siati.ai docs

Concepts

Sovereignty

What it actually means when we say your data stays in Switzerland — and why nobody else can promise this.

Last updated: 2026-05-19

Sovereignty

Sovereignty is not a sticker. It's a Bill of Materials (BOM) — a verifiable list of who owns the hardware, where it sits, what law governs it, who can request access.

The four pillars (verifiable)

  1. Hardware ownership — We own the GPU servers in our racks in Lugano, Switzerland. No leased cloud, no reseller masquerade.
  2. Physical location — All inference runs on servers physically in Switzerland. No US region, no EU region with a US operator.
  3. Governing law — Swiss jurisdiction. nLPD (Federal Act on Data Protection) applies; the CLOUD Act does not.
  4. Access authority — Only Swiss judicial authority can compel us to produce data, following Swiss criminal procedure. No FISA, no NSL.

Missing even one of these and you can't honestly call the service sovereign.

What sovereignty is not

Marketing claim Reality
"EU datacenter" EU is not Switzerland. GDPR is a standard, not a jurisdiction. Microsoft Ireland is still subject to the US CLOUD Act.
"Region Frankfurt" with hyperscalers The operator is US-based. FBI subpoenas still apply. Confirmed by Schrems II.
"End-to-end encrypted" Good practice, but the provider holds the keys. The question is who can compel them to hand them over.
"GDPR compliant" GDPR compliance does not block a FISA order. Two regimes that coexist and collide.
"Open-source weights" The weights being open says nothing about where inference runs. Anthropic and OpenAI have closed APIs on Amazon/Microsoft hardware.

What we do

  • Datacenter: Lugano, Switzerland. Tier-3 facility, two diverse power feeds, two diverse internet uplinks.
  • Hardware: NVIDIA RTX 6000 Pro Blackwell, L40S, GB10 Grace+Blackwell, Apple Silicon. Owned, not leased. Visit available for enterprise customers — more convincing than any whitepaper.
  • Model weights: open-weight by default (Apertus from the Swiss AI Initiative, Llama from Meta, Qwen). You can verify what's running; closed-API black boxes are off the menu unless a customer explicitly opts in.
  • Operations: a Swiss SA, employees on Swiss contracts, support in Italian/German/French.

What you can hand your CISO

  • A signed DPA compliant with nLPD and GDPR.
  • A list of subprocessors (we keep it short).
  • An audit log of who accessed what, exportable on request.
  • The BOM of the hardware running your workload.

How we keep ourselves honest

  • No US subsidiaries to be compelled through.
  • No PII in logs by default. You opt in if you want it.
  • At-rest encryption with keys you can rotate.
  • Source code of the orchestration layer open for review under NDA.

The whole point of this is that you should be able to verify, not trust.