LightOn

Sovereign enterprise GenAI platform deployed on-prem, air-gapped, or EU cloud

Together AI

Open-source LLM inference and fine-tuning platform for enterprise AI builders

LightOn

Excellent

22/25

Together AI

Caution

10/25

Score Breakdown

DimensionLightOnTogether AI

Data Residency

Where is your data stored and processed?

LightOn: Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

Together AI: All inference and fine-tuning workloads processed in US data centres. No EU data residency option. GDPR transfer mechanisms (SCCs) required for European personal data processing.

5/5

Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

1/5

All inference and fine-tuning workloads processed in US data centres. No EU data residency option. GDPR transfer mechanisms (SCCs) required for European personal data processing.

Legal Jurisdiction

Which laws govern the company and your data?

LightOn: French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

Together AI: Incorporated in Delaware, US. Subject to CLOUD Act. GDPR DPA available for enterprise customers contractually, but US jurisdiction governs. No EU subsidiary structure.

5/5

French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

2/5

Incorporated in Delaware, US. Subject to CLOUD Act. GDPR DPA available for enterprise customers contractually, but US jurisdiction governs. No EU subsidiary structure.

Data Retention & Training

Is your data used for model training?

LightOn: In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

Together AI: Clear policy that customer data and fine-tuning datasets are not used to train shared models. Fine-tuned model weights are customer property. Good baseline for data isolation, but residency limitation remains.

4/5

In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

4/5

Clear policy that customer data and fine-tuning datasets are not used to train shared models. Fine-tuned model weights are customer property. Good baseline for data isolation, but residency limitation remains.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

LightOn: Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

Together AI: No published ISO 27001, SOC 2 Type II, or independent security certifications as of early 2026. Security practices are self-attested. Significant gap for enterprise procurement in regulated industries.

3/5

Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

1/5

No published ISO 27001, SOC 2 Type II, or independent security certifications as of early 2026. Security practices are self-attested. Significant gap for enterprise procurement in regulated industries.

Regulatory Fit

Suitability for regulated industries and professional services

LightOn: Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

Together AI: Not suitable for GDPR-regulated personal data processing without SCCs and TIA. Good for development, prototyping, and non-personal-data AI workloads. US jurisdiction and absence of certifications limit suitability for regulated EU industries.

5/5

Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

2/5

Not suitable for GDPR-regulated personal data processing without SCCs and TIA. Good for development, prototyping, and non-personal-data AI workloads. US jurisdiction and absence of certifications limit suitability for regulated EU industries.

Total Score

22/25

10/25

Best For

LightOn

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (CNIL, AMF); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment; enterprises requiring SSO integration.

Together AI

Best for privacy-conscious teams who need strong data retention controls; teams on a tight budget.

Detailed Comparison

LightOn vs Together AI: Trust & Compliance Comparison

LightOn (LightOn, FR) scores 22/25 overall with a Gold (Excellent) trust badge. Sovereign enterprise GenAI platform deployed on-prem, air-gapped, or EU cloud. Together AI (Together AI, US) scores 10/25 with a Review Required (Caution) trust badge. Open-source LLM inference and fine-tuning platform for enterprise AI builders.

Dimension-by-Dimension Breakdown

#### Data Residency

LightOn leads with 5/5 vs 1/5.

●LightOn (5/5): Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.

●Together AI (1/5): All inference and fine-tuning workloads processed in US data centres. No EU data residency option. GDPR transfer mechanisms (SCCs) required for European personal data processing.

#### Legal Jurisdiction

LightOn leads with 5/5 vs 2/5.

●LightOn (5/5): French SA incorporated in France, listed on Euronext Growth Paris, with no US parent. Fully under EU/French jurisdiction.

●Together AI (2/5): Incorporated in Delaware, US. Subject to CLOUD Act. GDPR DPA available for enterprise customers contractually, but US jurisdiction governs. No EU subsidiary structure.

#### Data Retention & Training

Both score equally at 4/5.

●LightOn (4/5): In-perimeter deployment means no customer data is sent out or used to train shared models, and retention is governed by the customer's own infrastructure. Scored 4 rather than 5 as public DPA/retention-control documentation is limited.

●Together AI (4/5): Clear policy that customer data and fine-tuning datasets are not used to train shared models. Fine-tuned model weights are customer property. Good baseline for data isolation, but residency limitation remains.

#### Certifications

LightOn leads with 3/5 vs 1/5.

●LightOn (3/5): Holds SOC 2 Type 1. ISO 27001 and SOC 2 Type II are not confirmed in published sources, and ANSSI SecNumCloud appears to be a positioning goal rather than a confirmed qualification.

●Together AI (1/5): No published ISO 27001, SOC 2 Type II, or independent security certifications as of early 2026. Security practices are self-attested. Significant gap for enterprise procurement in regulated industries.

#### Regulatory Fit

LightOn leads with 5/5 vs 2/5.

●LightOn (5/5): Purpose-built for regulated and sovereign EU buyers, with public-sector and defense/aerospace references (CNES, Safran, French tax authority) and GDPR/AI Act alignment.

●Together AI (2/5): Not suitable for GDPR-regulated personal data processing without SCCs and TIA. Good for development, prototyping, and non-personal-data AI workloads. US jurisdiction and absence of certifications limit suitability for regulated EU industries.

Certifications at a Glance

Certification	LightOn	Together AI
SOC 2 Type 1	Yes	No

Overall Verdict

LightOn has a clear trust advantage, scoring 22/25 compared to Together AI's 10/25. LightOn particularly excels in data residency, legal jurisdiction, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, LightOn or Together AI?

LightOn has a TrustKit score of 22/25 while Together AI scores 10/25. LightOn currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do LightOn and Together AI compare on data residency?

LightOn scores 5/5 for data residency (Deploys on-premise, in customer VPC, or air-gapped on EU infrastructure, so data never leaves the customer's own security perimeter. Strongest possible residency posture.), while Together AI scores 1/5 (All inference and fine-tuning workloads processed in US data centres. No EU data residency option. GDPR transfer mechanisms (SCCs) required for European personal data processing.).

Are LightOn and Together AI GDPR compliant?

Both tools are assessed across five compliance dimensions. LightOn has a regulatory fit score of 5/5 and Together AI scores 2/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool