AI Provider Trust Registry evidence verified as of 2026-07-05

Registry / compare

DeepSeek API (first-party) vs DeepSeek via Fireworks AI

The same dimension can grade differently depending on who serves the model. Every cell links to its source; grades are evidence grades, not endorsements.

Dimension DeepSeek API (first-party) DeepSeek via Fireworks AI
SOC 2 Type II No public evidence No SOC 2 Type II report, attestation announcement, or audit-report request channel was found on deepseek.com, in the DeepSeek Open Platform Terms of Service, or in the privacy... Yes, sales-gated Fireworks' security docs state the platform is SOC 2 Type II compliant and that "documentation and audit reports are available in our Trust Center" (trust.fireworks.ai). The...
ISO 27001 No public evidence No ISO/IEC 27001 certificate, certificate number, or certification claim was found on deepseek.com or in DeepSeek's published policies. No accredited-registrar listing for... Yes, public Fireworks docs state ISO 27001 certification (plus ISO 27701 privacy extension) with certificate PDFs downloadable from the Trust Center. Platform-level certification...
ISO 42001 No public evidence No ISO/IEC 42001 (AI management system) certification claim was found in any DeepSeek public material. Yes, public Fireworks docs list ISO 42001 (AI management system) among its certifications, with certificate PDFs available via the Trust Center. Certifies Fireworks' AI management...
Trust center No public evidence No trust center, security portal, or compliance-documentation page was found on deepseek.com or platform.deepseek.com. Public documentation is limited to legal policies hosted... Yes, public Maintained SafeBase-style trust center; hosts certifications, audit reports, and (per the DPA) subprocessor-change notifications customers can subscribe to. Page is...
HIPAA BAA No public evidence Neither the DeepSeek Open Platform Terms of Service nor the privacy policy mentions HIPAA, PHI, or a Business Associate Agreement, and no BAA request channel was found. The... Partial Fireworks publicly states the inference platform is HIPAA compliant (docs and enterprise page), which conventionally implies BAA availability, but no public BAA terms were...
GDPR DPA No public evidence No public Data Processing Agreement, Standard Contractual Clauses, or subprocessor list was found; the Open Platform Terms of Service (release date April 22, 2026) contain no... Yes, public Public DPA (PDF) incorporates the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914, Module Two) plus Swiss addendum provisions, and publishes the...
No-training default No public evidence No public commitment NOT to train on customer data by default was found; the privacy policy states the opposite. It lists Prompts/Inputs ("text input, voice input, prompt,... Yes, public Privacy policy: "We do not use your prompts, training data, or API inputs to train or improve our AI models without your explicit opt-in." The public DPA reinforces this...
Retention / ZDR Partial Retention is addressed only in general terms: "We retain Personal Data for as long as necessary to provide our Services and for the other purposes set out in this Privacy... Yes, public Zero data retention is the documented default for open models: prompt and generation data "exist only in volatile memory for the duration of the request" and are not written to...
Residency No public evidence No region-pinning or EU-residency option exists. The privacy policy (last update Feb 10, 2026) states: "To provide you with our services, we directly collect, process and store... Partial The core point of this row: Fireworks, a US-based company, serves open-weight DeepSeek models entirely on its own infrastructure (AWS, GCP, Oracle Cloud data centers per its...
GPAI Code No public evidence DeepSeek (Hangzhou DeepSeek Artificial Intelligence) does not appear on the European Commission's GPAI Code of Practice signatory list, in full or for any individual chapter,... No public evidence Per the two-level rule this dimension describes DeepSeek, the model developer, the GPAI Code of Practice is a provider obligation, and for open-weight models the GPAI provider...
Art. 53 summary No public evidence No Article 53(1)(d) public training-content summary using the EU AI Office template was found on deepseek.com, api-docs.deepseek.com, or in DeepSeek model release materials.... No public evidence Describes DeepSeek as the GPAI provider (not Fireworks). No public training-content summary using the EC's mandatory template (published 24 July 2025) was found for DeepSeek...