Loading the catalogue…
Loading the catalogue…
Liquid AI is a privately held, venture-backed US lab incorporated in Massachusetts, founded in 2023 by researchers from MIT CSAIL. Its models — the LFM series — use a novel non-transformer architecture and are released as open weights under the proprietary LFM Open License v1.0, which is Apache 2.0-derived but restricts free commercial use to organisations below $10 million in annual revenue; larger enterprises must negotiate a separate licence. As a US-incorporated entity with primary operations in Cambridge, MA, it is subject to CLOUD Act and FISA Section 702 jurisdiction, meaning US intelligence agencies could compel data access in cloud-deployed scenarios; however, the lab's explicit focus on on-device and edge deployment offers a practical data-sovereignty mitigation for EU regulated customers who run models locally.
Liquid AI is a US-incorporated entity headquartered in Massachusetts. It is fully subject to CLOUD Act (compelled data disclosure to US authorities) and FISA Section 702. Any use of the LEAP cloud platform or cloud inference API routes data through US jurisdiction. The current Stav catalogue value of CLOUD Act exposure = False is incorrect and should be corrected to True.
The LFM Open License v1.0 restricts free commercial use to organisations with under $10M annual revenue. Virtually all EU regulated-sector enterprises (banks, insurers, government bodies, hospitals) will exceed this threshold and require a separate commercial licence. Customers deploying open-weight models without verifying their licence status face legal exposure.
No enterprise Data Processing Addendum (DPA) is publicly available, and no DPO contact is published. EU organisations processing personal data via the LEAP platform or playground cannot currently demonstrate GDPR-compliant processor agreements without direct commercial negotiation.
No EU AI Act compliance statement, GPAI Office engagement, or Code of Practice participation has been published. While current models are unlikely to trigger systemic risk classification, general GPAI transparency obligations under Article 53 (model cards, training data summaries, copyright policy) are not demonstrably met.
No SOC 2, ISO 27001, or equivalent security certification has been publicly disclosed. No bug bounty programme or responsible disclosure policy is published. EU regulated customers in finance and healthcare typically require at minimum SOC 2 Type II before deploying vendor infrastructure.
Training data composition is not publicly documented. For EU deployers, this creates uncertainty around whether training data included personal data of EU citizens and whether appropriate consent or legitimate interest frameworks applied — a potential issue under GDPR and the EU AI Act's transparency provisions.
Stav AI Act assessment
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
LFM2 and LFM2.5 series are published as open weights on HuggingFace with model cards, technical reports (arXiv:2511.23404), and benchmark results, enabling independent evaluation.
The LFM Open License v1.0 is fully published with a plain-language FAQ and an explicit comparison to Apache 2.0, making licence terms clear and auditable.
Privacy policy explicitly acknowledges EU/UK GDPR rights (access, rectification, erasure, portability, restriction, objection) and identifies Liquid AI as the data controller for personal data processed in connection with its services.
Strong academic foundations: all four co-founders are published AI researchers from MIT CSAIL, and the company maintains arXiv publication activity, supporting independent scientific scrutiny of its architecture claims.
Active model development trajectory with multiple generation releases (LFM1 → LFM2 → LFM2.5) and a growing list of enterprise and hardware partners (Capgemini, AMD, ITOCHU-CTC), indicating a commercially viable and operationally stable lab.
Active developer ecosystem: Discord community, dedicated hackathons platform, documentation portal, and public playground, supporting community trust and model auditability.
The lab's primary focus on edge and on-device deployment (rather than cloud inference) is architecturally aligned with data minimisation and privacy-by-design principles, reducing data-sovereignty risk for EU deployers who run models locally.
Privacy policy review
Creator profile
Liquid AI is a United States entity. Training data and weights produced under United States-jurisdiction are covered by the CLOUD Act.
Exposed on training. Inference is unaffected when hosted on Stav infrastructure inside the EEA.
Stav compliance has not yet scored Liquid AI. Scores are published once the policy review and infrastructure assessment complete.
No controversies, regulatory investigations, lawsuits, or sanctions involving Liquid AI were identified in any public source.
Published safeguards & certifications