Infraestructura IA

Sovereign AI / On-Premise

Run large language models (LLMs) inside your own infrastructure: no confidential data leaves your network, you meet GDPR and AI Act requirements, and you decide which model you use and how it evolves. Built for companies with sensitive data, regulatory obligations, or internal audit requirements.

DeploymentOn-premise · sovereign cloud · hybrid
Duration6-10 weeks
ProfileSMEs and mid-market with confidential data

Every time a company sends queries to a public AI API, each request may contain customer data, patents, contracts, or financial information. The company accepts the provider's terms, loses visibility over where that data is processed, and has no lever of control if a breach or policy change occurs. The European AI Act adds another layer: from August 2026, high-risk AI systems — HR, credit, healthcare, critical infrastructure — must pass a conformity assessment and be fully documented. Doing this with an external API, without a signed data processing agreement and without audit records, is practically indefensible before the AESIA or the AEPD.

Sovereign AI resolves this equation: the model runs on your server (or on a cloud with certified European jurisdiction), the model weights are auditable open source (Llama, Mistral, Qwen families), and the inference gateway — typically Ollama or OpenLLM — exposes an internal API compatible with industry standards. This lets you connect the model to your existing tools without changing workflows: your ERP, document management system, email, and CRM receive AI responses without any request leaving your defined perimeter. The hardware investment is one-time and fully depreciable; the long-term cost per query is significantly lower than commercial APIs at medium-to-high volumes.

Summum IA guides the entire process: from model selection and hardware sizing to integration with business systems and setting up the governance records required by the AI Act. Since 2007 we have helped companies adopt technology in a way they can explain to their customers, their auditor, and their legal counsel. Sovereign AI is today the most solid starting point for organisations that need real AI without taking on real risk.

The Sovereign AI / On-Premise process.

The process · four stages
01

Inventory and risk classification

We map planned use cases, the types of data to be processed, and the AI Act risk level of each one. We determine whether the system requires a conformity assessment and which audit records are necessary. We deliver a baseline situation report.

02

Architecture and model selection

We select the open-source model best suited to the use case (Llama 3.3, Mistral Large, Qwen 2.5, or others), size the hardware or sovereign cloud infrastructure, and design the inference gateway with role-based access control, request logging, and log retention policy.

03

Deployment and integration

We install and configure the stack (Ollama / OpenLLM, secure proxy, RAG layer if document memory is required) and connect the model to existing business systems via internal API. We validate that no request or response leaves the defined perimeter.

04

Governance, training, and handover

We deliver the technical and governance documentation required by the AI Act: acceptable use policy, updated processing register, operator manual, and impact assessment template. We train the internal team and hand over the system in production with active monitoring.

What is included

What Sovereign AI / On-Premise includes.

The operational detail: what we deliver as part of the work and what we keep alive afterwards.

  • AI Act classification report

    Risk level for each use case, applicable obligations, and compliance timeline through August 2026 and beyond.

  • Documented reference architecture

    Component diagram, data flows, security checkpoints, and log retention policy adapted to GDPR.

  • Inference stack in production

    Server or container with the deployed model, gateway with authentication, throttling and audit logging, verified in the client's environment.

  • RAG layer or private knowledge base

    Indexing of internal documents (contracts, manuals, regulations) so the model responds with your own context and no external access.

  • AI Act governance documentation

    Acceptable use policy, operations register, impact assessment template (AIIA), and periodic model review procedure.

  • Operator team training

    Practical session for the technical team and end users: how to interact with the model, what not to include in queries, and how to escalate incidents.

Frequently asked questions about Sovereign AI / On-Premise.

What data can I protect with on-premise AI that I cannot protect with a public API?

Any data you cannot send to a third party without a signed data processing agreement: personal data of employees or customers, contracts, trade secrets, non-public financial information, or special-category data (health, beliefs, etc.). With on-premise AI the request never leaves your network, which fundamentally changes the GDPR risk analysis: no international data transfer, no storage on third-party infrastructure, and full control over logs.

How does an on-premise LLM perform compared with ChatGPT or Copilot?

For specific, well-defined use cases — summarising your own documents, data extraction, answering questions about internal policies, assisted drafting with your own templates — current open-source models such as Llama 3.3 70B or Mistral Large deliver results comparable to commercial models. Performance depends on available hardware; Summum IA sizes the server according to the number of concurrent users and task type to ensure adequate response times.

Is on-premise AI compliant with the European AI Act?

Yes, and in many cases it is the option that simplifies compliance. The AI Act requires documenting the system, logging its use, and guaranteeing human oversight, regardless of where the model is hosted. By having the model in your own infrastructure, you control the logs, can audit every request, and adjust system behaviour without depending on an external provider. This greatly simplifies preparation of the documentation required for the conformity assessment of high-risk systems, which enters into force on 2 August 2026.

What happens when a new version of the model is released? Do I lose my investment?

No. The stack we deploy (Ollama or OpenLLM as the inference layer) allows you to update the model with a simple weight swap, without modifying integrations with your systems. When a new version of Llama or Mistral that improves your use case becomes available, the update is a minor technical operation. The investment in hardware, the integration layer, and governance documentation is fully reused.

Can I start with a pilot without committing to the full infrastructure?

Yes. The typical starting point is a test server or an existing machine with a discrete GPU, where we deploy a smaller-parameter model (7B–13B) to validate the use case with a pilot team. Once value is confirmed, we size the definitive infrastructure. This approach reduces initial risk and allows model and prompt tuning before the full production rollout.