Most organisations in regulated industries have reached the same conclusion independently: standard cloud AI is not suitable for their most sensitive data. What they have not always worked out is what the alternative actually looks like in practice. This article is a plain-English explanation of air-gapped AI — what it means technically, how it differs from private cloud, who genuinely needs it, and what to check before evaluating any vendor's claims.
The term "air-gapped AI" is appearing more frequently in conversations about data governance, regulated deployment, and enterprise security. But it is often used loosely — by vendors who mean private cloud, by IT departments who mean disconnected from one network but connected to another, and by procurement teams who have not yet established what they actually need. This piece provides the definition and the distinctions.
The Core Problem: Why Cloud AI Creates Data Sovereignty Issues
To understand air-gapped AI, it helps to understand clearly how standard cloud AI works. When you submit a query to a cloud AI tool — whether that is ChatGPT, Microsoft Copilot, Google Gemini, or most others — the following happens:
- Your input (text, document, image) is transmitted from your device across the internet
- It arrives at the AI provider's data centre, which may be in the United States, Ireland, the Netherlands, or elsewhere
- The AI model, which runs on the provider's servers, processes your input
- The response is transmitted back to you
- The input may be retained in logs, used for safety monitoring, or depending on your subscription tier, potentially used for model improvement
For most consumer and business applications, this is perfectly acceptable. The risk model is manageable. But for organisations that handle data subject to strict confidentiality obligations, this creates a fundamental problem: the data has left your controlled environment.
For a UK law firm, that means client-privileged communications and confidential matter information transiting to a third-party server. For an FCA-regulated financial services firm, that means client financial data processed outside your governance boundary. For an NHS trust, that means potentially identifiable patient data entering a commercial cloud system.
A data processing agreement with the vendor addresses part of this — it sets contractual obligations around how the data is handled. But it does not prevent the data from leaving your environment, and it does not resolve questions of professional duty of confidentiality, which operate independently of GDPR and DPA.
The Three AI Deployment Models Compared
There are three materially different approaches to AI deployment, and the distinctions matter significantly for regulated industries.
| Deployment Model | Where data is processed | Data leaves your environment? | Who controls the infrastructure? |
|---|---|---|---|
| Public cloud AI (ChatGPT, Copilot, etc.) |
Vendor's shared infrastructure | Yes — transits to vendor servers | Vendor |
| Private cloud AI (dedicated cloud tenant) |
Vendor's infrastructure, partitioned for you | Yes — but to a dedicated environment | Vendor (partitioned) |
| Air-gapped / on-premises AI | Your own hardware, on your premises | No — stays within your environment | You |
The distinction between private cloud and air-gapped is the one most commonly confused. Private cloud means no other customer shares your tenancy — but your data still leaves your building and resides on a third party's hardware. Air-gapped means the model runs on hardware you control, and data is processed locally.
What "Air-Gapped" Means Technically
The term comes from physical security. An air gap is the literal space of air between a computer system and any external network. Air-gapped systems cannot communicate with external networks because there is no physical connection to do so.
In the context of AI deployment, an air-gapped system has the following characteristics:
- The AI model is installed on local hardware. The model weights — the mathematical parameters that make the AI work — are stored on your servers, not called from a remote endpoint.
- Inference happens locally. When you submit a query, the processing happens on your infrastructure. No data is transmitted externally to generate a response.
- No external connectivity required for operation. The system functions correctly when disconnected from the internet. This is the clearest test of whether a system is genuinely air-gapped.
- Data never leaves the environment. Inputs, outputs, and any data processed by the AI remain within your controlled infrastructure throughout.
This is different from a system that simply stores results locally while still calling a remote API for inference — which is not air-gapped, despite some vendor descriptions that imply otherwise.
Who Genuinely Needs Air-Gapped AI
Not every organisation needs the strictest form of data isolation. Air-gapped deployments involve more infrastructure responsibility and typically higher initial costs. The decision should be driven by the nature of the data being processed and the obligations that attach to it.
Law Firms
Solicitors in England and Wales operate under the SRA Code of Conduct, which requires them to protect client confidentiality (Code 6.3) and maintain proper data governance. When AI processes client matter information — documents, correspondence, factual summaries — that data is subject to legal professional privilege and professional duty of confidentiality. Cloud AI creates a defensible risk of breach; air-gapped deployment eliminates it.
FCA-Regulated Financial Services
FCA-regulated firms are subject to data governance expectations under SYSC and have obligations under the UK GDPR and DPA 2018 regarding client personal data. The FCA's Discussion Paper DP24/2 on AI highlighted data governance as a priority area. For AI processing client financial data, investment decisions, or compliance workflows, on-premises deployment provides the clearest regulatory position.
NHS and Healthcare
Patient data is among the most strictly regulated categories under UK GDPR (special category data under Article 9). NHS organisations also operate under NHS data security standards and Caldicott Principles governing patient information governance. AI systems processing patient records, clinical notes, or identifiable health data require the highest standard of data isolation.
Government and Public Sector
Government departments handling classified or sensitive information operate under the Government Security Classifications scheme. For any AI use involving data classified OFFICIAL-SENSITIVE or above, air-gapped deployment is not a preference but a requirement.
How Air-Gapped AI Works in Practice
A practical air-gapped AI deployment involves the following components:
Hardware
The AI model runs on dedicated server hardware within your premises. For large language models capable of professional-grade document analysis and generation, this typically requires GPU-enabled servers. The specific hardware requirements depend on the model size and the workloads you are running.
Model Installation
The model weights are delivered to your site — either via secure media or a one-time authorised download during initial setup — and installed on your hardware. After installation, the system operates without external connectivity.
Interface and Integration
Users interact with the AI through an interface that runs on your internal network. This can be a web-based interface accessible from workstations within your office, or it can be integrated directly into existing document management systems, case management software, or workflow tools via API.
Maintenance and Updates
Model updates — to improve capability or address known issues — are managed through authorised, controlled processes. Security patches are applied on a schedule compatible with your change management procedures. The system does not self-update via internet connection.
Four Questions to Ask Any Vendor
If you are evaluating an AI vendor who claims to offer on-premises or air-gapped deployment, four questions will quickly reveal whether the claim holds up:
- Can the system run with the internet cable unplugged? A genuine air-gapped system works without internet access. If the answer is anything other than an unambiguous yes, the system is not genuinely air-gapped.
- Where are the model weights stored? On your hardware, or on the vendor's servers? If the model is called remotely, the system is not on-premises regardless of where the interface sits.
- What data, if any, is transmitted during normal operation? Telemetry, usage data, and error reporting can create data flows even in systems marketed as on-premises. These should be fully disclosed and ideally disabled for regulated deployments.
- What happens to the system if the vendor ceases to operate? For a genuinely installed air-gapped system, the answer should be that it continues working. A dependency on external vendor infrastructure for ongoing operation suggests the deployment is not fully on-premises.
The Trade-Offs
Air-gapped AI is not without compromises. Understanding the trade-offs helps you make an informed decision about whether the deployment model is appropriate for your organisation.
What you gain: Complete data sovereignty. No data leaves your environment under any circumstances. Compliance with the strictest data confidentiality obligations. Independence from vendor infrastructure or connectivity issues. Predictable operating costs with no per-query fees.
What you accept: Greater infrastructure responsibility. You are responsible for hardware maintenance, capacity planning, and performance management. Model updates are controlled rather than automatic. Initial setup is more involved than signing up for a SaaS tool. The AI capability is constrained to what can run on your hardware — though for professional document tasks, modern hardware is more than capable.
For most regulated professional services firms, these trade-offs are straightforward. The data sovereignty requirement exists independently of the AI decision. You are simply choosing a deployment model that is compatible with obligations you already have.
For a balanced comparison of all deployment options, including the enterprise middle ground, see our guide to private AI vs ChatGPT for business. Law firms evaluating air-gapped deployment for document workflows should also read our practical guide to SRA-compliant AI for UK law firms, which maps deployment models directly to regulatory obligations.