The AI paradox in professional firms #
Professional firms are among the most enthusiastic adopters of generative AI. And rightly so: AI is perfectly suited to knowledge work — document analysis, regulatory research, drafting opinions, querying databases.
The problem is how they use it.
According to industry research, nearly 9 out of 10 professionals use ChatGPT or similar tools in the consumer version — the free or personal subscription tier. No business contract, no DPA (Data Processing Agreement), no guarantees about where data ends up.
For an accountant entering a client’s balance sheet, a lawyer uploading a confidential contract, or a consultant analysing a company’s financial data, the implications are serious:
- Breach of professional secrecy: client data is transferred to a third party (OpenAI) without explicit consent
- GDPR violation: cross-border data transfer to US servers, without adequate legal bases after the invalidation of the Privacy Shield
- Reputational risk: a data breach involving client data can destroy a firm’s credibility in days
- Professional liability: the professional is personally responsible for negligent handling of client data
This is not a theoretical risk. Italy fined OpenAI 15 million euros in 2024. The Data Protection Authority has launched specific investigations into the use of generative AI in professional services.
Why professional firms need AI — the right kind #
Before diving into use cases, it’s important to understand why AI is particularly suited to professional work.
Professional work is knowledge work #
Accountants, lawyers, and consultants spend most of their time:
- Searching for information across regulations, case law, practice notes, circulars
- Analysing complex documents (balance sheets, contracts, expert reports, analyses)
- Querying databases to extract specific data from years of archives
- Drafting documents that follow recurring patterns (opinions, reports, letters)
- Monitoring deadlines and regulatory updates
These are exactly the tasks where generative AI excels. The difference between working with and without AI can be orders of magnitude: from hours to minutes, from days to hours.
The cost of inaction #
A firm that doesn’t adopt AI doesn’t simply stand still — it loses ground. Competitors using AI can:
- Serve more clients with the same headcount
- Deliver deeper analysis in less time
- Reduce operational costs and offer more competitive fees
- Respond faster to client requests
The question isn’t whether to adopt AI, but how to do it safely.
GDPR risks specific to professional firms #
Professional firms have a different and higher GDPR risk profile than the average business. Here’s why.
1. Third-party data, not your own #
When a manufacturing company uses ChatGPT for its own internal documents, it handles its own data. When a professional firm uses ChatGPT, it handles clients’ data — third parties who have entrusted confidential information to the professional with an expectation of privacy.
This radically changes the legal framework: the professional is responsible for processing clients’ data and cannot transfer it to third parties (like OpenAI) without specific legal bases.
2. Professional secrecy #
Accountants, lawyers, and consultants are bound by professional secrecy. Entering data covered by secrecy into ChatGPT amounts to unauthorised disclosure to a third party. It doesn’t matter that OpenAI promises not to read the data: the transfer itself is a violation.
3. Special categories of data #
Professional firms frequently process special categories of data (Art. 9 GDPR): health data in litigation, criminal data in legal proceedings, sensitive financial data in tax advisory. These data have reinforced protections and their transfer outside the EU is even more problematic.
4. Fiduciary duty #
The professional-client relationship is built on trust. A client who discovers that their financial data was entered into ChatGPT — even if no concrete harm occurred — could legitimately lose trust in the firm and take legal action.
Potential sanctions #
- GDPR: up to 4% of annual turnover or €20 million
- Professional body: disciplinary sanctions up to suspension
- Civil liability: damages to clients
- Reputational damage: loss of clients (the most costly harm)
15 concrete use cases for professionals #
Here’s how private AI can transform daily work, organised by profession.
Accountants and Tax Advisors (5 use cases) #
1. Automated tax document analysis #
AI analyses balance sheets, tax returns, bank statements and automatically identifies anomalies, inconsistencies, and tax optimisation opportunities. With ORCA, you can upload a client’s balance sheet and ask in natural language: “Which items show significant deviations from the previous year?”
Impact: 70% reduction in preliminary analysis time.
2. Periodic client reports #
Automatic generation of personalised reports for each client: revenue trends, performance indicators, upcoming deadlines, VAT position. The AI draws from management system data and produces reports in professional format.
Impact: from 2-3 hours per report to 15-20 minutes.
3. Deadline and compliance management #
AI monitors the tax calendar and cross-references deadlines with each client’s specific situation. “Which clients on the flat-rate scheme need to file their VAT return by 30 April?” — an instant answer without manually consulting dozens of files.
