Infermedica

Polish AI symptom checker and clinical triage platform for digital health

Hawk

AI-native anti-money laundering and fraud prevention for banks and payment firms

Infermedica

Excellent

24/25

Hawk

Excellent

22/25

Score Breakdown

DimensionInfermedicaHawk

Data Residency

Where is your data stored and processed?

Infermedica: EU data centres (Poland and Germany). Polish incorporation means EU law governs by default. No US cloud dependency. Strong data residency for healthcare AI.

Hawk: European company offering SaaS or private-cloud deployment and GDPR compliance, but no publicly published EU-only data-residency commitment or named region. EU customers should confirm EU hosting via the DPA. Scored conservatively pending explicit residency disclosure.

5/5

EU data centres (Poland and Germany). Polish incorporation means EU law governs by default. No US cloud dependency. Strong data residency for healthcare AI.

3/5

European company offering SaaS or private-cloud deployment and GDPR compliance, but no publicly published EU-only data-residency commitment or named region. EU customers should confirm EU hosting via the DPA. Scored conservatively pending explicit residency disclosure.

Legal Jurisdiction

Which laws govern the company and your data?

Infermedica: Polish Sp. z o.o. under Polish and EU law. GDPR and EU AI Act apply as corporate law. UODO (Polish DPA) is the lead supervisory authority. No CLOUD Act exposure.

Hawk: Incorporated as Hawk AI GmbH in Munich, Germany (EU/EEA), with no US parent. Falls fully under EU/GDPR jurisdiction — ideal for EU regulated institutions.

5/5

Polish Sp. z o.o. under Polish and EU law. GDPR and EU AI Act apply as corporate law. UODO (Polish DPA) is the lead supervisory authority. No CLOUD Act exposure.

5/5

Incorporated as Hawk AI GmbH in Munich, Germany (EU/EEA), with no US parent. Falls fully under EU/GDPR jurisdiction — ideal for EU regulated institutions.

Data Retention & Training

Is your data used for model training?

Infermedica: Patient triage data not used for cross-customer model training. API architecture means customer data stays under customer control. GDPR-compliant DPA available for all customers.

Hawk: Offers DPAs, encryption, GDPR-aligned PII handling and private-cloud isolation; AI learns from analyst feedback within the customer tenant. No public explicit shared-model no-training clause, so scored 4 pending DPA confirmation of retention and training terms.

5/5

Patient triage data not used for cross-customer model training. API architecture means customer data stays under customer control. GDPR-compliant DPA available for all customers.

4/5

Offers DPAs, encryption, GDPR-aligned PII handling and private-cloud isolation; AI learns from analyst feedback within the customer tenant. No public explicit shared-model no-training clause, so scored 4 pending DPA confirmation of retention and training terms.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Infermedica: ISO 27001 and ISO 27799 (health informatics security) certifications. CE-marked as Class I medical device under EU MDR. Strong certification posture for a medical AI company.

Hawk: Holds ISO/IEC 27001:2022 and SOC 2 Type 2, with ISO 22301 alignment and GDPR audits — a strong stack including sector-relevant resilience certification for a financial-crime vendor.

4/5

ISO 27001 and ISO 27799 (health informatics security) certifications. CE-marked as Class I medical device under EU MDR. Strong certification posture for a medical AI company.

5/5

Holds ISO/IEC 27001:2022 and SOC 2 Type 2, with ISO 22301 alignment and GDPR audits — a strong stack including sector-relevant resilience certification for a financial-crime vendor.

Regulatory Fit

Suitability for regulated industries and professional services

Infermedica: Excellent fit for EU healthcare organisations, insurers, and digital health platforms. CE-marked under MDR, GDPR-native, EU-incorporated, and multilingual (30+ languages). One of the strongest EU-sovereign medical AI platforms for triage and symptom assessment.

Hawk: Purpose-built for regulated EU financial institutions (AML/CFT, fraud), used by Tier-1 banks and payment firms; directly relevant to BaFin and other EU financial supervisors. Forrester Strong Performer, Q2 2025.

5/5

Excellent fit for EU healthcare organisations, insurers, and digital health platforms. CE-marked under MDR, GDPR-native, EU-incorporated, and multilingual (30+ languages). One of the strongest EU-sovereign medical AI platforms for triage and symptom assessment.

5/5

Purpose-built for regulated EU financial institutions (AML/CFT, fraud), used by Tier-1 banks and payment firms; directly relevant to BaFin and other EU financial supervisors. Forrester Strong Performer, Q2 2025.

