Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

Nuance DAX

Microsoft's AI ambient clinical documentation system for healthcare providers

Noxtua

Excellent

25/25

Nuance DAX

Strong

17/25

Score Breakdown

DimensionNoxtuaNuance DAX

Data Residency

Where is your data stored and processed?

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

Nuance DAX: Azure EU data centre regions available for European healthcare deployments. Microsoft offers EU Data Boundary commitments. US parent company means CLOUD Act applies despite EU data residency. HDS certification available for French healthcare requirements.

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

3/5

Azure EU data centre regions available for European healthcare deployments. Microsoft offers EU Data Boundary commitments. US parent company means CLOUD Act applies despite EU data residency. HDS certification available for French healthcare requirements.

Legal Jurisdiction

Which laws govern the company and your data?

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

Nuance DAX: Nuance is a US company under Microsoft (Delaware), subject to CLOUD Act. Microsoft participates in EU-US DPF and has CLOUD Act mitigation commitments for EU government customers. Healthcare data requires careful jurisdiction analysis before EU deployment.

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

2/5

Nuance is a US company under Microsoft (Delaware), subject to CLOUD Act. Microsoft participates in EU-US DPF and has CLOUD Act mitigation commitments for EU government customers. Healthcare data requires careful jurisdiction analysis before EU deployment.

Data Retention & Training

Is your data used for model training?

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

Nuance DAX: Clinical conversations and notes not used for shared model training under HIPAA BAA. Microsoft enterprise DPA provides GDPR-compliant data retention controls. Patient data handling governed by healthcare-specific contractual protections.

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

4/5

Clinical conversations and notes not used for shared model training under HIPAA BAA. Microsoft enterprise DPA provides GDPR-compliant data retention controls. Patient data handling governed by healthcare-specific contractual protections.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

Nuance DAX: Comprehensive certification portfolio via Microsoft: ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II, HIPAA BAA, HDS (French healthcare hosting). Among the most certified healthcare AI platforms available.

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

5/5

Comprehensive certification portfolio via Microsoft: ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II, HIPAA BAA, HDS (French healthcare hosting). Among the most certified healthcare AI platforms available.

Regulatory Fit

Suitability for regulated industries and professional services

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Nuance DAX: Strong certification posture makes DAX suitable for many European healthcare organisations with appropriate GDPR controls. US jurisdiction and CLOUD Act require careful DPA negotiation for EU patient data. Confirm EU Data Boundary commitments and current CLOUD Act mitigation for your specific use case.

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

3/5

Strong certification posture makes DAX suitable for many European healthcare organisations with appropriate GDPR controls. US jurisdiction and CLOUD Act require careful DPA negotiation for EU patient data. Confirm EU Data Boundary commitments and current CLOUD Act mitigation for your specific use case.

Total Score

25/25

17/25

Best For

Noxtua

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Nuance DAX

Best for organisations requiring broad certification coverage (ISO 27001, ISO 27017, ISO 27018); privacy-conscious teams who need strong data retention controls.

Detailed Comparison

Noxtua vs Nuance DAX: Trust & Compliance Comparison

Noxtua (Noxtua, DE) scores 25/25 overall with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM. Nuance DAX (Nuance (Microsoft), US) scores 17/25 with a Silver (Strong) trust badge. Microsoft's AI ambient clinical documentation system for healthcare providers.

Dimension-by-Dimension Breakdown

#### Data Residency

Noxtua leads with 5/5 vs 3/5.

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

●Nuance DAX (3/5): Azure EU data centre regions available for European healthcare deployments. Microsoft offers EU Data Boundary commitments. US parent company means CLOUD Act applies despite EU data residency. HDS certification available for French healthcare requirements.

#### Legal Jurisdiction

Noxtua leads with 5/5 vs 2/5.

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

●Nuance DAX (2/5): Nuance is a US company under Microsoft (Delaware), subject to CLOUD Act. Microsoft participates in EU-US DPF and has CLOUD Act mitigation commitments for EU government customers. Healthcare data requires careful jurisdiction analysis before EU deployment.

#### Data Retention & Training

Noxtua leads with 5/5 vs 4/5.

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

●Nuance DAX (4/5): Clinical conversations and notes not used for shared model training under HIPAA BAA. Microsoft enterprise DPA provides GDPR-compliant data retention controls. Patient data handling governed by healthcare-specific contractual protections.

#### Certifications

Both score equally at 5/5.

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

●Nuance DAX (5/5): Comprehensive certification portfolio via Microsoft: ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II, HIPAA BAA, HDS (French healthcare hosting). Among the most certified healthcare AI platforms available.

#### Regulatory Fit

Noxtua leads with 5/5 vs 3/5.

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

●Nuance DAX (3/5): Strong certification posture makes DAX suitable for many European healthcare organisations with appropriate GDPR controls. US jurisdiction and CLOUD Act require careful DPA negotiation for EU patient data. Confirm EU Data Boundary commitments and current CLOUD Act mitigation for your specific use case.

Certifications at a Glance

Certification	Noxtua	Nuance DAX
BSI C5	Yes	No
HDS	No	Yes
HIPAA	No	Yes
ISO 27001	Yes	Yes
ISO 27017	Yes	Yes
ISO 27018	Yes	Yes
ISO 42001	Yes	No
ISO 9001	Yes	No
SOC 2 Type II	No	Yes
TISAX	Yes	No

Overall Verdict

Noxtua has a clear trust advantage, scoring 25/25 compared to Nuance DAX's 17/25. Noxtua particularly excels in data residency, legal jurisdiction, data retention & training, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Noxtua or Nuance DAX?

Noxtua has a TrustKit score of 25/25 while Nuance DAX scores 17/25. Noxtua currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Noxtua and Nuance DAX compare on data residency?

Noxtua scores 5/5 for data residency (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.), while Nuance DAX scores 3/5 (Azure EU data centre regions available for European healthcare deployments. Microsoft offers EU Data Boundary commitments. US parent company means CLOUD Act applies despite EU data residency. HDS certification available for French healthcare requirements.).

Are Noxtua and Nuance DAX GDPR compliant?

Both tools are assessed across five compliance dimensions. Noxtua has a regulatory fit score of 5/5 and Nuance DAX scores 3/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool