How we score
Every verdict on LLM Radar is an editorial judgement anchored in public documentation. Below is the rubric we apply — uniformly — to every entry.
Hosting
Data resides in the EU by default, on infrastructure operated by the vendor or a European cloud (OVH, Scaleway, Clever Cloud, Aleph Alpha's own infra).
EU region available via a US hyperscaler (AWS, Azure, GCP). Data stays in Europe at rest, but control plane and operator are non-EU.
Data leaves the EU by default. No EU region available, or opt-in only.
GDPR posture
GDPR built into the product. Sub-processors list in the EU, training opt-out by default, full DPA offered.
DPA available on request, training opt-out available. Some sub-processors outside the EU.
No DPA, no opt-out, or terms incompatible with Article 28 of the GDPR.
Jurisdiction
Vendor incorporated in an EU member state. No conflicting extraterritorial laws.
Vendor incorporated in a country with a valid EU adequacy decision (UK, Switzerland, Canada, Japan, South Korea, …). Exposure depends on the country's own laws.
Vendor incorporated in a country whose laws conflict with the GDPR (notably the US CLOUD Act and FISA 702, or China's data-access regime). May be disqualifying for regulated sectors.
AI Act status
Vendor publishes the Article 53 information (training data summary, copyright compliance, risk management) expected of general-purpose AI providers.
Some obligations met, others unclear or forthcoming.
No public information, or vendor does not fall under the AI Act but operates in the EU.
Licence (open-weight models)
Apache 2.0, MIT, BSD. No usage caps, no royalty, no acceptable-use clauses. Irrevocable.
Vendor-specific licence (Llama community, Gemma terms, etc.). Usually commercial-ok with caveats: MAU caps, acceptable-use lists, attribution requirements. Vendor can revise terms for new versions.
Non-commercial licence. Not deployable in production.
Training-data disclosure
Full list of datasets, provenance, licensing, copyright posture.
High-level description, some datasets named, others aggregated.
No public information on training data. AI Act Article 53 obligations not met.
Overall verdict
The overall verdict (green OK, amber Warn, red KO) synthesises the above into a single decision-useful signal:
- OK — defensible for regulated EU deployments, including banking, healthcare and (where noted) defence.
- Warn — deployable for non-sensitive use cases; material risks to document and mitigate for regulated sectors.
- KO — not deployable for European personal data under current posture.
Process & accountability
- Every entry cites at least one public source. No off-the-record claims.
- Every entry shows last reviewed date and the reviewer's name.
- Vendors may submit a right-of-reply; we publish it verbatim.
- See the About page for the correction and takedown workflow.