Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

Nabla Copilot

AI medical scribe that turns patient conversations into clinical notes

Noxtua

Excellent

25/25

Nabla Copilot

Excellent

22/25

Score Breakdown

DimensionNoxtuaNabla Copilot

Data Residency

Where is your data stored and processed?

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

Nabla Copilot: Choice of US (AWS us-east-1) or EU (AWS eu-west-1) data hosting. French HDS certification for health data in the EU. Strong dual-region residency for healthcare organisations on both sides of the Atlantic.

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

4/5

Choice of US (AWS us-east-1) or EU (AWS eu-west-1) data hosting. French HDS certification for health data in the EU. Strong dual-region residency for healthcare organisations on both sides of the Atlantic.

Legal Jurisdiction

Which laws govern the company and your data?

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

Nabla Copilot: Incorporated in France under French and EU law, benefiting from GDPR-native jurisdiction and the French Health Data Hosting (HDS) regulatory framework. US operations covered by HIPAA BAA.

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

4/5

Incorporated in France under French and EU law, benefiting from GDPR-native jurisdiction and the French Health Data Hosting (HDS) regulatory framework. US operations covered by HIPAA BAA.

Data Retention & Training

Is your data used for model training?

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

Nabla Copilot: Patient audio processed transiently and not stored by default. No use of patient data for model training. Configurable note retention aligned with EHR data governance policies.

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

5/5

Patient audio processed transiently and not stored by default. No use of patient data for model training. Configurable note retention aligned with EHR data governance policies.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

Nabla Copilot: SOC 2 Type II certified; HIPAA BAA available; HDS certified in France. ISO 27001 in progress. Strong healthcare-specific compliance posture for a company of its size.

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

4/5

SOC 2 Type II certified; HIPAA BAA available; HDS certified in France. ISO 27001 in progress. Strong healthcare-specific compliance posture for a company of its size.

Regulatory Fit

Suitability for regulated industries and professional services

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Nabla Copilot: Exceptional fit for healthcare providers. HIPAA BAA, HDS certification, GDPR-native jurisdiction, and no patient data training make it one of the most compliant AI scribing tools available.

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

5/5

Exceptional fit for healthcare providers. HIPAA BAA, HDS certification, GDPR-native jurisdiction, and no patient data training make it one of the most compliant AI scribing tools available.

Total Score

25/25

22/25

Best For

Noxtua

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (SOC 2 Type II, HIPAA BAA, HDS); regulated industries (HHS OCR, CNIL); privacy-conscious teams who need strong data retention controls.

Nabla Copilot

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Detailed Comparison

Nabla Copilot vs Noxtua: Trust & Compliance Comparison

Nabla Copilot (Nabla, FR) scores 22/25 overall with a Gold (Excellent) trust badge. AI medical scribe that turns patient conversations into clinical notes. Noxtua (Noxtua, DE) scores 25/25 with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM.

Dimension-by-Dimension Breakdown

#### Data Residency

Noxtua leads with 5/5 vs 4/5.

●Nabla Copilot (4/5): Choice of US (AWS us-east-1) or EU (AWS eu-west-1) data hosting. French HDS certification for health data in the EU. Strong dual-region residency for healthcare organisations on both sides of the Atlantic.

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

#### Legal Jurisdiction

Noxtua leads with 5/5 vs 4/5.

●Nabla Copilot (4/5): Incorporated in France under French and EU law, benefiting from GDPR-native jurisdiction and the French Health Data Hosting (HDS) regulatory framework. US operations covered by HIPAA BAA.

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

#### Data Retention & Training

Both score equally at 5/5.

●Nabla Copilot (5/5): Patient audio processed transiently and not stored by default. No use of patient data for model training. Configurable note retention aligned with EHR data governance policies.

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

#### Certifications

Noxtua leads with 5/5 vs 4/5.

●Nabla Copilot (4/5): SOC 2 Type II certified; HIPAA BAA available; HDS certified in France. ISO 27001 in progress. Strong healthcare-specific compliance posture for a company of its size.

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

#### Regulatory Fit

Both score equally at 5/5.

●Nabla Copilot (5/5): Exceptional fit for healthcare providers. HIPAA BAA, HDS certification, GDPR-native jurisdiction, and no patient data training make it one of the most compliant AI scribing tools available.

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Certifications at a Glance

Certification	Nabla Copilot	Noxtua
BSI C5	No	Yes
HDS	Yes	No
HIPAA BAA	Yes	No
ISO 27001	No	Yes
ISO 27017	No	Yes
ISO 27018	No	Yes
ISO 42001	No	Yes
ISO 9001	No	Yes
SOC 2 Type II	Yes	No
TISAX	No	Yes

Overall Verdict

Noxtua has a clear trust advantage, scoring 25/25 compared to Nabla Copilot's 22/25. Noxtua particularly excels in data residency, legal jurisdiction, certifications.

Frequently Asked Questions

Which is better for EU compliance, Noxtua or Nabla Copilot?

Noxtua has a TrustKit score of 25/25 while Nabla Copilot scores 22/25. Noxtua currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Noxtua and Nabla Copilot compare on data residency?

Noxtua scores 5/5 for data residency (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.), while Nabla Copilot scores 4/5 (Choice of US (AWS us-east-1) or EU (AWS eu-west-1) data hosting. French HDS certification for health data in the EU. Strong dual-region residency for healthcare organisations on both sides of the Atlantic.).

Are Noxtua and Nabla Copilot GDPR compliant?

Both tools are assessed across five compliance dimensions. Noxtua has a regulatory fit score of 5/5 and Nabla Copilot scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool