hyggecloud / ai & eu ai act
Use AI without giving away your data
Every prompt to a US API is a data transfer. For many use cases there's now a better answer: open-weight models on your own European infrastructure — with full control over data, cost and availability. We build such setups. And we'll tell you honestly when it's worth it and when it isn't.
Why self-host
Three reasons to bring AI in-house
Your prompts stay your prompts
Contracts, patient data, source code, M&A documents: much of it simply must not go to external APIs. A self-hosted model never leaves your network — no third-country transfer, no training on your data, no retention debate.
API tokens are the new egress
For sporadic use, APIs are unbeatably cheap. But once AI enters your core processes (document processing, support, search), the equation flips — a dedicated GPU at an EU provider costs a fixed amount, no matter how many tokens flow through it.
No model sunsets, no price hike by email
API providers deprecate models and change prices and terms unilaterally. An open-weight model running at your place today still runs in five years — exactly as you validated it. For regulated processes, that reproducibility is gold.
The stack
What a sovereign AI setup looks like
# Provision GPU node (EU DC) ............. ✓ 2× L40S
# Inference server (vLLM) ................ ✓ OpenAI-compatible API
# Load model ............................. ✓ open-weight, EU-hosted
# RAG: embeddings + pgvector ............. ✓ 120k documents
# Auth & audit log ....................... ✓ SSO, complete
➜ Data transferred to third countries: 0 bytes
➜ Cost: fixed/month instead of per token
The building blocks
- GPU infrastructure in the EU — dedicated GPU servers or instances at European providers (OVHcloud, Scaleway, Hetzner, among others), sized for model and load
- Inference server — vLLM or Ollama with an OpenAI-compatible API: your applications speak the same standard as before, only the endpoint changes
- Open-weight models — depending on the task: European models (e.g. Mistral 🇫🇷) or other open weights, chosen by benchmarks on your tasks, not leaderboard hype
- RAG instead of fine-tuning — connect your documents via embedding search (pgvector/Qdrant): fresher, cheaper and more explainable than training
- Operated like any other workload — monitoring, backups, updates via our standard stack, as Hygge Care if you wish
Regulation
The EU AI Act — what it means for deployers
The AI Act has been in force since August 2024 and applies in stages. Most companies are not "providers" of AI systems but "deployers" — with their own, quite manageable obligations. An overview, not legal advice:
| Risk class | Examples | What applies | Practical consequence |
|---|---|---|---|
| Prohibited practices | Social scoring, manipulative systems, untargeted facial-image scraping | banned (since Feb 2025) | Irrelevant for normal business AI — just don't. |
| High-risk systems | AI in hiring, credit scoring, critical infrastructure, medicine | strict duties (risk management, documentation, human oversight, logging) | Affects you mainly as a deployer: document usage, ensure oversight, keep logs. |
| Limited risk | Chatbots, generated content | transparency duties | Disclose that AI is involved. Doable. |
| Minimal risk | Spam filters, internal summarisation, code assistance | no special duties | Most business AI use lands here. |
// simplified, as of July 2026 · not legal advice · classifying your case belongs in legal hands
Where self-hosting helps
Many AI Act and GDPR duties (logging, reproducibility, data control, retention) are easier to evidence with your own infrastructure than with a black-box API: you fully control model version, logs and data flows.
What we contribute
The technical foundation for your compliance: versioned model deployments, complete audit logs, access concepts, documented data flows — aligned with your DPO or counsel.
What we don't do
Risk-class assessment and the legal evaluation of your AI use. That's lawyer's work — we deliver the technical facts that assessment can stand on.
Typical cases
What our clients run their own AI for
- Internal document search (RAG): "Ask our 20 years of project documentation" — without a single document leaving the building.
- Support triage: summarise, classify, draft replies — with customer data that must stay internal.
- Processing sensitive documents: contracts, applications, medical texts — use cases that would never pass data protection review with US APIs.
- Code assistance for sensitive repos: autocomplete and review help without streaming proprietary source code to third parties.
"The most exciting property of a self-hosted model isn't its benchmark score.
It's the sentence you can say to your biggest customer: 'Your data does not leave our data centre. Period.'"
— The HyggeCloud principle
AI, yes — but on your servers?
We review your use case, do the honest API-vs-self-hosting math and build the setup if it holds. And if it doesn't, we'll tell you in the intro call — for free.
→ Discuss your AI use case30 minutes · no strings attached · bring your token bill