LightOn

Sovereign enterprise GenAI platform deployed on-prem, air-gapped, or EU cloud

Portkey

AI gateway and LLMOps platform for routing, observability, and guardrails across multiple LLM providers

LightOn

Excellent

22/25

Portkey

Moderate

15/25

Score Breakdown

DimensionLightOnPortkey

Data Residency

Where is your data stored and processed?

LightOn: Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

Portkey: US cloud by default but self-hosted deployment option allows EU data residency. Gateway architecture means LLM requests can be routed to EU-hosted providers.

5/5

Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

3/5

US cloud by default but self-hosted deployment option allows EU data residency. Gateway architecture means LLM requests can be routed to EU-hosted providers.

Legal Jurisdiction

Which laws govern the company and your data?

LightOn: French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

Portkey: Delaware incorporation. US jurisdiction. Self-hosted option eliminates cloud dependency for data-sensitive deployments.

5/5

French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

2/5

Delaware incorporation. US jurisdiction. Self-hosted option eliminates cloud dependency for data-sensitive deployments.

Data Retention & Training

Is your data used for model training?

LightOn: In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

Portkey: Gateway does not train on routed data. Observability logs are retained per customer policy. Self-hosted gives full control.

4/5

In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

4/5

Gateway does not train on routed data. Observability logs are retained per customer policy. Self-hosted gives full control.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

LightOn: Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

Portkey: SOC 2 Type II certified. Appropriate for the company's stage. ISO 27001 would strengthen enterprise procurement.

3/5

Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

3/5

SOC 2 Type II certified. Appropriate for the company's stage. ISO 27001 would strengthen enterprise procurement.

Regulatory Fit

Suitability for regulated industries and professional services

LightOn: Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

Portkey: Self-hosted option enables EU deployment. SOC 2 certified. US jurisdiction applies to cloud product. Suitable for European teams managing multi-model AI infrastructure.

5/5

Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

3/5

Self-hosted option enables EU deployment. SOC 2 certified. US jurisdiction applies to cloud product. Suitable for European teams managing multi-model AI infrastructure.

Total Score

22/25

15/25

Best For

LightOn

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (CNIL, AMF); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Portkey

Best for privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment; teams on a tight budget.

Detailed Comparison

LightOn vs Portkey: Trust & Compliance Comparison

LightOn (LightOn, FR) scores 22/25 overall with a Gold (Excellent) trust badge. Sovereign enterprise GenAI platform deployed on-prem, air-gapped, or EU cloud. Portkey (Portkey, US) scores 15/25 with a Bronze (Moderate) trust badge. AI gateway and LLMOps platform for routing, observability, and guardrails across multiple LLM providers.

Dimension-by-Dimension Breakdown

#### Data Residency

LightOn leads with 5/5 vs 3/5.

●LightOn (5/5): Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

●Portkey (3/5): US cloud by default but self-hosted deployment option allows EU data residency. Gateway architecture means LLM requests can be routed to EU-hosted providers.

#### Legal Jurisdiction

LightOn leads with 5/5 vs 2/5.

●LightOn (5/5): French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

●Portkey (2/5): Delaware incorporation. US jurisdiction. Self-hosted option eliminates cloud dependency for data-sensitive deployments.

#### Data Retention & Training

Both score equally at 4/5.

●LightOn (4/5): In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

●Portkey (4/5): Gateway does not train on routed data. Observability logs are retained per customer policy. Self-hosted gives full control.

#### Certifications

Both score equally at 3/5.

●LightOn (3/5): Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

●Portkey (3/5): SOC 2 Type II certified. Appropriate for the company's stage. ISO 27001 would strengthen enterprise procurement.

#### Regulatory Fit

LightOn leads with 5/5 vs 3/5.

●LightOn (5/5): Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

●Portkey (3/5): Self-hosted option enables EU deployment. SOC 2 certified. US jurisdiction applies to cloud product. Suitable for European teams managing multi-model AI infrastructure.

Certifications at a Glance

Certification	LightOn	Portkey
SOC 2 Type 1	Yes	No
SOC 2 Type II	No	Yes

Overall Verdict

LightOn has a clear trust advantage, scoring 22/25 compared to Portkey's 15/25. LightOn particularly excels in data residency, legal jurisdiction, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, LightOn or Portkey?

LightOn has a TrustKit score of 22/25 while Portkey scores 15/25. LightOn currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do LightOn and Portkey compare on data residency?

LightOn scores 5/5 for data residency (Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.), while Portkey scores 3/5 (US cloud by default but self-hosted deployment option allows EU data residency. Gateway architecture means LLM requests can be routed to EU-hosted providers.).

Are LightOn and Portkey GDPR compliant?

Both tools are assessed across five compliance dimensions. LightOn has a regulatory fit score of 5/5 and Portkey scores 3/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool