Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

Tandem Health

AI medical scribe and coding assistant built to EU medical-device standards

Noxtua

Excellent

25/25

Tandem Health

Excellent

25/25

Score Breakdown

DimensionNoxtuaTandem Health

Data Residency

Where is your data stored and processed?

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

Tandem Health: Patient data is processed and stored exclusively in European data centres, and audio is deleted immediately after transcription with no storage — an explicit EU-only posture.

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

5/5

Patient data is processed and stored exclusively in European data centres, and audio is deleted immediately after transcription with no storage — an explicit EU-only posture.

Legal Jurisdiction

Which laws govern the company and your data?

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

Tandem Health: Incorporated as Tandem Health AB in Sweden with no US parent, placing it fully within EU/EEA jurisdiction.

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

5/5

Incorporated as Tandem Health AB in Sweden with no US parent, placing it fully within EU/EEA jurisdiction.

Data Retention & Training

Is your data used for model training?

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

Tandem Health: States it does not train AI models on patient or personal data, deletes audio immediately after transcription, offers enterprise data agreements, and operates under an ISO 13485 medical-device QMS.

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

5/5

States it does not train AI models on patient or personal data, deletes audio immediately after transcription, offers enterprise data agreements, and operates under an ISO 13485 medical-device QMS.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

Tandem Health: Exceptional stack: ISO 27001:2022, ISO 13485:2016, ISO 42001:2023, ISO 14001, NEN 7510, plus CE/MDR Class IIa and UKCA medical-device marks, NHS DSPT and Cyber Essentials Plus. No SOC 2 published, but sector-specific medical-device certification more than compensates.

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

5/5

Exceptional stack: ISO 27001:2022, ISO 13485:2016, ISO 42001:2023, ISO 14001, NEN 7510, plus CE/MDR Class IIa and UKCA medical-device marks, NHS DSPT and Cyber Essentials Plus. No SOC 2 published, but sector-specific medical-device certification more than compensates.

Regulatory Fit

Suitability for regulated industries and professional services

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Tandem Health: Purpose-built and CE/MDR-certified as a medical device for EU and UK clinical use, with named applicability to healthcare regulators (EMA, MHRA) and NHS frameworks.

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

5/5

Purpose-built and CE/MDR-certified as a medical device for EU and UK clinical use, with named applicability to healthcare regulators (EMA, MHRA) and NHS frameworks.

Total Score

25/25

Best For

Noxtua

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Tandem Health

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (CE mark (EU MDR), MDR Class IIa, UKCA); regulated industries (EMA, MHRA); privacy-conscious teams who need strong data retention controls; teams on a tight budget.

Detailed Comparison

Noxtua vs Tandem Health: Trust & Compliance Comparison

Noxtua (Noxtua, DE) scores 25/25 overall with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM. Tandem Health (Tandem Health, SE) scores 25/25 with a Gold (Excellent) trust badge. AI medical scribe and coding assistant built to EU medical-device standards.

Dimension-by-Dimension Breakdown

#### Data Residency

Both score equally at 5/5.

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

●Tandem Health (5/5): Patient data is processed and stored exclusively in European data centres, and audio is deleted immediately after transcription with no storage — an explicit EU-only posture.

#### Legal Jurisdiction

Both score equally at 5/5.

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

●Tandem Health (5/5): Incorporated as Tandem Health AB in Sweden with no US parent, placing it fully within EU/EEA jurisdiction.

#### Data Retention & Training

Both score equally at 5/5.

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

●Tandem Health (5/5): States it does not train AI models on patient or personal data, deletes audio immediately after transcription, offers enterprise data agreements, and operates under an ISO 13485 medical-device QMS.

#### Certifications

Both score equally at 5/5.

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

●Tandem Health (5/5): Exceptional stack: ISO 27001:2022, ISO 13485:2016, ISO 42001:2023, ISO 14001, NEN 7510, plus CE/MDR Class IIa and UKCA medical-device marks, NHS DSPT and Cyber Essentials Plus. No SOC 2 published, but sector-specific medical-device certification more than compensates.

#### Regulatory Fit

Both score equally at 5/5.

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

●Tandem Health (5/5): Purpose-built and CE/MDR-certified as a medical device for EU and UK clinical use, with named applicability to healthcare regulators (EMA, MHRA) and NHS frameworks.

Certifications at a Glance

Certification	Noxtua	Tandem Health
BSI C5	Yes	No
CE mark (EU MDR)	No	Yes
Cyber Essentials Plus	No	Yes
GDPR	No	Yes
ISO 13485:2016	No	Yes
ISO 14001:2015	No	Yes
ISO 27001	Yes	No
ISO 27017	Yes	No
ISO 27018	Yes	No
ISO 42001	Yes	No
ISO 42001:2023	No	Yes
ISO 9001	Yes	No
ISO/IEC 27001:2022	No	Yes
MDR Class IIa	No	Yes
NEN 7510	No	Yes
NHS DSPT	No	Yes
TISAX	Yes	No
UKCA	No	Yes

Overall Verdict

Noxtua and Tandem Health are closely matched on trust and compliance, with scores of 25/25 and 25/25 respectively. The right choice depends on your specific regulatory requirements and existing technology stack.

Frequently Asked Questions

Which is better for EU compliance, Noxtua or Tandem Health?

Noxtua has a TrustKit score of 25/25 while Tandem Health scores 25/25. Both tools are currently rated equally across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Noxtua and Tandem Health compare on data residency?

Noxtua scores 5/5 for data residency (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.), while Tandem Health scores 5/5 (Patient data is processed and stored exclusively in European data centres, and audio is deleted immediately after transcription with no storage — an explicit EU-only posture.).

Are Noxtua and Tandem Health GDPR compliant?

Both tools are assessed across five compliance dimensions. Noxtua has a regulatory fit score of 5/5 and Tandem Health scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool