Nabla Copilot

AI medical scribe that turns patient conversations into clinical notes

Tucuvi

Autonomous clinical voice AI agents that call patients and run care workflows

Nabla Copilot

Excellent

22/25

Tucuvi

Excellent

23/25

Score Breakdown

DimensionNabla CopilotTucuvi

Data Residency

Where is your data stored and processed?

Nabla Copilot: Choice of US (AWS us-east-1) or EU (AWS eu-west-1) data hosting. French HDS certification for health data in the EU. Strong dual-region residency for healthcare organisations on both sides of the Atlantic.

Tucuvi: EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.

4/5

Choice of US (AWS us-east-1) or EU (AWS eu-west-1) data hosting. French HDS certification for health data in the EU. Strong dual-region residency for healthcare organisations on both sides of the Atlantic.

4/5

EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.

Legal Jurisdiction

Which laws govern the company and your data?

Nabla Copilot: Incorporated in France under French and EU law, benefiting from GDPR-native jurisdiction and the French Health Data Hosting (HDS) regulatory framework. US operations covered by HIPAA BAA.

Tucuvi: Incorporated as Tucuvi Care S.L. in Madrid with no US parent, placing it fully within EU/EEA jurisdiction.

4/5

Incorporated in France under French and EU law, benefiting from GDPR-native jurisdiction and the French Health Data Hosting (HDS) regulatory framework. US operations covered by HIPAA BAA.

5/5

Incorporated as Tucuvi Care S.L. in Madrid with no US parent, placing it fully within EU/EEA jurisdiction.

Data Retention & Training

Is your data used for model training?

Nabla Copilot: Patient audio processed transiently and not stored by default. No use of patient data for model training. Configurable note retention aligned with EHR data governance policies.

Tucuvi: AI agents are trained on a proprietary manually-labelled dataset rather than on live customer data, and the QMS enforces GDPR/HIPAA data protection; however, no explicit public no-training-on-customer-data guarantee or detailed retention/DPA terms are published, so scored 4 rather than 5.

5/5

Patient audio processed transiently and not stored by default. No use of patient data for model training. Configurable note retention aligned with EHR data governance policies.

4/5

AI agents are trained on a proprietary manually-labelled dataset rather than on live customer data, and the QMS enforces GDPR/HIPAA data protection; however, no explicit public no-training-on-customer-data guarantee or detailed retention/DPA terms are published, so scored 4 rather than 5.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Nabla Copilot: SOC 2 Type II certified; HIPAA BAA available; HDS certified in France. ISO 27001 in progress. Strong healthcare-specific compliance posture for a company of its size.

Tucuvi: Strong, sector-specific stack: ISO/IEC 27001 and SOC 2 plus CE-marked Class IIb Software as a Medical Device under an ISO 13485 QMS, with EU AI Act and BS 30440 alignment. SOC 2 type (I vs II) not publicly specified.

4/5

SOC 2 Type II certified; HIPAA BAA available; HDS certified in France. ISO 27001 in progress. Strong healthcare-specific compliance posture for a company of its size.

5/5

Strong, sector-specific stack: ISO/IEC 27001 and SOC 2 plus CE-marked Class IIb Software as a Medical Device under an ISO 13485 QMS, with EU AI Act and BS 30440 alignment. SOC 2 type (I vs II) not publicly specified.

Regulatory Fit

Suitability for regulated industries and professional services

Nabla Copilot: Exceptional fit for healthcare providers. HIPAA BAA, HDS certification, GDPR-native jurisdiction, and no patient data training make it one of the most compliant AI scribing tools available.

Tucuvi: Purpose-built for regulated EU healthcare and certified as a Class IIb medical device, suitable for hospitals and health systems under EMA/AEMPS oversight and GDPR.

5/5

Exceptional fit for healthcare providers. HIPAA BAA, HDS certification, GDPR-native jurisdiction, and no patient data training make it one of the most compliant AI scribing tools available.

5/5

Purpose-built for regulated EU healthcare and certified as a Class IIb medical device, suitable for hospitals and health systems under EMA/AEMPS oversight and GDPR.

Total Score

22/25

23/25

Best For

Nabla Copilot

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (SOC 2 Type II, HIPAA BAA, HDS); regulated industries (HHS OCR, CNIL); privacy-conscious teams who need strong data retention controls.

Tucuvi

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (CE-marked SaMD (Class IIb), ISO 13485, ISO/IEC 27001); regulated industries (AEMPS, EMA); privacy-conscious teams who need strong data retention controls.

Detailed Comparison

Nabla Copilot vs Tucuvi: Trust & Compliance Comparison

Nabla Copilot (Nabla, FR) scores 22/25 overall with a Gold (Excellent) trust badge. AI medical scribe that turns patient conversations into clinical notes. Tucuvi (Tucuvi, ES) scores 23/25 with a Gold (Excellent) trust badge. Autonomous clinical voice AI agents that call patients and run care workflows.

Dimension-by-Dimension Breakdown

#### Data Residency

Both score equally at 4/5.

●Nabla Copilot (4/5): Choice of US (AWS us-east-1) or EU (AWS eu-west-1) data hosting. French HDS certification for health data in the EU. Strong dual-region residency for healthcare organisations on both sides of the Atlantic.

●Tucuvi (4/5): EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.

#### Legal Jurisdiction

Tucuvi leads with 5/5 vs 4/5.

●Nabla Copilot (4/5): Incorporated in France under French and EU law, benefiting from GDPR-native jurisdiction and the French Health Data Hosting (HDS) regulatory framework. US operations covered by HIPAA BAA.

●Tucuvi (5/5): Incorporated as Tucuvi Care S.L. in Madrid with no US parent, placing it fully within EU/EEA jurisdiction.

#### Data Retention & Training

Nabla Copilot leads with 5/5 vs 4/5.

●Nabla Copilot (5/5): Patient audio processed transiently and not stored by default. No use of patient data for model training. Configurable note retention aligned with EHR data governance policies.

●Tucuvi (4/5): AI agents are trained on a proprietary manually-labelled dataset rather than on live customer data, and the QMS enforces GDPR/HIPAA data protection; however, no explicit public no-training-on-customer-data guarantee or detailed retention/DPA terms are published, so scored 4 rather than 5.

#### Certifications

Tucuvi leads with 5/5 vs 4/5.

●Nabla Copilot (4/5): SOC 2 Type II certified; HIPAA BAA available; HDS certified in France. ISO 27001 in progress. Strong healthcare-specific compliance posture for a company of its size.

●Tucuvi (5/5): Strong, sector-specific stack: ISO/IEC 27001 and SOC 2 plus CE-marked Class IIb Software as a Medical Device under an ISO 13485 QMS, with EU AI Act and BS 30440 alignment. SOC 2 type (I vs II) not publicly specified.

#### Regulatory Fit

Both score equally at 5/5.

●Nabla Copilot (5/5): Exceptional fit for healthcare providers. HIPAA BAA, HDS certification, GDPR-native jurisdiction, and no patient data training make it one of the most compliant AI scribing tools available.

●Tucuvi (5/5): Purpose-built for regulated EU healthcare and certified as a Class IIb medical device, suitable for hospitals and health systems under EMA/AEMPS oversight and GDPR.

Certifications at a Glance

Certification	Nabla Copilot	Tucuvi
CE-marked SaMD (Class IIb)	No	Yes
GDPR	No	Yes
HDS	Yes	No
HIPAA	No	Yes
HIPAA BAA	Yes	No
ISO 13485	No	Yes
ISO/IEC 27001	No	Yes
SOC 2	No	Yes
SOC 2 Type II	Yes	No

Overall Verdict

Nabla Copilot and Tucuvi are closely matched on trust and compliance, with scores of 22/25 and 23/25 respectively. The right choice depends on your specific regulatory requirements and existing technology stack.

Frequently Asked Questions

Which is better for EU compliance, Nabla Copilot or Tucuvi?

Nabla Copilot has a TrustKit score of 22/25 while Tucuvi scores 23/25. Tucuvi currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Nabla Copilot and Tucuvi compare on data residency?

Nabla Copilot scores 4/5 for data residency (Choice of US (AWS us-east-1) or EU (AWS eu-west-1) data hosting. French HDS certification for health data in the EU. Strong dual-region residency for healthcare organisations on both sides of the Atlantic.), while Tucuvi scores 4/5 (EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.).

Are Nabla Copilot and Tucuvi GDPR compliant?

Both tools are assessed across five compliance dimensions. Nabla Copilot has a regulatory fit score of 5/5 and Tucuvi scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool