Decision Guide
On-prem or cloud AI? The Swiss SME decision guide
Three criteria decide: data sensitivity, team size, acquisition budget. Honest, without a tech-sales bias.
The two worlds
Cloud AI: ChatGPT Enterprise, Microsoft Copilot, Claude Enterprise, Google Gemini Enterprise. Quickly introduced, low initial effort. But: your data leaves the operation, often via US servers. License costs per user per month. revDSG compliance only via a DPA contract.
On-prem AI: A local LLM on your own hardware, such as a Lenovo ThinkStation PGX, with an open-source stack (Ollama + Open-WebUI), optionally with an orchestration layer like the Xinity Engine. Higher initial investment. But: your data stays in-house, no per-user licenses, full revDSG compliance structurally instead of contractually.
Criterion 1: Data sensitivity
| Data type | Recommendation |
|---|---|
| Generic office content (mails, standard documents) | Cloud |
| Personal data in regulated industries (fiduciary, finance, healthcare) | On-prem (or cloud only with a very strict DPA) |
| IP-sensitive code | On-prem |
| Client correspondence | On-prem |
| Marketing content without customer data | Cloud |
Criterion 2: Team size + usage profile
| Team | Cloud license / month (example) | On-prem (one-time) | Break-even |
|---|---|---|---|
| 5 users | ~CHF 300/month | Lenovo list price + setup | After 12–18 months |
| 20 users | ~CHF 1,200/month | identical | After 6–12 months |
| 50 users | ~CHF 3,000/month | identical | After 3–6 months |
Note: cloud prices are illustrative based on typical ChatGPT Enterprise license costs. Current prices in the architecture conversation.
Criterion 3: Compliance and governance requirements
- Audit trail obligation? → On-prem structurally simpler (or cloud + Xinity-style orchestration)
- EU AI Act readiness? → On-prem or an EU-sovereign stack
- Internal company rule "data does not leave the house"? → On-prem, period
- No special requirements? → Cloud is usually enough
Hybrid architectures are the rule
What is written above sounds like an "either-or". In practice, hybrid setups are the norm: office workflows in cloud AI, sensitive workflows on-prem. We think one architecture per use case, not per company.
When Xinity comes into play
You want not only Swiss hardware but also an EU-sovereign software stack? Then we integrate the Xinity Engine. A Vienna-based open-source orchestration layer (Apache 2.0) with an OpenAI-compatible API, model routing, and audit trails. Recommended for multi-team setups with elevated compliance requirements.
The Swiss special case: revDSG
The revised Swiss Federal Act on Data Protection (revDSG), in force since 1 September 2023, requires a data processing agreement (DPA) and information to the data subjects when using cloud AI with US providers. On-prem avoids this topic structurally and completely. The data does not leave the operation.
Frequently asked questions
Is cloud AI illegal in Switzerland?
No. With a DPA contract, information to the data subjects, and a risk assessment, cloud AI is usable in a revDSG-compliant way for many use cases. It is not "illegal".
Then why go on-prem at all?
For sensitive data, IP, regulated industries, multi-team setups, or an internal rule that "data stays in-house", on-prem becomes structurally more secure, and above a certain team size more economical.
How fast does cloud AI run vs on-prem?
Cloud setup: 3–8 days. On-prem with a ThinkStation: 2–6 weeks including hardware delivery. The time factor favours cloud, the sensitivity factor favours on-prem.
Can we switch later?
Yes, in both directions. Cloud → on-prem is more common, because data sensitivity typically grows, not shrinks.
What is Xinity?
A Vienna-based open-source orchestration layer for on-prem LLMs. OpenAI-compatible, Apache 2.0. We integrate it on request.
What do you typically recommend?
Hybrid: cloud for standard office use cases, on-prem for sensitive ones. The question is not "on-prem or cloud", but "which use cases belong where".