Loading the catalogue…
Loading the catalogue…
Open-model inference via OpenAI-compatible API from IONOS (United Internet), with processing confined to Germany.
Compliance posture
Routed through Stav's upstream relationship with this operator.
Stav's assessment · serving-side
IONOS AI Model Hub is operated by IONOS Group SE, a German-listed company incorporated and headquartered in Germany, with inference running exclusively on IONOS-owned hardware in Berlin under German and EU law — the strongest sovereignty posture available, with no US parent entity and no CLOUD Act exposure. Serving residency and legal exposure are both near-ceiling, reflecting genuine EU digital sovereignty rather than the partial exposure typical of EU-hosted US-hyperscaler sub-processors. The composite lands in the conditional band primarily because the contractual posture dimension is meaningfully weaker: while AI Services Terms are publicly published and the DPA is referenced in governance documentation, no standalone publicly downloadable DPA or enumerated AI Model Hub-specific sub-processor list has been located, creating Article 28 procurement friction for regulated customers. Security posture is solid but not top-tier: the BSI C5 attestation is Type 1 (point-in-time) rather than Type 2 (operational) and does not explicitly name the AI Model Hub serving layer as an attested scope, which regulated customers under DORA should address by requesting the full attestation report and TOMs documentation. Stav's operational verdict: sovereign EU serving is available and structurally sound; IONOS AI Model Hub may be used for EU-regulated workloads subject to obtaining a signed Art. 28-compliant DPA and a confirmed sub-processor list directly from IONOS before processing personal data.
Inference runs exclusively on IONOS-owned hardware in Berlin, Germany, explicitly confined within Germany with no non-EEA fallback path documented.
IONOS Group SE is a German-listed company with no US parent, no CLOUD Act exposure, and EEA-only serving infrastructure, giving it one of the strongest sovereignty positions available.
AI Model Hub operates statelessly with prompts and outputs discarded at session end; AI Services Terms §2.3 contractually prohibit training on customer data without express consent, though independent technical verification (e.g. Type 2 C5 covering the AI Model Hub layer) is not yet available.
BSI C5 (Type 1), BSI IT-Grundschutz, and ISO 27001 certifications are current and sourced, but the C5 attestation is point-in-time (not Type 2 operational) and does not explicitly name the AI Model Hub serving layer as an attested scope.
Risk assessment
BSI C5 attestation obtained in November 2023 is Type 1 (point-in-time design audit), not Type 2 (12-month operational effectiveness). The attested scope covers Compute Engine, Cloud Cubes, and S3 Object Storage — not the AI Model Hub serving layer explicitly. Regulated customers (especially under DORA) typically require a Type 2 attestation for ICT third-party risk sign-off. source ↗
SECURITYAI Services Terms §1.6 acknowledge that 'underlying AI models or systems may be provided by third parties' and require customers to comply with those third-party terms of use. No publicly accessible, AI Model Hub-specific sub-processor list has been found; it is unclear which third-party model vendors, CDN, or logging sub-processors are engaged at the serving layer. source ↗
SUBPROCESSINGThe AI Model Hub governance documentation references a Data Processing Agreement (DPA) but no standalone, publicly downloadable DPA document for the AI Model Hub (or IONOS Cloud broadly) was found during this investigation. Regulated EU customers need a signed, Article 28-compliant DPA before processing personal data; its absence from the public portal creates friction in procurement. source ↗
CONTRACTUALSafeguards
Inference and data processing run exclusively on IONOS-owned hardware in the Berlin, Germany data centre. Processing is explicitly stated to be 'confined within Germany.' IONOS operates as a German company with EU-registered legal entities, operationally separated from any US business, giving customers meaningful digital sovereignty under German and EU law. source ↗
AI Model Hub operates as a stateless service: user prompts and outputs are discarded at the end of each session and are not logged, recorded, or retained for future reference. Contractually reinforced in AI Services Terms §2.3: IONOS will not use customer data to train or further develop underlying AI models without express consent. source ↗
The EU AI Act governance page explicitly states that customer data (including prompts and RAG inputs) is processed exclusively for service provision and, per the DPA, is not used for training, fine-tuning, or improving any AI models. source ↗
BSI C5 Type 1 attestation (November 2023) covering over 190 control mechanisms across Compute Engine, Cloud Cubes, and S3 Object Storage, audited by an independent third-party auditor. IONOS is the first cloud provider to hold both BSI C5 and BSI IT-Grundschutz simultaneously, as confirmed by BSI President Claudia Plattner. source ↗
Privacy-policy issues
No standalone public DPA download identified for AI Model Hub. source ↗
The governance docs reference a DPA and confirm its key provisions, but no publicly accessible, standalone DPA document (as required under GDPR Art. 28 for controller–processor relationships) was locatable for the AI Model Hub or IONOS Cloud product; regulated customers will need to request it directly, which adds procurement friction.
No AI Model Hub-specific sub-processor list published. source ↗
AI Services Terms §1.6 acknowledge that third-party model providers are used, but no enumerated sub-processor list for the AI Model Hub serving layer (covering model vendors, CDN, logging, monitoring) is publicly available, limiting customer ability to assess downstream data flows per GDPR Art. 28(3)(d).
Model version changes without notice. source ↗
AI Services Terms §3 permit IONOS to 'modify, replace, or discontinue models or components at any time for any reason without notice,' which means the serving-side model can change without customer notification — potentially relevant where model auditability is required under EU AI Act or sector-specific regulation.
Certifications & legal documents
Dedicated AI Services Terms are publicly published and a DPA is referenced and confirmed in governance docs, but no standalone publicly downloadable DPA or AI Model Hub-specific sub-processor list has been located, creating Art. 28 procurement friction for regulated customers.
The published SLA (99.95% Compute Engine monthly average) applies to the underlying compute infrastructure, not the AI Model Hub API endpoint specifically. No AI Model Hub-specific SLA with defined uptime guarantees, RPO/RTO, or financial remedies for inference downtime was found. source ↗
CONTRACTUALThe IONOS Cloud status page shows multiple recent infrastructure incidents (S3 FRA elevated error rate Jun 19, DCD slowness Jun 15, provisioning degradation Jun 18, 2026), all resolved within hours. GPU Server supply is noted as 'currently limited' on the status page, which may affect AI Model Hub inference capacity under load. source ↗
RESILIENCEAI Services Terms §3 reserve the right for IONOS to 'modify, replace, or discontinue models or components at any time for any reason without notice.' This means the specific model version serving production traffic can change unilaterally without customer consent or advance warning, which may be problematic for regulated use cases with model-version auditability requirements. source ↗
GOVERNANCEBSI IT-Grundschutz certification held since September 2022, certifying that IONOS has implemented suitable IT security measures and operates an effective Information Security Management System (ISMS). ISO 27001 certification also held for data centres. source ↗
Encryption of data both at rest and in transit is confirmed. API endpoints are protected by API key tokens. Regular security audits and compliance checks are performed. Physical and technical measures include firewall management, IPS/IDS, DDoS protection, and encrypted remote access. source ↗
Dedicated AI Services Terms of Use are publicly published, supplementing the General Terms and Conditions. Terms explicitly cover: data ownership remains with the customer (§2.3), no training on customer data without express consent (§2.3), third-party model compliance obligations (§1.6), and GDPR compliance design. source ↗
A Data Processing Agreement (DPA) is referenced in the EU AI Act governance documentation and confirmed to prohibit use of customer data for AI model training. GDPR compliance is explicitly stated as a design principle of the AI Model Hub. source ↗
IONOS operates a public status page (status.ionos.cloud) with real-time and historical incident tracking, email/webhook notification subscriptions, and transparent post-incident updates. Incident acknowledgement delay is typically under 15 minutes per third-party monitoring. source ↗
EU AI Act compliance role is publicly documented: IONOS Cloud acts as Distributor/intermediary for open-source models, with transparency obligations fulfilled via per-model documentation pages. Governance and compliance section is publicly accessible in docs. source ↗
Published SLA of 99.95% monthly average availability for the underlying Compute Engine infrastructure, with tiered credit-note remedies (5%–40% of monthly billing) if SLA thresholds are missed. source ↗
Breach notification window not explicitly stated in AI Services Terms. source ↗
The AI Services Terms and publicly accessible AI Model Hub documentation do not specify an explicit breach notification timeline at the serving boundary; GDPR Art. 33 requires 72-hour supervisory authority notification, but the contractual commitment to notify customers is not visible in the public-facing AI Services Terms.