GDPR-Approved AI Models for Europe β Which Models Can You Actually Use? (2026)
European companies face a specific problem with AI adoption: most frontier models are operated by US or Chinese companies, and sending data to their APIs creates GDPR compliance questions that legal teams struggle to answer definitively. The EU AI Act adds another layer of requirements. The result is that many European enterprises either avoid AI entirely or use it in a legal gray area.
This does not have to be the case. There are compliant paths β from EU-native providers like Mistral to self-hosting open-weight models on European infrastructure. This guide maps out the options with concrete compliance analysis for each.
No legal advice here. This is a technical guide to help you narrow the options before your DPO and legal team make the final call.
The problem: why EU companies struggle with AI compliance
GDPR was not written with AI in mind. It was designed for databases, CRM systems, and web analytics β systems where data flows are predictable and controllable. AI models introduce new challenges:
- Training data: Was personal data used to train the model? Can individuals exercise their right to erasure against training data?
- Cross-border transfers: When you send a prompt to an API, where does that data go? Which jurisdiction processes it?
- Data retention: Does the provider store your prompts? For how long? Can they use your data to improve their models?
- Automated decision-making: If the AI makes decisions about individuals (hiring, credit, content moderation), Article 22 of GDPR applies.
- Transparency: Can you explain to a data subject how the AI processed their data?
Most AI providers have addressed some of these concerns with Data Processing Agreements (DPAs) and privacy policies. But the answers are not always satisfactory for risk-averse European enterprises, especially in regulated industries like finance, healthcare, and government.
What GDPR requires for AI usage
Data residency
GDPR does not strictly require data to stay in the EU. It requires that cross-border transfers have adequate safeguards. In practice, this means:
- EU/EEA processing: No additional requirements. Data stays under GDPR jurisdiction.
- US processing: Requires EU-US Data Privacy Framework certification (successor to Privacy Shield) or Standard Contractual Clauses (SCCs). Most major US providers have these in place.
- Chinese processing: No adequacy decision. Requires SCCs plus supplementary measures. Higher compliance burden and risk.
- Self-hosted in EU: Full control. No cross-border transfer issues.
The safest path is keeping data in the EU. The practical path often involves US providers with DPAs and SCCs.
Data Processing Agreements
Any AI provider processing personal data on your behalf needs a DPA that covers:
- Purpose and duration of processing
- Types of personal data processed
- Rights and obligations of both parties
- Sub-processor management
- Data breach notification procedures
- Data deletion upon contract termination
Most major providers offer standard DPAs. The quality and specificity vary significantly.
Right to erasure
Article 17 gives individuals the right to have their personal data deleted. For AI, this raises the question: if personal data was used in a prompt, can the individual request deletion of that prompt and any model outputs derived from it?
API providers that do not retain prompts beyond the request lifecycle have a simpler compliance story. Providers that store prompts for abuse monitoring or model improvement create a more complex erasure obligation.
Automated decision-making (Article 22)
If you use AI to make decisions that significantly affect individuals (loan approvals, hiring decisions, insurance pricing), GDPR requires:
- Human oversight of the decision
- The right to contest the decision
- Meaningful information about the logic involved
This applies regardless of which model you use. It is about how you deploy the model, not which provider you choose.
EU AI Act basics
The EU AI Act (effective August 2025, with phased enforcement through 2027) adds requirements on top of GDPR:
- Prohibited AI: Social scoring, real-time biometric surveillance, manipulation of vulnerable groups
- High-risk AI: Employment, credit scoring, law enforcement, education β requires conformity assessments, risk management, human oversight
- General-purpose AI models: Transparency requirements, technical documentation, copyright compliance
- Limited risk: Chatbots must disclose they are AI; deepfakes must be labeled
For most enterprise AI usage (coding assistants, content generation, data analysis), the EU AI Actβs impact is limited to transparency requirements. High-risk applications require more extensive compliance work regardless of the model provider.
Mistral: the European option
Mistral AI is headquartered in Paris, France. It is the only frontier AI company based in the EU. This gives it structural advantages for European compliance:
- Jurisdiction: French law, GDPR applies natively
- Data centers: EU-based infrastructure for API processing
- DPA: Standard EU DPA available, covers all GDPR requirements
- Data retention: Prompts not used for training on paid plans; configurable retention
- Open weights: Apache 2.0 license on flagship models β self-host for full control
- EU AI Act: Actively participating in compliance frameworks as an EU entity
Mistralβs compliance advantages
- No cross-border transfer: Data stays in the EU by default. No SCCs, no adequacy decisions, no supplementary measures needed.
- EU legal entity: Disputes are resolved under EU law. No jurisdictional complexity.
- Open weights: If the APIβs compliance posture is not sufficient, download the weights and run them on your own EU infrastructure. Full data sovereignty.
- Regulatory alignment: As a French company, Mistral has direct relationships with EU regulators and is incentivized to maintain compliance.
For a detailed look at Mistralβs flagship model, see the Mistral Medium 3.5 complete guide.
Limitations
Mistral is not automatically βGDPR-approvedβ just because it is French. You still need:
- A DPA in place
- Appropriate technical and organizational measures
- A lawful basis for processing personal data
- A DPIA (Data Protection Impact Assessment) for high-risk processing
Being EU-based simplifies compliance. It does not eliminate it.
Self-hosting: the compliance gold standard
For maximum data sovereignty, self-host an open-weight model on EU infrastructure. No data leaves your control. No third-party processing. No cross-border transfers.
Open-weight models available for self-hosting
| Model | Parameters | License | Self-hosting complexity |
|---|---|---|---|
| Mistral Medium 3.5 | 128B | Apache 2.0 | 4x A100/H100 GPUs |
| Llama 3.3 | 70B | Llama license | 2x A100/H100 GPUs |
| Qwen 2.5 | 72B | Apache 2.0 | 2x A100/H100 GPUs |
| DeepSeek V3 | 671B MoE | MIT | 8x A100/H100 GPUs |
| GLM-5.1 | Undisclosed | Open-weight | 4x A100/H100 GPUs |
| Gemma 2 | 27B | Gemma license | 1x A100/H100 GPU |
All of these can run on EU cloud providers (OVHcloud, Scaleway, Hetzner, EU regions of AWS/Azure/GCP) or on-premise hardware.
Self-hosting compliance benefits
- Full data control: Prompts never leave your infrastructure
- No DPA needed: You are the data controller and processor
- No cross-border transfer: Data stays where you put it
- Right to erasure: You control all data storage and can delete anything
- Audit trail: Full logging under your control
Self-hosting challenges
- Cost: GPU infrastructure is expensive. 4x A100 80GB costs ~$8,000-12,000/month on cloud providers.
- Expertise: You need ML engineering capacity to deploy, monitor, and maintain the model.
- Updates: You are responsible for model updates, security patches, and performance optimization.
- Scale: Handling variable load requires auto-scaling infrastructure.
For organizations processing sensitive data (healthcare, finance, government), the cost is often justified. For others, a managed EU provider like Mistral may be more practical.
For a detailed self-hosting guide, see self-hosted AI for GDPR compliance.
US models: Claude, GPT, Gemini
US-based providers have invested heavily in GDPR compliance. Here is the current state:
Anthropic (Claude)
- DPA: Available, covers GDPR requirements
- Data residency: US processing by default; EU region available on enterprise plans
- Training data opt-out: Available on API (prompts not used for training)
- EU-US Data Privacy Framework: Certified
- SCCs: Available as supplementary safeguard
OpenAI (GPT)
- DPA: Available, comprehensive
- Data residency: US processing by default; Azure OpenAI offers EU regions
- Training data opt-out: API usage not used for training by default
- EU-US Data Privacy Framework: Certified
- SCCs: Available
Google (Gemini)
- DPA: Available through Google Cloud terms
- Data residency: Configurable through Google Cloud regions (EU available)
- Training data opt-out: Enterprise API usage not used for training
- EU-US Data Privacy Framework: Certified
- SCCs: Available
Compliance assessment for US models
US models are usable under GDPR with proper safeguards. The EU-US Data Privacy Framework provides the legal basis for transfers. However:
- The framework could be invalidated (as happened with Safe Harbor and Privacy Shield)
- US surveillance laws (FISA Section 702, Executive Order 12333) create theoretical access risks
- Some DPAs and regulators take a stricter view on US transfers
For low-risk data processing (code generation, content creation without personal data), US models with DPAs are generally acceptable. For high-risk processing involving sensitive personal data, the compliance burden increases significantly.
