Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

Elicit

AI research assistant for finding and analysing academic literature

Noxtua

Excellent

25/25

Elicit

Caution

8/25

Score Breakdown

DimensionNoxtuaElicit

Data Residency

Where is your data stored and processed?

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

Elicit: Data is processed on US infrastructure only with no EU data residency option currently available.

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

1/5

Data is processed on US infrastructure only with no EU data residency option currently available.

Legal Jurisdiction

Which laws govern the company and your data?

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

Elicit: US-incorporated under Delaware law and subject to CLOUD Act; limited EU-specific legal protections are in place.

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

2/5

US-incorporated under Delaware law and subject to CLOUD Act; limited EU-specific legal protections are in place.

Data Retention & Training

Is your data used for model training?

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

Elicit: Data handling for uploaded documents and queries should be verified against current terms; opt-out is unclear.

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

2/5

Data handling for uploaded documents and queries should be verified against current terms; opt-out is unclear.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

Elicit: No SOC 2, ISO 27001, or other recognised security certifications are currently published.

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

1/5

No SOC 2, ISO 27001, or other recognised security certifications are currently published.

Regulatory Fit

Suitability for regulated industries and professional services

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Elicit: Suitable for individual researchers with low-risk data; institutional European deployments require significant additional assurances.

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

2/5

Suitable for individual researchers with low-risk data; institutional European deployments require significant additional assurances.

Total Score

25/25

8/25

Best For

Noxtua

Best for teams on a tight budget.

Elicit

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment; enterprises requiring SSO integration.

Detailed Comparison

Elicit vs Noxtua: Trust & Compliance Comparison

Elicit (Elicit, US) scores 8/25 overall with a Review Required (Caution) trust badge. AI research assistant for finding and analysing academic literature. Noxtua (Noxtua, DE) scores 25/25 with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM.

Dimension-by-Dimension Breakdown

#### Data Residency

Noxtua leads with 5/5 vs 1/5.

●Elicit (1/5): Data is processed on US infrastructure only with no EU data residency option currently available.

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

#### Legal Jurisdiction

Noxtua leads with 5/5 vs 2/5.

●Elicit (2/5): US-incorporated under Delaware law and subject to CLOUD Act; limited EU-specific legal protections are in place.

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

#### Data Retention & Training

Noxtua leads with 5/5 vs 2/5.

●Elicit (2/5): Data handling for uploaded documents and queries should be verified against current terms; opt-out is unclear.

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

#### Certifications

Noxtua leads with 5/5 vs 1/5.

●Elicit (1/5): No SOC 2, ISO 27001, or other recognised security certifications are currently published.

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

#### Regulatory Fit

Noxtua leads with 5/5 vs 2/5.

●Elicit (2/5): Suitable for individual researchers with low-risk data; institutional European deployments require significant additional assurances.

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Certifications at a Glance

Certification	Elicit	Noxtua
BSI C5	No	Yes
ISO 27001	No	Yes
ISO 27017	No	Yes
ISO 27018	No	Yes
ISO 42001	No	Yes
ISO 9001	No	Yes
TISAX	No	Yes

Overall Verdict

Noxtua has a clear trust advantage, scoring 25/25 compared to Elicit's 8/25. Noxtua particularly excels in data residency, legal jurisdiction, data retention & training, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Noxtua or Elicit?

Noxtua has a TrustKit score of 25/25 while Elicit scores 8/25. Noxtua currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Noxtua and Elicit compare on data residency?

Noxtua scores 5/5 for data residency (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.), while Elicit scores 1/5 (Data is processed on US infrastructure only with no EU data residency option currently available.).

Are Noxtua and Elicit GDPR compliant?

Both tools are assessed across five compliance dimensions. Noxtua has a regulatory fit score of 5/5 and Elicit scores 2/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool