by Ketl
May 28, 2026
16 min read
AI in Regulated Industries: The Complete Guide to Deploying Artificial Intelligence Where Nothing Can Be Left to Chance
How to deploy AI in a law firm, a private bank, a notary practice or an insurance company without compromising professional privilege or compliance. The six principles we apply in our deployments.
When AI comes up in a law firm, a private bank or a medical practice, the conversation almost always follows the same path. It starts with an impressive demonstration of a general-purpose large language model. Everyone is enthusiastic for ten minutes. Then someone asks the question: "But in practice, can we really use this on our own matters?". And the conversation stops.
That is where the real subject lies. AI in regulated industries is not a technology debate. It is a problem of operational and legal design. A law firm can use ChatGPT to draft an email to a supplier. It cannot use it to handle a client matter without triggering its liability under Art. 321 of the Swiss Criminal Code. A bank can use an AI copilot to summarise a press article. It cannot do so to analyse a KYC file without precisely documenting where the data goes, who accesses it, and under what rules.
This article brings together the six principles we apply in our AI deployments for sectors where confidentiality, traceability and compliance are not optional. It is written for managing partners of law firms, in-house legal departments, compliance officers at banks and insurance companies, notaries, and healthcare institutions who want to move beyond experimentation to a structured deployment, without compromising on their professional obligations.
Why consumer AI was never built for your matters
There is a fundamental misunderstanding shaping the enterprise AI market today. General-purpose large language models — the kind everyone learned to use through consumer chatbots — are designed according to a logic that runs exactly opposite to that of regulated industries.
They are designed to maximise usage: the more you exchange with them, the more they learn, the higher their economic value. Regulated industries require, by contrast, to minimise exposure: every piece of data transmitted is a potential risk.
They are designed to generalise from a planet-scale public corpus. Regulated industries require precision on a narrow professional corpus: the case law of the Swiss Federal Tribunal, FINMA circulars, Swiss insurance law.
They are designed to always sound confident, because consumer users prefer a fluent answer to an admission of uncertainty. Regulated industries demand the opposite: a model that signals its doubts and lets the professional retain control of the decision.
Three principles structure, in practice, every AI deployment in a regulated sector.
Absolute confidentiality. Matters, correspondence and client materials are protected by professional privilege. No transfer to an uncontrolled infrastructure can be justified by a productivity gain.
Auditability. Every AI action must be traceable, explainable and reproducible after the fact. An unlogged response is, by default, a risk.
Human accountability. The final decision rests with the professional. AI assists. It does not sign. This line is non-negotiable, because it is legally structuring.
The six principles that follow are the concrete way to honour these three commitments in a real deployment.
Principle 1 — Host your data where the law protects it
The hosting jurisdiction is the first strategic decision of any AI project in a regulated sector. It is rarely treated with the rigour it deserves, because it looks technical when it is in fact primarily legal.
The US Cloud Act, the European GDPR and the Swiss Federal Act on Data Protection (FADP/nFADP) do not cover the same risks. Data stored with a US provider — even in a datacentre physically located in Europe or Switzerland — can be subject to a request by a US federal authority. The provider is legally bound to produce the data, regardless of its physical location. This is the direct consequence of the Cloud Act, and it cannot be escaped by activating a "Swiss region" of a hyperscaler.
For an AI deployment in a regulated sector, three requirements must be put down in writing in the specifications.
Hosting must be in Switzerland or the EU, under local jurisdiction, operated by a company subject to Swiss or European law — not by a subsidiary of a foreign group exposed to extraterritorial laws.
Infrastructure must be dedicated, never mutualised with unknown third parties under conditions that would prevent the isolation of your data flows.
Models must be operated in-house, either through proprietary models or through a sovereign LLM API with a bring-your-own-key mechanism that guarantees queries are not used to train third-party models and not retained beyond what is strictly necessary.
This sovereign hosting requirement is not a comfort. For professions bound by criminal-law professional privilege — lawyers, notaries, doctors, private bankers — it is a necessary condition for using the tool without breaching professional obligations. No contractual clause can replace good geography.
