SOC 2 Type II vs ISO 27001 for AI startups — which audit actually matters for EU customers

We are an AI startup selling a SaaS analytics product to EU enterprises. Two prospective clients asked about our certifications: one wants SOC 2 Type II, the other ISO 27001. Budget only allows one this year. Specific questions: - For EU enterprise buyers, does ISO 27001 carry more weight than SOC 2? Or is it region-dependent? - Does either certification help with GDPR Art. 28 (processor obligations) documentation? - How does the EU AI Act conformity assessment interact with these? If we're a high-risk AI system under Annex III, does SOC 2 cover any of those requirements? - What did your team prioritize first and why? Looking for practical experience, not consulting-firm boilerplate.