Who is liable if the AI provider makes a data protection error?

Under the revFADP, you as the responsible company remain responsible, even when you outsource the processing to a processor (the AI provider). You must ensure that the provider guarantees data security. This is why a data processing agreement (DPA) is needed that clearly governs obligations, subcontractors and liability.

How do I avoid getting stuck with the AI provider?

Before signing, clarify in writing who owns the logic, data and prompts, and how you will get everything back in a machine-readable format if you terminate. Favour solutions where the underlying model is interchangeable and the business logic is not locked away inside a proprietary interface.

Vetting AI providers: data in Switzerland, no lock-in, clear responsibility

Q: Do my data necessarily have to stay in Switzerland if I use AI?

Not necessarily. The revised Federal Act on Data Protection (revFADP) does not require data to be held in Switzerland, but rather an adequate level of data protection at the place of processing. Within the EU/EEA this is provided by the EU adequacy decision. For the USA, the Swiss-US Data Privacy Framework has applied since 15 September 2024, but only for US companies that have self-certified for it with the US Department of Commerce. Holding data in Switzerland is therefore a deliberate choice, not a legal requirement, although it does simplify compliance considerably.

An AI project rarely fails on the technology. It fails because, after two years, no one can say any more where the company data is held, who owns the logic that was built, and how to get out again if the provider doubles its prices or disappears. Choosing an AI partner today is a decision with a long echo. This text gives you a sober checklist: ten questions that any reputable provider will answer without hesitation and in writing.

What is really at stake legally

As soon as you have personal data processed by an AI system, you are the controller within the meaning of the revised Federal Act on Data Protection (revFADP), which has been in force since 1 September 2023. The AI provider is generally your processor. The decisive point: responsibility stays with you, even when you outsource the processing. You must ensure that the provider safeguards data security, and that belongs in the contract.

There are two figures you should know, because they show where the personal risk lies. For intentional breaches of certain obligations, the revFADP provides for a fine of up to CHF 250,000, and it is directed at the responsible natural person, not primarily at the company. If the act cannot be attributed to a specific person, the company can be fined up to CHF 50,000. This is not the GDPR level with percentages of turnover, but it is real, and in case of doubt it lands on the management personally.

On data residency there is a widespread misunderstanding. The revFADP does not require data to stay in Switzerland. It requires an adequate level of data protection at the place of processing. For the EU/EEA this is provided; the EU in turn confirmed an adequate level for Switzerland again on 15 January 2024. For the USA, the Swiss-US Data Privacy Framework has applied since 15 September 2024, but only for US companies that have self-certified for it. This self-certification runs through the programme administered by the US Department of Commerce (International Trade Administration); in the USA it is enforced by the FTC. Holding data in Switzerland is therefore not a legal requirement but a simplification: it reduces the number of questions you would otherwise have to answer.

The 10 questions for any AI provider

Print this list out and bring it to the meeting. Answers belong in the contract in writing, not on a sales slide.

Where are my data processed and stored? The exact region, not “in the cloud”. Switzerland, EU/EEA, or a third country with an adequate level?
Are my data and prompts used to train models? The reputable answer is: no, not without express consent. Have them show you.
How long are inputs and outputs retained? Is there an option with minimal retention or none at all?
Is there a data processing agreement (DPA)? Without a signed DPA you lack the legal basis. Full stop.
Which subcontractors are involved? Processors may only sub-outsource with your prior consent. Ask for the list.
Who owns the logic that was built, the workflows and the prompts? In writing. “You” is the correct answer.
How do I get everything back if I terminate? Machine-readable format, a clear deadline, complete deletion at the provider.
Is the underlying AI model interchangeable? Or is your solution chained to the peculiarities of one specific provider?
Who is liable for what if something goes wrong? Responsibility stays with you, but the provider’s liability belongs in the contract.
Can we start small? A limited pilot rather than a complete overhaul. Anyone who refuses this is selling dependency, not value.

If a provider dodges, gets vague, or points to “we’ll sort that out later” on more than two of these questions, you have your answer.

Lock-in: who owns the logic, data and prompts?

Lock-in is rarely a single malicious clause. It builds up gradually, in three places:

Data gravity: your histories, examples and settings sit in an interface from which they cannot be exported cleanly.
Logic dependency: the actual work, that is the business rules and processes, sits in a proprietary toolkit and not in a form you could rebuild elsewhere.
Model dependency: everything is so tailored to the peculiarities of a single AI provider that switching amounts to a rebuild.

The sensible goal: you own the core, that is the process logic, business rules and prompts; you rent interchangeable infrastructure. In concrete terms this means the AI model should sit behind an abstraction layer, so that it can be swapped without rewriting the whole solution. And it means: a claim to the return of data in a machine-readable format within a fixed deadline after the contract ends belongs in the contract, not in good intentions.

Pilot over big bang

The most expensive mistake is the grand gesture: a twelve-month project meant to overhaul half the company before anyone has ever seen the result in practice. The better path is a tightly scoped pilot on a real, recurring process. You choose a use case with clear value, low data protection risk and a measurable result, run it for four to eight weeks, and then decide with figures rather than gut feeling.

This has two hard advantages. First, you limit the risk, including the data protection risk: a small, clearly delimited data flow is easier to assess. Incidentally, under the revFADP companies with fewer than 250 employees in many cases do not even have to keep a complete record of processing activities (Art. 24 of the Data Protection Ordinance, DPO), provided the processing presents a low risk and there is no extensive processing of sensitive data or high-risk profiling. A carefully chosen pilot usually stays within this scope. Second, you see how the provider really works, long before you commit.

What Vollmer Labs can contribute as a trust anchor

We are not speaking abstractly here. The building blocks discussed above are running in production with us:

ballistic.club is a platform we operate for the Swiss shooting-sport community, live in use.
rfqbuddy.com is a production RFQ tool for a specific niche (tenders in the field of LED signage), also live.
For a US fiduciary firm we operate accounting agents in daily client work, so not in the lab but in real engagement work. This is our own description of the service, not a publicly verifiable reference; we provide an anonymised insight on request.
jeffri.ch, our AI for kitchen studios, is in pilot operation in Switzerland.

We stay honest about this: not every sector already has a finished case. If your sector is new to us, we say so, and the way there is precisely the pilot described above. The building blocks are proven; the specific application we build together, and in such a way that the logic and your data belong to you. What recurring processes look like in concrete terms with AI agents, and what that means for fiduciary firms, we would rather show you on your real process than on an off-the-shelf demo.

The ten questions above apply to us just as much as to anyone else. A good AI partner has no objection to being vetted. On the contrary: it already has the answers ready.