← Blog
·2 min read

Open models vs. closed models: what actually changes for your sensitive data

A closed model and an open-weight model aren't two variants of the same product: they change who sees your data and who controls the system. Here's how to decide, case by case.

Open modelsData sovereignty

When a company evaluates AI adoption, the first question usually asked is "which model is more capable?" That's the wrong question to start with — or at least not the only one. For any use case that touches sensitive data, the question that actually matters is: who sees this data, and under which jurisdiction?

The difference isn't quality, it's control

A closed model, accessible only through a vendor's API, requires your data to pass through — often via servers abroad — to get a response. An open-weight model, on the other hand, can run entirely on your own infrastructure or on a Swiss sovereign cloud: the model's weights are yours to run, not a service you send information to.

This isn't a technical detail: for contracts, medical records, financial data, or information covered by professional secrecy, it's the difference between staying fully compliant with the FADP and GDPR, or exposing yourself to a legal risk that no vendor contract fully eliminates.

When a closed model remains the right choice

It would be dishonest to claim that open models always win. On some complex reasoning tasks, the best closed models remain more capable today, and adopting them is immediate because it requires no infrastructure to manage. For non-sensitive content — marketing drafts, public research, prototyping — it's often the more efficient choice.

A three-question decision framework

The point isn't "open versus closed." It's building an architecture where each type of data ends up where it belongs — and where that choice is explicit, not accepted by default because it's the easiest path at the start.

Want to talk about it applied to your case?

Book a call →More articles
Keep reading

FADP, GDPR, and artificial intelligence: the compliance checklist for business decision-makers

Adopting an AI tool without checking where the data ends up is the fastest way to turn a productivity gain into a compliance problem. Here's what to check first.

RAG or fine-tuning? How to choose for your company's documents

RAG and fine-tuning are often presented as equivalent alternatives. They aren't: they solve different problems, and choosing the wrong one costs months of work.