Impact: elimination of missed deadlines, reduced operational stress.
4. Continuous regulatory updates #
Tax regulations change constantly: revenue authority circulars, rulings, interpretive guidance, Supreme Court decisions. AI indexed on regulatory documents can answer questions like: “What are the latest rulings on the deductibility of vehicle costs for professionals?”
Impact: regulatory research in seconds instead of hours.
5. Client database queries with MANTA #
MANTA transforms the firm’s database into a system that can be queried in natural language. “What is the average revenue of clients on the standard regime with more than 5 employees?” — without writing a line of SQL, without asking the IT department.
Impact: democratised data access, data-driven decisions.
Lawyers (5 use cases) #
6. Contract analysis #
AI analyses contracts and identifies critical clauses, hidden risks, deviations from standard terms, and compares different versions. “Highlight all clauses in this contract that deviate from our standard template” — result in 30 seconds for a 50-page contract.
Impact: from 4-6 hours of manual review to 30 minutes.
7. Case law research #
Instead of manually searching legal databases, AI can search through indexed case law: “Find Supreme Court judgments from the last 3 years on employer liability for workplace harassment with damages exceeding €50,000.”
Impact: exhaustive research in minutes instead of days.
8. Document due diligence #
In M&A transactions or pre-contractual reviews, AI analyses hundreds of documents and identifies risks, pending issues, and inconsistencies. With ORCA you can upload an entire data room and query it in natural language.
Impact: 60-80% reduction in due diligence time.
9. Case file summaries #
For complex case files spanning hundreds of pages, AI produces structured summaries: chronology of events, parties’ positions, key legal issues, cited precedents. Ideal for hearing preparation or for new associates taking over a case.
Impact: onboarding on new cases in hours instead of days.
10. Compliance checks #
AI cross-references open cases with regulatory requirements and flags potential compliance issues. “Which open cases have limitation deadlines in the next 6 months?” — immediate response with a prioritised list.
Impact: reduced risk of missed deadlines.
Business Consultants (5 use cases) #
11. Market research #
AI analyses sector reports, market data, and public documentation to produce competitive analyses. Fed with proprietary data, it can compare the client’s performance with industry benchmarks.
Impact: market analysis in 2 hours instead of 2 weeks.
12. Commercial proposal generation #
Starting from the client brief and the firm’s service portfolio, AI generates drafts of personalised commercial proposals. The consultant reviews and refines, but starts from a structured base rather than a blank page.
Impact: 50% reduction in proposal preparation time.
13. Multi-source data analysis #
Consultants often work with data from diverse sources: client CRM, financial databases, surveys, market data. AI with MANTA can cross-reference these sources and answer complex questions: “What correlation exists between marketing investments and revenue growth over the last 3 years?”
Impact: analyses that took weeks, available in hours.
14. Knowledge management #
Every firm has years of accumulated work: past proposals, deliverables, templates, best practices. AI indexed on the firm’s knowledge base makes this wealth immediately accessible: “Have we previously done a logistics optimisation project for a food company?”
Impact: zero reinvention of the wheel, systematic reuse of experience.
15. Client reporting #
AI generates progress reports, annotated dashboards, and presentations from project data. With MANTA connected to the client’s systems, reports can include real-time updated data.
Impact: automated weekly reporting, more time for high-value analysis.
Case study: T&B Associati and MANTA #
The case of T&B Associati — a professional firm based in north-eastern Italy — concretely demonstrates the potential of private AI.
The starting situation #
T&B Associati manages hundreds of clients with data spread across multiple databases and management systems. Every time a partner needed a cross-cutting analysis — “What’s the status of overdue invoices from clients in the food sector?” — they had to:
- Contact the IT department or the database manager
- Wait for the query to be written and tested
- Receive raw data and interpret it manually
Average time for an analysis: 50 person-days for complex reports requiring the cross-referencing of multiple data sources.
The solution: MANTA #
MANTA was connected to the firm’s databases. In 2 weeks of configuration and training, the system was ready for production use.
Now any professional in the firm can query databases in natural language:
- “Show me clients with revenue growth >10% who haven’t yet renewed their contract”
- “What is the average collection time by sector over the last 12 months?”
- “List tax matters with deadlines within 30 days ordered by amount”
The results #
- 50 person-days reduced to 1.5 days for complex analyses
- Democratised access: every professional can run queries, not just those who know SQL
- Faster decisions: information arrives in minutes, not weeks
- Zero GDPR risk: all data stays on-premise, no transfers to third parties
The return on investment was achieved in less than 3 months.
How to implement AI safely: ORCA + MANTA #
The stack for professional firms #
HTX designed PRISMA (Private Intelligence Stack for Modular AI) with a specific focus on the needs of professional firms:
ORCA — The firm’s private ChatGPT
- Chat with documents: upload contracts, balance sheets, regulations and query them in natural language
- Document generation: draft opinions, reports, letters from templates and data
- Semantic search: find information across archives of thousands of documents in seconds
- Multi-user: each professional has their own workspace, with granular permissions
MANTA — The natural language database
- Natural language queries: query the firm’s databases without knowing SQL
- Multi-database: connection to management software, CRM, document archives
- Automatic dashboards: visual reports generated on-demand
- Audit trail: complete traceability of every query for compliance
Why on-premise #
For professional firms, on-premise is almost always the best choice:
- Professional secrecy: data never leaves the firm’s perimeter
- Full control: no dependency on cloud providers
- Predictable costs: fixed initial investment and maintenance costs
- Performance: minimal latency, no dependency on internet connection
For smaller firms or those needing flexibility, HTX also offers deployment on certified European cloud, with data centres in Italy or the EU.
AI Act: what changes for professional firms #
The European AI Act imposes specific obligations on professional firms as well.
Obligations already in force (February 2025) #
- AI literacy: all staff using AI must be trained on risks and limitations
- Transparency: clients must know when a document or analysis was produced with AI support
Upcoming obligations (August 2026) #
- High-risk systems: if AI is used for decisions that significantly impact clients (asset valuations, determinative legal opinions), documentation and human oversight obligations may apply
- Impact assessment: formal risk analysis for AI systems in use
How private AI simplifies compliance #
With solutions like ORCA and MANTA on-premise:
- Complete audit trail: every interaction is logged and documentable
- Human oversight: the professional always reviews AI output before delivering it to clients
- No data transfers: eliminates the cross-border data transfer problem at its root
- Built-in documentation: the system automatically generates the documentation required by the AI Act
How to get started #
1. Free assessment #
The first step is understanding where AI can have the greatest impact in your firm. HTX offers a free AI Readiness Assessment that analyses your processes and identifies the highest-value opportunities.
2. Pilot project (2-4 weeks) #
Based on the assessment, you choose a specific use case — for example, document analysis with ORCA or database queries with MANTA — and build a working pilot.
3. Production and training (4-8 weeks) #
If the pilot demonstrates value, you move to production: full integration, staff training, permissions configuration.
Next steps #
- Take the free Assessment — Discover in 5 minutes where AI can transform your firm
- Discover ORCA — The private ChatGPT for professionals
- Discover MANTA — Natural language database
- Contact us — Let’s talk about your project
HTX — Human Technology eXcellence. Private AI for European businesses. Trieste, Italy.
FAQ
Can I use ChatGPT to analyse my clients' documents?
Not safely. ChatGPT sends data to OpenAI's servers in the US, violating GDPR when processing clients' personal data. Professional firms have a reinforced duty of confidentiality: you need a private alternative like ORCA that keeps data on-premise.
How much does private AI cost compared to ChatGPT for a 20-person firm?
ChatGPT Enterprise costs about €55/user/month, roughly €13,200/year for 20 users. A private solution with PRISMA starts at €8,000-15,000/year with nearly flat costs for additional users. Beyond 15-20 users, private AI becomes more cost-effective.
Can MANTA connect to my accounting software?
Yes, MANTA connects to any relational database (SQL Server, PostgreSQL, MySQL) and to many business applications via API. Initial setup typically requires 1-2 days of work with the HTX team.
Does the AI Act apply to professional firms?
Yes. If you use AI systems for decisions that impact clients — tax assessments, legal analyses, advisory services — the AI Act applies to you. The AI literacy obligation has been in force since February 2025. Using private AI simplifies compliance.
What data can I have AI analyse without GDPR risks?
With on-premise private AI, you can analyse any business data because it never leaves your perimeter. With public AI like ChatGPT, you should never input clients' personal data, confidential financial information, or documents covered by professional secrecy.
How do I start using AI in my professional firm?
The first step is HTX's free Assessment, which analyses your processes and identifies where AI can have the greatest impact. Typically, firms start with a specific use case — like document analysis or database queries — and expand after verifying the ROI.