Black Forest Labs

hybrid · Germany , Freiburg im Breisgau · founded 2024

Employees: 11-50 · Stage: Series B · Funding: $450,000,000

40.9

elevated

default-balanced
composite score

German image-generation foundation lab founded 2024 by Robin Rombach, Andreas Blattmann, and Patrick Esser (ex-Stability AI). Builds the Flux model family, with Flux.2 [klein] released open-weight under Apache 2.0. $450M total funding including a $300M Series B at $3.25B valuation in December 2025 (a16z, AMP, Salesforce Ventures, Canva, Figma, Nvidia).

Analyst summary

Black Forest Labs is currently the most-credentialed European image-generation foundation lab, founded in 2024 by Robin Rombach, Andreas Blattmann, and Patrick Esser — the team behind Stable Diffusion at Stability AI. Flux.1 set the open-weight image-generation bar in 2024; Flux.2 [klein] (4B and 9B variants) is licensed Apache 2.0 in late 2025, with the larger flagship gated to API. $450M total funding including a $300M Series B at $3.25B valuation (a16z, AMP, Salesforce Ventures, Canva, Figma, Nvidia).

The European answer to Midjourney and proprietary US image-generation vendors. Open weights plus EU jurisdiction make BFL strategically interesting for procurement teams that care about lock-in and data residency. The compliance maturity gap (vs. Luminance or Sierra) is the real near-term constraint and will likely close over 2026 given the funding runway.

Rating: acceptable

Compliance posture

SOC 2 Type II	No / not disclosed
ISO 27001	No / not disclosed
ISO 42001 (AI management system)	No / not disclosed
FedRAMP authorized	No / not disclosed
GDPR compliant	Yes
CCPA compliant	No / not disclosed
HIPAA compliant	No / not disclosed
NIST AI RMF aligned	No / not disclosed
CSA STAR certified	No / not disclosed
EU AI Act classification	limited_risk

Data handling

Trains on user data	opt_out_available
Outputs feed model improvement	opt_out_available
Data retention period	API: short retention for service operation; configurable on enterprise
Can delete user data on request	Yes (SLA 30 days)
Default data residency	EU
Encryption at rest	Yes (AES-256 / TLS 1.2+)
Encryption in transit	Yes
DPA available	Yes
Public subprocessor list	No / not disclosed
HIPAA BAA available	No / not disclosed

IP profile

User owns outputs	yes
Vendor claims output rights	No / not disclosed
Input IP protection	standard
Indemnification offered	No / not disclosed
Copyright shield program	No / not disclosed
Commercial use permitted	Yes
Training data provenance	mixed_sources
Known IP lawsuits	No / not disclosed
Founders previously associated with Stability AI which has faced image-training IP litigation; no direct BFL lawsuits documented

Jurisdiction

Incorporation country	DE
Incorporation jurisdiction risk	low
Subject to US jurisdiction	No / not disclosed
Subject to EU jurisdiction	Yes
Subject to China jurisdiction	No / not disclosed
Subject to Russia jurisdiction	No / not disclosed
Government data access risk	low
Five Eyes aligned	No / not disclosed
Adequate privacy jurisdiction	Yes

Governance

Publishes model cards	Yes
Publishes transparency reports	No / not disclosed
Has AI ethics board	No / not disclosed
Safety testing disclosed	Yes
Red-teaming program	Yes
Government contracts	No / not disclosed
Terms of service	https://bfl.ai/terms-of-service
Privacy policy	https://bfl.ai/privacy-policy

Incidents on record

No incidents on file.

OWASP LLM Top 10 cross-walk

TrustAtlas dimensions that materially address each OWASP risk. Use to translate this vendor's compliance posture and data-handling stance into the application-security vocabulary your security team already uses.

LLM01	Prompt Injection User-supplied prompts manipulate model behaviour to bypass intended controls. SecurityTransparencyDependency chain
LLM02	Sensitive Information Disclosure Models leak PII, PHI, secrets, or proprietary data through outputs. Data handlingIP exposureJurisdiction
LLM03	Supply Chain Risk propagates from upstream models, datasets, plug-ins, and vendors. Dependency chainBusiness stabilitySecurity
LLM04	Data and Model Poisoning Adversarial training data or fine-tuning input degrades model integrity. Data handlingTransparencySecurity
LLM05	Improper Output Handling Downstream systems blindly trust model output, enabling injection downstream. IP exposureTransparency
LLM06	Excessive Agency Agents granted overbroad tool, identity, or permission scopes cause harm. Dependency chainTransparencyJurisdiction
LLM07	System Prompt Leakage System prompts containing secrets or logic are extracted via crafted input. Data handlingTransparency
LLM08	Vector and Embedding Weaknesses Vector stores and RAG pipelines leak or contaminate retrieved context. Data handlingSecurity
LLM09	Misinformation Hallucinated, biased, or fabricated outputs treated as authoritative. TransparencyRegulatory complianceBusiness stability
LLM10	Unbounded Consumption Cost, denial-of-service, and resource-exhaustion attacks against LLM endpoints. SecurityBusiness stability

Full framework reference: https://trustatlas.pages.dev/framework/owasp-llm-top-10

NIST AI RMF cross-walk

How each NIST AI RMF function is supported by the dimensions TrustAtlas scores.

GOVERN	Govern Establish AI governance structure: policies, roles, accountability. Regulatory complianceJurisdictionTransparencyBusiness stability
MAP	Map Establish AI context: intended purpose, use cases, capabilities, and risks. TransparencyDependency chainData handlingIP exposure
MEASURE	Measure Quantitative + qualitative risk assessment: testing, benchmarks, monitoring. SecurityData handlingTransparency
MANAGE	Manage Treat identified risks: mitigation, controls, incident response, lifecycle. Regulatory complianceSecurityDependency chainBusiness stability

Full framework reference: https://trustatlas.pages.dev/framework/nist-ai-rmf

Cited sources

Field	Source
governance.open_source_contributions	https://github.com/black-forest-labs/flux Verified 2026-05-18 by analyst
ip_profile.training_data_provenance	https://venturebeat.com/technology/black-forest-labs-launches-open-source-flux-2-klein-to-generate-ai-images-in Verified 2025-11-20 by analyst
vendors.description	https://fortune.com/2026/02/17/ai-startup-that-has-quietly-become-one-of-europes-most-valuable-companies/ Verified 2026-02-17 by analyst
vendors.founded_year	https://en.wikipedia.org/wiki/Flux_(text-to-image_model) Verified 2026-05-18 by analyst
vendors.funding_total_usd	https://siliconangle.com/2025/12/01/open-source-image-generator-startup-black-forest-labs-raises-300m/ Verified 2025-12-01 by analyst
vendors.last_valuation_usd	https://news.crunchbase.com/ai/image-generator-europe-unicorn-black-forest-labs-raise/ Verified 2025-12-01 by analyst

Questions to ask before signing

Vendor-agnostic baseline. Send these to the vendor and require written answers before contract.

01. Provide your most recent SOC 2 Type II report (with bridge letter if applicable).
02. Describe your training-data provenance and customer opt-out mechanics in writing.
03. List all sub-processors and confirm notification policy for material additions.
04. Confirm BAA availability and signed-BAA process if we process PHI.
05. Describe rate-limiting, quota, and circuit-breaker controls protecting our usage.
06. Provide your model card or equivalent disclosure documenting intended use, limitations, and known failure modes.
07. Describe your prompt-injection defences and red-team posture against OWASP LLM Top 10 risks.
08. Confirm data residency options and which sub-regions our data may touch.
09. Provide incident-response SLAs, security-event notification timelines, and the most recent pen-test report summary.
10. Confirm output ownership terms and any indemnification or copyright-shield programs available.
11. Describe acquisition-risk safeguards and what happens to our data on a change of control.
12. List foundation-model dependencies and how upstream-model risk is mitigated.

Methodology + caveats

Composite scores use the default-balanced weight profile (25% data handling, 20% IP exposure, 15% jurisdiction, 15% security, 10% regulatory compliance, 8% transparency, 5% business stability, 2% dependency chain). All facts are sourced from the vendor's own public disclosures, public regulatory filings, or reputable secondary reporting — see the cited sources table above. This pack is decision-support material, not legal advice or audit evidence.