Hawk

AI-native anti-money laundering and fraud prevention for banks and payment firms

Corti

Danish AI clinical decision support for emergency medicine and patient triage

Hawk

Excellent

22/25

Corti

Excellent

24/25

Score Breakdown

DimensionHawkCorti

Data Residency

Where is your data stored and processed?

Hawk: European company offering SaaS or private-cloud deployment and GDPR compliance, but no publicly published EU-only data-residency commitment or named region. EU customers should confirm EU hosting via the DPA. Scored conservatively pending explicit residency disclosure.

Corti: Data processed exclusively in EU data centres (Denmark/Germany). Danish incorporation means EU law governs by default. No US cloud dependency. Maximum data residency for healthcare AI.

3/5

European company offering SaaS or private-cloud deployment and GDPR compliance, but no publicly published EU-only data-residency commitment or named region. EU customers should confirm EU hosting via the DPA. Scored conservatively pending explicit residency disclosure.

5/5

Data processed exclusively in EU data centres (Denmark/Germany). Danish incorporation means EU law governs by default. No US cloud dependency. Maximum data residency for healthcare AI.

Legal Jurisdiction

Which laws govern the company and your data?

Hawk: Incorporated as Hawk AI GmbH in Munich, Germany (EU/EEA), with no US parent. Falls fully under EU/GDPR jurisdiction — ideal for EU regulated institutions.

Corti: Danish ApS incorporated under Danish and EU law. GDPR and EU AI Act apply as corporate law. Datatilsynet (Danish DPA) is the lead supervisory authority. No CLOUD Act exposure. Strongest possible EU jurisdiction profile.

5/5

Incorporated as Hawk AI GmbH in Munich, Germany (EU/EEA), with no US parent. Falls fully under EU/GDPR jurisdiction — ideal for EU regulated institutions.

5/5

Danish ApS incorporated under Danish and EU law. GDPR and EU AI Act apply as corporate law. Datatilsynet (Danish DPA) is the lead supervisory authority. No CLOUD Act exposure. Strongest possible EU jurisdiction profile.

Data Retention & Training

Is your data used for model training?

Hawk: Offers DPAs, encryption, GDPR-aligned PII handling and private-cloud isolation; AI learns from analyst feedback within the customer tenant. No public explicit shared-model no-training clause, so scored 4 pending DPA confirmation of retention and training terms.

Corti: Patient conversation and clinical data not used for cross-customer model training without explicit consent. Configurable retention aligned with healthcare regulatory requirements. GDPR-compliant DPA as healthcare data processor.

4/5

Offers DPAs, encryption, GDPR-aligned PII handling and private-cloud isolation; AI learns from analyst feedback within the customer tenant. No public explicit shared-model no-training clause, so scored 4 pending DPA confirmation of retention and training terms.

5/5

Patient conversation and clinical data not used for cross-customer model training without explicit consent. Configurable retention aligned with healthcare regulatory requirements. GDPR-compliant DPA as healthcare data processor.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Hawk: Holds ISO/IEC 27001:2022 and SOC 2 Type 2, with ISO 22301 alignment and GDPR audits — a strong stack including sector-relevant resilience certification for a financial-crime vendor.

Corti: Holds ISO 27001 (information security) and ISO 13485 (medical devices quality management), demonstrating compliance with EU Medical Device Regulation (MDR) requirements. Strong certification posture for a clinical AI company.

5/5

Holds ISO/IEC 27001:2022 and SOC 2 Type 2, with ISO 22301 alignment and GDPR audits — a strong stack including sector-relevant resilience certification for a financial-crime vendor.

4/5

Holds ISO 27001 (information security) and ISO 13485 (medical devices quality management), demonstrating compliance with EU Medical Device Regulation (MDR) requirements. Strong certification posture for a clinical AI company.

Regulatory Fit

Suitability for regulated industries and professional services

Hawk: Purpose-built for regulated EU financial institutions (AML/CFT, fraud), used by Tier-1 banks and payment firms; directly relevant to BaFin and other EU financial supervisors. Forrester Strong Performer, Q2 2025.

Corti: Excellent fit for EU healthcare organisations including NHS, Nordic public health systems, and German/French hospital groups. MDR compliance, GDPR-native design, and EU jurisdiction make this one of the highest-scoring healthcare AI tools for European regulated use.

5/5

Purpose-built for regulated EU financial institutions (AML/CFT, fraud), used by Tier-1 banks and payment firms; directly relevant to BaFin and other EU financial supervisors. Forrester Strong Performer, Q2 2025.

5/5

Excellent fit for EU healthcare organisations including NHS, Nordic public health systems, and German/French hospital groups. MDR compliance, GDPR-native design, and EU jurisdiction make this one of the highest-scoring healthcare AI tools for European regulated use.

