Private AI legal roles
Treat every feature as four separate questions: what it does, who determines the data processing, which AI Act role applies, and what data or intended-use gates apply.
“Integrator” is not a general legal safe harbour. This is an operating map, not legal advice for a particular customer or deployment.
Product and AI Act roles
A pure installer can deploy a customer-chosen local model without receiving prompts, documents, telemetry, or remote administrator access. In that narrow model, the customer normally remains responsible for its own use. Remote support, hosted inference, routing, storage, monitoring, or document retrieval changes the analysis.
If the venture develops, commissions development of, or markets an AI system under its name, it will ordinarily be the AI-system provider. Its business customer using that system professionally will ordinarily be the deployer. Rebranding, substantial modification, or changing an intended purpose can change those roles, especially for high-risk uses.
A downstream application using an existing open-weight model is not automatically a general-purpose-AI-model provider. That narrower role arises when the company develops, or has developed, a general-purpose model and places it on the EU market under its own name. The early business should be a downstream private-AI system, not a new foundation-model provider.
GDPR role map
Data-protection roles are factual and feature-specific:
- customer-directed inference over its prompts and documents: likely processor work, requiring documented instructions, an Article 28 DPA, security, and subprocessor controls
- customer-directed fine-tuning on its corpus: normally processor work, with explicit limits on reuse
- reusing prompts or fine-tunes to improve the venture’s product: normally the venture’s controller activity, with its own lawful basis, notice, retention, and rights duties
- joint selection of corpus, purpose, and reuse in co-development: possible joint-controller arrangement, not a DPA alone
- billing, account security, and narrowly designed abuse prevention: usually the venture’s independent controller activity
Never describe a company as simply “the processor.” Map each processing operation and its purpose.
Routine, review, and specialist product gates
flowchart TB
Start([proposed AI feature])
Q{data classes and intended use}
Routine[Routine: suitable for the initial service]
Review[Review: counsel and DPIA screening before a pilot]
Specialist[Specialist: separate governance or referral]
Ship[ship with a customer-readable data-flow map]
Assess[external counsel review and DPIA]
Govern[separately governed product or referral]
Start --> Q
Q -- local-first, no special data, no decisions --> Routine
Q -- health, legal, fine-tuning, connectors, non-EEA --> Review
Q -- criminal-case, biometrics, credit, surveillance, risk scoring --> Specialist
Routine --> Ship
Review --> Assess
Specialist --> Govern
classDef good fill:#e1eee0,stroke:#4e7a4c,color:#263f25
classDef warn fill:#f8edc9,stroke:#9c7620,color:#4e390d
classDef stop fill:#f4e7df,stroke:#a45f41,color:#55301f
class Routine,Ship good
class Review,Assess warn
class Specialist,Govern stop
Routine: suitable for the initial service
- local-first writing, summarization, extraction, search, translation, coding, and private RAG
- no training on customer content
- no automated decision about a person
- no biometrics, emotion inference, law-enforcement, recruitment, credit, insurance pricing, benefits eligibility, or case-risk scoring
- explicit optional verified-cloud route with a customer-readable data-flow map
Review: counsel and DPIA screening before a pilot
- managed cloud inference over employee, client, health, legal, social-service, or whistleblowing materials
- fine-tuning on customer data
- connectors to email, files, CRM, case-management, or identity systems
- non-EEA model, cloud, support, analytics, or administrator access
- profiling or recommendations that can affect people
- use by a public body
A DPIA is the controller’s responsibility before processing likely to create high risk. The venture as processor must assist, but cannot make that responsibility disappear.
Specialist: separate governance or referral
- criminal-case, police, suspected-offence, detention, seizure, or reoffending-risk data
- law-enforcement evidence assessment or risk scoring
- recruitment, worker surveillance, creditworthiness, life or health insurance, benefits decisions, biometric categorisation, or emotion recognition
- a feature that decides whether a person is dangerous, fraudulent, credible, or deserving of an outcome
These uses can engage high-risk AI obligations, special Swedish rules on Criminal-offence data under GDPR Article 10, and consequential decisions about people. They do not fit the initial low-data service model. Treat them as a separately governed product line with specialist capability, capital, insurance, and oversight, or refer the work to an organization that already has those controls.
Data and transfer gates
Article 9 data needs both a GDPR lawful basis and a special-category condition. Article 10 criminal-offence data has a separate, strict Swedish route. The customer pasting the data into a chatbot does not solve either requirement.
“EU hosted” is also not enough. Support consoles, logs, analytics, model APIs, and staff access can create a third-country transfer. Before shipping managed cloud functionality, record the data flow, subprocessor map, retention, training use, telemetry, transfer mechanism, and intended use.
Model-approval record
Before shipping a model or adapter, retain a versioned approval record covering:
- commercial and SaaS or managed-service rights
- fine-tuning, redistribution, hosting, attribution, and trademark terms
- field-of-use and acceptable-use limits
- model-card limitations and security commitments
- prompt, output, and training-data handling
- ownership and licensing of adapters or fine-tunes
Open weights do not automatically grant every commercial, privacy, copyright, or training-data right.
Lawyer, DPO, and insurance decision
Retain a Swedish or EU technology, privacy, and AI-product lawyer early, but do not hire one full time merely because the team is small. The initial deliverables should be a product-role memo, terms, privacy notice, DPA, model-licence approval template, special-data exclusion policy, and a cloud-transfer and claims checklist.
Escalate to standing external counsel and a fractional privacy lead before managed cloud, enterprise fine-tuning, regulated-sector work, public-sector work, criminal-offence data, or a high-risk use. A formal DPO can become mandatory for large-scale systematic monitoring or Article 9 or 10 processing.
Buy cyber and technology professional-indemnity cover once the venture provides managed services. Insurance is a financial backstop, not a substitute for accurate claims, contracts, or a privacy-preserving architecture. Privacy legal and regulatory posture gives the wider venture roster.