Principle 2 — AI proposes, humans decide
No legal, financial or medical act should be produced without explicit validation by a professional. This line seems obvious when stated, but it fades very quickly in daily practice when a powerful AI tool is deployed and its productivity gain becomes tangible.
The workflow to enforce is structured in three steps that the system must make mandatory.
Step 1 — Request. The professional formulates a contextualised question. They do not settle for a vague prompt: they specify the matter, the context, the applicable constraints. This input discipline conditions the quality of the output.
Step 2 — AI proposal. The system produces an analysis, cites its sources, offers an explainable, sourced draft. Not a final answer: a supported proposal in which every claim is traceable.
Step 3 — Validation. The professional validates, edits or rejects the proposal before any sending, signing or decision. This validation is itself logged, which materialises the chain of accountability.
This "proposes / decides" structure is not added bureaucracy to reassure the compliance officer. It is what allows organisations to fully capture the productivity of AI without transferring professional accountability to a black box. AI accelerates analysis and drafting. The professional brings judgement, knowledge of the client, evaluation of the risk. Neither can do the work of the other.
It is also what distinguishes professional use from consumer use. A lawyer who pastes an email from a chatbot without review engages their liability without having practised their profession. A lawyer who uses AI to prepare a draft, reworks it in light of the matter, and validates it knowingly does the same work better and faster. The difference lies not in the tool but in the workflow.
Principle 3 — Each matter, its permissions
AI should only see what the user is already allowed to see. This rule, which looks obvious, is routinely violated in naive deployments where a large model is connected to the entire document repository without filters.
Partitioning by matter, by client, by team, and access control are the foundations of a responsible deployment. An AI that can, by design, bridge two matters in conflict of interest is a major ethics risk for a law firm and a major regulatory risk for a bank.
Four non-negotiable guardrails structure a sound deployment.
Per-matter partitioning. The AI inherits the user's rights, never extended ones. If a team member does not have access to matter X, the AI does not either when that user queries it. This propagation of rights must be technical, not declarative.
Strong authentication and enterprise SSO, with MFA enforced for sensitive roles. This is the baseline that any professional deployment must show. Without robust authentication, the entire traceability chain rests on sand.
Chinese walls respected. The AI never bridges matters in conflict of interest. This rule also applies to the indexing and learning phase: a model exposed to two competing matters could leak information from one to the other, even without an explicit query. The partitioning must be structural, not merely application-level.
Immediate revocation and regular access rotation. A team member who leaves the organisation loses their access within the hour, not within the week. Access rights are reviewed regularly, because permissions accumulated over time are one of the main sources of leaks.
This access discipline distinguishes a professional deployment from an improvised one. It is also what makes consumer AI solutions structurally unsuited: they are not designed to finely propagate the rights of a complex business repository.
Principle 4 — A model built for your trade
A general-purpose large language model is impressive in a demo. On your own matters, in your own vocabulary, its performance collapses. We have observed this so consistently that it has become an internal rule: before any deployment, we benchmark the candidate model on 30 to 50 queries representative of the client's profession, and we measure the gap against the standard demo.
The gap is almost always significant. A general-purpose model that brilliantly answers "summarise this contract" regularly stumbles on "identify the clauses non-compliant with Art. 199 of the Swiss Code of Obligations in this Vaud commercial lease". Not because it is bad, but because it was not trained specifically on Swiss law, cantonal case law, or the technical vocabulary of the trade.
Three elements must be verified before any large-scale deployment.
The model must be trained or orchestrated for your domain. For Swiss law, that implies exposure to Helvetic legal corpora — not just French or German. For finance, knowledge of IFRS standards, FINMA circulars, local reporting standards. For healthcare, mastery of medical coding and applicable protocols.
A pilot on your own matters. Thirty to fifty representative queries, scored by your domain experts. This phase is not optional. It is what allows the real gain to be quantified and the blind spots of the model to be detected before they become production incidents.
A quantified quality benchmark before any large-scale deployment. Define precision criteria, measure, document. Without this discipline, deployment rests on intuition — and intuition, in a regulated sector, is not a defensible argument before an audit.
