AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

Mistral AI

Mistral Large 2

v2 · frontier · Released July 24, 2024

Cleared

Updated June 27, 2026

No active compliance flags. EU-based vendor with strong GDPR data residency story. Available via La Plateforme and Azure AI Foundry.

Enterprise guidance

Mistral Large 2 is developed by a Paris-based company and is a strong choice for organizations with EU data residency requirements or GDPR compliance concerns. La Plateforme (Mistral's API) processes data in France and does not use API data to train models. Mistral Large 2 is also available via Azure AI Foundry and AWS Bedrock with data residency in your chosen region.

Data handling

Default data retention

La Plateforme: transient processing only; prompts not retained for training

Zero-retention available

Yes

Via: La Plateforme (default behavior); Azure AI Foundry; AWS Bedrock

API data used for training

No

Mistral AI does not use La Plateforme API data to train models.

GDPR Data Processing Agreement

Available

HIPAA Business Associate Agreement

Not available

Not offered directly by Mistral AI. Available through AWS Bedrock with a Bedrock HIPAA BAA.

Data residency options

France (La Plateforme); EU, US, and other regions via Azure AI Foundry and AWS Bedrock

Vendor compliance certifications

SOC 2 Type IIISO 27001GDPR compliant (EU-incorporated)

Key use restrictions

  • Mistral AI Terms: no illegal content, CSAM, or material facilitating serious harm
  • Commercial API use permitted under standard La Plateforme subscription terms
  • Open-weight research version available under Mistral Research License (non-commercial only)
  • Commercial use of open weights requires La Plateforme subscription or enterprise agreement

Safety documentation

Model card published
System card not published
Red-team report not published

Mistral Large 2 technical blog and benchmark results published July 2024. Mistral AI safety guidelines and guardrails documentation available on the Mistral platform. Limited third-party independent red-team evaluation has been published to date.

Safety documentation →

Related governance resources

Governance controls

AI Vendor Due Diligence

Assess AI vendors against security, governance, and compliance criteria before procurement and at defined intervals during the vendor relationship.

AI Contractual Requirements

Define minimum contractual provisions that must be present in agreements with AI vendors, covering data handling, transparency, audit rights, and incident notification.

Cross-Border Data Transfer Controls for AI

Govern the international transfer of personal data through AI systems, including data sent to AI API providers, training pipelines, and cloud infrastructure in other jurisdictions.

AI Procurement Risk Assessment

Assess and document the risks of procuring an AI system or service before approval, including technical, legal, privacy, and operational risks.

Vendor Safety Commitment Verification

Establish a workflow to verify that AI vendors are honoring their published safety commitments, voluntary pledges, and contractual safety obligations on an ongoing basis — not only at the time of procurement.

Playbook guides

How do we ensure third-party AI vendors meet our standards?

Extending vendor due diligence to cover model transparency, data handling, bias testing, and contractual liability for AI outputs.

How do we maintain data privacy compliance when using AI?

Addressing training data sourcing, data minimization, cross-border transfers, and the right to explanation under GDPR and CCPA.

How does the EU AI Act affect our global operations?

Understanding the Brussels Effect on non-EU organizations, and evaluating whether to adopt the EU risk-based framework as a global internal standard.

← All tracked models