Total Score

22/25

24/25

Best For

Hawk

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (CNIL, BaFin); privacy-conscious teams who need strong data retention controls.

Corti

Best for teams prioritising European legal jurisdiction; organisations requiring broad certification coverage (ISO/IEC 27001:2022, SOC 2 Type 2, ISO 22301 (alignment)); regulated industries (BaFin, BfDI); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Detailed Comparison

Corti vs Hawk: Trust & Compliance Comparison

Corti (Corti, DK) scores 24/25 overall with a Gold (Excellent) trust badge. Danish AI clinical decision support for emergency medicine and patient triage. Hawk (Hawk, DE) scores 22/25 with a Gold (Excellent) trust badge. AI-native anti-money laundering and fraud prevention for banks and payment firms.

Dimension-by-Dimension Breakdown

#### Data Residency

Corti leads with 5/5 vs 3/5.

●Corti (5/5): Data processed exclusively in EU data centres (Denmark/Germany). Danish incorporation means EU law governs by default. No US cloud dependency. Maximum data residency for healthcare AI.

●Hawk (3/5): European company offering SaaS or private-cloud deployment and GDPR compliance, but no publicly published EU-only data-residency commitment or named region. EU customers should confirm EU hosting via the DPA. Scored conservatively pending explicit residency disclosure.

#### Legal Jurisdiction

Both score equally at 5/5.

●Corti (5/5): Danish ApS incorporated under Danish and EU law. GDPR and EU AI Act apply as corporate law. Datatilsynet (Danish DPA) is the lead supervisory authority. No CLOUD Act exposure. Strongest possible EU jurisdiction profile.

●Hawk (5/5): Incorporated as Hawk AI GmbH in Munich, Germany (EU/EEA), with no US parent. Falls fully under EU/GDPR jurisdiction — ideal for EU regulated institutions.

#### Data Retention & Training

Corti leads with 5/5 vs 4/5.

●Corti (5/5): Patient conversation and clinical data not used for cross-customer model training without explicit consent. Configurable retention aligned with healthcare regulatory requirements. GDPR-compliant DPA as healthcare data processor.

●Hawk (4/5): Offers DPAs, encryption, GDPR-aligned PII handling and private-cloud isolation; AI learns from analyst feedback within the customer tenant. No public explicit shared-model no-training clause, so scored 4 pending DPA confirmation of retention and training terms.

#### Certifications

Hawk leads with 5/5 vs 4/5.

●Corti (4/5): Holds ISO 27001 (information security) and ISO 13485 (medical devices quality management), demonstrating compliance with EU Medical Device Regulation (MDR) requirements. Strong certification posture for a clinical AI company.

●Hawk (5/5): Holds ISO/IEC 27001:2022 and SOC 2 Type 2, with ISO 22301 alignment and GDPR audits — a strong stack including sector-relevant resilience certification for a financial-crime vendor.

#### Regulatory Fit

Both score equally at 5/5.

●Corti (5/5): Excellent fit for EU healthcare organisations including NHS, Nordic public health systems, and German/French hospital groups. MDR compliance, GDPR-native design, and EU jurisdiction make this one of the highest-scoring healthcare AI tools for European regulated use.

●Hawk (5/5): Purpose-built for regulated EU financial institutions (AML/CFT, fraud), used by Tier-1 banks and payment firms; directly relevant to BaFin and other EU financial supervisors. Forrester Strong Performer, Q2 2025.

Certifications at a Glance

Certification	Corti	Hawk
GDPR	No	Yes
ISO 13485	Yes	No
ISO 22301 (alignment)	No	Yes
ISO 27001	Yes	No
ISO/IEC 27001:2022	No	Yes
SOC 2 Type 2	No	Yes

Overall Verdict

Corti has a clear trust advantage, scoring 24/25 compared to Hawk's 22/25. Corti particularly excels in data residency, data retention & training.

Frequently Asked Questions

Which is better for EU compliance, Hawk or Corti?

Hawk has a TrustKit score of 22/25 while Corti scores 24/25. Corti currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Hawk and Corti compare on data residency?

Hawk scores 3/5 for data residency (European company offering SaaS or private-cloud deployment and GDPR compliance, but no publicly published EU-only data-residency commitment or named region. EU customers should confirm EU hosting via the DPA. Scored conservatively pending explicit residency disclosure.), while Corti scores 5/5 (Data processed exclusively in EU data centres (Denmark/Germany). Danish incorporation means EU law governs by default. No US cloud dependency. Maximum data residency for healthcare AI.).

Are Hawk and Corti GDPR compliant?

Both tools are assessed across five compliance dimensions. Hawk has a regulatory fit score of 5/5 and Corti scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool