"Trustworthy artificial intelligence that powers humanity towards superproductivity"
AI21 Labs is an Israeli provider of large language models and AI orchestration systems for enterprises. Its core product in the model space is the Jamba family, a hybrid SSM/Transformer model family for long contexts, RAG, question-answering systems, document processing, and secure enterprise deployments. In addition, with Maestro, AI21 offers a model-agnostic orchestration system for validated RAG agents and complex business tasks.
AI21 Labs
LLM "Trustworthy artificial intelligence that powers humanity towards superproductivity"
Location: Israel ⓘ Headquarters Tel Aviv, Israel
Custom Plan: includes pay-as-you-go features plus volume agreements, premium rate limits, private cloud hosting, priority support, a dedicated account manager, and AI consulting. No direct prices listed. Other AI21 uses token-based API billing, custom payment/enterprise plans, and cloud provider billing through partners such as AWS, Microsoft Azure, Google Cloud / Vertex AI Model Garden, or SageMaker/Bedrock. Additionally, self-deployment, fine-tuning, quantization, and custom AI systems are relevant, depending on the contract and infrastructure. No direct prices listed.
Target audience
AI21 Labs is aimed primarily at companies, developer teams, AI product teams, data science departments, and organizations that need reliable large language models for long contexts, RAG systems, and private deployments. The provider is especially relevant for industries with extensive document repositories or high requirements for traceability, such as finance, healthcare, defense, manufacturing, and tech. For private individuals, AI21 is more interesting if they want to test open models locally or develop their own AI prototypes.
Outstanding features
The most important strength of AI21 Labs is the Jamba model family with a 256K context window, hybrid SSM/Transformer architecture, and a focus on speed, grounding, and enterprise reliability. With Maestro, AI21 complements pure LLMs with an orchestration system that creates RAG agents, selects tools, validates outputs, makes execution steps transparent, and takes budget/latency requirements into account. In addition, private deployments, self-hosting, vLLM usage, fine-tuning, and open models via Hugging Face are important differentiating features.
Key application areas
AI21 Labs is particularly well suited for long-context RAG, document analysis, internal knowledge search, question-answer systems, summaries, classification, customer service automation, enterprise agents, and the processing of large document collections such as contracts, financial records, technical manuals, or internal policies. Jamba Reasoning 3B and Jamba2 3B expand the range to include local, resource-efficient applications and on-device agents.
Usage & notes
AI21 can be used via AI21 Studio, REST API, SDK, cloud partners, Hugging Face, or self-deployment. For simple tests, the free trial is sufficient; for productive API usage, pay-as-you-go; and for private cloud, higher limits, or enterprise support, the custom plan. When working with personal or sensitive data, companies should review the DPA/AVV, hosting region, subprocessors, training exclusion, traceless operations, and deletion concepts in advance. The models are powerful, but like all LLMs they are not error-free; AI21 itself points out that outputs should be reviewed and that certain automated decision-making or profiling applications are restricted.
Jamba Large / jamba-large
Complex enterprise RAG applications, long documents, demanding QA, summarization, knowledge bases, contract and financial documents.
Jamba Mini / jamba-mini
Standard enterprise workflows, fast RAG responses, classification, customer service, internal search, cost-efficient API applications.
Jamba2 Mini
Productive enterprise stacks, grounded QA, summarization, enterprise knowledge, workflows with high reliability at moderate latency.
Jamba2 3B / Jamba 3B v2
On-device apps, local experiments, edge scenarios, agentic workflows with low resource requirements, research, and fine-tuning.
Jamba Reasoning 3B
Local reasoning, on-device RAG, agent controllers, legal/medical document extraction, offline/edge applications, developer experiments.
Jamba Large 1.7
Long-context QA, grounded answers, enterprise document search, production RAG with high quality requirements.
Jamba Mini 1.7
Legacy compatibility and migration; new projects should review Jamba Mini v2/Jamba2.
Jamba Large 1.6
Existing self-hosted/VPC deployments, migrations, comparison tests.
Jamba Mini 1.6
Existing applications and migration paths, not primarily for new projects.
Jamba Large 1.5
Existing AWS Bedrock/SageMaker or Azure workloads, long documents, summarization, and QA.
Jamba Mini 1.5
AWS Bedrock applications, serverless use cases, QA, and document summarization with lower complexity.
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ✅ |
| Private cloud / data center | ✅ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ⚠️ |
| DPA / AVV | ✅ |
| No training on customer data | ✅ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: supported
On the deployment page and in the documentation, on-premises is explicitly mentioned. AI21 states that models can be deployed to your own infrastructure, “whether in your own VPC or on-premises.”
Private Cloud / Data Center: Supported
AI21 explicitly mentions private deployments in VPCs. In addition, the deployment page describes AI21-managed private deployment in the customer’s VPC as well as self-managed private deployment.
EU SaaS / Managed: Partially
An AI21-proprietary SaaS/managed variant clearly exists. However, the website does not specify an explicit EU/EEA data residency or a specific EU data center for this standard SaaS offering; rather, the Privacy Policy mentions processing outside the EEA, including the U.S.
Hybrid: Partially
The website describes various hybrid models such as partner deployments, AI21-managed private deployment, and VPC models. However, an explicit designation as a hybrid operating model for both internal and external processing is not clearly defined either contractually or technically.
T&C / DPA: Covered
The Terms of Use state that customers can request and enter into a DPA if necessary; AI21 is considered a “data processor and/or a service provider” in this context.
No Training: Covered
The Terms of Use explicitly state: “unless agreed otherwise in writing, AI21 will not train AI21 Models on Customer Content.” This is a clear contractual statement regarding the non-training of AI21 Models on customer data, even though AI21 may use Customer Content for other improvement purposes.
Open Source / Transparency: Partially
The website mentions the “Jamba Family of Open Models” and “open-weight models,” as well as private deployments. However, the website does not systematically disclose which open-source components are used overall; therefore, there is a transparency path, but no complete technical disclosure.
Data Processing
According to its Privacy Policy, for standard use, AI21 processes personal data on servers outside the EEA, including the U.S., and refers to mechanisms such as SCCs, adequacy decisions, or the Data Privacy Framework for data transfers. At the same time, according to its deployment page and documentation, AI21 offers private operating models with “Single tenant,” “VPC,” and “On-premise”; for AI21-managed private deployments, it also states that the data remains isolated from AI21. The website does not specify a specific EU/EEA data residency or provide a list of subprocessors.
Conclusion
For an EU/EEA directory, AI21 is not documented as a clearly fully GDPR-compliant standard SaaS offering. However, the website outlines a plausible enterprise/private deployment path with VPC, on-premise, DPA, and a contractual clause stating “no training on customer content,” which appears to enable a more privacy-friendly use. Due to the explicitly stated processing outside the EEA in the standard case and the lack of clear information on EU data residency and subprocessors, the overall rating for the EU/EEA is therefore conditional.
Sources
- https://www.ai21.com/terms-policies/privacy-policy/
- https://www.ai21.com/terms-policies/terms-of-use/
- https://www.ai21.com/deployment/
- https://docs.ai21.com/docs/overview
- https://www.ai21.com/private-ai/
- https://www.ai21.com/blog/annual-soc-2-report/
- https://www.ai21.com/blog/iso-42001-ai-development/
- https://www.ai21.com/blog/soc-2-report/
| On-prem / local hosting | ✅ |
| Private cloud / data center | ✅ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ⚠️ |
| DPA / AVV | ✅ |
| No training on customer data | ✅ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: supported
On the deployment page and in the documentation, on-premises is explicitly mentioned. AI21 states that models can be deployed to your own infrastructure, “whether in your own VPC or on-premises.”
Private Cloud / Data Center: Supported
AI21 explicitly mentions private deployments in VPCs. In addition, the deployment page describes AI21-managed private deployment in the customer’s VPC as well as self-managed private deployment.
EU SaaS / Managed: Partially
An AI21-proprietary SaaS/managed variant clearly exists. However, the website does not specify an explicit EU/EEA data residency or a specific EU data center for this standard SaaS offering; rather, the Privacy Policy mentions processing outside the EEA, including the U.S.
Hybrid: Partially
The website describes various hybrid models such as partner deployments, AI21-managed private deployment, and VPC models. However, an explicit designation as a hybrid operating model for both internal and external processing is not clearly defined either contractually or technically.
T&C / DPA: Covered
The Terms of Use state that customers can request and enter into a DPA if necessary; AI21 is considered a “data processor and/or a service provider” in this context.
No Training: Covered
The Terms of Use explicitly state: “unless agreed otherwise in writing, AI21 will not train AI21 Models on Customer Content.” This is a clear contractual statement regarding the non-training of AI21 Models on customer data, even though AI21 may use Customer Content for other improvement purposes.
