Infermedica

Polish AI symptom checker and clinical triage platform for digital health

Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

Infermedica

Excellent

24/25

Noxtua

Excellent

25/25

Score Breakdown

DimensionInfermedicaNoxtua

Data Residency

Where is your data stored and processed?

Infermedica: EU data centres (Poland and Germany). Polish incorporation means EU law governs by default. No US cloud dependency. Strong data residency for healthcare AI.

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

5/5

EU data centres (Poland and Germany). Polish incorporation means EU law governs by default. No US cloud dependency. Strong data residency for healthcare AI.

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

Legal Jurisdiction

Which laws govern the company and your data?

Infermedica: Polish Sp. z o.o. under Polish and EU law. GDPR and EU AI Act apply as corporate law. UODO (Polish DPA) is the lead supervisory authority. No CLOUD Act exposure.

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

5/5

Polish Sp. z o.o. under Polish and EU law. GDPR and EU AI Act apply as corporate law. UODO (Polish DPA) is the lead supervisory authority. No CLOUD Act exposure.

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

Data Retention & Training

Is your data used for model training?

Infermedica: Patient triage data not used for cross-customer model training. API architecture means customer data stays under customer control. GDPR-compliant DPA available for all customers.

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

5/5

Patient triage data not used for cross-customer model training. API architecture means customer data stays under customer control. GDPR-compliant DPA available for all customers.

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Infermedica: ISO 27001 and ISO 27799 (health informatics security) certifications. CE-marked as Class I medical device under EU MDR. Strong certification posture for a medical AI company.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

4/5

ISO 27001 and ISO 27799 (health informatics security) certifications. CE-marked as Class I medical device under EU MDR. Strong certification posture for a medical AI company.

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

Regulatory Fit

Suitability for regulated industries and professional services

Infermedica: Excellent fit for EU healthcare organisations, insurers, and digital health platforms. CE-marked under MDR, GDPR-native, EU-incorporated, and multilingual (30+ languages). One of the strongest EU-sovereign medical AI platforms for triage and symptom assessment.

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

5/5

Excellent fit for EU healthcare organisations, insurers, and digital health platforms. CE-marked under MDR, GDPR-native, EU-incorporated, and multilingual (30+ languages). One of the strongest EU-sovereign medical AI platforms for triage and symptom assessment.

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Total Score

24/25

25/25

Best For

Infermedica

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (CNIL, BaFin); privacy-conscious teams who need strong data retention controls.

Noxtua

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Detailed Comparison

Infermedica vs Noxtua: Trust & Compliance Comparison

Infermedica (Infermedica, PL) scores 24/25 overall with a Gold (Excellent) trust badge. Polish AI symptom checker and clinical triage platform for digital health. Noxtua (Noxtua, DE) scores 25/25 with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM.

Dimension-by-Dimension Breakdown

#### Data Residency

Both score equally at 5/5.

●Infermedica (5/5): EU data centres (Poland and Germany). Polish incorporation means EU law governs by default. No US cloud dependency. Strong data residency for healthcare AI.

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

#### Legal Jurisdiction

Both score equally at 5/5.

●Infermedica (5/5): Polish Sp. z o.o. under Polish and EU law. GDPR and EU AI Act apply as corporate law. UODO (Polish DPA) is the lead supervisory authority. No CLOUD Act exposure.

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

#### Data Retention & Training

Both score equally at 5/5.

●Infermedica (5/5): Patient triage data not used for cross-customer model training. API architecture means customer data stays under customer control. GDPR-compliant DPA available for all customers.

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

#### Certifications

Noxtua leads with 5/5 vs 4/5.

●Infermedica (4/5): ISO 27001 and ISO 27799 (health informatics security) certifications. CE-marked as Class I medical device under EU MDR. Strong certification posture for a medical AI company.

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

#### Regulatory Fit

Both score equally at 5/5.

●Infermedica (5/5): Excellent fit for EU healthcare organisations, insurers, and digital health platforms. CE-marked under MDR, GDPR-native, EU-incorporated, and multilingual (30+ languages). One of the strongest EU-sovereign medical AI platforms for triage and symptom assessment.

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Certifications at a Glance

Certification	Infermedica	Noxtua
BSI C5	No	Yes
ISO 27001	Yes	Yes
ISO 27017	No	Yes
ISO 27018	No	Yes
ISO 27799	Yes	No
ISO 42001	No	Yes
ISO 9001	No	Yes
TISAX	No	Yes

Overall Verdict

Infermedica and Noxtua are closely matched on trust and compliance, with scores of 24/25 and 25/25 respectively. The right choice depends on your specific regulatory requirements and existing technology stack.

Frequently Asked Questions

Which is better for EU compliance, Infermedica or Noxtua?

Infermedica has a TrustKit score of 24/25 while Noxtua scores 25/25. Noxtua currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Infermedica and Noxtua compare on data residency?

Infermedica scores 5/5 for data residency (EU data centres (Poland and Germany). Polish incorporation means EU law governs by default. No US cloud dependency. Strong data residency for healthcare AI.), while Noxtua scores 5/5 (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.).

Are Infermedica and Noxtua GDPR compliant?

Both tools are assessed across five compliance dimensions. Infermedica has a regulatory fit score of 5/5 and Noxtua scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool