Trust before the hype

Sovereign AI in Switzerland

AI you keep control of: open-source models we run on European infrastructure, no US cloud and no reuse of your data.

Storage in EuropeInference in EuropeNo Big Tech lock-in

14'053+ sites created in the last 30 days

actif
🇪🇺 Europe
Falkenstein
Helsinki
Nürnberg

Hetzner · Europe

US cloud
Storage in Europe
Inference in Europe
No Big Tech lock-in

A growing share of Swiss businesses use AI in their operations. But most of them are running sensitive data on infrastructure subject to American law, often without realising it. The US Cloud Act allows American authorities to access data held by any US-law operator, including through their European subsidiaries. For regulated professions, SMEs handling client data, and HR or legal teams, this is not a matter of comfort: it is a matter of compliance and liability. Kleap offers a concrete alternative: custom business software, AI agents, and internal tools built on an open-source stack hosted in Europe, with full agency support from scoping to delivery.

14'053+
sites created in the last 30 days
16
languages
100%
European hosting
0
US cloud

What sovereign means, concretely

Not a slogan: verifiable technical choices.

Open-source models

No proprietary black box: open models we control and host ourselves.

European hosting

Infrastructure in Europe (Hetzner). No US cloud, no exposure to the US Cloud Act.

Your data stays yours

No reuse of your data to train third-party models.

Transparency

We tell you exactly where your data is and how it is processed.

Why AI sovereignty has become an imperative in 2026

The majority of mainstream AI tools (ChatGPT, Copilot, Gemini, Claude.ai) are operated by US-law entities. Even the Enterprise version of ChatGPT is contractually subject to American law. The Cloud Act of 2018 allows US federal authorities to compel an American operator to hand over data hosted anywhere in the world, including in Europe. For a fiduciary, a law firm, an HR department, or a Swiss bank, this creates a real legal exposure. The nLPD (revised Swiss Federal Act on Data Protection, in force since September 2023) strengthens obligations around transparency, proportionality, and governance. And the position of the FDPIC (Federal Data Protection and Information Commissioner) on the use of American cloud services remains cautious for sensitive personal data. AI sovereignty is no longer a marketing position: it is a governance requirement.

  • Cloud Act: data hosted with a US-law operator can be seized by American authorities, even from a European data centre
  • nLPD (Sept. 2023): strengthened obligations on transparency, minimisation, and data subject rights, applicable to AI systems
  • FINMA 2018/3: specific outsourcing obligations for Swiss financial institutions
  • Art. 321 CP: professional secrecy subject to criminal sanction for lawyers, doctors, and fiduciaries (up to 3 years imprisonment)
  • A large majority of Swiss institutional players and businesses express the desire to better control their national digital infrastructure

What 'sovereign' means in practice: the 4 criteria

The term 'sovereign AI' is often used loosely. European hosting alone is not enough if the operator is a US-law entity. A 'no data logging' policy is not enough if the model is proprietary and inaccessible. For a solution to be genuinely sovereign, four criteria must be met simultaneously. Kleap meets all of them on enterprise projects.

  • 1. Physical hosting in Europe: the servers running the models and handling data are located in the EU (Kleap uses Hetzner, a German operator, with data centres in Finland and Germany)
  • 2. European-law operator: no US-law entity in the contractual or technical chain, no subsidiary subject to the Cloud Act
  • 3. Portable open-source models: the models used (Llama, Qwen, Mistral, Gemma as appropriate) are open-weight under permissive licences (Apache 2.0, MIT), the weights are accessible and deployable without vendor dependency
  • 4. Data not reused for training: queries and processed documents are never used to improve a third-party model

The 2026 turning point: open-source models reach professional parity

Until 2024, choosing a sovereign open-source model meant accepting a visible quality gap compared to GPT-4 or Claude. That is no longer the case. The 2025-2026 generation of open-weight models (Llama 4, Gemma 4 from Google under Apache 2.0, Qwen3 from Alibaba, Mistral Large) achieves performance levels very close to proprietary models on common professional tasks: writing, summarisation, information extraction, classification, and code generation. These models can be hosted on European cloud GPUs (Infomaniak Genève, Hetzner, OVHcloud) or on-premise on your own servers. For most business use cases, sovereignty no longer costs anything in terms of quality.

