You've written the memo. "The use of public AI tools with company or client data is prohibited." It's legally necessary — and practically ignored. Employees who save an hour a day with AI will not give that hour back. They'll switch to their personal phone, a home computer, or a free account under a personal email. Now the same data flows out, but invisibly.
Shadow AI: the risk you can't see
This is "shadow AI", and it's worse than sanctioned use: no logs, no scope control, no way to answer a client or a regulator who asks where their data went. Under the GDPR, the company remains the data controller even when the leak happens through an employee's personal account. "We had banned it" limits the sanction; it doesn't remove the breach.
A policy people route around is not a policy. It's a liability with a signature on it.
The only ban that holds comes with an alternative
People don't bypass rules out of malice — they bypass friction. If the compliant path is also the convenient path, compliance becomes the default. That means offering an AI assistant that is: as easy as the public tools, available on every workstation, and architecturally incapable of leaking data.
Why "local" changes the compliance conversation
- No data transfer: the model runs on the machine, so there is no processor, no cross-border transfer, no DPA to negotiate for the inference itself.
- The DPIA gets simpler: "data never leaves the device" collapses most of the risk matrix.
- It works offline — a nice side effect for resilience and for demonstrating the claim: unplug the network cable, the AI still answers.
- The vendor cannot read the data, so the promise doesn't rest on trust or on contracts. It rests on architecture.
A playbook for DPOs and IT managers
- 1. Survey actual usage (anonymously): you'll find AI use is broader than anyone admits.
- 2. Keep the ban on public tools — but pair it, in the same document, with the sanctioned alternative.
- 3. Deploy the local assistant on the workstations of the most exposed teams first (HR, finance, client-facing).
- 4. Communicate it as a gain, not a restriction: "you now have an AI you're allowed to use with real client files".
This is the exact gap Locaible was built for: a local AI assistant your policy can point to. The ban finally holds — because following it became the easiest option in the room.