The AI paradox in business #
Artificial intelligence is everywhere. Every day, millions of employees use ChatGPT to write emails, summarise documents, analyse data, and generate reports. It seems harmless, but it hides a massive problem.
According to a 2025 report, 77% of employees paste company data into AI services like ChatGPT — and 82% do so with personal accounts, entirely outside corporate control. This phenomenon is called shadow AI: the unauthorised use of artificial intelligence tools in the workplace.
The potential damage is enormous. In 2023, three Samsung engineers pasted proprietary semiconductor source code into ChatGPT, along with confidential code for troubleshooting equipment issues and an entire recording of an internal meeting. The result: Samsung banned all generative AI tools from company devices and networks. They’re not alone: JP Morgan, Goldman Sachs, Apple, Deutsche Bank, and Bank of America have done the same.
But banning AI is not the answer. Companies that don’t adopt AI lose competitiveness. The real question is: how do you use AI safely?
The answer is private AI.
What is private AI #
Private AI is an artificial intelligence system that runs entirely on your own infrastructure — on physical servers in your company (on-premise) or on cloud services with European data centres.
The fundamental difference from services like ChatGPT, Microsoft Copilot, or Google Gemini is simple: your data never leaves your perimeter.
How it works #
A private AI system has three components:
-
Language model (LLM): The “brain” of the AI. Open source models like LLaMA (Meta), Mistral, DeepSeek, and Qwen deliver performance comparable to GPT-4 for the vast majority of business tasks.
-
Infrastructure: Servers with GPUs where the model runs. This can be hardware in your server room, virtual machines in a European data centre, or a combination of both.
-
Application layer: The interface your employees use — chat, document search, data analysis. This is where RAG (Retrieval Augmented Generation) comes in: the system connects the model to your company documents and databases.
What changes in practice #
With private AI, your employees can:
- Chat with company documents: ask questions about manuals, procedures, contracts in natural language
- Query databases: ask questions like “Which clients had revenues above 100K last quarter?” without knowing SQL
- Generate content: write emails, reports, presentations — using company data as context
- Analyse documents: summarise contracts, extract key information, compare versions
All of this without a single byte of your data being sent to external servers.
Why your SME needs private AI #
1. The GDPR risk is real and costly #
Italy fined OpenAI 15 million euros in 2024 for GDPR violations. The Italian Data Protection Authority ruled that ChatGPT collects personal data without an adequate legal basis and fails to provide sufficient information to users.
If your employees paste client, employee, or patient data into ChatGPT, your company is co-responsible for that data transfer. GDPR fines can reach up to 4% of annual turnover or 20 million euros.
2. The AI Act changes the rules from 2025 #
The European AI Regulation (AI Act) introduces specific obligations for companies using artificial intelligence systems. In particular:
- Transparency obligations: employees must know when they are interacting with AI
- Risk assessment: specific procedures are required for high-risk AI systems (healthcare, HR, credit)
- Documentation: traceability of decisions made with AI support
With private AI, you have complete control over documentation and the chain of responsibility. With ChatGPT, you depend on a third-party provider for compliance.
3. Intellectual property and trade secrets #
When you use ChatGPT, your data may be used to train future versions of the model. Even with the Enterprise version, data still passes through OpenAI’s servers in the US. For companies working with patents, proprietary formulas, or industrial processes, this is an unacceptable risk.
With private AI, your data stays yours. Full stop.
4. European SMEs are lagging behind — but it’s an opportunity #
Only 5-8% of Italian SMEs have adopted AI solutions, compared to a European average of 13.5%. Yet 58% consider it a priority. The gap is not about interest, but about skills and cost perception.
Companies that adopt AI today will have a significant competitive advantage over the next 3-5 years. Data shows a potential revenue increase of 10-20% within 5 years for companies that implement AI correctly.
How it works in practice: HTX’s PRISMA stack #
PRISMA (Private Intelligence Stack for Modular AI) is the infrastructure developed by HTX specifically for European SMEs. It’s not a single piece of software, but a modular stack that adapts to each company’s needs.
The products #
ORCA — Your private ChatGPT
ORCA is a corporate chatbot that works exactly like ChatGPT — chat, document analysis, web search — but runs entirely on your infrastructure. Your employees can ask questions about company documents and receive answers with source citations.
MANTA — Natural language database
MANTA connects to your corporate databases and lets anyone run queries in natural language. “What are the top 10 clients by revenue in 2025?” becomes an instant answer, with no need to know SQL.
KOI — AI for clinical classification
KOI is a clinical decision support system for anaesthesiology. It analyses patient data and proposes an ASA physical status classification, reducing inter-operator variability.
Why a modular stack #
Every company has different needs. A manufacturer primarily needs ORCA for technical documentation. A professional services firm might start with MANTA for data analysis. A hospital needs KOI for clinical support.
With PRISMA, you choose only the modules you need and can add more over time.
Costs: what private AI really costs #
One of the main barriers to AI adoption in SMEs is cost perception. 49% of Italian SMEs cite cost as the primary obstacle. But the numbers tell a different story.
Cost comparison #
| ChatGPT Enterprise | Private AI (PRISMA) | |
|---|---|---|
| Pricing model | Per user (~€55/month) | Per infrastructure |
| 50 users (annual) | ~€33,000 | From €12,000-20,000* |
| 100 users (annual) | ~€66,000 | From €12,000-25,000* |
| Cost scalability | Linear with users | Nearly flat |
| Hidden costs | GDPR risk, lock-in | Initial setup |
*Costs depend on the configuration (on-premise vs EU cloud) and project complexity.
