AI Provider Trust Registry evidence verified as of 2026-07-05

Registry / Mistral via Azure AI

Mistral via Azure AI

developer: Mistral AI platform: Microsoft Azure category: cloud distribution

Mistral AI models served on Microsoft Azure via Azure AI Foundry (Microsoft Foundry) Models. Some Mistral models (e.g. Mistral Large 3, Mistral Document AI) are "sold directly by Azure", hosted and operated by Azure under Azure SLAs, while others are offered as serverless Models-as-a-Service from the partners-and-community collection, where the model is a Non-Microsoft Product but Microsoft manages the hosting and acts as data processor.

Watch-outs 6

The cells where this offering is not a clean public yes. This is what to check before you sign.

Vendor trust
SOC 2 Type II Is a SOC 2 Type II report available for this offering?
Partial confidence: medium · verified 2026-07-05

Azure undergoes SOC 2 Type II audits and Microsoft's Foundry data-privacy doc states serverless model deployments "are subject to Azure data, privacy, and security commitments." However, the service-level audit scope (Appendices A/B of the Azure Compliance Offerings document) is gated on the Service Trust Portal, and public docs do not explicitly confirm that third-party Foundry model hosting (Mistral serverless / Foundry Models) is inside the audited boundary. Models from partners and community are "Non-Microsoft Products" under the Product Terms. Two-level rule - this cell describes the serving platform (Microsoft Azure), not Mistral AI's own SOC 2.

tier: self_serve · route: trust_center_nda ·

report_access: Microsoft Service Trust Portal (sign-in required) · report_cadence: semi-annual, with quarterly bridge letters

source

ISO 27001 Is there an ISO/IEC 27001 certification covering this offering?
Partial confidence: medium · verified 2026-07-05

Azure is ISO/IEC 27001 certified (regular independent third-party audits). As with SOC 2, the certificate's statement-of-applicability / in-scope service list is gated on the Service Trust Portal, so explicit coverage of third-party Foundry model deployments (Mistral) is not publicly verifiable. Platform-level cell per the two-level rule.

tier: self_serve · route: trust_center_nda ·

certificate_access: Microsoft Service Trust Portal (sign-in required)

source

ISO 42001 Is there an ISO/IEC 42001 (AI management system) certification?
Partial confidence: medium · verified 2026-07-05

Microsoft lists "Microsoft Foundry" among services in scope for its ISO/IEC 42001 certification, which covers the platform serving this offering. The certificate and exact scope statement are gated on the Service Trust Portal, and public docs do not state whether the certified AI-management-system scope extends to hosting of third-party (Mistral) models specifically. No public evidence of an ISO 42001 certification held by Mistral AI itself; this cell grades the serving platform.

tier: self_serve · route: trust_center_nda ·

first_certified: 2025 (announced for Azure AI Foundry Models and Security Copilot, July 2025) · in_scope_service: Microsoft Foundry

source · archived copy

Trust center Is there a maintained trust center / compliance portal?
Yes, public confidence: high · verified 2026-07-05

Microsoft maintains a public Trust Center; audit reports and certificates are distributed via the Service Trust Portal, which requires sign-in. Platform-level cell; Mistral AI operates its own separate trust/legal pages (legal.mistral.ai) not graded here.

tier: self_serve · route: public ·

audit_artifacts: https://servicetrust.microsoft.com/

source

Data handling
HIPAA BAA Will they sign a HIPAA Business Associate Agreement covering this offering?
Partial confidence: medium · verified 2026-07-05

Microsoft's HIPAA BAA is automatically part of the Product Terms/DPA for all covered-entity customers, but it applies only to "in-scope Azure services," and the in-scope list is in the gated Azure Compliance Offerings document on the Service Trust Portal. Public documentation does not confirm whether Mistral serverless (MaaS) or Foundry Models deployments are HIPAA in-scope; partners-and-community models are Non-Microsoft Products under the Product Terms, which typically fall outside BAA coverage. Graded partial: BAA is public and default for Azure, coverage of this specific offering is not publicly enumerated.

tier: self_serve · route: public · default: enabled ·

baa_mechanism: included by default in Microsoft Product Terms / DPA ("execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement")

source

GDPR DPA Is there a public DPA with SCCs and a published subprocessor list?
Yes, public confidence: high · verified 2026-07-05