Open Source / Transparency: Partially
The website mentions the “Jamba Family of Open Models” and “open-weight models,” as well as private deployments. However, the website does not systematically disclose which open-source components are used overall; therefore, there is a transparency path, but no complete technical disclosure.
Data Processing
According to its Privacy Policy, for standard use, AI21 processes personal data on servers outside the EEA, including the U.S., and refers to mechanisms such as SCCs, adequacy decisions, or the Data Privacy Framework for data transfers. At the same time, according to its deployment page and documentation, AI21 offers private operating models with “Single tenant,” “VPC,” and “On-premise”; for AI21-managed private deployments, it also states that the data remains isolated from AI21. The website does not specify a specific EU/EEA data residency or provide a list of subprocessors.
Conclusion
For an EU/EEA directory, AI21 is not documented as a clearly fully GDPR-compliant standard SaaS offering. However, the website outlines a plausible enterprise/private deployment path with VPC, on-premise, DPA, and a contractual clause stating “no training on customer content,” which appears to enable a more privacy-friendly use. Due to the explicitly stated processing outside the EEA in the standard case and the lack of clear information on EU data residency and subprocessors, the overall rating for the EU/EEA is therefore conditional.
Sources
- https://www.ai21.com/terms-policies/privacy-policy/
- https://www.ai21.com/terms-policies/terms-of-use/
- https://www.ai21.com/deployment/
- https://docs.ai21.com/docs/overview
- https://www.ai21.com/private-ai/
- https://www.ai21.com/blog/annual-soc-2-report/
- https://www.ai21.com/blog/iso-42001-ai-development/
- https://www.ai21.com/blog/soc-2-report/
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Strongly focused on long-context RAG, grounded QA, and document processing. | • According to the documentation, AI21’s proprietary foundation models are text-in/text-out; native image, audio, or video processing is not documented as a core capability of the Jamba models. |
| • Depending on the variant, models can be used via AI21 SaaS, Hugging Face, cloud partners, or self-deployment. | • For large models, self-hosting is hardware-intensive; AI21 states that Jamba Large has a very large model size and high GPU memory requirements. |
| • Private cloud, VPC, and on-prem/self-hosting paths are officially documented. | • GDPR use requires careful review of contracts and deployment, because Customer Content may by default be processed in Israel, the USA, the EEA, the UK, and other regions. |
| • According to AI21 model terms, a DPA is available upon request. | • Sensitive data is only permitted under the model terms if the solution explicitly requires it or the use case has been approved. |
| • Jamba2 and Jamba Reasoning 3B are available under the Apache-2.0 license. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
From the perspective of a user in the EU/EEA, it is not clearly demonstrated that AI21’s standard SaaS offering complies with the GDPR, because the website explicitly states that personal data is processed on servers outside the EEA, Switzerland, and the UK, including in the U.S. At the same time, however, AI21 describes private deployment options such as VPC and on-premises, as well as a DPA available upon request. Thus, GDPR-compliant use in the EU/EEA is conceivable only under certain conditions—specifically, with private deployment, appropriate contract terms, and the user’s own verification of the actual data residency in the specific setup.
Positive
The following aspects are confirmed: a published privacy policy; explicit GDPR-related transfer mechanisms such as SCCs, an adequacy decision, or a DPF in the privacy policy; a DPA/AVV template available upon request; private deployment options, including VPC and on-premises; statements that AI21 does not train models on customer content unless otherwise agreed in writing; and certifications or information regarding ISO 27001, ISO 27017, ISO 27018, SOC 2, and ISO 42001.
Negative
A major negative for standard EU/EEA operations is that AI21’s Privacy Policy mentions the processing of personal data on servers outside the EEA, including in the U.S. A specific EU/EEA server location for AI21’s own standard SaaS service is not specified on the website. No list of subprocessors was found on the website. An explicit, generally worded EU data residency commitment for the standard service was also not found on the website.
Server Location
The Privacy Policy states that personal data is processed on servers outside the EEA, Switzerland, and the UK, including in the U.S. Specific EU/EEA data center locations for standard SaaS usage are not specified on the website. The Deployment page merely lists data residency options such as “Single tenant,” “VPC,” and “On-premise,” but does not specify any specific countries or data centers within the EU/EEA.