Registry / Mistral via Azure AI
Mistral via Azure AI
Mistral AI models served on Microsoft Azure via Azure AI Foundry (Microsoft Foundry) Models. Some Mistral models (e.g. Mistral Large 3, Mistral Document AI) are "sold directly by Azure", hosted and operated by Azure under Azure SLAs, while others are offered as serverless Models-as-a-Service from the partners-and-community collection, where the model is a Non-Microsoft Product but Microsoft manages the hosting and acts as data processor.
Watch-outs 6
The cells where this offering is not a clean public yes. This is what to check before you sign.
- SOC 2 Type II: Partial SOC 2 Type II audit scope for Foundry models is not explicitly confirmed.
- ISO 27001: Partial Coverage of third-party Foundry model deployments is not publicly verifiable.
- ISO 42001: Partial Scope may not cover third-party models hosted on the platform.
- HIPAA BAA: Partial BAA coverage for Mistral serverless/Foundry Models is not publicly enumerated.
- Residency: Partial Data processed between regions within a geography, not single-region pinned.
- Art. 53 summary: No public evidence Art. 53 training-data summary not published by developer.
Azure undergoes SOC 2 Type II audits and Microsoft's Foundry data-privacy doc states serverless model deployments "are subject to Azure data, privacy, and security commitments." However, the service-level audit scope (Appendices A/B of the Azure Compliance Offerings document) is gated on the Service Trust Portal, and public docs do not explicitly confirm that third-party Foundry model hosting (Mistral serverless / Foundry Models) is inside the audited boundary. Models from partners and community are "Non-Microsoft Products" under the Product Terms. Two-level rule - this cell describes the serving platform (Microsoft Azure), not Mistral AI's own SOC 2.
tier: self_serve · route: trust_center_nda ·
report_access: Microsoft Service Trust Portal (sign-in required) · report_cadence: semi-annual, with quarterly bridge letters
Azure is ISO/IEC 27001 certified (regular independent third-party audits). As with SOC 2, the certificate's statement-of-applicability / in-scope service list is gated on the Service Trust Portal, so explicit coverage of third-party Foundry model deployments (Mistral) is not publicly verifiable. Platform-level cell per the two-level rule.
tier: self_serve · route: trust_center_nda ·
certificate_access: Microsoft Service Trust Portal (sign-in required)
Microsoft lists "Microsoft Foundry" among services in scope for its ISO/IEC 42001 certification, which covers the platform serving this offering. The certificate and exact scope statement are gated on the Service Trust Portal, and public docs do not state whether the certified AI-management-system scope extends to hosting of third-party (Mistral) models specifically. No public evidence of an ISO 42001 certification held by Mistral AI itself; this cell grades the serving platform.
tier: self_serve · route: trust_center_nda ·
first_certified: 2025 (announced for Azure AI Foundry Models and Security Copilot, July 2025) · in_scope_service: Microsoft Foundry
Microsoft maintains a public Trust Center; audit reports and certificates are distributed via the Service Trust Portal, which requires sign-in. Platform-level cell; Mistral AI operates its own separate trust/legal pages (legal.mistral.ai) not graded here.
tier: self_serve · route: public ·
audit_artifacts: https://servicetrust.microsoft.com/
Microsoft's HIPAA BAA is automatically part of the Product Terms/DPA for all covered-entity customers, but it applies only to "in-scope Azure services," and the in-scope list is in the gated Azure Compliance Offerings document on the Service Trust Portal. Public documentation does not confirm whether Mistral serverless (MaaS) or Foundry Models deployments are HIPAA in-scope; partners-and-community models are Non-Microsoft Products under the Product Terms, which typically fall outside BAA coverage. Graded partial: BAA is public and default for Azure, coverage of this specific offering is not publicly enumerated.
tier: self_serve · route: public · default: enabled ·
baa_mechanism: included by default in Microsoft Product Terms / DPA ("execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement")
Microsoft's Foundry data-privacy doc states the Microsoft Products and Services Data Protection Addendum "governs data processing by Azure services" including these deployments, and that Microsoft acts as the data processor for prompts/outputs of serverless model deployments. The DPA is public, incorporates SCCs, and Microsoft publishes an online services subprocessor list. Platform terms; Mistral AI's own DPA (legal.mistral.ai) is not what governs this offering.
tier: self_serve · route: public · default: enabled ·
dpa_url: https://aka.ms/DPA · processor_role: Microsoft acts as data processor for prompts and outputs of serverless model deployments
Explicit commitment for serverless deployments - "Microsoft doesn't share these prompts and outputs with the model provider. Also, Microsoft doesn't use these prompts and outputs to train or improve Microsoft models, the model provider's models, or any third party's models." The Foundry Models FAQ repeats this ("customer data is never shared with model providers"). Caveat - Microsoft may share customer contact information and transaction/usage-volume details (not content) with the model publisher for marketplace purposes.
tier: self_serve · route: public · default: enabled ·
fine_tuning_data: not used to train/retrain/improve any Microsoft or non-Microsoft model except as customer directs · shared_with_model_provider: no (prompts and outputs are not shared with Mistral)
For serverless API deployments Microsoft documents that models are stateless and store no prompts or outputs; content filtering, if enabled, is real-time screening. No Azure-OpenAI-style abuse-monitoring retention window is documented for third-party serverless models. Fine-tuning data is stored in the customer's datastore with encryption at rest (optional CMK) and is deletable at any time. Statement covers the serverless/Foundry Models route; managed-compute deployments are customer-managed infrastructure.
tier: self_serve · route: public · default: enabled ·
content_filtering: Azure AI Content Safety screens prompts/outputs in real time when enabled · inference_retention: none documented - 'Models are stateless, and they don't store any prompts or outputs'
Two documented residency levers - (1) serverless API deployments: "Prompts and outputs are processed within the geography specified during deployment, but they might be processed between regions within the geography"; (2) Mistral models sold directly by Azure offer "Data zone standard (US and EU)" deployments alongside Global standard (which may process data in any Azure location, with data at rest in the designated geography). Graded partial - pinning is geography/data-zone level rather than single-region for these deployment types, and Microsoft's EU Data Boundary commitments are not publicly confirmed to cover third-party (non-Microsoft-product) models.
tier: self_serve · route: public · default: requires_config · geography: EU data zone available
serverless_commitment: prompts and outputs processed within the geography specified at deployment, possibly across regions within that geography · mistral_deployment_types: Global standard (all regions); Data zone standard (US and EU) for e.g. Mistral-Large-3, mistral-document-ai, mistral-medium-3-5
Two-level rule - this cell describes Mistral AI, the model developer and GPAI provider under the EU AI Act, not Microsoft (the distributor). Mistral AI appears on the European Commission's GPAI Code of Practice signatory list without any chapter limitation. Microsoft has separately signed the Code, but the provider obligation for Mistral models rests with Mistral.
route: public ·
chapters: all (no selective-signature caveat; contrast xAI, listed as Safety & Security chapter only) · signatory: Mistral AI
Developer-level cell (Mistral AI, per the two-level rule). No public Article 53(1)(d) training-content summary in the EC template format could be located on Mistral's sites as of 2026-07-05. Mistral's help center still states "We do not disclose the datasets used to train our models" (https://help.mistral.ai/en/articles/347390-does-mistral-ai-disclose-its-training-datasets). Some secondary analyses claim Mistral has published a template-aligned disclosure, but no primary artifact was found, so this is graded no_public_evidence rather than conflicting_sources. Needs human re-check as compliance deadlines bite.
checked: mistral.ai, legal.mistral.ai, help.mistral.ai, EC digital-strategy pages · deadline_context: mandatory EC template published 2025-07-24; required at market placement for models placed after 2025-08-02, transitional deadline 2027-08-02 for earlier models
no public source
Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.