Total Score

24/25

22/25

Best For

Infermedica

Best for teams prioritising European legal jurisdiction; organisations requiring broad certification coverage (ISO/IEC 27001:2022, SOC 2 Type 2, ISO 22301 (alignment)); regulated industries (BaFin, BfDI); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Hawk

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (CNIL, BaFin); privacy-conscious teams who need strong data retention controls.

Detailed Comparison

Hawk vs Infermedica: Trust & Compliance Comparison

Hawk (Hawk, DE) scores 22/25 overall with a Gold (Excellent) trust badge. AI-native anti-money laundering and fraud prevention for banks and payment firms. Infermedica (Infermedica, PL) scores 24/25 with a Gold (Excellent) trust badge. Polish AI symptom checker and clinical triage platform for digital health.

Dimension-by-Dimension Breakdown

#### Data Residency

Infermedica leads with 5/5 vs 3/5.

●Hawk (3/5): European company offering SaaS or private-cloud deployment and GDPR compliance, but no publicly published EU-only data-residency commitment or named region. EU customers should confirm EU hosting via the DPA. Scored conservatively pending explicit residency disclosure.

●Infermedica (5/5): EU data centres (Poland and Germany). Polish incorporation means EU law governs by default. No US cloud dependency. Strong data residency for healthcare AI.

#### Legal Jurisdiction

Both score equally at 5/5.

●Hawk (5/5): Incorporated as Hawk AI GmbH in Munich, Germany (EU/EEA), with no US parent. Falls fully under EU/GDPR jurisdiction — ideal for EU regulated institutions.

●Infermedica (5/5): Polish Sp. z o.o. under Polish and EU law. GDPR and EU AI Act apply as corporate law. UODO (Polish DPA) is the lead supervisory authority. No CLOUD Act exposure.

#### Data Retention & Training

Infermedica leads with 5/5 vs 4/5.

●Hawk (4/5): Offers DPAs, encryption, GDPR-aligned PII handling and private-cloud isolation; AI learns from analyst feedback within the customer tenant. No public explicit shared-model no-training clause, so scored 4 pending DPA confirmation of retention and training terms.

●Infermedica (5/5): Patient triage data not used for cross-customer model training. API architecture means customer data stays under customer control. GDPR-compliant DPA available for all customers.

#### Certifications

Hawk leads with 5/5 vs 4/5.

●Hawk (5/5): Holds ISO/IEC 27001:2022 and SOC 2 Type 2, with ISO 22301 alignment and GDPR audits — a strong stack including sector-relevant resilience certification for a financial-crime vendor.

●Infermedica (4/5): ISO 27001 and ISO 27799 (health informatics security) certifications. CE-marked as Class I medical device under EU MDR. Strong certification posture for a medical AI company.

#### Regulatory Fit

Both score equally at 5/5.

●Hawk (5/5): Purpose-built for regulated EU financial institutions (AML/CFT, fraud), used by Tier-1 banks and payment firms; directly relevant to BaFin and other EU financial supervisors. Forrester Strong Performer, Q2 2025.

●Infermedica (5/5): Excellent fit for EU healthcare organisations, insurers, and digital health platforms. CE-marked under MDR, GDPR-native, EU-incorporated, and multilingual (30+ languages). One of the strongest EU-sovereign medical AI platforms for triage and symptom assessment.

Certifications at a Glance

Certification	Hawk	Infermedica
GDPR	Yes	No
ISO 22301 (alignment)	Yes	No
ISO 27001	No	Yes
ISO 27799	No	Yes
ISO/IEC 27001:2022	Yes	No
SOC 2 Type 2	Yes	No

Overall Verdict

Infermedica has a clear trust advantage, scoring 24/25 compared to Hawk's 22/25. Infermedica particularly excels in data residency, data retention & training.

Frequently Asked Questions

Which is better for EU compliance, Infermedica or Hawk?

Infermedica has a TrustKit score of 24/25 while Hawk scores 22/25. Infermedica currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Infermedica and Hawk compare on data residency?

Infermedica scores 5/5 for data residency (EU data centres (Poland and Germany). Polish incorporation means EU law governs by default. No US cloud dependency. Strong data residency for healthcare AI.), while Hawk scores 3/5 (European company offering SaaS or private-cloud deployment and GDPR compliance, but no publicly published EU-only data-residency commitment or named region. EU customers should confirm EU hosting via the DPA. Scored conservatively pending explicit residency disclosure.).

Are Infermedica and Hawk GDPR compliant?

Both tools are assessed across five compliance dimensions. Infermedica has a regulatory fit score of 5/5 and Hawk scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool