hyggecloud / ai & eu ai act

Use AI without giving away your data

Every prompt to a US API is a data transfer. For many use cases there's now a better answer: open-weight models on your own European infrastructure — with full control over data, cost and availability. We build such setups. And we'll tell you honestly when it's worth it and when it isn't.

Why self-host

Three reasons to bring AI in-house

/01 — Data control

Your prompts stay your prompts

Contracts, patient data, source code, M&A documents: much of it simply must not go to external APIs. A self-hosted model never leaves your network — no third-country transfer, no training on your data, no retention debate.

/02 — Cost at scale

API tokens are the new egress

For sporadic use, APIs are unbeatably cheap. But once AI enters your core processes (document processing, support, search), the equation flips — a dedicated GPU at an EU provider costs a fixed amount, no matter how many tokens flow through it.

/03 — Independence

No model sunsets, no price hike by email

API providers deprecate models and change prices and terms unilaterally. An open-weight model running at your place today still runs in five years — exactly as you validated it. For regulated processes, that reproducibility is gold.

The stack

What a sovereign AI setup looks like

hygge — ai-stack.yml
hygge deploy --stack ai --provider eu-gpu
# Provision GPU node (EU DC) ............. ✓ 2× L40S
# Inference server (vLLM) ................ ✓ OpenAI-compatible API
# Load model ............................. ✓ open-weight, EU-hosted
# RAG: embeddings + pgvector ............. ✓ 120k documents
# Auth & audit log ....................... ✓ SSO, complete

Data transferred to third countries: 0 bytes
Cost: fixed/month instead of per token

The building blocks

  • GPU infrastructure in the EU — dedicated GPU servers or instances at European providers (OVHcloud, Scaleway, Hetzner, among others), sized for model and load
  • Inference server — vLLM or Ollama with an OpenAI-compatible API: your applications speak the same standard as before, only the endpoint changes
  • Open-weight models — depending on the task: European models (e.g. Mistral 🇫🇷) or other open weights, chosen by benchmarks on your tasks, not leaderboard hype
  • RAG instead of fine-tuning — connect your documents via embedding search (pgvector/Qdrant): fresher, cheaper and more explainable than training
  • Operated like any other workload — monitoring, backups, updates via our standard stack, as Hygge Care if you wish
Honesty first: For occasional use or frontier-level tasks, an API often remains the better choice — then preferably with EU providers or a contractually clean setup. Whether self-hosting pays off for you is arithmetic (tokens/month × requirements), not a matter of faith. We'll do the math with you.

Regulation

The EU AI Act — what it means for deployers

The AI Act has been in force since August 2024 and applies in stages. Most companies are not "providers" of AI systems but "deployers" — with their own, quite manageable obligations. An overview, not legal advice:

Risk classExamplesWhat appliesPractical consequence
Prohibited practicesSocial scoring, manipulative systems, untargeted facial-image scrapingbanned (since Feb 2025)Irrelevant for normal business AI — just don't.
High-risk systemsAI in hiring, credit scoring, critical infrastructure, medicinestrict duties (risk management, documentation, human oversight, logging)Affects you mainly as a deployer: document usage, ensure oversight, keep logs.
Limited riskChatbots, generated contenttransparency dutiesDisclose that AI is involved. Doable.
Minimal riskSpam filters, internal summarisation, code assistanceno special dutiesMost business AI use lands here.

// simplified, as of July 2026 · not legal advice · classifying your case belongs in legal hands

📒

Where self-hosting helps

Many AI Act and GDPR duties (logging, reproducibility, data control, retention) are easier to evidence with your own infrastructure than with a black-box API: you fully control model version, logs and data flows.

🧭

What we contribute

The technical foundation for your compliance: versioned model deployments, complete audit logs, access concepts, documented data flows — aligned with your DPO or counsel.

⚖️

What we don't do

Risk-class assessment and the legal evaluation of your AI use. That's lawyer's work — we deliver the technical facts that assessment can stand on.

Typical cases

What our clients run their own AI for

  • Internal document search (RAG): "Ask our 20 years of project documentation" — without a single document leaving the building.
  • Support triage: summarise, classify, draft replies — with customer data that must stay internal.
  • Processing sensitive documents: contracts, applications, medical texts — use cases that would never pass data protection review with US APIs.
  • Code assistance for sensitive repos: autocomplete and review help without streaming proprietary source code to third parties.

"The most exciting property of a self-hosted model isn't its benchmark score.

It's the sentence you can say to your biggest customer: 'Your data does not leave our data centre. Period.'"

— The HyggeCloud principle

AI, yes — but on your servers?

We review your use case, do the honest API-vs-self-hosting math and build the setup if it holds. And if it doesn't, we'll tell you in the intro call — for free.

→ Discuss your AI use case

30 minutes · no strings attached · bring your token bill