Sovereign AI
Sovereign AI covers European AI models, inference APIs, and AI infrastructure designed to keep training data and inference workloads on EU soil, outside US CLOUD Act reach. For EU buyers, the key criterion is whether the AI provider is EU-owned and operates on EU-only infrastructure. Top-rated EU options on EU Vetted include LightOn (France, 5/5), Mistral AI (France, 3/5), and Aleph Alpha (Germany, 3/5).
Sovereign AI is the category covering European-controlled artificial intelligence infrastructure: large language models, multimodal models, image generation systems, and inference APIs designed to process workloads on EU soil, under EU legal jurisdiction, and outside the reach of foreign surveillance laws. The category addresses a concern that has grown significantly since 2023 as organisations began embedding AI APIs into core business workflows: when a prompt containing proprietary contracts, customer data, or regulated personal information is sent to a US-based AI API, the provider is a US-incorporated company subject to the US CLOUD Act and potentially to NSA Section 702 programmes.
For EU buyers, the practical question is not just data-residency — where the GPUs physically sit — but also corporate structure. An EU-hosted instance of a US model, operated by a US company's EU subsidiary, can in principle be reached by the CLOUD Act at the parent company level. Genuinely sovereign AI means both EU hosting and EU ownership, or at minimum a clear corporate structure that lacks a US-incorporated parent with control over the data. On EU Vetted's editorial compliance score, LightOn (France, 5/5) is the only product in this catalogue rated as strictly EU-owned with full EU infrastructure. Mistral AI (France, 3/5), Aleph Alpha (Germany, 3/5), Black Forest Labs (Germany, 3/5), and Freepik (Spain, 3/5) are all European-headquartered but have received US venture capital, which affects their ownership-signal rating. Freepik operates primarily as a creative-asset platform with generative AI features; it is listed here for its AI image generation offering.
The listings below show each product's country of incorporation, ownership signal, model focus, and editorial compliance score on a 1–5 scale. Use the ownership filter if your procurement rules require strictly EU-owned AI providers, or the model-type filter to separate large language models from image generation, embeddings, or AI infrastructure products. The compliance-score filter lets you shortlist the options that meet a minimum threshold across all editorial criteria.
-
Aleph AlphaVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Heidelberg-based sovereign-AI lab (Pharia platform); merger with Canadian Cohere announced April 2026 — Aleph Alpha shareholders to receive ~10% of combined ~$20B entity.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded This listing EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material This listing US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
DE · 0 sub-procs Open ↗ -
Black Forest LabsVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Freiburg-based German image-generation lab (FLUX models, Stable Diffusion creators), but heavily US-VC-funded; open-weight FLUX [schnell] under Apache 2.0.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded This listing EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material This listing US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
0 sub-procs Open ↗ -
FreepikVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Spanish AI image generation platform (Pikaso, F Lite model) by the Freepik Group; majority-owned by Swedish PE firm EQT; 200M+ users.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor This listing A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
0 sub-procs Open ↗ -
LightOnVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Paris-based enterprise GenAI (Paradigm platform), Europe's first publicly-listed GenAI company on Euronext Growth Paris, on-premise-first.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
FR · 0 sub-procs Open ↗ -
Mistral AIVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Paris-based frontier LLM lab (Mistral 7B, Mixtral, Le Chat, La Plateforme); €11.7B valuation post-ASML Series C; open-weight + commercial models.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded This listing EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material This listing US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
0 sub-procs Open ↗
| Compare | Owner | CLOUD Act | Cert. | Sub-procs | ||||
|---|---|---|---|---|---|---|---|---|
|
Aleph Alpha
Heidelberg-based sovereign-AI lab (Pharia platform); merger with Canadian Cohere announced April 2026 — Aleph Alpha shareholders to receive ~10% of combined ~$20B entity.
|
HEIDELBERG · DE
Germany
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Black Forest Labs
Freiburg-based German image-generation lab (FLUX models, Stable Diffusion creators), but heavily US-VC-funded; open-weight FLUX [schnell] under Apache 2.0.
|
—
Germany
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
ISO/IEC 27001
|
0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Freepik
Spanish AI image generation platform (Pikaso, F Lite model) by the Freepik Group; majority-owned by Swedish PE firm EQT; 200M+ users.
|
—
Spain
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
LightOn
Paris-based enterprise GenAI (Paradigm platform), Europe's first publicly-listed GenAI company on Euronext Growth Paris, on-premise-first.
|
PARIS · FR
France
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
SOC 2
|
0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Mistral AI
Paris-based frontier LLM lab (Mistral 7B, Mixtral, Le Chat, La Plateforme); €11.7B valuation post-ASML Series C; open-weight + commercial models.
|
—
France
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ |