The choice between open-source and proprietary AI models is not a purely technical decision for regulated companies. It has implications for data sovereignty, compliance, costs, and long-term strategic independence. Yet the debate is often reduced to “open source is cheaper” or “proprietary models are better.” Both statements are too simplistic.
This article offers an objective comparison of the two approaches, specifically for use in regulated industries such as law, finance, and healthcare.
What Open Source Means for AI Models
The term “open source” is used differently in AI than in traditional software development. In classical software, open source means the source code is freely available, can be inspected, modified, and redistributed. For AI models, the situation is more complex.
Fully open models provide the model weights, the training code, and ideally the training data as well. This enables full reproducibility and customization of the model. Examples include certain models from Meta’s Llama family or Mistral models.
Partially open models provide the model weights but not the training code or training data. This enables use and fine-tuning of the model but not full reproduction of the training process.
Proprietary models such as GPT from OpenAI or Claude from Anthropic are accessible only through APIs. The model weights, training code, and training data are not public. The user sends data to the API and receives results back.
This distinction is relevant for regulated industries because it directly affects how much control a company has over the AI system.
Auditability
Regulated industries are subject to supervisory authorities that have the right to inspect deployed systems. For AI systems, the question is: Can the system be audited?
Open-source advantage. When model weights and code are available, an auditor can technically inspect the system. They can trace how the model was trained, what data was used, and how it makes decisions. For regulated industries where transparency toward supervisory authorities is required, this is a significant advantage.
Proprietary limitation. With proprietary models, technical auditing by external parties is not possible. The provider may present certifications (SOC 2, ISO 27001), but the internal workings of the model remain a black box. For certain regulatory requirements, particularly in the financial sector under FINMA supervision, this can be problematic.
In practice, the relevance of auditability depends on the specific regulation. Not every supervisory authority requires access to the model code. But the trend is toward more transparency, not less. The EU AI Act, which also affects Swiss companies with EU business, sets explicit requirements for the documentation and traceability of AI systems.
Data Sovereignty
For Swiss companies in regulated industries, the question of data sovereignty is central. Where is data processed? Who potentially has access?
Open-source advantage. Open-source models can be operated on your own infrastructure. A Swiss company can install and run a Llama or Mistral model on a Swiss server. No data leaves Switzerland. No foreign jurisdiction has access. For law firms that must uphold professional secrecy under BGFA Art. 13, or for financial services providers under FINMA supervision, this is the safest path.
Proprietary limitation. Proprietary models typically require data to be sent to the provider’s API. This means data is processed on the provider’s infrastructure. With US providers, the data is thus potentially subject to the CLOUD Act. Even if the provider uses European servers, the legal risk remains as long as the provider is subject to US law.
Intermediate forms exist: some proprietary providers offer dedicated instances or on-premises deployment. However, these options are expensive and not always available.
Performance
Raw model performance is an area where proprietary models have traditionally held the lead. This is changing, but the picture is nuanced.
Proprietary advantage. The largest proprietary models (GPT-4, Claude) remain among the most capable language models. They have larger context windows, better instruction following, and deliver top results in many benchmarks.
Open-source catch-up. Open-source models such as Llama 3, Mistral, and their successors have significantly closed the gap over the past two years. For many practical applications, especially when the model is fine-tuned with domain-specific data, open-source models deliver comparable results.
The fine-tuning option. A decisive advantage of open-source models is the ability to fine-tune: the model is further trained with domain-specific data and optimized for the specific use case. A general model that has been specifically trained on Swiss law can outperform a larger, general-purpose proprietary model in that domain.
For regulated industries, performance in specific domains matters more than general benchmark results. A model trained on Swiss legal data will perform better in Swiss legal research than a general model, regardless of that model’s overall performance.
Costs
The cost structure differs fundamentally between the two approaches.
Proprietary models are typically billed by usage: per token, per request, or as a monthly subscription. Costs are predictable and the entry barrier is low. However, costs scale linearly with usage. A company processing thousands of requests per day pays substantial ongoing fees.
Open-source models require an investment in infrastructure: servers with powerful GPUs, storage, network connectivity. The initial investment is higher, but ongoing costs are significantly lower since no usage fees apply. Beyond a certain usage volume, self-hosting becomes more economical than API usage.
For small companies or teams that use AI occasionally, proprietary APIs are often more cost-effective. For companies with high usage volumes or special security requirements, self-hosting open-source models may be the better choice.
Strategic Independence
An often overlooked aspect is the strategic dependency that comes with proprietary models.
Vendor lock-in. Anyone who builds their processes on a proprietary model depends on the provider. Price increases, changes to terms of service, or the discontinuation of a model can have significant consequences. Switching to another provider requires adjustments to prompts, workflows, and integrations.
Geopolitical risks. The largest proprietary AI providers are US companies. Geopolitical changes, export restrictions, or regulatory developments in the US can affect access to these services. For Swiss companies in regulated industries that must rely on the long-term availability of their tools, this is a relevant risk.
Open-source resilience. Open-source models cannot be “shut down.” Once downloaded and installed on your own infrastructure, they remain available regardless of the original developer’s decisions. This provides a resilience that proprietary models cannot offer.
The Pragmatic Approach
In practice, the decision is rarely binary. The most pragmatic approach for regulated companies combines the strengths of both worlds.
Sensitive data on your own infrastructure. For processing confidential client, customer, or patient data, open-source models on Swiss infrastructure are well suited. No data leaves the company’s control.
Proprietary models for non-critical tasks. For general tasks without sensitive data, such as internal summaries of public documents or brainstorming, proprietary APIs can be used if the cost structure is right.
Platforms that integrate both approaches. The most effective solution is a platform that deploys different models depending on requirements. The Enclava platform by Mont Virtua follows this approach: Swiss hosting, control over data processing, and the flexibility to use the best model for each use case.
Recommendations for Regulated Industries
For companies in regulated industries, we recommend the following guidelines:
Check whether your supervisory authority has specific requirements for the auditability of AI systems. If so, prefer open-source models or providers that offer full transparency.
Process sensitive data exclusively on infrastructure subject to Swiss law. This speaks in favor of self-hosting open-source models or providers with verifiably Swiss jurisdiction.
Evaluate total costs, not just entry costs. Factor in infrastructure, personnel, maintenance, and scaling for open-source solutions, as well as long-term usage fees for proprietary models.
Avoid excessive dependency on a single provider. Keep the option open to switch models without having to rebuild your entire infrastructure.
If you are planning an evaluation and want to know which approach is best suited for your company, contact us at [email protected] or visit our contact page.