Chinese models: DeepSeek, Qwen, GLM, Kimi
Chinese AI models present the most complex compliance picture for European companies.
Data sovereignty concerns
- No adequacy decision: The EU has not recognized China as providing adequate data protection
- Chinese data laws: Chinaβs Personal Information Protection Law (PIPL), Data Security Law, and Cybersecurity Law may require data access by Chinese authorities
- Limited DPAs: Most Chinese AI providers do not offer GDPR-compliant DPAs for European customers
- Transparency: Less visibility into data handling practices compared to US and EU providers
Using Chinese models compliantly
The only reliable compliance path for Chinese models is self-hosting:
- Download open weights (DeepSeek, Qwen, GLM are all open-weight)
- Deploy on EU infrastructure
- No data flows to China
- You control all processing
Using Chinese model APIs (DeepSeek API, Qwen API, Z.ai for GLM) routes data through Chinese infrastructure. This is difficult to justify under GDPR for any processing involving personal data.
For more on regional AI privacy requirements, see AI privacy laws by region.
Practical compliance checklist
Use this checklist when evaluating an AI model for GDPR compliance:
1. Identify the data types
What data will you send to the model? Classify it:
- No personal data (code, public information) β lowest risk
- Pseudonymized personal data β moderate risk
- Direct personal data (names, emails, health data) β highest risk
2. Determine the lawful basis
Under GDPR, you need a lawful basis for processing personal data with AI:
- Legitimate interest (most common for business AI usage)
- Consent (if processing data subjectsβ data through AI)
- Contract performance (if AI processing is necessary to fulfill a contract)
3. Conduct a DPIA
For high-risk AI processing, a Data Protection Impact Assessment is mandatory. Document:
- The processing purpose
- Necessity and proportionality
- Risks to data subjects
- Mitigation measures
4. Execute a DPA
If using a third-party API, ensure a DPA is in place that covers all GDPR Article 28 requirements.
5. Assess cross-border transfers
If data leaves the EU:
- Verify adequacy decision or appropriate safeguards (SCCs, DPF certification)
- Document the transfer mechanism
- Conduct a Transfer Impact Assessment if required
6. Verify data retention policies
Confirm:
- How long the provider retains prompts and outputs
- Whether data is used for model training
- How to request data deletion
7. Implement technical measures
- Encrypt data in transit (TLS) and at rest
- Minimize personal data in prompts (anonymize where possible)
- Log AI interactions for audit purposes
- Implement access controls for AI tools
8. Ensure transparency
- Inform data subjects when AI processes their data
- Provide meaningful information about AI logic (Article 13/14)
- Enable human review of automated decisions (Article 22)
9. Plan for data subject rights
Ensure you can fulfill:
- Right of access (what data was processed by AI)
- Right to erasure (delete prompts and outputs)
- Right to object (opt out of AI processing)
- Right to explanation (how AI reached a decision)
10. Document everything
Maintain records of:
- AI processing activities (Article 30)
- DPIAs conducted
- DPAs executed
- Transfer mechanisms used
- Technical and organizational measures implemented
Model comparison table
| Criteria | Mistral (EU) | Claude (US) | GPT (US) | Gemini (US) | DeepSeek (CN) | Qwen (CN) | GLM (CN) |
|---|---|---|---|---|---|---|---|
| EU entity | β | β | β | β | β | β | β |
| EU data residency (API) | β | Enterprise only | Azure only | GCP EU regions | β | β | β |
| DPA available | β | β | β | β | Limited | Limited | Limited |
| Open weights | β | β | β | Gemma only | β | β | β |
| Self-host on EU infra | β | β | β | Gemma only | β | β | β |
| Training data opt-out | β | β (API) | β (API) | β (API) | Unclear | Unclear | Unclear |
| DPF certified | N/A (EU) | β | β | β | N/A | N/A | N/A |
| Compliance complexity | Low | Medium | Medium | Medium | High | High | High |
Recommended stack for EU companies
Based on the analysis above, here is a practical recommendation by risk level:
Low-risk processing (no personal data)
Use any model. If your prompts contain only code, public data, or synthetic data, GDPRβs personal data requirements do not apply. Pick based on performance and cost.
