Customers who deploy Mistral AI models on their own infrastructure rather than through Mistral's cloud are subject to additional terms that govern that specific deployment model.
This analysis describes what Mistral AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
On-premises or customer-hosted deployments of AI models carry distinct data security, licensing, and compliance obligations; separate terms for this deployment model indicate that standard commercial terms may not fully address these scenarios.
Interpretive note: The substantive obligations in the Additional Terms for Customer Infrastructure are not reproduced in this index page; implications are inferred from the document category and the significance of self-hosted AI deployments in regulatory and contractual practice.
This provision primarily affects enterprise customers rather than individual consumers, but it signals that Mistral AI products can be deployed in environments where data does not leave the customer's own infrastructure, which may be relevant for privacy-conscious enterprise deployments that affect end users.
Cross-platform context
See how other platforms handle Additional Terms for Customer Infrastructure Deployments and similar clauses.
Compare across platforms →Monitoring
Mistral AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Additional Terms for Use of Mistral AI Products on Customer Infrastructure— Excerpt from Mistral AI's Mistral Terms of Use
(1) REGULATORY LANDSCAPE: Customer infrastructure deployments of AI models engage GDPR data controller obligations where the customer processes personal data using the model on their own systems, and may require distinct data protection impact assessments under GDPR Article 35 for high-risk processing. The EU AI Act's deployer obligations are also relevant. For US deployments, sector-specific regulations such as HIPAA for healthcare or GLBA for financial services may apply. (2) GOVERNANCE EXPOSURE: High. The existence of separate terms for customer infrastructure deployments suggests that the standard Commercial Terms of Service do not adequately govern all aspects of on-premises or private cloud deployments. Procurement and legal teams that use Mistral AI in a self-hosted configuration without reviewing these additional terms may be operating under an incomplete contractual framework. (3) JURISDICTION FLAGS: EU-based enterprises deploying Mistral AI on customer infrastructure face GDPR controller obligations including documentation, DPIA, and data subject rights management requirements. US enterprises in regulated industries face sector-specific compliance requirements that these additional terms may or may not address. (4) CONTRACT AND VENDOR IMPLICATIONS: These additional terms likely address licensing scope for self-hosted deployments, security obligations, permitted modifications, audit rights, and liability allocation specific to customer-controlled environments. Procurement teams should compare these terms against their organization's standard vendor security and data handling requirements. (5) COMPLIANCE CONSIDERATIONS: Organizations considering customer infrastructure deployments should review the full Additional Terms for Customer Infrastructure document to assess whether the licensing model is compatible with their intended use, whether the security obligations are achievable, and whether the terms adequately address the transfer of any model weights or software components to their infrastructure.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
On-premises or customer-hosted deployments of AI models carry distinct data security, licensing, and compliance obligations; separate terms for this deployment model indicate that standard commercial terms may not fully address these scenarios.
This provision primarily affects enterprise customers rather than individual consumers, but it signals that Mistral AI products can be deployed in environments where data does not leave the customer's own infrastructure, which may be relevant for privacy-conscious enterprise deployments that affect end users.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mistral AI.