Your knowledge, your safety: AI solutions for sensitive company data

Your knowledge, your safety: AI solutions for sensitive company data

In the modern working world, it is hard to imagine life without artificial intelligence. Imagine an employee using ChatGPT to polish the language in a draft press release. The result is efficient, and the data leak is not critical, as the information is intended for the public anyway.

But the situation changes when it comes to the core of your business. An employee at a law firm wants to develop a strategy for a liability case. He uploads the confidential statement of claim and asks the AI: “Analyze this case and compare it with our past successful cases.”

At that moment, highly sensitive information, internal strategies, and valuable intellectual property leave your company. With public AI providers, you relinquish control over what happens to the data. For professionals bound by professional secrecy, such as lawyers, auditors, or financial decision-makers, this is not just a risk; it is often a violation of professional confidentiality and the strict requirements of the GDPR.

The solution is a confident co-pilot

For companies that work with sensitive data, digital sovereignty is an essential part of risk management:

The solution is a sovereign co-pilot. A system that operates locally or in a certified environment and never shares your data externally.

We analyzed various language models such as Llama, Qwen, and Mistral to find the optimal balance between computing power and response quality. The goal: a system that leverages the intelligence of modern AI but remains entirely within your controlled environment.

Protection of intellectual property

Your internal analyses and strategies are your competitive advantage.

Confidentiality

Clients and customers rely on their documents being kept safe.

Compliance & GDPR

The General Data Protection Regulation sets high standards for processing security. Uncontrolled data transfers to third countries can have legal consequences.

Practical showcase: The copilot in action

What does this look like in a business setting? Let’s take our use case of a law firm*. We have built a system that makes hundreds of pages of complex legal documents searchable in seconds.

* Test data was generated for the examples shown. All names, file numbers, and facts are fictitious.

Scenario 1: Quick search for similar cases

Often, the key to success lies in drawing analogies to existing cases.

Within a short time, the system identifies the relevant reference case “John Doe,” including specific paragraphs and amounts of damages.

Scenario 2: Strategic evaluation across multiple instances

The Copilot provides structured listings across different cases.

The system backs up every statement with the relevant context from the vector database. File names, reference numbers, and amounts in dispute are read in the background before the language model formulates the response.

The building blocks of the copilot

Such a system essentially consists of the following components:

Private language model (LLM)

Processes inquiries and formulates responses without external interfaces.

Embedding model

Translates documents into mathematical patterns for AI analysis.

Vector database

Intelligent archive for storing your company knowledge.

Document analysis

Automatically imports PDFs and contract content and analyzes their contents.

Orchestration

Links user queries to the relevant database entries.

Controlled server environment

Hardware in-house or with European providers.

Hosting and cost-effectiveness

To make an informed decision, we took a closer look at the total cost of ownership over a period of three years.

Investment in own infrastructure

Operating on your own servers offers you the highest level of data sovereignty:

  • The purchase of a powerful system with specialized graphics hardware costs approximately €25,500.
  • Taking energy consumption and maintenance into account, the monthly operating costs are around €845.

A key economic advantage of this approach lies in the software strategy. The entire architecture is based on open source technologies. There are no license fees, no costs per user, and no fees per document processed.

Flexible hosting models

If you do not want to operate your own hardware in-house, German hosting partners offer a powerful alternative. We have evaluated solutions from providers such as Hetzner and StackIT (the Schwarz Group’s cloud provider) for this purpose.

These partners provide resources in the Infrastructure as a Service (IaaS) model. Unlike hosting in your own data center, you rent the servers here on dynamic or fixed terms and benefit from the flexible scalability of the infrastructure.

The concept behind it: Unlike hosting in your own data center, you only rent the computing power, i.e., specialized servers with the necessary graphics cards. You build and control the actual AI system and your databases yourself. The provider provides the infrastructure in a highly secure German data center, but has no technical insight into your internal data streams.

While Hetzner impresses with its excellent performance and attractive prices, StackIT, as the European answer to US cloud providers, offers a particularly high level of security for critical workloads. Both options guarantee that your data will not leave German jurisdiction.

Outlook: Since the economic component is often the deciding factor, we will look at a cost comparison of the various hosting models in our next blog post.

Future-proof your data

The introduction of a sovereign AI solution not only protects your intellectual property, but also creates the basis for innovation that has previously failed due to data protection hurdles. We support companies in bridging the gap between state-of-the-art technology and maximum security.

Would you like to introduce an AI co-pilot into your company, or do you have any questions?
Get in touch with us.