score. Axes marked N/A are excluded from the denominator so vendors are not penalized for sector-inapplicable axes. The vendor's primary sector amplifies the most relevant axes — healthcare vendors weight Section 1557 ×2, legal vendors weight ABA Op 512 ×2, banking vendors weight SR 11-7 ×2 — so the composite reflects what matters in the actual buying context.
Read the full methodology →Disagree with this scoring?
EFROS publishes scoring rationale per cell with a public source. If you have evidence that a specific axis should score differently — a new BAA, a new certification, a documented policy change — submit a formal challenge below. We re-score and publish the result with the next quarterly edition (or as a mid-quarter changelog entry if the change is material).
Disagree with a score?
Every cell in the EFROS Index is source-cited. If you have a public source that contradicts a score for Notion AI, submit a formal challenge — we re-verify against the source and respond within 14 days.
Other vendors in Productivity AI
Same category, scored on the same twelve axes. Useful for head-to-head shortlisting.
Take the scoring into production
The Index tells you the posture. These engagements turn the posture into a deployable program — vendor selection, governance policy, sector overlay, audit-ready evidence.