This specialisation requirement is what often justifies the choice of a proprietary model dedicated to the trade, rather than a general-purpose LLM called through an API. A smaller model, trained on a focused professional corpus, can outperform a generalist LLM on the tasks that actually matter to your teams — while remaining lean enough to run on sovereign infrastructure, with no call to a third-party service outside jurisdiction.
Principle 5 — An owner, a charter, a review
The best technology will not survive the absence of governance. We regularly see technically brilliant deployments that collapse within twelve months because nobody was named responsible, no usage rules were written, and no review was organised.
Three governance building blocks must be put in place on day one and held over time.
An identified AI owner. One person — not a committee, one person — who is the single point of contact for users and leadership. This person arbitrates new use cases, handles incidents, escalates needs. Without this embodied accountability, decisions dilute and governance becomes theoretical.
An acceptable-use charter signed by every team member. This charter spells out what is allowed and what is not. Which documents may be processed by the system. Which information must be anonymised before querying. Which use cases are prohibited. The charter is not an inert legal text: it is an operational document, short, readable, that creates a common culture.
A quarterly review. Use cases deployed, incidents encountered, user feedback, regulatory updates. Four times a year, the AI owner gathers stakeholders — leadership, IT, compliance, key users — and takes stock. It is in these reviews that drifts are detected, the charter is adjusted, and new needs are identified.
This governance may seem bureaucratic for a small organisation. It is not. It is what separates a deployment that endures from one that seizes up after the first incident. And in a regulated sector, the first incident always eventually arrives — the question is whether the organisation is ready to handle it or discovers it during an audit.
Principle 6 — The tool is only as good as how you use it
Technology alone does not create an edge. What makes the difference is the collective ability to question, verify and challenge the AI. This skill does not appear out of nowhere. It is trained.
Three pillars structure an effective training programme.
Mandatory onboarding training for every user with AI access. Not a fifteen-minute video: a structured session covering the model's capabilities, its known limits, validated use cases, pitfalls to avoid, and the governance charter. Without this training, users develop their own practices, often at odds with the charter and with regulatory requirements.
Documented use cases per role, kept up to date. For each role — partner, associate, paralegal, assistant — the list of validated use cases is documented, with concrete prompt examples, expected verifications, and complementary sources to consult. This documentation evolves with practice: newly validated cases are added, problematic ones are removed.
A culture of productive doubt. AI produces fluent answers that inspire confidence. That is precisely the trap. Teams must develop the reflex to verify sources before citing, to challenge a claim that "sounds" right but does not align with their knowledge of the matter, and to report errors to the AI owner so they are documented. This culture cannot be decreed: it is built by publicly valuing error detection, sharing experience, and integrating vigilance into the quarterly reviews.
This sixth principle is the most under-invested in real deployments. Organisations spend heavily on the tool, modestly on training. The result is predictable: a powerful tool used below its capabilities, or worse, used in a way that creates risk. Investment in training has a better return than investment in the next tier of the tool.
Sector-specific application: what changes by profession
The six principles above apply across all regulated sectors. But their concrete implementation varies. Here are the sector-specific watchpoints.
Law firms and notary practices
The central issue is Art. 321 of the Swiss Criminal Code — criminal-law professional privilege. Any transfer of client data to infrastructure outside Swiss jurisdiction exposes the firm to a real ethics risk. Chinese walls between matters in conflict of interest must be structurally guaranteed by the system, not merely declarative. Probative-value archiving is essential for legal instruments and for the traceability of advice given. Model specialisation on Swiss law — federal and cantonal — is a key performance factor.
Banks and financial institutions
The framework is structured by FINMA, notably by the circulars on outsourcing (FINMA Circ. 18/3) and on operational risks. Any AI solution is an outsourcing within the meaning of FINMA and must be documented as such. A written map of data flows is required. The audit trail must be retained for the legally applicable periods. Models used for high-stakes decisions — KYC analysis, credit scoring, AML alerts — must be explainable and defensible before an audit. A proprietary model specialised in IFRS standards and the Swiss prudential framework is often preferable to a general-purpose LLM.
Insurance
The framework is set by the Swiss Insurance Supervision Act (ISA). The stakes are the handling of particularly sensitive data — health in supplementary insurance, financial data in occupational pensions — and the traceability of underwriting or claims decisions. Specialisation of the model on ISA terminology and on Swiss sector practices is a significant performance factor. Fraud detection features must be carefully governed.
Healthcare
The framework is Art. 321 of the Swiss Criminal Code (medical secrecy) and the FADP for particularly sensitive data. Sovereign hosting is non-negotiable. Data flows must be documented at a level of precision rarely required in other sectors. Specialisation on medical coding — ICD-11, SwissDRG — and on Helvetic clinical practice is essential. Use cases must be strictly bounded and must go through systematic medical validation: AI does not diagnose, it proposes a documentary analysis.
In-house legal departments
The stakes are different: no criminal-law professional privilege, but real exposure to trade secrets, contractual confidentiality, and increasingly to the European AI Act for organisations operating in the EU. Typical use cases — contract review, due diligence, regulatory watch — require specialisation in the applicable law and strict partitioning of ongoing M&A matters.
How to evaluate an AI solution for a regulated sector: the checklist
If you are currently evaluating an AI solution for your firm, your financial institution or your organisation, here are the questions to put to each vendor. If even one is left without a clear written answer, that is a signal.
Hosting and jurisdiction. In which datacentre exactly is the data stored? Which company operates that datacentre? Under which jurisdiction does it fall? Is the solution vendor a Swiss or European company, or a subsidiary of a foreign group?
AI processing. When the AI reads my documents to analyse them, where does it physically run? Is it a proprietary model operated in-house, or a call to a third-party service? If a third-party call, which one, and under what contractual conditions?
Retention and use. Is my data used to train other models, even in anonymised form? How long is it retained by the AI provider? Under what rules can it be destroyed on request?
Audit trail. Does the system produce an exportable, signed audit log? What information does the log contain? How can I consult it, export it, present it to an external auditor?
Access management. How are user rights propagated to the AI model? Is per-matter partitioning technical or declarative? How are conflicts of interest handled at model level?
Domain specialisation. On which corpora has the model been trained or fine-tuned? Is there a benchmark on tasks representative of my trade? Can I run a pilot on my own documents before signing?
Reversibility. In the event of contract termination, in what format will my data be returned, within what timeframe, at what cost? Is reversibility contractually guaranteed or left to the provider's goodwill?
The written answers to these seven blocks of questions tell you more about the quality of an AI solution for a regulated sector than any commercial demonstration.
What we have built with Ketl, and why
We designed Ketl, from day one, for the demands of regulated sectors. Not as a consumer product retrofitted afterwards, but as a platform whose architecture embeds the six principles above by design.
In practice, this translates into three structural choices.
Fully Swiss hosting, in certified datacentres operated by Swiss companies, under Swiss jurisdiction. No document leaves Swiss territory at any point in its lifecycle, including during AI processing.
Proprietary AI models, developed in-house, specifically trained on our clients' professional corpora — Swiss law, Helvetic financial standards, sector practices. These models are roughly a thousand times lighter than a general-purpose large language model, which makes them efficient enough to run entirely on our sovereign infrastructure, with no call to third-party services outside jurisdiction.
End-to-end traceability, with an immutable audit log cryptographically signed, sources systematically cited and accessible for every response, per-matter partitioning technically propagated to the model, and a "proposes / decides" workflow integrated by design.
Ketl currently processes more than 26 million documents for over 1,000 users across 11 regulated sectors — law firms, notary practices, private banks, fiduciaries, insurance companies, real estate, wealth management. This installed base is what has allowed us to refine the six principles presented in this article: they are not theoretical, they are the synthesis of what actually works in our deployments.
To see concretely what this looks like on your own matters, you can request a free demonstration at ketl.ch/demo. If you would rather discuss your context first, with no commitment, write to contact@ketl.ch — our Geneva-based experts will be glad to advise.
Article written by the Ketl team. Our offices are located at 15 Avenue de Sécheron, 1202 Geneva, with a presence in Lausanne by appointment. We are a Swiss company, operated from Switzerland, and we support regulated sectors in their sovereign AI deployments.