Loading the catalogue…
Loading the catalogue…
Mistral AI is France's leading frontier AI lab, incorporated in Paris with its inference API exclusively EU-hosted — giving it the strongest data-sovereignty posture of any frontier lab available to European regulated-sector customers. It holds SOC 2 Type II and ISO 27001/27701 certifications, has formally signed the EU GPAI Code of Practice (July 2025), and publishes a GDPR-compliant Privacy Policy (effective April 2026) explicitly appointing a Data Protection Officer. The principal residual risks are: a small minority equity stake held by US firm Microsoft (cleared by the UK CMA and not formally investigated by the EU, but warranting ongoing monitoring for dependency creep), deep governance ties to the French state, and a free-tier data-training policy that enterprise administrators must actively opt out of for non-API deployments.
Microsoft holds a minority equity stake (convertible note, 2024) in Mistral and distributes Mistral models via Azure. While the UK CMA concluded Microsoft lacks 'material influence', the ongoing commercial distribution dependency on a US hyperscaler raises long-term vendor independence concerns for European regulated-sector customers. Monitor for any increase in Microsoft's economic or governance position.
Mistral has significant ties to the French state — government contracts including the Prime Minister's Office chatbot, CEO sitting on France's government AI commission, and presidential endorsement. While positive for French digital sovereignty, this level of government alignment may raise vendor neutrality concerns for non-French EU regulated-sector customers, particularly those in member states with distinct digital sovereignty priorities.
Free-tier (Le Chat/Vibe free plan) conversation data may be used for model training unless the user or organisation administrator opts out via the Admin Panel. Enterprise API customers are exempt by default, but regulated-sector customers must verify their product tier and confirm opt-out is active for any consumer-grade or free-tier deployments within their organisation.
Some of Mistral's open-weight model licences include commercial revenue thresholds (Modified MIT with $20M/month cap for Devstral; Mistral Research License for non-commercial use on other larger open-weight models). Large enterprises self-hosting these weights must review licence terms carefully before production deployment.
Systemic-risk GPAI classification under EU AI Act Article 55 is unconfirmed for Mistral's largest models. If Mistral Large 3 or similar frontier models are formally classified as systemic-risk GPAI by the EU AI Office, downstream deployers in regulated sectors will face additional due-diligence obligations under Article 55.
No publicly accessible bug bounty programme or responsible disclosure policy has been found. Regulated-sector customers with stringent security procurement requirements should request this information directly via trust.mistral.ai before deployment.
Mistral was among companies (alongside Google, ASML, and EU governments) that publicly called for delays to EU AI Act implementation in 2025. While Mistral subsequently signed the GPAI Code of Practice, this earlier resistance may indicate future friction with regulatory timelines — a low-probability but monitor-worthy signal for regulated-sector compliance officers.
Stav AI Act assessment
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
The catalogue lists every family Stav knows about — including families we don’t yet host, so the picture stays authoritative.
Families served on Stav
Model compliance cards
Mistral AI is a confirmed signatory of the EU GPAI Code of Practice (finalised 10 July 2025, endorsed by Commission August 2025), one of 26 signatories globally. Signing creates a 'presumption of conformity' with EU AI Act Articles 53 and 55 obligations — the closest available safe harbour for GPAI providers.
Mistral AI holds both SOC 2 Type II and ISO 27001/27701 certifications, confirmed by the official Help Center (updated 5 June 2026). Compliance reports are available on request via trust.mistral.ai (Vanta-powered, confirmed operational).
First-party inference API (api.mistral.ai) is EU-hosted with EU data residency and EU jurisdiction — confirmed by Stav provider metadata (last verified 2026-06-15). No CLOUD Act or FISA 702 exposure on either the training-side (French-incorporated entity) or inference-side (EU-hosted). This is the strongest data-sovereignty posture available among frontier labs on Stav.
A formal Data Processing Addendum (DPA) covering GDPR and CCPA is publicly available and executable by enterprise customers at legal.mistral.ai. API data is excluded from model training by default across all paid tiers — a key requirement for regulated-sector data processors.
Privacy Policy (effective 8 April 2026) explicitly identifies Mistral AI as GDPR data controller, includes a dedicated DPO contact section, and provides a comprehensive data subject rights framework. EU Consumer Terms (effective 28 May 2026) are maintained separately and updated regularly, demonstrating active EU regulatory maintenance.
Hybrid open-weights strategy with Apache 2.0 models (Mistral 7B, Mistral Small 4, Mistral Nemo) publicly available on HuggingFace (mistralai org) enables on-premise deployment and independent security audit — a significant transparency advantage over fully closed labs.
Privacy policy review
Creator profile
Mistral AI is France's leading AI lab, incorporated in Paris and operating its inference API exclusively within EU jurisdiction — making it one of the most sovereignty-friendly frontier labs available to European regulated-sector customers. Its hybrid model portfolio combines Apache 2.0 open-weight releases with proprietary closed-weight models served via its own API, and it has formally signed the EU GPAI Code of Practice. The principal risk signals are: a minority stake held by US firm Microsoft (which scrutinised but ultimately cleared by both the CMA and EU competition authorities), a deep governance nexus with the French state (government contracts, presidential endorsement), and a training data policy that permits use of free-tier conversation data for model improvement unless customers opt out.
Stav editorial summary
Stav compliance has not yet scored Mistral Ai. Scores are published once the policy review and infrastructure assessment complete.
Findings
Citations gathered when the Compliance Curator last reviewed this creator’s public-facing documents. Grouped by source so the picture stays auditable.
“Mistral has also won a number of government contracts, including a recent award from the Prime Minister’s Office to upgrade a chatbot used by French c...”
“By early 2026 the cap table is a mix of founder equity, US and global VC (majority economic interest held by Series B/C investors) and strategic corpo...”
Mistral AI SAS - Company type: Private - Industry: Artificial intelligence - Founded: 28 April 2023; 3 years ago - Founders: Arthur Mensch; Guillaume ...
” · Soon after it was made public, OpenAI and Mistral announced their intention to sign the code, indicating early support from prominent providers.
26 organizations signed, including Amazon, Anthropic, Google, IBM, Microsoft, OpenAI, Mistral AI, Cohere, and Aleph Alpha.
While technically optional, signing the Code creates a “presumption of conformity” — meaning regulators will assume you comply unless evidence suggest...
Mistral AI will use the Snapshot API to download a complete database of Wikimedia projects in several languages daily. Mistral AI will leverage Enterp...
Mistral AI SAS - Company type: Private - Industry: Artificial intelligence - Founded: 28 April 2023; 3 years ago - Founders: Arthur Mensch; Guillaume ...
Mistral AI was cofounded in April 2023 by Arthur Mensch, formerly of Google DeepMind, alongside Guillaume Lample and Timothée Lacroix, formerly of Met...
By early 2026 the cap table is a mix of founder equity, US and global VC (majority economic interest held by Series B/C investors) and strategic corpo...
The Mistral AI Products are provided by Mistral AI, a French limited joint-stock corporation, incorporated in Paris, under number 952 418 325, with VA...
Mistral, a French AI firm founded in 2023, won a 15 million euro, or $16 million, investment from Microsoft earlier this year. Under the terms of the ...
“The CMA has concluded that the arrangements between Microsoft and Mistral are not sufficient to give Microsoft ‘material influence’ over Mistral, whi...
As of June 2026 it has been signed by approximately 24 providers — including Anthropic, Google, IBM, Microsoft, Mistral AI, OpenAI, Cohere, Aleph Alph...
Formal Wikimedia Enterprise API data partnership announced March 2026 provides an auditable, documented source of training data — a meaningful provenance disclosure relevant to Article 53(1)(d) GPAI compliance.
Founder-controlled governance via dual-class share structure (>50% voting power retained by founders) has preserved open-source commitments despite investor pressure. Active product expansion (Compute, Vibe agents, Voxtral audio, Magistral reasoning) and the Emmi AI acquisition (May 2026) demonstrate continued scaling and operational investment.
Highly active developer community with models integrated into major inference frameworks (Ollama, vLLM, LM Studio); active GitHub and HuggingFace presence; millions of open-weight model downloads. Published ArXiv research papers (Mistral 7B: arxiv:2310.06825) demonstrate technical transparency.
Published safeguards & certifications
“Mistral, a French AI firm founded in 2023, won a 15 million euro, or $16 million, investment from Microsoft earlier this year. Under the terms of the ...”
“Vibe (Pro, Team, Enterprise): conversations aren't used for model training by default. API: data sent through the API isn't used for model training. ”
“Mistral AI SAS - Company type: Private - Industry: Artificial intelligence - Founded: 28 April 2023; 3 years ago - Founders: Arthur Mensch; Guillaume ...”
“The first two chapters, Transparency and Copyright, apply to all providers of general-purpose AI models and help them meet the obligations set out in ...”
“As of June 2026 it has been signed by approximately 24 providers — including Anthropic, Google, IBM, Microsoft, Mistral AI, OpenAI, Cohere, Aleph Alph...”
“Yes, Mistral AI complies with both SOC 2 Type II and ISO 27001/27701 frameworks · 🔎 For more information, and to request a copy of our Compliance Repo...”
“Mistral AI was cofounded in April 2023 by Arthur Mensch, formerly of Google DeepMind, alongside Guillaume Lample and Timothée Lacroix, formerly of Met...”
“The Mistral AI Products are provided by Mistral AI, a French limited joint-stock corporation, incorporated in Paris, under number 952 418 325, with VA...”
“Mistral Large 2 was provided free for research use (with an open weight download) but under a “Mistral Research License” for non-commercial use, with ...”
““The CMA has concluded that the arrangements between Microsoft and Mistral are not sufficient to give Microsoft ‘material influence’ over Mistral, whi...”
The first two chapters, Transparency and Copyright, apply to all providers of general-purpose AI models and help them meet the obligations set out in ...
Yes, Mistral AI complies with both SOC 2 Type II and ISO 27001/27701 frameworks · 🔎 For more information, and to request a copy of our Compliance Repo...
Vibe (Pro, Team, Enterprise): conversations aren't used for model training by default. API: data sent through the API isn't used for model training.
Mistral Large 2 was provided free for research use (with an open weight download) but under a “Mistral Research License” for non-commercial use, with ...
Mistral has also won a number of government contracts, including a recent award from the Prime Minister’s Office to upgrade a chatbot used by French c...