Private AI · Data Sovereignty
"Private AI" has become a marketing term, which means it has almost stopped meaning anything. Every vendor now claims their product is "private", "enterprise-grade" and "your data stays yours" — yet the definitions, the storage locations, and the training-data usage vary wildly between OpenAI, Microsoft, Anthropic, Google, and the growing set of self-hosted options.
If you run a UK SMB — especially in law, financial services, healthcare or professional services — "where does my data actually go?" is not a theoretical question. It's the one your clients, your insurers, your regulators, and eventually your auditors will ask. This article gives you an honest comparison so you can answer it.
The four real options in 2026
Strip away the marketing and there are essentially four delivery models you can pick for AI in a UK SMB. Each has a defensible use case — the trap is assuming they're interchangeable.
| Option | Where data lives | Training on your data? | Typical cost (25 users) | Best for |
|---|---|---|---|---|
| Copilot for M365 | Microsoft UK/EU data boundary, same tenant as your M365 | No — contractual commitment | £~7,800/yr + base M365 | Firms already on M365 Business Premium / E3, document-heavy work |
| ChatGPT Enterprise / Team | OpenAI (US, with EU residency option) | No — contractual | £~5,500–7,800/yr | Teams needing GPT-4/5-class reasoning outside M365 |
| Claude for Work | Anthropic (US, EU region available) | No — contractual | £~6,000–7,800/yr | Long-document analysis, careful drafting, complex reasoning |
| Self-hosted private AI | Your infrastructure (Azure/UK DC/on-prem) | No — you control it | £15k–£60k build + £400–£2k/mo run | Privileged data, regulated firms, IP-sensitive work |
Two things jump out. First, all four options say they don't train on your data — but the legal mechanism differs. Microsoft and Anthropic rely on contract plus architectural separation. Self-hosted removes the question entirely. Second, self-hosted is dramatically more expensive up-front, but has a very different long-run cost curve if your team is large or your use is heavy.
What "your data stays yours" actually means
When a vendor says your data isn't used to train their models, they typically mean four things — and you should confirm all four in writing before signing:
- No training on prompts or outputs. Your chats don't become future model weights. This is the strongest and most universally respected commitment.
- No human review of your content. Some providers keep the right to human-review flagged content for abuse detection. Ask whether you can opt out, and whether reviewers are UK/EU based.
- Limited retention window. How long are your prompts and outputs kept on the provider's systems? 30 days is typical; some now offer zero-retention on request.
- Data residency. Where physically does the processing happen? "EU Data Boundary" for Microsoft and "EU region" for Anthropic / OpenAI are real options, but they must be switched on — they are rarely the default.
If any of those four commitments feel vague in a vendor's own documentation, assume the commercial protection is weaker than marketing suggests. Press for plain-English clarification from your account manager, and get it in the MSA — not a blog post.
The case for sticking with a commercial provider
Most UK SMBs — including most I work with in law and finance — are genuinely well-served by Copilot, Claude for Work, or ChatGPT Enterprise. Here's when a commercial tool is the right answer:
- Your data classification is commercial-sensitive but not privileged — internal plans, quotes, marketing copy, management reports.
- You are processing your own intellectual property, not client material under NDA.
- Your client contracts don't explicitly prohibit third-party processing.
- Your regulator or insurer has given clear guidance that commercial AI with a UK/EU data-boundary commitment is acceptable.
- Your team is under 150 and usage patterns don't justify the build cost of a private deployment.
In this zone, Copilot's integration with Outlook, Word, Excel and SharePoint is usually worth more than the marginal sovereignty gain from going private. The operational win beats the architectural purity.
The case for going private
Self-hosted or dedicated-tenant AI becomes the right call when one or more of the following applies:
- You handle legally privileged communications — solicitor/client, in-house counsel memos, witness statements, regulatory investigations.
- You operate under client contracts that forbid third-party processing — increasingly common in M&A, litigation, defence, and government work.
- Your IP is the asset — proprietary research, algorithm development, unpublished manuscripts, trade secrets. You don't want any version of it sitting in a US provider's logs, even under contract.
- You're regulated in a way that requires evidence of physical data location — some FCA firms, Ministry of Defence suppliers, NHS trusts.
- You have 200+ heavy users and the per-seat economics of commercial tools have stopped making sense.
In those scenarios, a self-hosted deployment isn't over-engineering — it's the minimum viable answer to a client, insurer or regulator question.
What a private AI actually looks like
When I deploy a private AI for a London SMB, it's usually one of three architectures:
1. Azure OpenAI in your own tenant
Lowest friction if you're already on Microsoft. You get GPT-4/5-class models running inside your Azure subscription, in UK South or UK West region. Contractually, Microsoft doesn't see your prompts. Practically, this is "dedicated tenancy" not "self-hosted", but it passes the sovereignty test for the vast majority of UK regulators.
2. Open-weight models on Azure / AWS UK regions
Models like Llama 3, Mistral, or Qwen running on GPU VMs in UK-regional Azure or AWS. You operate it. You patch it. No vendor sees the prompts. This is "private" in the strictest sense, and the right answer when a client contract explicitly forbids third-party model providers.
3. On-premise appliance
For firms that already have a server room and a compliance reason to avoid public cloud entirely, a dedicated GPU box running an open-weight model is now commercially viable. Build cost is higher (£25k–£60k typical); running cost is effectively electricity plus maintenance.
Rule of thumb
If a single one of your largest client contracts prohibits "third-party AI processing", a private deployment probably pays for itself in the first year — not in compute, but in the client revenue it preserves.
The honest trade-offs of going private
Private AI sales pitches rarely discuss what you give up. Let's be direct:
- Model quality. Open-weight models in 2026 are excellent but not yet at parity with GPT-5 or Claude 4.x on the hardest reasoning tasks. For summarisation, drafting and RAG-based Q&A, the gap is negligible. For frontier reasoning, it's still visible.
- Update cadence. OpenAI and Anthropic ship improvements weekly. Your self-hosted model is frozen at the version you deployed, unless you budget for quarterly upgrades.
- Operational overhead. Someone has to patch, monitor, and back it up. If you don't have an internal IT capability, budget for a managed service, or the TCO advantage disappears.
- Integration work. Copilot is one click away from Outlook. A private model talking to your document store needs a RAG layer, authentication, audit logging and a chat interface. That's 6–10 weeks of work, not an afternoon.
A decision flow you can actually use
- Read your top five client contracts. Any explicit prohibition on third-party AI processing? If yes → private is the floor.
- Check your regulator's guidance. SRA, FCA, ICO have all published positions. If private or dedicated-tenant is named as acceptable → follow it.
- Classify your usage. What fraction of prompts will involve privileged or client-confidential material? Under 10% → commercial tool plus strict policy. Over 30% → private.
- Count heavy users. Under 50 → commercial almost always wins. Over 200 → run the economics; private frequently wins.
- If you're still unsure → pilot both for 60 days on a small group and measure.
The worst decision is the one driven by whoever shouted loudest at the last management meeting. The second-worst is signing an enterprise contract because your account manager offered a discount. Do the five-question version above; most firms reach a defensible answer in an afternoon.
Frequently asked questions
Does ChatGPT Enterprise train on my data?
No. OpenAI contractually commits that Enterprise and Team prompts and outputs are not used to train their models. Retention is typically 30 days; zero-retention is available on request. Protection is contractual, not architectural — important if a contract or regulator requires stronger isolation.
Is Microsoft Copilot data kept in the UK?
Yes if configured. Set your tenant region to United Kingdom and enable EU Data Boundary. Copilot processing then stays within the EU, with UK South/West as primary for UK tenants.
When is a self-hosted private AI actually necessary?
When a client contract forbids third-party AI processing, when a regulator demands physical-location evidence, when handling legally privileged material, or when your IP is the asset. Most SMBs don't need it; some can't operate without it.
How much does a private AI deployment cost for a UK SMB?
Typical build for a 25–100 user private AI on Azure UK is £15,000–£40,000; monthly run costs £400–£2,000. On-premise appliance builds run £25,000–£60,000 plus electricity and maintenance.
Which option is best for a London law firm?
Most 5–50 fee-earner firms start with Copilot for M365 for general productivity, plus Azure OpenAI in their own tenant for privileged contract review. Client data stays within UK/EU, ring-fenced from training, and fully audited.
Not sure whether private AI is a pitch or a real requirement for your firm?
Free 30-minute strategy call. I'll walk you through the decision flow with your actual contracts and client mix — no slide deck, no sales pitch.
Free 30-min Strategy Call