dbrd

Self-Hosted AI for DSGVO: A DACH SME Compliance Playbook

Self-hosted AI is the DSGVO-clean path for DACH SMEs. The four-layer stack — local LLM, EU vector store, on-prem agent, audit trail — and cost.

Self-hosted AI stack diagram with DSGVO compliance layers for DACH SMEs

Self-Hosted AI for DSGVO: The Decision DACH SMEs Have to Make

The question is no longer whether to use AI in operations. DACH SMEs are already using it — for email triage, calendar scheduling, draft documents, CRM updates, invoice categorization. The question is where that AI runs and where the data it sees goes. For a German Mittelstand firm processing employee records, client contracts, supplier invoices, or health-adjacent data, the answer to that question is the difference between a compliant operation and a Schrems II exposure that costs €20 million or 4% of global turnover, whichever is higher.

DSGVO does not prohibit AI. It prohibits AI used in ways the data subject has not consented to, with insufficient documentation, by a processor in a third country without an adequacy decision or equivalent safeguards. The first two are paperwork problems. The third is an architecture problem. Self-hosted AI is the architecture answer.

This post lays out the four-layer stack that makes AI DSGVO-clean for a 10-50 person firm, the audit trail you need to keep, what the deployment actually costs, and where the trade-offs sit. It is written for the operations lead or founder who has been told by a vendor that “we are GDPR compliant” without being told what that means in practice.

Why DSGVO Makes This Non-Optional

The relevant articles are 44 through 50. Article 46 is the binding corporate rules and standard contractual clauses mechanism. Article 49 covers the narrow derogations — consent, contract performance, public interest, legal claims, vital interests. None of these cover “we sent the email body and the customer phone number to a US-based inference endpoint because it was cheaper and the latency was better.”

Schrems II invalidated the EU-US Privacy Shield in July 2020. The EU-US Data Privacy Framework replaced it in July 2023, but its adequacy decision is conditional and politically fragile. The standard contractual clauses (SCCs) route is still open, but the Schrems II ruling also requires a Transfer Impact Assessment (TIA) on top of the SCCs — a documented analysis of whether the receiving country’s surveillance laws materially undermine the protections the SCCs grant.

For a DACH SME feeding customer emails into a hosted LLM API, the data flow looks like this: personal data leaves a server in Frankfurt, transits to a US-based inference cluster, is logged at that cluster for abuse monitoring (this is the part most vendors gloss over), and is then processed under US jurisdiction — including US Cloud Act and FISA 702 reach. That last point is the one the TIA has to address and most SMEs do not have the legal capacity to assess.

Self-hosted AI short-circuits this entire chain. The inference happens on a server the firm controls, or on infrastructure under a DSGVO Auftragsverarbeitungsvertrag (AVV) inside the EU. No transfer, no TIA, no SCC.

The Four-Layer Self-Hosted Stack

A DSGVO-clean AI deployment is not one product. It is four layers, each with a specific job.

Layer 1 — Local LLM runtime. The model itself runs on hardware the firm controls or on rented bare-metal in an EU data center. Open-weight models in the 7B to 70B parameter range cover most office operations workloads — summarization, classification, drafting, structured extraction. Quantized 4-bit versions of Llama, Mistral, Qwen, and Gemma run on a single high-end GPU or on Apple Silicon. For a 20-person firm with email triage, calendar assist, and document drafting workloads, throughput is roughly 200-400 tokens per second on an M2 Ultra, which is enough to handle 80-150 agent actions per hour sustained. The full AI Office stack at €1,199/month from debored.ai runs on this layer with Hermes as the agent orchestrator.

Layer 2 — EU-resident vector store. Any retrieval-augmented generation (RAG) over the firm’s own documents requires a vector database. This database holds embeddings of email threads, contracts, SOPs, internal wikis — often including personal data. If this database lives on a US-hosted managed service, the same Schrems II exposure applies. EU-resident options: Qdrant self-hosted, Milvus self-hosted, Weaviate self-hosted, pgvector on an EU Postgres. All four support role-based access and can be air-gapped from the public internet.

Layer 3 — On-prem or EU-cloud agent runtime. The agent (the thing that calls the LLM, retrieves from the vector store, executes actions) runs as a container or systemd service on the same hardware or in the same EU region. The agent never makes outbound calls to US-based APIs. It may make outbound calls to EU-region services — Microsoft 365 with EU data residency, Personio EU, sevDesk, lexoffice — each under its own AVV.

Layer 4 — Audit trail. Every prompt sent to the LLM, every retrieval from the vector store, every action the agent takes, is logged locally with timestamp, user, input hash, output hash, and the AVV identifier of any external service touched. The audit log is append-only, stored on the same EU infrastructure, retained for the period your DSGVO documentation requires (typically 6-24 months for operational logs, longer if used as evidence in a data subject access request). This is the layer that satisfies Article 30 records of processing activities and Article 32 security of processing.

The four layers are not expensive individually. The total infrastructure cost for a 20-person firm is in the range of €300-€800 per month on rented bare metal, or a one-time hardware purchase of €4,000-€8,000 for an M2 Ultra workstation that handles the full stack.

