Peak

UK AI decisioning platform for retail and supply chain commercial optimisation

Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

Peak

Strong

18/25

Noxtua

Excellent

25/25

Score Breakdown

DimensionPeakNoxtua

Data Residency

Where is your data stored and processed?

Peak: Data hosted on AWS and Azure infrastructure with EU region options for European customers. UK data residency default suitable for British businesses. Configurable data region for enterprise deployments.

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

4/5

Data hosted on AWS and Azure infrastructure with EU region options for European customers. UK data residency default suitable for British businesses. Configurable data region for enterprise deployments.

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

Legal Jurisdiction

Which laws govern the company and your data?

Peak: Incorporated in England and Wales under UK law. Regulated by ICO under UK GDPR. UK jurisdiction provides strong data protection baseline without CLOUD Act exposure. EU adequacy decision covers UK-EU data transfers.

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

4/5

Incorporated in England and Wales under UK law. Regulated by ICO under UK GDPR. UK jurisdiction provides strong data protection baseline without CLOUD Act exposure. EU adequacy decision covers UK-EU data transfers.

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

Data Retention & Training

Is your data used for model training?

Peak: Customer commercial data is not used for cross-customer model training. Enterprise data processing agreements with configurable retention periods. Appropriate data lifecycle controls for sensitive retail and supply chain data.

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

4/5

Customer commercial data is not used for cross-customer model training. Enterprise data processing agreements with configurable retention periods. Appropriate data lifecycle controls for sensitive retail and supply chain data.

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Peak: Holds ISO 27001 certification. Solid baseline for a commercial AI platform. SOC 2 Type II would strengthen the posture for enterprise procurement requirements, particularly for US-headquartered retail brands operating in Europe.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

3/5

Holds ISO 27001 certification. Solid baseline for a commercial AI platform. SOC 2 Type II would strengthen the posture for enterprise procurement requirements, particularly for US-headquartered retail brands operating in Europe.

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

Regulatory Fit

Suitability for regulated industries and professional services

Peak: Good regulatory fit for UK and European retail and supply chain businesses. ISO 27001 and UK GDPR compliance meet common enterprise procurement thresholds. Not sector-regulated, so straightforward compliance path for commercial applications.

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

3/5

Good regulatory fit for UK and European retail and supply chain businesses. ISO 27001 and UK GDPR compliance meet common enterprise procurement thresholds. Not sector-regulated, so straightforward compliance path for commercial applications.

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Total Score

18/25

25/25

Best For

Peak

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Noxtua

Best for EU-headquartered organisations needing maximum data sovereignty; privacy-conscious teams who need strong data retention controls.

Detailed Comparison

Noxtua vs Peak: Trust & Compliance Comparison

Noxtua (Noxtua, DE) scores 25/25 overall with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM. Peak (Peak AI, GB) scores 18/25 with a Silver (Strong) trust badge. UK AI decisioning platform for retail and supply chain commercial optimisation.

Dimension-by-Dimension Breakdown

#### Data Residency

Noxtua leads with 5/5 vs 4/5.

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

●Peak (4/5): Data hosted on AWS and Azure infrastructure with EU region options for European customers. UK data residency default suitable for British businesses. Configurable data region for enterprise deployments.

#### Legal Jurisdiction

Noxtua leads with 5/5 vs 4/5.

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

●Peak (4/5): Incorporated in England and Wales under UK law. Regulated by ICO under UK GDPR. UK jurisdiction provides strong data protection baseline without CLOUD Act exposure. EU adequacy decision covers UK-EU data transfers.

#### Data Retention & Training

Noxtua leads with 5/5 vs 4/5.

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

●Peak (4/5): Customer commercial data is not used for cross-customer model training. Enterprise data processing agreements with configurable retention periods. Appropriate data lifecycle controls for sensitive retail and supply chain data.

#### Certifications

Noxtua leads with 5/5 vs 3/5.

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

●Peak (3/5): Holds ISO 27001 certification. Solid baseline for a commercial AI platform. SOC 2 Type II would strengthen the posture for enterprise procurement requirements, particularly for US-headquartered retail brands operating in Europe.

#### Regulatory Fit

Noxtua leads with 5/5 vs 3/5.

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

●Peak (3/5): Good regulatory fit for UK and European retail and supply chain businesses. ISO 27001 and UK GDPR compliance meet common enterprise procurement thresholds. Not sector-regulated, so straightforward compliance path for commercial applications.

Certifications at a Glance

Certification	Noxtua	Peak
BSI C5	Yes	No
ISO 27001	Yes	Yes
ISO 27017	Yes	No
ISO 27018	Yes	No
ISO 42001	Yes	No
ISO 9001	Yes	No
TISAX	Yes	No

Overall Verdict

Noxtua has a clear trust advantage, scoring 25/25 compared to Peak's 18/25. Noxtua particularly excels in data residency, legal jurisdiction, data retention & training, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Peak or Noxtua?

Peak has a TrustKit score of 18/25 while Noxtua scores 25/25. Noxtua currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Peak and Noxtua compare on data residency?

Peak scores 4/5 for data residency (Data hosted on AWS and Azure infrastructure with EU region options for European customers. UK data residency default suitable for British businesses. Configurable data region for enterprise deployments.), while Noxtua scores 5/5 (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.).

Are Peak and Noxtua GDPR compliant?

Both tools are assessed across five compliance dimensions. Peak has a regulatory fit score of 3/5 and Noxtua scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool