AI Models by Country & Business Safety
Which country owns each major AI model, and how safe each one is for business use.
If your company is choosing an AI model, the vendor's home country decides who can legally reach your business data. Search any model below to see its home country, developer, open or closed weights, and a business safety score — then read how the score works further down. For deeper context, see our self-hosted AI models guide and AI tool comparisons.
33 models
Nova (2)
Runs inside AWS via Bedrock/PrivateLink; not used for training. SOC 2, broad ISO suite, HIPAA-eligible, FedRAMP High, AWS Region data residency.
Phi-4
Permissive MIT open weights; self-host anywhere, or run on Azure with SOC 2 / ISO 27001 / HIPAA BAA.
Pharia-1
Built explicitly for GDPR / EU AI Act with on-prem/sovereign deployment; no prompt storage on the public API. Weights are non-commercial.
Claude (Opus / Sonnet / Haiku)
API/commercial data not used for training; available via AWS Bedrock and Google Vertex for regional routing. SOC 2, ISO 27001/42001, HIPAA BAA, zero-retention available.
Gemini (2.x Pro / Flash)
Via Vertex AI, data is processed in your chosen Google Cloud region and not used for training; SOC 2, ISO 27001, HIPAA-eligible, GDPR DPA. Consumer Gemini app data can be used.
gpt-oss (120b / 20b)
Open weights you can self-host; data stays in your own infrastructure and OpenAI has no visibility into inputs.
Gemma (3 / 4)
Open weights for self-hosting; the Gemma Terms of Use impose contractual use restrictions even when self-hosted.
Llama (3.x / 4)
Open weights you fully self-host; license governed by California law and caps very large commercial deployments.
Jamba (1.x)
Israel-based (EU adequacy applies); SOC 2 and ISO 27001/27017/27018, with private VPC/on-prem deployment for regulated data.
GPT-5 (and GPT-4o, o-series)
API and enterprise data are not used for training; consumer chats can be. Subject to US legal process (CLOUD Act). HIPAA BAA and zero-retention available.
Command (A / R+)
Built for enterprise: SOC 2 Type II, ISO 27001/42001, private/VPC deployment with no Cohere data access; trains by default with opt-out and 30-day deletion.
Mistral (Large / open models)
EU-native (GDPR) with EU data residency and zero-retention available; trains on inputs by default unless you opt out / enable ZDR. Open models are self-hostable.
Grok (4.x)
API data not used for training; SOC 2 Type 2 and zero-retention confirmed, but ISO 27001 and HIPAA BAA are not advertised. Tight X-platform integration is an added consideration.
Stable Diffusion (image)
UK-based (UK GDPR); open weights run fully locally, so all data stays on your own hardware. Free for entities under $1M revenue.
FLUX (image)
German/EU (GDPR); schnell variant is Apache 2.0 and self-hostable, dev is non-commercial, and pro/max are API-only.
SEA-LION
Singapore government-backed open model for Southeast Asian languages; weights are downloadable and self-hostable.
HyperCLOVA X
Korea’s sovereign Korean-language model; open SEED weights are self-hostable, with VPC deployment for the commercial tier via NAVER Cloud.
EXAONE
Korean/English open weights, but the license is non-commercial — commercial use requires a separate agreement with LG AI Research.
Solar
Smaller Solar models are Apache 2.0 and self-hostable; the 100B flagship uses a custom weights license, with a hosted API also available.
Sakana models
Tokyo lab that open-sources research artifacts under Apache 2.0 while building proprietary models for Japanese enterprises.
Sarvam
Positioned as India’s sovereign AI: built and operated in India with private/on-prem deployment and claimed SOC 2 / ISO 27001 / DPDP compliance.
tsuzumi
NTT’s lightweight Japanese-specialized model, marketed for enterprise on-prem / private deployment.
Krutrim
India-built multilingual Indic model; open weights are self-hostable, also served via Krutrim Cloud.
Falcon
Abu Dhabi government-backed open models for research and commercial use; weights are downloadable and self-hostable.
Where the Major AI Companies Are Based
Most leading AI models come from the United States or China, with a smaller cluster in Europe. Here is where the companies behind the best-known models are headquartered.
- American AI models: ChatGPT and GPT-5 (OpenAI), Claude (Anthropic), Gemini and Gemma (Google), Llama (Meta), Phi (Microsoft), Grok (xAI), and Nova (Amazon) are all based in the United States.
- Chinese AI models: DeepSeek, Qwen (Alibaba), ERNIE (Baidu), GLM (Z.ai), Kimi (Moonshot), Hunyuan (Tencent), Doubao (ByteDance), MiniMax, and Yi (01.AI) are based in China.
- European AI models: Mistral is based in France; Aleph Alpha (Pharia) and Black Forest Labs (FLUX) are in Germany; and Stability AI is in the United Kingdom.
- Other regions: Cohere is Canadian, AI21 (Jamba) is Israeli, Falcon (TII) is from the UAE, SEA-LION is from Singapore, Sarvam and Krutrim are Indian, HyperCLOVA X, EXAONE, and Solar are South Korean, and Sakana AI and NTT (tsuzumi) are Japanese.