What “Self-Hosted” Actually Means (The Spectrum)

“Self-hosted” is not binary. There is a spectrum and the right answer depends on what data the AI sees and what your Auftragsverarbeitungsvertrag landscape looks like.

Pure on-prem. All four layers run on hardware in the firm’s office or a colocation rack. Maximum sovereignty, no third-party processor involvement, no Transfer Impact Assessment needed. Cost is higher (hardware amortization, on-site power and cooling, no elasticity). This is the right answer for firms in healthcare-adjacent, legal, or financial services where the data is sensitive enough to justify it.

EU-region cloud, firm-controlled. The four layers run on rented bare-metal or VMs from a provider with EU-only data centers and an AVV — Hetzner, IONOS, OVHcloud, Netcup, or a hyperscaler region pinned to Frankfurt/Amsterdam/Vienna. The firm still controls all data, encryption keys, and access. The provider is a processor under DSGVO with documented security measures. This is the right answer for most DACH SMEs — 10 to 50 person firms where the cost of pure on-prem is hard to justify but the data sovereignty requirement is non-negotiable.

EU-region managed services with AVV. Some layers (vector store, logging) are outsourced to EU-region managed providers with documented AVVs — Qdrant Cloud EU region, self-hosted Milvus on an EU Kubernetes cluster managed by a partner. This is acceptable if the AVV is in place and the data flow has been documented in the firm’s records of processing activities.

US-region with full SCC stack. Inference or storage happens on US infrastructure but under standard contractual clauses, transfer impact assessment, and supplementary measures (encryption at rest with EU-held keys, no plaintext logging, contractual no-access clauses). This is the most common arrangement in the SME segment today and the one with the most residual Schrems II risk. Most firms in this category do not have a current TIA, do not have the legal capacity to write one, and do not realize they need one until a customer asks.

The skill stack — debored.ai’s AI Office deployment — sits at level 2 (EU-region cloud, firm-controlled) by default with the option to drop to level 1 (pure on-prem) for clients in regulated verticals. The Foundation tier covers the AVV and DPA paperwork layer; the AI Office tiers cover the actual deployment.

What to Keep in the Audit Trail

Article 30 requires records of processing activities. Article 32 requires security of processing documentation. Article 22 and the EU AI Act add automated decision-making logs for any system that materially affects a person. The audit trail has to support three operational scenarios:

  1. Data subject access request (DSAR). A customer or employee asks what data you hold on them and what processing has touched it. The audit trail has to answer this within the one-month DSGVO deadline.
  2. Datenschutzbehörde inquiry. A supervisory authority audits your AI processing. The trail has to show what the AI saw, decided, and acted on, with timestamps and a documented legal basis.
  3. Incident response. A breach or near-miss. The trail has to show what data was exposed, which user account triggered it, and what the system did.

Concretely, every LLM call logs: user identifier, prompt hash (not the prompt text if it contains special categories of personal data — store the hash and reconstruct on DSAR), output hash, model identifier and version, retrieval IDs from the vector store, external service calls and their AVV identifier, and the timestamp. Storage cost for this at a 20-person firm with 200 agent actions per day is roughly 200-500 MB per month compressed. Retention can run 24 months without becoming a storage problem.

What This Costs (The Real Number)

The headline AI Office price is €299/month per module, €1,199/month for the full bundle. That is the debored.ai deployment fee — the agent, the integration, the monitoring, the tuning. The underlying infrastructure (LLM inference, vector store, EU cloud) is separate.

A representative cost breakdown for a 20-person firm running the full AI Office stack:

ComponentCostNotes
debored.ai AI Office Full€1,199/monthAgent deployment, integration, tuning, audit trail setup
EU-region bare metal (LLM + vector store)€350-€600/monthHetzner or Netcup, 1x A100 or H100 equivalent
Storage and backup€40-€80/monthEncrypted EU-resident object storage
Bandwidth and API egress€20-€50/monthEU-internal, mostly free
Total€1,600-€1,930/month

Compare this to a hosted SaaS bundle — ChatGPT Team ($25/user/month = €21 × 20 = €420/month per seat, €8,400/year) plus Microsoft Copilot ($30/user/month = €7,200/year for the same firm). The hosted SaaS is cheaper on the monthly line item but carries the Schrems II exposure, the data residency uncertainty, and the inability to demonstrate Article 30 compliance for AI processing without a parallel shadow trail. The self-hosted stack costs more per month and less per audit.

The honest break-even depends on how you value compliance certainty and whether your customers (especially B2B customers in regulated verticals) will accept US-region AI processing under SCCs. For most DACH SMEs serving German enterprise clients, the answer is no.

The Takeaway

Self-hosted AI is not a luxury for DACH SMEs — it is the architecture that lets you use AI without accepting Schrems II exposure you cannot assess. The four layers are well-understood, the tooling is mature, and the cost is bounded. The decision is whether to make this a build-it-yourself project or to deploy a templated stack like AI Office that ships pre-configured. For most firms the templated route is the right one: the deployment is config-only and the audit trail is built in from day one. If you have not mapped your current AI data flows to Articles 44-50, that is the work to do this week. The inventory takes a day. The architecture decision takes a week. The deployment takes two weeks after that. The DSGVO clock has been running since May 2018 — there is no more runway to defer.

© 2026 dbrd. All rights reserved.