Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

Consensus

AI-powered search engine for evidence-based scientific research

Noxtua

Excellent

25/25

Consensus

Caution

9/25

Score Breakdown

DimensionNoxtuaConsensus

Data Residency

Where is your data stored and processed?

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

Consensus: All data is processed on US infrastructure with no EU data residency option currently offered.

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

1/5

All data is processed on US infrastructure with no EU data residency option currently offered.

Legal Jurisdiction

Which laws govern the company and your data?

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

Consensus: US-incorporated and subject to CLOUD Act; no publicised EU-specific legal frameworks or SCCs are in place.

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

2/5

US-incorporated and subject to CLOUD Act; no publicised EU-specific legal frameworks or SCCs are in place.

Data Retention & Training

Is your data used for model training?

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

Consensus: States it does not sell user data and does not train on user queries; full retention policy details are limited.

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

3/5

States it does not sell user data and does not train on user queries; full retention policy details are limited.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

Consensus: No SOC 2, ISO 27001, or other formal third-party security certifications are currently published.

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

1/5

No SOC 2, ISO 27001, or other formal third-party security certifications are currently published.

Regulatory Fit

Suitability for regulated industries and professional services

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Consensus: Acceptable for low-risk research activities; European institutional procurement will require additional assurances not currently available.

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

2/5

Acceptable for low-risk research activities; European institutional procurement will require additional assurances not currently available.

Total Score

25/25

9/25

Best For

Noxtua

Best for teams on a tight budget.

Consensus

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment; enterprises requiring SSO integration.

Detailed Comparison

Consensus vs Noxtua: Trust & Compliance Comparison

Consensus (Consensus, US) scores 9/25 overall with a Review Required (Caution) trust badge. AI-powered search engine for evidence-based scientific research. Noxtua (Noxtua, DE) scores 25/25 with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM.

Dimension-by-Dimension Breakdown

#### Data Residency

Noxtua leads with 5/5 vs 1/5.

●Consensus (1/5): All data is processed on US infrastructure with no EU data residency option currently offered.

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

#### Legal Jurisdiction

Noxtua leads with 5/5 vs 2/5.

●Consensus (2/5): US-incorporated and subject to CLOUD Act; no publicised EU-specific legal frameworks or SCCs are in place.

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

#### Data Retention & Training

Noxtua leads with 5/5 vs 3/5.

●Consensus (3/5): States it does not sell user data and does not train on user queries; full retention policy details are limited.

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

#### Certifications

Noxtua leads with 5/5 vs 1/5.

●Consensus (1/5): No SOC 2, ISO 27001, or other formal third-party security certifications are currently published.

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

#### Regulatory Fit

Noxtua leads with 5/5 vs 2/5.

●Consensus (2/5): Acceptable for low-risk research activities; European institutional procurement will require additional assurances not currently available.

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Certifications at a Glance

Certification	Consensus	Noxtua
BSI C5	No	Yes
ISO 27001	No	Yes
ISO 27017	No	Yes
ISO 27018	No	Yes
ISO 42001	No	Yes
ISO 9001	No	Yes
TISAX	No	Yes

Overall Verdict

Noxtua has a clear trust advantage, scoring 25/25 compared to Consensus's 9/25. Noxtua particularly excels in data residency, legal jurisdiction, data retention & training, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Noxtua or Consensus?

Noxtua has a TrustKit score of 25/25 while Consensus scores 9/25. Noxtua currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Noxtua and Consensus compare on data residency?

Noxtua scores 5/5 for data residency (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.), while Consensus scores 1/5 (All data is processed on US infrastructure with no EU data residency option currently offered.).

Are Noxtua and Consensus GDPR compliant?

Both tools are assessed across five compliance dimensions. Noxtua has a regulatory fit score of 5/5 and Consensus scores 2/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool