Dust

French AI platform for deploying AI assistants across your company's knowledge and tools

LightOn

Sovereign enterprise GenAI platform deployed on-prem, air-gapped, or EU cloud

Dust

Excellent

23/25

LightOn

Excellent

22/25

Score Breakdown

DimensionDustLightOn

Data Residency

Where is your data stored and processed?

Dust: Data hosted exclusively in EU (France). French SAS incorporation means EU law governs by default. Internal company data connected to Dust stays in EU infrastructure.

LightOn: Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

5/5

Data hosted exclusively in EU (France). French SAS incorporation means EU law governs by default. Internal company data connected to Dust stays in EU infrastructure.

5/5

Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

Legal Jurisdiction

Which laws govern the company and your data?

Dust: French SAS under French and EU law. GDPR applies as corporate law. CNIL oversight. No US parent company, no CLOUD Act exposure. Founded by ex-OpenAI researchers building for EU sovereignty.

LightOn: French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

5/5

French SAS under French and EU law. GDPR applies as corporate law. CNIL oversight. No US parent company, no CLOUD Act exposure. Founded by ex-OpenAI researchers building for EU sovereignty.

5/5

French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

Data Retention & Training

Is your data used for model training?

Dust: Company data indexed by Dust is not used to train shared models. Data remains within the organisation's workspace. GDPR-compliant DPA available. Configurable data access controls per assistant.

LightOn: In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

5/5

Company data indexed by Dust is not used to train shared models. Data remains within the organisation's workspace. GDPR-compliant DPA available. Configurable data access controls per assistant.

4/5

In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Dust: ISO 27001 certification. As a fast-growing startup, the certification portfolio is expanding. SOC 2 Type II would further strengthen enterprise procurement credibility.

LightOn: Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

3/5

ISO 27001 certification. As a fast-growing startup, the certification portfolio is expanding. SOC 2 Type II would further strengthen enterprise procurement credibility.

3/5

Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

Regulatory Fit

Suitability for regulated industries and professional services

Dust: Excellent regulatory fit for European enterprises building internal AI agent infrastructure. French incorporation, EU hosting, GDPR-native design, and support for EU-sovereign LLM providers (Mistral) make Dust a top choice for sovereignty-conscious EU organisations.

LightOn: Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

5/5

Excellent regulatory fit for European enterprises building internal AI agent infrastructure. French incorporation, EU hosting, GDPR-native design, and support for EU-sovereign LLM providers (Mistral) make Dust a top choice for sovereignty-conscious EU organisations.

5/5

Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

Total Score

23/25

22/25

Best For

Dust

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (CNIL, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

LightOn

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (CNIL, AMF); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Detailed Comparison

Dust vs LightOn: Trust & Compliance Comparison

Dust (Dust, FR) scores 23/25 overall with a Gold (Excellent) trust badge. French AI platform for deploying AI assistants across your company's knowledge and tools. LightOn (LightOn, FR) scores 22/25 with a Gold (Excellent) trust badge. Sovereign enterprise GenAI platform deployed on-prem, air-gapped, or EU cloud.

Dimension-by-Dimension Breakdown

#### Data Residency

Both score equally at 5/5.

●Dust (5/5): Data hosted exclusively in EU (France). French SAS incorporation means EU law governs by default. Internal company data connected to Dust stays in EU infrastructure.

●LightOn (5/5): Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

#### Legal Jurisdiction

Both score equally at 5/5.

●Dust (5/5): French SAS under French and EU law. GDPR applies as corporate law. CNIL oversight. No US parent company, no CLOUD Act exposure. Founded by ex-OpenAI researchers building for EU sovereignty.

●LightOn (5/5): French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

#### Data Retention & Training

Dust leads with 5/5 vs 4/5.

●Dust (5/5): Company data indexed by Dust is not used to train shared models. Data remains within the organisation's workspace. GDPR-compliant DPA available. Configurable data access controls per assistant.

●LightOn (4/5): In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

#### Certifications

Both score equally at 3/5.

●Dust (3/5): ISO 27001 certification. As a fast-growing startup, the certification portfolio is expanding. SOC 2 Type II would further strengthen enterprise procurement credibility.

●LightOn (3/5): Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

#### Regulatory Fit

Both score equally at 5/5.

●Dust (5/5): Excellent regulatory fit for European enterprises building internal AI agent infrastructure. French incorporation, EU hosting, GDPR-native design, and support for EU-sovereign LLM providers (Mistral) make Dust a top choice for sovereignty-conscious EU organisations.

●LightOn (5/5): Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

Certifications at a Glance

Certification	Dust	LightOn
ISO 27001	Yes	No
SOC 2 Type 1	No	Yes

Overall Verdict

Dust and LightOn are closely matched on trust and compliance, with scores of 23/25 and 22/25 respectively. The right choice depends on your specific regulatory requirements and existing technology stack.

Frequently Asked Questions

Which is better for EU compliance, Dust or LightOn?

Dust has a TrustKit score of 23/25 while LightOn scores 22/25. Dust currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Dust and LightOn compare on data residency?

Dust scores 5/5 for data residency (Data hosted exclusively in EU (France). French SAS incorporation means EU law governs by default. Internal company data connected to Dust stays in EU infrastructure.), while LightOn scores 5/5 (Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.).

Are Dust and LightOn GDPR compliant?

Both tools are assessed across five compliance dimensions. Dust has a regulatory fit score of 5/5 and LightOn scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool