Dust

French AI platform for deploying AI assistants across your company's knowledge and tools

Rasa

Open-source conversational AI framework for building enterprise chatbots and voice assistants

Dust

Excellent

23/25

Rasa

Strong

19/25

Score Breakdown

DimensionDustRasa

Data Residency

Where is your data stored and processed?

Dust: Data hosted exclusively in EU (France). French SAS incorporation means EU law governs by default. Internal company data connected to Dust stays in EU infrastructure.

Rasa: Open-source framework deployable on any infrastructure. Self-hosted option means data never leaves customer's environment. No cloud dependency for core functionality.

5/5

Data hosted exclusively in EU (France). French SAS incorporation means EU law governs by default. Internal company data connected to Dust stays in EU infrastructure.

5/5

Open-source framework deployable on any infrastructure. Self-hosted option means data never leaves customer's environment. No cloud dependency for core functionality.

Legal Jurisdiction

Which laws govern the company and your data?

Dust: French SAS under French and EU law. GDPR applies as corporate law. CNIL oversight. No US parent company, no CLOUD Act exposure. Founded by ex-OpenAI researchers building for EU sovereignty.

Rasa: Dual incorporation: Rasa Technologies GmbH (Germany) and Rasa Technologies Inc (USA). German R&D but US entity introduces CLOUD Act considerations. Self-hosted deployments mitigate jurisdiction risks.

5/5

French SAS under French and EU law. GDPR applies as corporate law. CNIL oversight. No US parent company, no CLOUD Act exposure. Founded by ex-OpenAI researchers building for EU sovereignty.

3/5

Dual incorporation: Rasa Technologies GmbH (Germany) and Rasa Technologies Inc (USA). German R&D but US entity introduces CLOUD Act considerations. Self-hosted deployments mitigate jurisdiction risks.

Data Retention & Training

Is your data used for model training?

Dust: Company data indexed by Dust is not used to train shared models. Data remains within the organisation's workspace. GDPR-compliant DPA available. Configurable data access controls per assistant.

Rasa: Self-hosted architecture gives customers complete control over data retention. Rasa does not access or host customer data. Open-source code allows full audit of data handling.

5/5

Company data indexed by Dust is not used to train shared models. Data remains within the organisation's workspace. GDPR-compliant DPA available. Configurable data access controls per assistant.

5/5

Self-hosted architecture gives customers complete control over data retention. Rasa does not access or host customer data. Open-source code allows full audit of data handling.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Dust: ISO 27001 certification. As a fast-growing startup, the certification portfolio is expanding. SOC 2 Type II would further strengthen enterprise procurement credibility.

Rasa: Controls aligned with ISO 27002. Supports GDPR and HIPAA compliance. No formal ISO 27001 or SOC 2 certifications listed. Self-hosted model shifts certification burden to customer.

3/5

ISO 27001 certification. As a fast-growing startup, the certification portfolio is expanding. SOC 2 Type II would further strengthen enterprise procurement credibility.

2/5

Controls aligned with ISO 27002. Supports GDPR and HIPAA compliance. No formal ISO 27001 or SOC 2 certifications listed. Self-hosted model shifts certification burden to customer.

Regulatory Fit

Suitability for regulated industries and professional services

Dust: Excellent regulatory fit for European enterprises building internal AI agent infrastructure. French incorporation, EU hosting, GDPR-native design, and support for EU-sovereign LLM providers (Mistral) make Dust a top choice for sovereignty-conscious EU organisations.

Rasa: Excellent for regulated industries due to self-hosting capability. Used by enterprises in financial services, healthcare, and government. Full data control enables compliance with strict regulatory requirements.

5/5

Excellent regulatory fit for European enterprises building internal AI agent infrastructure. French incorporation, EU hosting, GDPR-native design, and support for EU-sovereign LLM providers (Mistral) make Dust a top choice for sovereignty-conscious EU organisations.

4/5

Excellent for regulated industries due to self-hosting capability. Used by enterprises in financial services, healthcare, and government. Full data control enables compliance with strict regulatory requirements.

Total Score

23/25

19/25

Best For

Dust

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (CNIL, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Rasa

Best for regulated industries (financial-services, healthcare); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment; teams on a tight budget.

Detailed Comparison

Dust vs Rasa: Trust & Compliance Comparison

Dust (Dust, FR) scores 23/25 overall with a Gold (Excellent) trust badge. French AI platform for deploying AI assistants across your company's knowledge and tools. Rasa (Rasa, DE) scores 19/25 with a Silver (Strong) trust badge. Open-source conversational AI framework for building enterprise chatbots and voice assistants.

Dimension-by-Dimension Breakdown

#### Data Residency

Both score equally at 5/5.

●Dust (5/5): Data hosted exclusively in EU (France). French SAS incorporation means EU law governs by default. Internal company data connected to Dust stays in EU infrastructure.

●Rasa (5/5): Open-source framework deployable on any infrastructure. Self-hosted option means data never leaves customer's environment. No cloud dependency for core functionality.

#### Legal Jurisdiction

Dust leads with 5/5 vs 3/5.

●Dust (5/5): French SAS under French and EU law. GDPR applies as corporate law. CNIL oversight. No US parent company, no CLOUD Act exposure. Founded by ex-OpenAI researchers building for EU sovereignty.

●Rasa (3/5): Dual incorporation: Rasa Technologies GmbH (Germany) and Rasa Technologies Inc (USA). German R&D but US entity introduces CLOUD Act considerations. Self-hosted deployments mitigate jurisdiction risks.

#### Data Retention & Training

Both score equally at 5/5.

●Dust (5/5): Company data indexed by Dust is not used to train shared models. Data remains within the organisation's workspace. GDPR-compliant DPA available. Configurable data access controls per assistant.

●Rasa (5/5): Self-hosted architecture gives customers complete control over data retention. Rasa does not access or host customer data. Open-source code allows full audit of data handling.

#### Certifications

Dust leads with 3/5 vs 2/5.

●Dust (3/5): ISO 27001 certification. As a fast-growing startup, the certification portfolio is expanding. SOC 2 Type II would further strengthen enterprise procurement credibility.

●Rasa (2/5): Controls aligned with ISO 27002. Supports GDPR and HIPAA compliance. No formal ISO 27001 or SOC 2 certifications listed. Self-hosted model shifts certification burden to customer.

#### Regulatory Fit

Dust leads with 5/5 vs 4/5.

●Dust (5/5): Excellent regulatory fit for European enterprises building internal AI agent infrastructure. French incorporation, EU hosting, GDPR-native design, and support for EU-sovereign LLM providers (Mistral) make Dust a top choice for sovereignty-conscious EU organisations.

●Rasa (4/5): Excellent for regulated industries due to self-hosting capability. Used by enterprises in financial services, healthcare, and government. Full data control enables compliance with strict regulatory requirements.

Certifications at a Glance

Certification	Dust	Rasa
ISO 27001	Yes	No

Overall Verdict

Dust has a clear trust advantage, scoring 23/25 compared to Rasa's 19/25. Dust particularly excels in legal jurisdiction, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Dust or Rasa?

Dust has a TrustKit score of 23/25 while Rasa scores 19/25. Dust currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Dust and Rasa compare on data residency?

Dust scores 5/5 for data residency (Data hosted exclusively in EU (France). French SAS incorporation means EU law governs by default. Internal company data connected to Dust stays in EU infrastructure.), while Rasa scores 5/5 (Open-source framework deployable on any infrastructure. Self-hosted option means data never leaves customer's environment. No cloud dependency for core functionality.).

Are Dust and Rasa GDPR compliant?

Both tools are assessed across five compliance dimensions. Dust has a regulatory fit score of 5/5 and Rasa scores 4/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool