By: Ibrahim Mizi on Dec 16 2025 Private AI vs Public AI: A UK Business Guide
How private, public and hybrid AI differ on data residency, security and cost, with a UK GDPR controls checklist and answers on LLM training and shadow AI.
What is the difference between private and public AI?
Public AI is a model you rent through a third-party API, where your data leaves your network to be processed on shared infrastructure you neither own nor inspect. Private AI runs inside infrastructure you control, on-premise or in an isolated cloud, so sensitive data never crosses your governance boundary. For UK businesses the practical question is not which model is smarter, it is where your data goes and who can see it.
OpenKit designs and deploys private AI for UK organisations that need the capability without the exposure, with data held inside UK jurisdiction and inference logged for audit. We are ISO 27001 and ISO 9001 certified, Cyber Essentials assured, and we build to help you meet GDPR. This guide compares public, private and hybrid AI on the things a skeptical CTO actually asks about, then gives you a UK data-residency and security checklist you can use in a vendor review. Last updated 29 May 2026.
Public, private and hybrid AI, compared
Most teams do not face a binary choice. The honest answer is a spectrum, and the right pick depends on data sensitivity, volume and how much control you need over the model itself. The table below sets out the trade-offs without the marketing gloss.
| Consideration | Public AI (API) | Private AI (self-hosted or partner) | Hybrid (routed by sensitivity) |
|---|---|---|---|
| Where data is processed | Vendor cloud, shared infrastructure | Inside your boundary or chosen UK region | Split: public for low-risk, private for sensitive |
| Data residency control | Limited to vendor regions and terms | Full: you name the data centre | Full for the private path |
| Setup effort | Minutes | Days to weeks | Weeks (routing layer plus both paths) |
| Cost shape | Pay per token, scales with usage | Fixed or step-function compute cost | Mixed, optimised per workload |
| Auditability | Limited, trust-based assurances | Full logs of every inference | Full on the private path |
| Model control | Vendor controls updates and versions | You pin versions and fine-tune | You control the private side |
| Best fit | Non-sensitive, low-volume, prototypes | Regulated, proprietary, high-volume core work | Mixed estates with both kinds of work |
The pattern we see across UK engagements is hybrid: route a marketing draft or a public summary to a public model for speed, and keep anything containing personal, regulated or proprietary data on a private path. The deciding factor is the data classification, not the task.
Is our data used to train the public LLM we use?
It depends entirely on the tier and the contract, not on a single toggle. Most enterprise API tiers contractually exclude your inputs from training and offer zero-retention processing, but consumer and free tiers frequently reserve the right to use your data. The safe assumption is that anything you cannot point to in a signed data-processing agreement may be retained.
This is where public deployments get uncomfortable for a regulated buyer. A zero-retention promise is a contractual assurance rather than a technical guarantee, and a misconfiguration on either side can still expose proprietary code or customer data. Private AI removes the question: when the model runs inside your boundary, there is no third party to retain anything, and you can demonstrate that in an audit rather than assert it.
Where is our data stored if we use private AI in the UK?
With a private deployment you choose the location, and OpenKit builds in UK regions or fully on-premise so data, vector stores and inference logs stay inside UK jurisdiction. Public services route requests across global infrastructure by default, which makes data residency a matter of trusting a config rather than naming a data centre.
This matters for GDPR accountability under the UK GDPR and Data Protection Act 2018. Keeping the whole pipeline in a UK boundary lets you answer the regulator’s questions plainly: where the data sits, who the processor is, how long records are kept and how they get deleted. The ICO’s guidance on AI and data protection expects exactly this kind of documented data-flow understanding, which is far easier to produce when you control the infrastructure.
A note on retrieval and the right to erasure
A common private pattern is retrieval-augmented generation, where the model answers from a separate knowledge base rather than from anything baked into its weights. If someone exercises their right to be forgotten, you delete their records from the retrieval store and the change takes effect immediately. Trying to remove specific personal data that a public model may have memorised during training is far harder and often impractical, which is one of the strongest practical arguments for keeping sensitive data out of public training paths.
How do we prevent shadow AI?
Shadow AI is your staff pasting company data into unapproved public tools because the sanctioned route is slower or does not exist. You reduce it the same way you reduced shadow IT: give people a sanctioned alternative that is at least as easy to use, publish a short acceptable-use policy, and log usage so you can see what is actually happening. Banning tools without a replacement pushes the behaviour underground rather than stopping it.
The mistake we see most often is leading with prohibition. A flat ban tells a busy team to find a workaround, and they will. The version that works pairs a clear, sensitivity-based policy (“public data is fine in tool X, anything with customer or financial data goes through our private assistant”) with a private assistant good enough that nobody wants the workaround. Logging then turns an invisible risk into a managed one.
UK data-residency and security controls checklist
Use this in a vendor review or before signing off an internal deployment. It is the set of controls that separate a defensible AI deployment from a liability, framed for UK obligations. Where a number cannot be sourced honestly, treat it as a question to ask, not a claim to accept.
- ✓Data residency. Confirm in writing which country and which data centre process inputs, outputs and logs. For UK obligations, keep the pipeline in a UK region or on-premise.
- ✓Training exclusion. Get a signed assurance that your inputs are not used to train or improve third-party models, with the retention window stated.
- ✓Retention and deletion. Define how long prompts, outputs and embeddings are kept, and prove you can delete a person’s records on request to satisfy the right to erasure.
- ✓Encryption. Verify encryption in transit and at rest for the model, the knowledge base and the logs, with keys you can rotate.
- ✓Access control. Apply least-privilege roles, audited access to the data store, and separation between who can query and who can change the system.
- ✓Inference logging. Log every request and response so you can investigate an incident, demonstrate human oversight and answer an audit.
- ✓Supplier assurance. Check the provider’s certifications under ISO 27001 supplier and acquisition controls before any sensitive data flows to them.
- ✓DPIA. Run a Data Protection Impact Assessment for anything processing personal or special-category data, as the ICO expects for higher-risk AI.
- ✓Shadow-AI policy. Publish an acceptable-use policy and provide a sanctioned tool so staff do not route company data through unapproved services.
OpenKit holds ISO 27001 and ISO 9001 certification and is Cyber Essentials assured, and we design private deployments to help UK organisations meet GDPR. We do not claim SOC 2, HIPAA or ISO 42001 certification, and any EU AI Act or ISO 42001 work is about helping you align toward those standards rather than certifying you against them.
Security and compliance: why the choice matters
For a CTO or risk owner, the public-versus-private decision is part of your legal strategy, not just an architecture preference. When AI only summarised public articles, an API was low-risk. Now that models read internal databases, draft contracts and act on customer data, the deployment model decides whether you can stand behind the system in an audit.
The acute risks of routing sensitive data through public services are concrete: a retention misconfiguration that exposes proprietary data, prompt-injection attacks against public endpoints, and the inability to forensically investigate a bad output in an opaque service. Private deployments answer each of these by keeping the model, its data and its logs inside one controllable boundary, which is also what makes documented data governance and human oversight realistic.
Worked example: legal document review
OpenKit built BAiSICS, a private AI platform for commercial-lease and property-document review, where client confidentiality ruled out pasting documents into a public model. The system runs on bespoke OCR and a private LLM workflow hosted in an AWS UK region, with every extracted field traceable to its source so users can verify rather than trust the output.
On the same set of historical leases marked up by senior partners, BAiSICS reaches 96% extraction accuracy and cuts review time by roughly 92% against manual work, saving its customers more than £200,000 a year. The point is not the model: it is that a private architecture made an accuracy and confidentiality bar viable that generic public tools failed to clear.
Worked example: public-sector air quality
For Air Aware, built for four London boroughs, the raw air-quality data is public but its use in public-health policy is sensitive. OpenKit used its ISO 27001 certification to architect a conversational AI grounded in the boroughs’ own data, kept inside UK jurisdiction, with residents staying engaged for around five minutes against a sixteen-second baseline for a typical government website. Sovereignty and usefulness were not a trade-off here; the controlled boundary was what let the boroughs put it in front of the public.
Which approach fits your business?
Work down a short decision path rather than starting from the technology. Classify the data first, because the data, not the use case, sets the floor for what you can use.
- Is the data genuinely public, with no personal, regulated or proprietary content? Public AI is fine and usually cheapest for sporadic use.
- Does the prompt or output contain personal, regulated or proprietary data? Treat private AI as the default and document why if you deviate.
- Is the workload high-volume and continuous? Fixed-cost private compute often wins on total cost once usage is steady, and removes per-token budget volatility.
- Do you have a mix of both kinds of work? A hybrid architecture that routes by sensitivity is usually the pragmatic answer.
If you want help running that classification and standing up a deployment that holds up to an audit, OpenKit’s private AI service covers on-premise builds, isolated UK cloud enclaves and zero-data-retention architectures, all designed around UK data-protection obligations.
Frequently asked questions
What is the difference between private and public AI?
Public AI is a model you rent through a third-party API, so your data leaves your perimeter to be processed on shared infrastructure. Private AI runs inside infrastructure you control, on-premise or in an isolated cloud, so sensitive data stays inside your governance boundary at all times.
Is our data used to train the public LLM we use?
It depends on the contract. Most enterprise API tiers contractually exclude your inputs from training and offer zero-retention options, but consumer and free tiers often do not. Always read the data-processing terms, confirm the retention window in writing, and route sensitive data to a private deployment instead of relying on a setting.
Where is our data stored if we use private AI in the UK?
With a private deployment you choose the location. OpenKit builds in UK regions or on-premise so data, vector stores and inference logs stay inside UK jurisdiction. This supports GDPR accountability because you can name the exact data centre, processor and retention period rather than trusting an opaque global service.
How do we prevent shadow AI in our organisation?
Shadow AI is staff using unapproved public tools with company data. You reduce it by offering a sanctioned alternative that is at least as easy to use, publishing a short acceptable-use policy, and logging usage so you can see what is happening. Banning tools without a replacement tends to push usage underground.
Does private AI meet GDPR and UK data-protection requirements?
Private AI does not grant compliance on its own, but it removes the hardest obstacles. Keeping data in a UK boundary, deleting records from a retrieval store on request, and logging every inference makes accountability and the right to erasure practical. OpenKit holds ISO 27001 and ISO 9001 and designs deployments to help you meet GDPR.
When is public AI the right choice over private AI?
Public AI is the pragmatic choice for non-sensitive, low-volume or experimental work where speed matters more than control: drafting general copy, summarising public material, or prototyping. The data classification, not the task type, decides it. If the prompt or output contains personal, regulated or proprietary data, move it to a private path.
Rethink what's possible with AI
Book a free strategy session and find where AI fits your business, and where it does not
- Free consultation
- No commitment required
- Honest advice on where AI helps
Typical response time: within 24 hours
You might also like
Explore more insights and discover what else we could do for you.
Private AI Implementation Guide
A guide to implementing private AI for your business. Eliminate IP risks, control costs, and maintain full data sovereignty with on-premise AI deployment.
EU AI Act for UK businesses: does it apply, and ISO 42001
Does the EU AI Act apply to UK businesses, what to do before 2 August 2026, and how its high-risk duties map onto ISO 42001 governance controls.
Bespoke AI Development in the UK: What It Actually Takes
What bespoke AI development actually involves for UK businesses: the process, real costs, technology decisions, and common mistakes. From a team that's delivered it.