Microsoft's Foundry data-privacy doc states the Microsoft Products and Services Data Protection Addendum "governs data processing by Azure services" including these deployments, and that Microsoft acts as the data processor for prompts/outputs of serverless model deployments. The DPA is public, incorporates SCCs, and Microsoft publishes an online services subprocessor list. Platform terms; Mistral AI's own DPA (legal.mistral.ai) is not what governs this offering.

tier: self_serve · route: public · default: enabled ·

dpa_url: https://aka.ms/DPA · processor_role: Microsoft acts as data processor for prompts and outputs of serverless model deployments

source · archived copy

No-training default Is there a public commitment not to train on customer API data by default?
Yes, public confidence: high · verified 2026-07-05

Explicit commitment for serverless deployments - "Microsoft doesn't share these prompts and outputs with the model provider. Also, Microsoft doesn't use these prompts and outputs to train or improve Microsoft models, the model provider's models, or any third party's models." The Foundry Models FAQ repeats this ("customer data is never shared with model providers"). Caveat - Microsoft may share customer contact information and transaction/usage-volume details (not content) with the model publisher for marketplace purposes.

tier: self_serve · route: public · default: enabled ·

fine_tuning_data: not used to train/retrain/improve any Microsoft or non-Microsoft model except as customer directs · shared_with_model_provider: no (prompts and outputs are not shared with Mistral)

source · archived copy

Retention / ZDR Is retention documented, and is zero-data-retention available?
Yes, public confidence: high · verified 2026-07-05

For serverless API deployments Microsoft documents that models are stateless and store no prompts or outputs; content filtering, if enabled, is real-time screening. No Azure-OpenAI-style abuse-monitoring retention window is documented for third-party serverless models. Fine-tuning data is stored in the customer's datastore with encryption at rest (optional CMK) and is deletable at any time. Statement covers the serverless/Foundry Models route; managed-compute deployments are customer-managed infrastructure.

tier: self_serve · route: public · default: enabled ·

content_filtering: Azure AI Content Safety screens prompts/outputs in real time when enabled · inference_retention: none documented - 'Models are stateless, and they don't store any prompts or outputs'

source · archived copy

Residency Can data be pinned to a region (especially the EU)?
Partial confidence: medium · verified 2026-07-05

Two documented residency levers - (1) serverless API deployments: "Prompts and outputs are processed within the geography specified during deployment, but they might be processed between regions within the geography"; (2) Mistral models sold directly by Azure offer "Data zone standard (US and EU)" deployments alongside Global standard (which may process data in any Azure location, with data at rest in the designated geography). Graded partial - pinning is geography/data-zone level rather than single-region for these deployment types, and Microsoft's EU Data Boundary commitments are not publicly confirmed to cover third-party (non-Microsoft-product) models.

tier: self_serve · route: public · default: requires_config · geography: EU data zone available

serverless_commitment: prompts and outputs processed within the geography specified at deployment, possibly across regions within that geography · mistral_deployment_types: Global standard (all regions); Data zone standard (US and EU) for e.g. Mistral-Large-3, mistral-document-ai, mistral-medium-3-5

source

EU AI Act
GPAI Code Is the model developer on the EC's GPAI Code of Practice signatory list?
Yes, public confidence: high · verified 2026-07-05

Two-level rule - this cell describes Mistral AI, the model developer and GPAI provider under the EU AI Act, not Microsoft (the distributor). Mistral AI appears on the European Commission's GPAI Code of Practice signatory list without any chapter limitation. Microsoft has separately signed the Code, but the provider obligation for Mistral models rests with Mistral.

route: public ·

chapters: all (no selective-signature caveat; contrast xAI, listed as Safety & Security chapter only) · signatory: Mistral AI

source · archived copy

Art. 53 summary Has the model developer published the Art. 53 training-data summary?
No public evidence confidence: medium · verified 2026-07-05

Developer-level cell (Mistral AI, per the two-level rule). No public Article 53(1)(d) training-content summary in the EC template format could be located on Mistral's sites as of 2026-07-05. Mistral's help center still states "We do not disclose the datasets used to train our models" (https://help.mistral.ai/en/articles/347390-does-mistral-ai-disclose-its-training-datasets). Some secondary analyses claim Mistral has published a template-aligned disclosure, but no primary artifact was found, so this is graded no_public_evidence rather than conflicting_sources. Needs human re-check as compliance deadlines bite.

checked: mistral.ai, legal.mistral.ai, help.mistral.ai, EC digital-strategy pages · deadline_context: mandatory EC template published 2025-07-24; required at market placement for models placed after 2025-08-02, transitional deadline 2027-08-02 for earlier models

no public source

Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.