TrustKit.co
Holistic AI icon

Holistic AI

End-to-end AI governance platform for the EU AI Act, NIST and ISO 42001

by Holistic AIGBUnited Kingdom🌐Hosting region not publicly disclosed; verify with vendor. UK-headquartered with a US (San Jose) office.
Compliance & Governance
TrustKit Score68%Strong

About Holistic AI

Holistic AI was founded in 2020 in London as a spinout from University College London (UCL) by Adriano Koshiyama and Emre Kazim, combining backgrounds in computer science, AI research, and AI ethics. The company began as a bias-auditing specialist and has since grown into a full-lifecycle AI governance platform. It operates from offices in London (its UK headquarters) and San Jose, California. The platform delivers end-to-end AI governance built around three functions: discovering shadow AI across the enterprise, assessing and continuously monitoring AI systems for bias and security risk, and enforcing regulatory compliance. It maps controls to major frameworks — the EU AI Act (with automated control mapping and gap analysis), the NIST AI RMF, ISO/IEC 42001, and NYC Local Law 144 — and runs 40+ specialised tests covering bias, fairness, toxicity, hallucination, prompt injection, and adversarial robustness. An AI Management System (AIMS) layer connects inventory, controls, assessments, evidence, and sign-off in a single platform. As a governance tool, Holistic AI primarily processes metadata about an organisation's AI systems — inventories, assessments, and compliance evidence — rather than acting as a model that trains on customer data. It does not use customer data to train models. Data hosting region and the company's own independent security certifications (such as SOC 2 Type II or ISO 27001) were not publicly confirmed at the time of research; this should be verified directly with the vendor, and the trust scores below reflect that uncertainty conservatively rather than assuming certifications that were not found. Holistic AI is VC-backed, having raised roughly $11M to date, including a seed round led by Abstract Ventures and BoxGroup with participation from Collaborative Fund, plus investments from Tola Capital, Mozilla Ventures, and Premji Invest. The company has been recognised by CB Insights among the most promising AI companies and positioned by Everest Group as a major AI-governance contender. For EU and UK enterprises preparing for the EU AI Act, its breadth of framework coverage and UK jurisdiction make it a strong governance fit, with data-residency and certification specifics worth confirming during procurement.

TrustKit Score Breakdown

?68% Strong
Data Residency
Where is your data stored and processed?
UK-headquartered vendor; specific data-hosting region not publicly disclosed. UK holds an EU adequacy decision, enabling EU data transfers. A US office exists, so EU/UK data residency should be confirmed contractually during procurement.
4/5
Legal Jurisdiction
Which laws govern the company and your data?
UK-incorporated (Holistic AI Ltd) and headquartered in London, operating under UK GDPR. A US office in San Jose exists but the company is UK-domiciled; no US CLOUD Act exposure was identified.
4/5
Data Retention & Training
Is your data used for model training?
As a governance platform it processes AI-system metadata and assessment evidence rather than training on customer data. Detailed retention and DPA terms were not publicly documented; enterprise controls assumed but should be verified.
4/5
Certifications
ISO 27001, SOC 2, Cyber Essentials, etc.
No independent security certifications (SOC 2 Type II, ISO 27001) were publicly confirmed for Holistic AI itself at time of research. The platform helps customers achieve ISO 42001, but that is not the same as the vendor holding it. Verify directly with the vendor.
1/5
Regulatory Fit
Suitability for regulated industries and professional services
Purpose-built for AI governance and compliance across regulated EU/UK industries, with control mapping to the EU AI Act, NIST AI RMF, and ISO 42001. Strong fit for regulated sectors; UK jurisdiction is a minor consideration for EEA buyers.
4/5

Pricing

Custom
EnterpriseContact Sales
Full pricing details →

Quick Facts

Starting PriceEnterprise custom pricingData HostingHosting region not publicly disclosed; verify with vendor. UK-headquartered with a US (San Jose) office.Trains on Your DataProcesses AI-system metadata and assessment data, not used to train models. Specific retention terms not publicly documented.Founded2020Employees51-200
Visit Holistic AI

Frequently Asked Questions

Is Holistic AI GDPR compliant?

Holistic AI has a TrustKit compliance score of 68% (Strong). Data Residency: UK-headquartered vendor; specific data-hosting region not publicly disclosed. UK holds an EU adequacy decision, enabling EU data transfers. A US office exists, so EU/UK data residency should be confirmed contractually during procurement.. Legal Jurisdiction: UK-incorporated (Holistic AI Ltd) and headquartered in London, operating under UK GDPR. A US office in San Jose exists but the company is UK-domiciled; no US CLOUD Act exposure was identified..

Where does Holistic AI store data?

Holistic AI hosts data in: Hosting region not publicly disclosed; verify with vendor. UK-headquartered with a US (San Jose) office.. UK-headquartered vendor; specific data-hosting region not publicly disclosed. UK holds an EU adequacy decision, enabling EU data transfers. A US office exists, so EU/UK data residency should be confirmed contractually during procurement.

Does Holistic AI train on user data?

Holistic AI: Processes AI-system metadata and assessment data, not used to train models. Specific retention terms not publicly documented.. As a governance platform it processes AI-system metadata and assessment evidence rather than training on customer data. Detailed retention and DPA terms were not publicly documented; enterprise controls assumed but should be verified.

What certifications does Holistic AI hold?

No certifications have been confirmed for Holistic AI yet. No independent security certifications (SOC 2 Type II, ISO 27001) were publicly confirmed for Holistic AI itself at time of research. The platform helps customers achieve ISO 42001, but that is not the same as the vendor holding it. Verify directly with the vendor.

Compare Holistic AI With

Langdock iconLangdockOsapiens iconOsapiensOneTrust iconOneTrustDarktrace iconDarktraceAikido Security iconAikido SecurityProton VPN iconProton VPN

Similar Tools

CrowdStrike Falcon icon
CrowdStrike Falcon
AI-native cloud cybersecurity platform for endpoint, identity, and cloud protection
84%
Darktrace icon
Darktrace
AI cybersecurity platform for autonomous threat detection and response across enterprise environments
100%
Featurespace icon
Featurespace
Cambridge-founded AI platform for real-time adaptive fraud detection in financial services
84%
Giskard icon
Giskard
Open-source and enterprise AI red-teaming platform for LLM security and quality testing
92%
Hawk icon
Hawk
AI-native anti-money laundering and fraud prevention for banks and payment firms
88%
IBM watsonx icon
IBM watsonx
Enterprise AI platform with built-in governance, trust, and transparency
96%

Related Articles

Regulation

EU AI Act: What European Businesses Need to Know in 2026

The EU AI Act is now in force. Here's what it means for your AI tool selection, which obligations apply to you, and how to prepare for full enforcement in August 2026.

10 min read