LightOn

Sovereign enterprise GenAI platform deployed on-prem, air-gapped, or EU cloud

Berget AI

Swedish sovereign AI inference platform with EU-only data residency

LightOn

Excellent

22/25

Berget AI

Strong

20/25

Score Breakdown

DimensionLightOnBerget AI

Data Residency

Where is your data stored and processed?

LightOn: Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

Berget AI: All data processed and stored exclusively in Sweden. No US cloud dependency. EU-only infrastructure by design.

5/5

Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

5/5

All data processed and stored exclusively in Sweden. No US cloud dependency. EU-only infrastructure by design.

Legal Jurisdiction

Which laws govern the company and your data?

LightOn: French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

Berget AI: Swedish incorporation under EU law. No US parent company, no CLOUD Act exposure. Full GDPR coverage as a matter of corporate law.

5/5

French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

5/5

Swedish incorporation under EU law. No US parent company, no CLOUD Act exposure. Full GDPR coverage as a matter of corporate law.

Data Retention & Training

Is your data used for model training?

LightOn: In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

Berget AI: User data not used for model training. Platform runs open-source models on dedicated infrastructure. Early-stage company so retention policies are still maturing.

4/5

In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

4/5

User data not used for model training. Platform runs open-source models on dedicated infrastructure. Early-stage company so retention policies are still maturing.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

LightOn: Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

Berget AI: NIS2 aligned and Schrems II compliant but no formal ISO 27001 or SOC 2 certifications yet. Expected for a seed-stage company.

3/5

Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

2/5

NIS2 aligned and Schrems II compliant but no formal ISO 27001 or SOC 2 certifications yet. Expected for a seed-stage company.

Regulatory Fit

Suitability for regulated industries and professional services

LightOn: Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

Berget AI: Strong fit for EU regulated industries needing sovereign AI inference. NIS2 alignment and EU-only data residency support public sector and financial services use cases.

5/5

Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

4/5

Strong fit for EU regulated industries needing sovereign AI inference. NIS2 alignment and EU-only data residency support public sector and financial services use cases.

Total Score

22/25

20/25

Best For

LightOn

Best for EU-headquartered organisations needing maximum data sovereignty; privacy-conscious teams who need strong data retention controls; teams on a tight budget.

Berget AI

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (CNIL, AMF); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment; enterprises requiring SSO integration.

Detailed Comparison

Berget AI vs LightOn: Trust & Compliance Comparison

Berget AI (Berget AI, SE) scores 20/25 overall with a Silver (Strong) trust badge. Swedish sovereign AI inference platform with EU-only data residency. LightOn (LightOn, FR) scores 22/25 with a Gold (Excellent) trust badge. Sovereign enterprise GenAI platform deployed on-prem, air-gapped, or EU cloud.

Dimension-by-Dimension Breakdown

#### Data Residency

Both score equally at 5/5.

●Berget AI (5/5): All data processed and stored exclusively in Sweden. No US cloud dependency. EU-only infrastructure by design.

●LightOn (5/5): Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

#### Legal Jurisdiction

Both score equally at 5/5.

●Berget AI (5/5): Swedish incorporation under EU law. No US parent company, no CLOUD Act exposure. Full GDPR coverage as a matter of corporate law.

●LightOn (5/5): French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

#### Data Retention & Training

Both score equally at 4/5.

●Berget AI (4/5): User data not used for model training. Platform runs open-source models on dedicated infrastructure. Early-stage company so retention policies are still maturing.

●LightOn (4/5): In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

#### Certifications

LightOn leads with 3/5 vs 2/5.

●Berget AI (2/5): NIS2 aligned and Schrems II compliant but no formal ISO 27001 or SOC 2 certifications yet. Expected for a seed-stage company.

●LightOn (3/5): Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

#### Regulatory Fit

LightOn leads with 5/5 vs 4/5.

●Berget AI (4/5): Strong fit for EU regulated industries needing sovereign AI inference. NIS2 alignment and EU-only data residency support public sector and financial services use cases.

●LightOn (5/5): Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

Certifications at a Glance

Certification	Berget AI	LightOn
SOC 2 Type 1	No	Yes

Overall Verdict

LightOn has a clear trust advantage, scoring 22/25 compared to Berget AI's 20/25. LightOn particularly excels in certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, LightOn or Berget AI?

LightOn has a TrustKit score of 22/25 while Berget AI scores 20/25. LightOn currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do LightOn and Berget AI compare on data residency?

LightOn scores 5/5 for data residency (Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.), while Berget AI scores 5/5 (All data processed and stored exclusively in Sweden. No US cloud dependency. EU-only infrastructure by design.).

Are LightOn and Berget AI GDPR compliant?

Both tools are assessed across five compliance dimensions. LightOn has a regulatory fit score of 5/5 and Berget AI scores 4/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool