Enterprise AI

Most coverage of "enterprise AI" blurs three different things: a consumer chatbot used at work, a per-seat copilot bolted onto an office suite, and a genuine enterprise platform. Only the third meets the bar regulated organisations actually need.

Enterprise AI, properly defined, satisfies four tests: it operates at organisational scale rather than per-user; it integrates with identity, data and existing systems of record; it is governed centrally with auditability and access controls; and it meets the security, residency and compliance standards procurement actually requires (ISO 27001, GDPR, sector regulators, increasingly the EU AI Act).

• A model you can own: Either a model you hold the weights to or, at minimum, a clearly bounded model not subject to silent vendor changes.
• Controlled data path: Inference inside your perimeter (on-prem, private cloud, or sovereign cloud), with no third-party training reuse.
• Identity and access: SSO, RBAC, and per-team or per-document permissions, so the AI inherits your existing controls.
• Retrieval over your data: RAG or post-training on your documents, so answers are grounded in the organisation's truth rather than the public internet.
• Observability and audit: Logging of prompts, retrievals, and outputs, with retention you control, to satisfy regulators and internal risk.
• Lifecycle ownership: You decide when the model updates. No silent vendor swap mid-quarter.

Per-seat copilots (Microsoft 365 Copilot, Google's Gemini for Workspace, etc.) ship general-purpose AI inside productivity suites. They are useful for individual tasks and easy to roll out, but they are not an enterprise AI platform: the model is the vendor's, the data path runs to the vendor, and the capability is general rather than tuned to your domain.

A platform-level enterprise AI is different. It is one capability the whole organisation builds on, sized to your workloads, integrated with your data, and accountable to your governance, not 50,000 individual licences calling someone else's model.

Three forces are converging. First, the EU AI Act is now in force and creates documentation, transparency, and oversight obligations that are dramatically easier to meet when you control the model and the data. Second, the US CLOUD Act means data held by US-owned cloud providers can be compelled even when it sits in a UK or EU region, residency alone is not jurisdiction. Third, the per-token economics of frontier APIs make sustained enterprise usage open-ended and unpredictable.

Together, these turn "own vs rent" from a philosophical question into a procurement one. For the AI that touches your most sensitive data and your core workflows, ownership is becoming the default in regulated sectors.

• Start with the data path: Map every place sensitive data would flow before picking a model. If it leaves your perimeter, treat that as a deliberate decision, not an oversight.
• Separate use cases by sensitivity: General productivity can live on a hosted API; regulated, confidential, or core workflows belong on an owned, in-perimeter model.
• Pick a model you can document: If you cannot describe what the model learned and how it behaves, you cannot meet AI Act or sector obligations.
• Plan for retraining, not one-shot deployment: Enterprise AI compounds in value when the model is retrained on your data on a schedule you set.
• Procurement first, pilot second: ISO 27001, DPA, residency, and audit need to be agreed before, not after, the pilot.

Locai Labs builds owned, domain-trained models for regulated enterprises. We post-train a strong open base on your data using the Forget-Me-Not™ framework, then deploy it inside your perimeter via Locai One (on-prem), your private cloud tenant, or a UK sovereign cloud. You receive the weights, the application layer (chat, API, document workflows), and a retraining cadence so the model compounds in value. The principle behind the work is simple: a smaller expert model built on your data routinely outperforms a much larger generalist on the work that actually matters to your business, and you own it.