  • Llama 4 (Meta, Apache 2.0): high-performance multimodal model, deployable on-premise
  • Gemma 4 (Google, Apache 2.0): excellent quality-to-resource ratio for enterprise text processing tasks
  • Qwen3 (Alibaba, Apache 2.0): very strong on European languages and document analysis
  • Mistral Large (Mistral AI, accessible weights): European model, strong on French and Romance languages
  • Deployment on EU cloud GPUs (Infomaniak, Hetzner) or on-premise: latency and cost comparable to public APIs for professional use

Sectors and use cases: where sovereignty is not optional

Some sectors have a legal or contractual obligation to control how their data is processed. Others face direct reputational or liability risk. Here are the situations where sovereign AI is required, and the concrete use cases Kleap can deliver.

  • Law firms and notaries: professional secrecy (art. 321 CP), extracting contractual clauses, summarising case files, drafting correspondence, without exposing client data
  • Fiduciaries and accountants: automated processing of accounting documents, VAT and tax return assistants, internal client chatbot, nLPD compliance
  • Healthcare facilities and medical practices: summarising patient records, documentation support, transcribing consultations, nLPD art. 9 compliance (sensitive data)
  • Banks and insurance companies: FINMA 2018/3 compliance, risk analysis, client onboarding, regulated chatbot, internal scoring
  • Public administrations and local authorities: AI citizen portal, form processing, summarising deliberations, intelligent archiving
  • Industrial SMEs and HR: back-office process automation, CV analysis, drafting job offers, buyer assistance

What Kleap can build for your organisation

Kleap is an AI platform with an agency arm (Lionscreative). Unlike SaaS vendors selling a subscription to a generic chat tool, Kleap builds custom business tools hosted on sovereign infrastructure and supports teams through to production. Three engagement models are available depending on your context.

  • We build it for you (Lionscreative agency): scoping, design, development, deployment, and training. Ideal for complex internal tools (client portals, business AI agents, intelligent back-office). Typical lead time: 6 to 12 weeks.
  • We connect you with the right provider: if your need matches a specialist partner (ERP integration, industrial AI, medical sector), Kleap identifies and qualifies the right contact from its network.
  • Kleap Enterprise self-serve: for teams that want to build and iterate independently on the Kleap platform, with sovereign hosting and open-source models included.

Shadow AI: the problem you already have

Your employees are probably already using uncontrolled AI tools: free ChatGPT on a personal account, personal Copilot, Gemini on their private Google account. This is what is known as 'shadow AI': AI usage outside the company's governance perimeter. A significant share of Swiss SMEs that have adopted AI have not yet put a clear data protection policy in place. These unmanaged uses expose your client data, contract documents, and financial analyses to the servers of Google, Microsoft, and OpenAI, without a proper data processing agreement or any traceability. Deploying a sovereign internal AI solution channels these uses into a controlled, auditable, and nLPD-compliant environment.

  • Give your teams an AI tool as simple as ChatGPT, but hosted within your perimeter
  • Every query is logged and auditable internally, not at a third party
  • Formalisable usage policy: which models, which data, who has access
  • Immediate reduction of nLPD risk from undeclared personal use

Technical architecture: what runs under the hood

A sovereign AI stack is not a black box. Kleap uses recognised, auditable open-source components hosted on European infrastructure whose contractual terms are enforceable without any American jurisdictional exception.

  • Hosting: Hetzner Cloud (Germany and Finland), German-law operator, no Cloud Act exposure
  • Inference models: Llama 4, Gemma 4, Qwen3, Mistral (depending on use case and target language), all under open licences
  • No data transmitted to proprietary APIs (OpenAI, Anthropic, Google Gemini API) in sovereign enterprise projects
  • Possible integrations: collaboration tools (Teams, Outlook), ERP/CRM, document management systems, existing business APIs
  • Traceability: logs kept within your environment, not transmitted to a third party, exportable for audit

Business benefits: what companies are measuring

Sovereignty is not a constraint that holds back productivity. Companies that deploy internal AI solutions document concrete gains in their processes. These findings are qualitative and vary by sector and use case.

  • A majority of companies that have adopted AI report a measurable improvement in operational efficiency
  • Significant reduction in time spent on repetitive tasks in teams that have adopted AI on their back-office processes
  • Notable reduction in customer support requests in organisations using internal chatbots
  • Gains in commercial conversion in sales teams that have integrated an AI CRM
  • Visible return on investment on targeted use cases: document processing, writing assistance, workflow automation

Swiss legal framework: what the texts say

Here are the reference texts governing AI use for Swiss businesses, and what they mean in practice. Kleap does not provide legal advice, but the projects we deliver are designed to make it easy for your legal teams to document compliance.

  • nLPD (Federal Act on Data Protection, in force Sept. 2023): transparency on automated processing, right to object, obligation to inform, impact assessment for high-risk processing
  • US Cloud Act (2018): extraterritorial reach of US law over data managed by any US-law operator, including from the EU. A 100% European stack eliminates this risk.
  • FINMA Circular 2018/3: outsourcing requirements for financial institutions, audit rights, reversibility, data localisation
  • Art. 321 CP (Swiss Criminal Code): professional secrecy for lawyers, doctors, notaries, and pharmacists. Violation punishable by up to 3 years imprisonment. Transmitting covered data to a third-party service without guarantees carries real risk.
  • EU AI Act (applicable to Swiss companies that export or process data of EU residents): transparency and documentation requirements for high-risk AI systems

Our deployment method: from audit to production

Every project begins with an audit of your processes and data constraints, not a product demonstration. We identify high-value use cases, those that can use mainstream tools, and those that absolutely require a sovereign stack. Only then do we propose an architecture and delivery plan.

  • Step 1: Preliminary audit (1 to 2 weeks), process mapping, data flows, sector-specific legal constraints, identification of priority use cases
  • Step 2: Design (1 to 2 weeks), model selection, hosting architecture definition, integration specification
  • Step 3: Development and deployment (4 to 8 weeks depending on complexity), iterative delivery, internal testing, training of key users
  • Step 4: Post-launch support, supervision, model adjustments, system prompt updates, technical support

From concept to sovereign AI tool in production: our method

01

1. Diagnostic (free, 1 to 2 weeks)

Interviews with your teams to map processes, data involved, and sector-specific legal constraints. Together we identify the 2 or 3 highest-ROI use cases and assess the level of sovereignty required.

02

2. Architecture and model selection (1 to 2 weeks)

Selection of the appropriate open-source model(s) (based on language, task type, and volume), definition of the hosting environment (EU cloud or on-premise), integration plan with your existing tools.

03

3. Development and deployment (4 to 8 weeks)

Iterative delivery in two or three sprints. Internal testing with your real data in an isolated environment. Training of key users included.

04

4. Post-launch support

Performance monitoring, model and system prompt adjustments, security updates, technical support. The solution can evolve at the pace of your needs.

Kleap sovereign AI vs mainstream tools: an honest comparison

Mainstream AI tools are often faster to set up initially. The differences appear on the criteria that matter for a regulated Swiss business or one handling sensitive data.

CriterionKleap (sovereign stack)ChatGPT/Copilot/Gemini API
Data locationHetzner EU (Germany/Finland)US and Microsoft/Google/OpenAI data centres
Law governing the operatorGerman law (EU)US law (Cloud Act)
Auditable open-source modelYes (Llama, Gemma, Qwen, Mistral)No (proprietary, black box)
Data used for trainingNoDepends on terms: possible outside Enterprise plans
nLPD complianceDesigned to document complianceRequires additional contractual guarantees
Business customisationBespoke: internal tools, agents, portalsLimited to SaaS product features
ERP/CRM/internal tool integrationAvailable, delivered by the agencyVia APIs, vendor dependency
PortabilityFull: open-source models, switchable infrastructureStrong vendor dependency

Our commitment

Storage AND processing in Europe

True sovereignty is where AI processes your data, not only where it stores it.

Storage in Europe

Your data hosted on European infrastructure (Hetzner).

Inference in Europe

Open-source models run on our European infrastructure, not via a US API.

No Big Tech lock-in

No lock-in to a US cloud provider.

swissIa.iaSouveraineSuisse.localContextTitle

French-speaking Switzerland: Genève, Lausanne, Neuchâtel, Fribourg, Sion, presence and support in French
Specific regulatory context: nLPD stricter than GDPR on certain points (sensitive data, profiling), FINMA for the financial sector, cantonal rules in healthcare and public administration
Swiss Centre for Digital Sovereignty (SDS): launched in April 2026 with several founding members, including public bodies, IT companies, and foundations, a strong institutional signal
Swiss AI Initiative (Apertus, EPFL/ETHZ/CSCS): development of a Swiss open-source LLM under Apache 2.0, an academic signal of growing national awareness
The Swiss banking sector is among the most active in AI adoption, with particularly high requirements for sovereignty and compliance
Funding: subsidy schemes exist at federal and cantonal level for SMEs investing in AI upskilling (check with your canton and SERI)

Frequently asked questions

What exactly is sovereign AI?

Sovereign AI is a system where your organisation retains full control over the data, infrastructure, and models. In practice: the servers are physically located in Europe, the operator is subject to European law (not the US Cloud Act), the model is open source and portable (you are not locked into a vendor), and your data is never used to train a third-party model.

Does the data stay in Switzerland?

Kleap uses Hetzner (a German operator, with data centres in Germany and Finland) for hosting models and data. Data therefore remains in the EU, subject to German law and the GDPR, with no American jurisdictional exception. Strictly 'Swiss' hosting is possible via partners such as Infomaniak Genève, depending on the specific requirements of your sector.

Is ChatGPT Enterprise not sufficient for compliance?

ChatGPT Enterprise offers enhanced contractual guarantees (no training on your data, SSO, etc.). However, the operator remains OpenAI, a US-law entity subject to the Cloud Act. For professions covered by Swiss professional secrecy (art. 321 CP), for financial institutions subject to FINMA, or for processing particularly sensitive data (health, judicial records), these contractual guarantees do not remove the need for a thorough legal risk analysis. Moreover, ChatGPT Enterprise does not allow the deep customisation (model, system prompt, business integrations) that a bespoke sovereign stack provides.

Are open-source models really as good as GPT-4 or Claude?

For common professional tasks (writing, summarisation, information extraction, classification, code generation), the 2025-2026 generation of open-weight models (Llama 4, Gemma 4, Qwen3, Mistral Large) reaches performance levels very close to proprietary models. On certain specialised tasks (complex mathematical reasoning, advanced code), a gap may remain. The preliminary audit identifies use cases where an open-source model is fully sufficient and those that might warrant a hybrid approach.

How long does it take to deploy a sovereign AI solution?

For a targeted use case (internal assistant, document processing, business chatbot), the typical timeline is 6 to 10 weeks: 1 to 2 weeks of audit and design, 4 to 8 weeks of development and deployment. The first testable iterations generally arrive within the first 3 to 4 weeks.

What is the cost of a sovereign AI solution vs a SaaS subscription?

Mainstream AI SaaS subscriptions carry a per-user monthly cost, without business customisation and with hosting outside your control. A bespoke project involves an upfront investment (scoping, development, deployment) amortised over 12 to 24 months, with infrastructure costs thereafter far lower than those of proprietary APIs. The crossover point depends on usage volume and number of users. We quantify this during the preliminary audit.

Can we migrate from an existing solution (OpenAI, Copilot) to a sovereign stack?

Yes. Migration does not require starting from scratch. Open-source model APIs are compatible with OpenAI formats (prompt, response, tools/function calling). Existing system prompts and integrations are generally portable with minor adjustments. Kleap supports this migration within a structured project.

What is 'shadow AI' and why is it a risk?

Shadow AI refers to the use of AI services by your employees outside any company governance framework: free ChatGPT on a personal account, Gemini via Gmail, etc. A significant share of Swiss SMEs that have adopted AI have not yet formalised a data protection policy. Your employees may already be running client or contractual data on American servers, without a valid data processing agreement. Deploying a sovereign internal tool solves this problem by offering an alternative as simple as ChatGPT, but within your governance perimeter.

Is Kleap a SaaS product or an agency?

Both. Kleap is an AI platform (accessible self-serve to create applications and websites) and also has an agency arm (Lionscreative) for bespoke enterprise projects. For sovereign AI projects in enterprise, the approach is agency-led: we design, deploy, and support. If your team wants full autonomy on the platform, Kleap Enterprise is available self-serve with sovereign hosting.

What is the difference between EU hosting and 'Swiss' hosting?

Switzerland is not an EU member but has adopted a data protection law (nLPD) aligned with the GDPR, recognised as adequate by the European Commission. Hetzner hosting in Germany provides GDPR guarantees and the absence of US Cloud Act exposure, which is the determining criterion for sovereignty. Strictly Swiss hosting (Infomaniak, for example) may be required by certain regulated Swiss sectors (some cantonal health institutions, public administrations). We assess this need on a case-by-case basis.

AI you truly control

Let us talk about your project and your sovereignty requirements. We show you how we do it.

Request a Custom Demo

Tell us about your team and we'll reach out within 24 hours.

We'll never share your information. Expect a response within 24h.

Sovereign AI in Switzerland | Open-source, hosted in Europe