Where to invest #
40-60% of an AI project’s budget goes into integration, data quality, and training — not software. This applies to both public and private AI. The difference is that with private AI, the initial investment is slightly higher but the 3-year TCO is significantly lower, especially for companies with more than 30-50 users.
Typical ROI #
Market data shows:
- T&B Associati (professional services firm): 50 person-days of work reduced to 1.5 days with MANTA
- Manufacturing: 60-80% reduction in document search time with ORCA
- Healthcare: 30-40% reduction in clinical classification variability with KOI
The typical payback period for a PRISMA project is 4-8 months.
How to get started: the 3-phase roadmap #
Phase 1: Assessment (1 week) #
The first step is understanding where AI can have the greatest impact in your business. Not all processes benefit equally from AI automation.
HTX offers a free AI Readiness Assessment that analyses:
- Your organisation’s digital maturity
- Processes with the highest automation potential
- The quality and availability of your data
- Compliance requirements specific to your industry
You can complete it in 5 minutes online and receive a personalised report with concrete recommendations.
Phase 2: Pilot (2-4 weeks) #
Based on the assessment, a specific use case is identified and a working pilot project is built. Not a theoretical proof of concept, but a system your employees can actually use.
The goal is to measure value before making significant investments. If the pilot doesn’t demonstrate value, you don’t proceed. Zero risk.
Phase 3: Production (4-8 weeks) #
If the pilot succeeds, you move to production: integration with existing systems, staff training, performance monitoring.
The method is designed to minimise risk and maximise time-to-value.
Industries that benefit most #
Manufacturing #
Manufacturing companies produce enormous volumes of technical documentation: manuals, product datasheets, quality procedures, regulations. ORCA lets employees find answers in seconds instead of hours. Discover the manufacturing use case →
Professional services #
87% of professional services firms already use the consumer version of ChatGPT — a massive GDPR risk for anyone handling client data. MANTA and ORCA offer the same capabilities with the certainty that client data stays protected. Discover the professional services use case →
Healthcare #
Healthcare demands the highest level of compliance (GDPR, MDR, high-risk AI Act). KOI is designed specifically for this context, with full decision traceability and medical validation. Discover the healthcare use case →
Common mistakes to avoid #
1. Starting with an overly ambitious project #
The surest way to fail with AI is trying to solve everything at once. Start with a single concrete use case, measure the results, then expand.
2. Underestimating data quality #
AI is only as powerful as the data you feed it. If your documents are disorganised or your databases contain inconsistent data, the results will be mediocre. Investing in data cleansing and organisation is the first step.
3. Not involving end users #
The most advanced technology is useless if employees don’t use it. Involving users from the pilot phase is critical for adoption.
4. Choosing public AI “because it’s cheaper” #
The apparent cost of ChatGPT (€20/month per user) hides GDPR risks that can cost millions. Private AI has a higher upfront investment but a lower total cost and zero compliance risk.
The future of private AI #
The private AI market is growing rapidly. Open source models improve every month, hardware is becoming more affordable, and European regulation is increasingly pushing towards sovereign solutions.
For European SMEs, private AI is not a luxury — it’s a strategic necessity. Companies that adopt it today are building a competitive edge that will be hard to close.
Next steps #
- Take the free Assessment — Find out in 5 minutes how ready your business is for AI
- Discover ORCA — Your private ChatGPT, GDPR compliant
- Discover MANTA — Natural language database
- Contact us — Let’s talk about your project
HTX — Human Technology eXcellence. Private AI for European businesses. Trieste, Italy.
FAQ
What is private AI and how does it differ from ChatGPT?
Private AI is an artificial intelligence system that runs entirely on your own infrastructure — on-premise or on a European cloud. Unlike ChatGPT, which sends your data to OpenAI's servers in the US, private AI ensures that no company data ever leaves your perimeter. Same capabilities, but with full control over your data and compliance.
How much does it cost to implement private AI in an SME?
Costs vary depending on the setup. Using open source models on existing hardware, an SME can get started for just a few thousand euros. With HTX's PRISMA, pricing is based on infrastructure, not user count — making it far more cost-effective than ChatGPT Enterprise for companies with 20-30+ employees.
Is private AI truly GDPR compliant?
Yes, when implemented correctly. On-premise or EU-cloud private AI eliminates cross-border data transfers outside the EU, which is the primary GDPR risk with services like ChatGPT. Your data is never used to train third-party models. HTX designs all solutions with GDPR and AI Act compliance by design.
Which AI models can be used on-premise?
Today there are excellent open source models that run on-premise: Meta's LLaMA, Mistral, DeepSeek, and Qwen. These models deliver performance comparable to GPT-4 for many business tasks, with the advantage of running on local hardware without third-party dependencies.
How long does it take to implement private AI?
With HTX's three-phase method, a working pilot project can be delivered in 2-4 weeks. Full production deployment typically takes 4-8 weeks. The first step is a free Assessment to identify where AI can have the greatest impact in your business.
Does private AI work for small companies with fewer than 50 employees?
Absolutely. Optimised open source models can run on affordable hardware. ROI is often better in SMEs because automating repetitive tasks has a proportionally greater impact. HTX offers scalable solutions starting from minimal configurations.
What if open source models aren't powerful enough?
PRISMA, HTX's stack, supports a hybrid approach: small, fast models on-premise for everyday tasks, and more powerful models on EU cloud for complex requests. This way you get the best of both worlds without compromising on privacy.
How do I know if my company is ready for AI?
HTX offers a free AI Readiness Assessment that analyses your organisation's digital maturity, identifies the highest-impact opportunities, and provides a personalised roadmap. You can complete it in 5 minutes at ht-x.com/assessment/.