Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

Databricks (Mosaic AI)

Unified data and AI lakehouse platform for enterprise-scale machine learning

Noxtua

Excellent

25/25

Databricks (Mosaic AI)

Excellent

22/25

Score Breakdown

DimensionNoxtuaDatabricks (Mosaic AI)

Data Residency

Where is your data stored and processed?

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

Databricks (Mosaic AI): Data resides entirely within the customer's own cloud account across all major global regions; VPC injection ensures no shared infrastructure

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

5/5

Data resides entirely within the customer's own cloud account across all major global regions; VPC injection ensures no shared infrastructure

Legal Jurisdiction

Which laws govern the company and your data?

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

Databricks (Mosaic AI): US Delaware corporation subject to CLOUD Act; SCCs and DPAs available for EU/UK transfers

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

2/5

US Delaware corporation subject to CLOUD Act; SCCs and DPAs available for EU/UK transfers

Data Retention & Training

Is your data used for model training?

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

Databricks (Mosaic AI): Customer controls all data retention; Databricks has no access to data stored in customer cloud accounts

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

5/5

Customer controls all data retention; Databricks has no access to data stored in customer cloud accounts

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

Databricks (Mosaic AI): SOC 2 Type II, ISO 27001/17/18, HIPAA, FedRAMP Moderate, PCI DSS, and HITRUST certified

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

5/5

SOC 2 Type II, ISO 27001/17/18, HIPAA, FedRAMP Moderate, PCI DSS, and HITRUST certified

Regulatory Fit

Suitability for regulated industries and professional services

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Databricks (Mosaic AI): Purpose-built for regulated enterprise workloads; suitable for healthcare, financial services, and government

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

5/5

Purpose-built for regulated enterprise workloads; suitable for healthcare, financial services, and government

Total Score

25/25

22/25

Best For

Noxtua

Best for organisations requiring broad certification coverage (SOC 2 Type II, ISO 27001, ISO 27017); regulated industries (ICO, HHS); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Databricks (Mosaic AI)

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Detailed Comparison

Databricks (Mosaic AI) vs Noxtua: Trust & Compliance Comparison

Databricks (Mosaic AI) (Databricks, US) scores 22/25 overall with a Gold (Excellent) trust badge. Unified data and AI lakehouse platform for enterprise-scale machine learning. Noxtua (Noxtua, DE) scores 25/25 with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM.

Dimension-by-Dimension Breakdown

#### Data Residency

Both score equally at 5/5.

●Databricks (Mosaic AI) (5/5): Data resides entirely within the customer's own cloud account across all major global regions; VPC injection ensures no shared infrastructure

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

#### Legal Jurisdiction

Noxtua leads with 5/5 vs 2/5.

●Databricks (Mosaic AI) (2/5): US Delaware corporation subject to CLOUD Act; SCCs and DPAs available for EU/UK transfers

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

#### Data Retention & Training

Both score equally at 5/5.

●Databricks (Mosaic AI) (5/5): Customer controls all data retention; Databricks has no access to data stored in customer cloud accounts

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

#### Certifications

Both score equally at 5/5.

●Databricks (Mosaic AI) (5/5): SOC 2 Type II, ISO 27001/17/18, HIPAA, FedRAMP Moderate, PCI DSS, and HITRUST certified

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

#### Regulatory Fit

Both score equally at 5/5.

●Databricks (Mosaic AI) (5/5): Purpose-built for regulated enterprise workloads; suitable for healthcare, financial services, and government

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Certifications at a Glance

Certification	Databricks (Mosaic AI)	Noxtua
BSI C5	No	Yes
FedRAMP Moderate	Yes	No
HIPAA	Yes	No
HITRUST	Yes	No
ISO 27001	Yes	Yes
ISO 27017	Yes	Yes
ISO 27018	Yes	Yes
ISO 42001	No	Yes
ISO 9001	No	Yes
PCI DSS	Yes	No
SOC 2 Type II	Yes	No
TISAX	No	Yes

Overall Verdict

Noxtua has a clear trust advantage, scoring 25/25 compared to Databricks (Mosaic AI)'s 22/25. Noxtua particularly excels in legal jurisdiction.

Frequently Asked Questions

Which is better for EU compliance, Noxtua or Databricks (Mosaic AI)?

Noxtua has a TrustKit score of 25/25 while Databricks (Mosaic AI) scores 22/25. Noxtua currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Noxtua and Databricks (Mosaic AI) compare on data residency?

Noxtua scores 5/5 for data residency (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.), while Databricks (Mosaic AI) scores 5/5 (Data resides entirely within the customer's own cloud account across all major global regions; VPC injection ensures no shared infrastructure).

Are Noxtua and Databricks (Mosaic AI) GDPR compliant?

Both tools are assessed across five compliance dimensions. Noxtua has a regulatory fit score of 5/5 and Databricks (Mosaic AI) scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool

Noxtua

View full review →

100%

Databricks (Mosaic AI)

View full review →

88%