Recommended: Mistral Medium 3.5 API (best EU option) or Claude/GPT with DPA.
Medium-risk processing (pseudonymized or limited personal data)
Use Mistral API with DPA, or US providers with DPA and SCCs. Conduct a lightweight DPIA. Implement prompt anonymization where feasible.
Recommended: Mistral Medium 3.5 API. Fallback: Claude or GPT via EU-region endpoints.
High-risk processing (sensitive personal data, automated decisions)
Self-host on EU infrastructure. No third-party API involvement. Full data control.
Recommended: Self-hosted Mistral Medium 3.5 on EU cloud (OVHcloud, Scaleway) or on-premise. Alternative: Self-hosted Llama 3.3 or Qwen 2.5 for lower GPU requirements.
Regulated industries (healthcare, finance, government)
Self-host with additional controls: air-gapped deployment, audit logging, access controls, encryption at rest. Conduct a full DPIA. Engage your DPO early.
Recommended: Self-hosted Mistral Medium 3.5 on dedicated EU infrastructure with SOC 2 / ISO 27001 certified hosting.
For more on sovereign AI deployment, see sovereign AI models 2026. For a broader look at which APIs are GDPR-compliant, see which AI APIs are GDPR compliant.
For legal compliance considerations around open-source AI, see open-source AI legal compliance.
FAQ
Is there such a thing as a βGDPR-approvedβ AI model?
No. GDPR does not approve or certify specific technologies. It regulates how personal data is processed. Any AI model can be used in a GDPR-compliant manner if you implement appropriate safeguards: DPAs, lawful basis, data minimization, transparency, and security measures. Some models make compliance easier (EU-based providers, open weights for self-hosting), but none are automatically βapproved.β
Can I use ChatGPT or Claude for processing customer data in the EU?
Yes, with proper safeguards. Both OpenAI and Anthropic offer DPAs, are certified under the EU-US Data Privacy Framework, and provide SCCs. For standard business use with limited personal data, this is generally sufficient. For sensitive data or high-risk processing, consider EU-region endpoints (Azure OpenAI, Claude Enterprise) or self-hosting. Always conduct a DPIA for high-risk processing.
Is self-hosting the only fully compliant option?
It is the most defensible option for high-risk processing. Self-hosting eliminates cross-border transfers, third-party processing, and data retention concerns. But it is not the only compliant option. Using Mistralβs EU-based API with a DPA is compliant for most use cases. US providers with DPAs and DPF certification are compliant for lower-risk processing. The right choice depends on your risk level and data sensitivity.
What happens if the EU-US Data Privacy Framework is invalidated?
If the DPF is invalidated (as happened with its predecessors), US providers would need to rely on SCCs and supplementary measures. This would increase compliance burden but not necessarily make US models unusable. Companies that self-host or use EU providers would be unaffected. This risk is one reason to prefer EU-based providers or self-hosting for critical workloads.
Do open-weight models have different compliance implications than closed models?
Yes, in a practical sense. Open-weight models can be self-hosted, which gives you full data control and eliminates third-party processing concerns. Closed models (Claude, GPT, Gemini) can only be used through APIs, which means data is processed by the provider. The model license itself does not affect GDPR compliance β it is about where and how the data is processed. Open weights give you the option to process data entirely within your own infrastructure.
How does the EU AI Act affect model selection?
For most enterprise use cases (coding, content generation, data analysis), the EU AI Actβs impact on model selection is minimal. The Act primarily affects high-risk applications (employment, credit scoring, law enforcement) and requires transparency, risk management, and human oversight regardless of which model you use. General-purpose AI providers must provide technical documentation and transparency reports, which all major providers are working toward. The Act does not ban any specific model or provider.