Few businesses have a sharper reason to keep AI private than a law firm: client confidentiality and privilege make sending documents to a public US cloud a non-starter. This is a representative walk-through of how we build a private AI assistant for exactly that situation — the kind of engagement the sovereign-AI approach is made for. (Details are illustrative, not a named client.)
The problem
A mid-sized firm has decades of matter files, contracts, precedents and internal know-how. Lawyers waste hours hunting for the right precedent or re-reading long documents. Off-the-shelf AI would help enormously — but pasting privileged client material into a consumer chatbot is out of the question, professionally and ethically.
The approach
A private assistant, trained on the firm's own documents, running entirely on infrastructure the firm controls. The shape of the build:
- Hosting on OVHcloud — a European provider, in a European datacentre, under European law. No US hyperscaler in the path.
- An open-weight model (Mistral) running on that infrastructure, so inference never leaves the perimeter.
- Retrieval-augmented generation (RAG) over the firm's documents: the assistant answers from their actual files, with citations back to the source.
- Access locked down with a zero-trust network (NetBird, built on WireGuard) — only enrolled firm devices can reach it; nothing is published to the open internet.
What it does for them
- Finds the relevant precedent or clause across decades of files in seconds, with a citation.
- Summarises long documents and matter histories without anything leaving the firm.
- Answers “have we seen this before?” from the firm's own knowledge, not the public internet.
Why it stays sovereign
Every part of the chain is under the firm's control: the documents, the model, the server and the keys. No client material is sent to a third-party AI provider; nothing is used to train anyone's model; and because it is built on open components and European infrastructure, the firm is not locked to a single vendor. Privilege and confidentiality are preserved by construction, not by a policy promise.
The honest part
A build like this is more involved than buying seats in a SaaS tool — there is infrastructure to run and a pipeline to maintain. That is the trade for genuine privacy, and for a firm holding privileged data it is usually a trade worth making. Run well by a partner, the firm gets the convenience of a managed service with the sovereignty of self-hosting.
If your business holds data it can't responsibly send to a public cloud, this is the pattern that fixes it. A free sovereignty & AI audit is the place to start.
Frequently asked questions
- Is this a real, named client?
- It's a representative build — an illustrative, anonymised walk-through of how we deliver a private assistant for a confidentiality-sensitive firm. We don't publish client names or confidential details; the architecture and approach are exactly what we use.
- Can a private assistant preserve legal privilege?
- Yes — that's the point of keeping it private. Because the documents and the model stay on infrastructure the firm controls, privileged material is never disclosed to a third-party AI provider. Sovereignty is built into the architecture, not promised in a policy.
- Does this only apply to law firms?
- No. The same pattern fits accountants, clinics, advisories — any business holding sensitive or regulated data that can't go to a public cloud. The sector changes; the sovereign architecture doesn't.