// Trust & Security Report
BenevolentAI (BenevolentAI S.A., Luxembourg; formerly listed on Euronext Amsterdam as BAI, delisted and taken private via merger into Osaka Holdings S.a r.l. in March 2025)
AI-driven drug discovery and life science intelligence platform enabling pharmaceutical research teams to accelerate R&D through proprietary knowledge graphs, machine learning, and biomedical data analysis.
Certifications held
1
Maturity
Enterprise
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on benevolent.com“BenevolentAI Group states it is 'committed to conducting its businesses in accordance with all applicable Data Protection laws and regulations' and, for international transfers, implements 'data transfer agreements, implementing standard contractual clauses, or International Data Transfer Agreements'.”
> Show 6 unconfirmed / not-held certifications
source: benevolent.comNo public evidence of SOC 2 certification found on vendor domain; not mentioned in privacy notice or terms.
source: benevolent.comNo public evidence of ISO 27001 certification found on vendor domain; not mentioned in privacy notice or terms.
source: benevolent.comNo public evidence of HIPAA certification found on vendor domain; not mentioned in privacy notice or terms.
source: benevolent.comNo public evidence of ISO/IEC 42001 certification; not mentioned on vendor domain.
source: benevolent.comNo public evidence of CSA STAR certification found on vendor domain.
source: benevolent.comNo public evidence of PCI DSS certification found on vendor domain.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multi-region: United Kingdom, EU, and United States (with trusted suppliers). Uses Standard Contractual Clauses (SCCs) for international transfers.
Explicitly prohibited under terms of service. Document states: 'prohibit text and data mining, web scraping, and automated access for AI training purposes' as 'an express reservation of our rights' under EU copyright law.
// Security controls
Encryption in Transit
Not publicly disclosed. The privacy notice makes no encryption claim and instead disclaims transmission security: 'the transmission of information via the internet is not completely secure' and 'remains at your own risk'.
benevolent.comData Protection Measures
Appropriate technical, organisational, and administrative measures; Standard Contractual Clauses (SCCs) with third-party processors
benevolent.comBreach Notification
Notifies regulators within 72 hours of suspected breach (GDPR requirement)
benevolent.comSecurity Audits
Regular security audits claimed in third-party assessments; not independently verified on vendor domain
rfp.wiki// Products & data scope
data: Biomedical data, disease biology, therapeutic targets, research data; handles sensitive pharmaceutical R&D information
Proprietary knowledge graph and ontologies developed over decade; machine learning for drug target identification and hypothesis generation. Data stored in UK/EU with US supplier backup.
// What to watch
- No SOC 2 certification despite enterprise SaaS positioning and handling sensitive pharmaceutical research data
- No ISO 27001 certification despite regulated-industry (pharmaceutical R&D) focus and enterprise positioning
- No dedicated trust center or security/compliance documentation page (returns 404)
- Explicit security disclaimer in terms: 'we do not guarantee that our site will be fully secured or free from bugs or viruses'
- Data stored with 'trusted suppliers' in US but their certifications not disclosed or verified
- Lack of publicly-available security certifications unusual for enterprise pharmaceutical AI platform handling confidential drug discovery data
- No evidence of third-party security audits or assessments (e.g., penetration testing, vulnerability assessments) publicly available
- GDPR compliance claimed but no link to Data Protection Impact Assessment (DPIA) or detailed processor agreements
// At a glance
Pricing model
Enterprise licensing; contact for pricing
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on BenevolentAI (BenevolentAI S.A., Luxembourg; formerly listed on Euronext Amsterdam as BAI, delisted and taken private via merger into Osaka Holdings S.a r.l. in March 2025)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
benevolent.com