Why Country of Origin Matters for Business
The country that controls an AI vendor controls the legal reach over your company data. A China-hosted API processes your prompts under PRC laws such as the National Intelligence Law. US vendors fall under the CLOUD Act, and EU vendors under GDPR. For regulated or sensitive business data, that jurisdiction is often the deciding factor.
Open weights change the math. When a model is open and your team self-hosts it, your data never leaves your infrastructure, so the vendor's home country stops mattering for privacy. This is why a self-hosted Chinese open-weight model can be safer than a closed US API for sensitive workloads. The deployment, not just the flag, drives the real risk.
In practice, the blocker we see stall AI projects is rarely the model's quality. It is a procurement or compliance team asking where the data goes and which law applies. This page is built to answer that question first.
How the Business Safety Score Works
Each model gets a score from 0 to 100, where higher means lower risk for a business handling real customer or company data. The score is computed the same way for every model from five equally weighted dimensions, so it is reproducible rather than an opinion.
| Dimension (0–20 each) | What it measures for your business |
|---|---|
| Jurisdiction & data access | Home-country rule of law and government data-access regime for the hosted API. |
| Data privacy / training default | Whether the provider trains on your inputs, and if zero-retention is available. |
| Compliance certifications | SOC 2, ISO 27001, HIPAA BAA, and GDPR DPA availability. |
| Deployment control | Open weights (self-host) vs private/VPC vs API-only. |
| Transparency & accountability | Clear terms, vendor maturity, and security track record. |
- 80–100 — Low risk: safe default for most business data.
- 65–79 — Moderate risk: fine with standard controls and review.
- 50–64 — Elevated risk: use with care; prefer self-hosting where open.
- Below 50 — High risk: avoid for sensitive business data without legal review.
Scores reflect the typical hosted-API deployment most businesses use. For open-weight models, the note on each card explains how self-hosting lowers the real risk. Where a fact could not be confirmed from a primary source, the dimension is scored conservatively as unknown rather than guessed.
Researched and reviewed by Jonathan West, Founder of Layer3Labs, using each vendor's own privacy policies, trust centers, and license terms. Last updated June 2026; the AI landscape moves fast, so verify current terms before a final decision. Learn more about our team and approach.
Frequently Asked Questions
Where is OpenAI based?
OpenAI, the company behind ChatGPT and GPT-5, is based in San Francisco, California, in the United States. As a US company, its API and enterprise data are subject to US law.
Is ChatGPT American?
Yes. ChatGPT is made by OpenAI, an American company headquartered in San Francisco. Business data sent to the ChatGPT or GPT API is processed under US jurisdiction.
Is DeepSeek Chinese?
Yes. DeepSeek is a Chinese AI company based in Hangzhou, China. Its hosted API stores data in China under PRC law, but its open weights are MIT-licensed and can be self-hosted outside China.
Where is Mistral AI based?
Mistral AI is based in Paris, France. As an EU company it operates under GDPR, with EU data residency and zero-retention options available for business customers.
Where is Anthropic (Claude) based?
Anthropic, the maker of Claude, is based in San Francisco, California, in the United States. Claude’s API and enterprise data are not used for training and fall under US jurisdiction.
Which AI models are Chinese?
The major Chinese AI models are DeepSeek, Qwen (Alibaba), ERNIE (Baidu), GLM (Z.ai/Zhipu), Kimi (Moonshot), Hunyuan (Tencent), Doubao (ByteDance), MiniMax, and Yi (01.AI). Most are open-weight, which matters for business: the data-jurisdiction risk applies to their China-hosted APIs, not to the weights you download and self-host.
Are Chinese AI models safe for business?
It depends entirely on how your business deploys them. Using a China-hosted API means your company prompts are processed in the PRC under laws like the National Intelligence Law, which is an elevated risk for business data. Because most Chinese models are open-weight, self-hosting them outside China removes that jurisdiction exposure.
Which AI models are safest for business use?
For business, the highest-scoring models are US and European ones with enterprise terms: no training on your inputs, SOC 2 / ISO certifications, and VPC or self-hosting options. Microsoft Phi, Amazon Nova, Anthropic Claude, Google Gemini, and Meta Llama all score in the low-risk tier on our rubric.
How is the business safety score calculated?
Each model is scored from 0 to 100 across five equally weighted dimensions: legal jurisdiction and government data-access risk, data-privacy and training-default policy, compliance certifications, deployment control, and vendor transparency. Scores are computed the same way for every model, not assigned by hand.
Does an open-weight model remove data-privacy risk for a company?
Largely, yes. When your company self-hosts open weights on its own infrastructure, no prompts leave your environment and the vendor has no visibility into your data, regardless of where the company is based. Your team then owns its own security and compliance controls.
The Bottom Line
For business use, an AI model's country and deployment matter as much as its quality. US and European models with no-train terms and strong certifications score safest, China-hosted APIs carry the most jurisdiction risk, and open weights let you self-host to neutralize that risk entirely. Use the score as a starting filter, then confirm current terms with the vendor before you commit.
Keep exploring with our self-hosted AI models guide, head-to-head AI comparisons, and AI implementation guides.
Not Sure Which Model Fits Your Business?
The right model depends on your data sensitivity, budget, and compliance needs. Book a free AI workflow audit and we will recommend the safest model that fits your use case — and wire it into your tools.
Book your free audit