fairlane.systems

Trends & Comparison

TREUHAND|SUISSE GPT vs. Your Own AI Infrastructure: Data Protection, Vendor Lock-in, Cost

Neutral comparison: the association tool TREUHAND|SUISSE GPT versus a vendor-neutral multi-LLM gateway with your own RAG on firm data.

Researched & fact-checked by: · As of: 2026-06

What is this about?

TREUHAND|SUISSE GPT is an AI assistant with a chat interface and specialised constructors (thematic knowledge modules and agents) that the industry association TREUHAND|SUISSE developed together with the Swiss provider Connect AI and launched for its members at the end of 2025. It runs on Swiss servers, deliberately omits internet search for data-protection reasons, and works with thematic «constructors» – for example TREX-GPT, containing the professional articles from the past five years of the journal «TREX – Der Treuhandexperte». A paid premium tier adds a dedicated «tenant» (logically separated area) for internal handbooks and client data.

The alternative is your own AI infrastructure: a vendor-neutral multi-LLM gateway (several language models behind one interface) combined with your own RAG (retrieval-augmented generation) built on each firm's documents. This article compares both approaches along neutral criteria: data sovereignty, vendor lock-in, cost, customisability, and the Switzerland data location.

Both paths are legitimate. There is no blanket «better» model – suitability depends on firm size, IT maturity, and the degree of control you want.

Why does it matter?

Fiduciaries handle particularly sensitive client data. The governing law is the Federal Act on Data Protection (DSG; also referred to in professional circles as nDSG or revDSG, SR 235.1), in force since 1 September 2023. If an AI service processes personal data on your behalf, the processing should under Art. 9 nDSG rest on a contractual or statutory basis and ensure data security; a written data-processing agreement (DPA) is not formally mandatory in the private sector but strongly recommended in order to demonstrate compliance with the legal requirements (unlike EU GDPR Art. 28, which explicitly requires written form). In addition, the processing must in principle be entered in the record of processing activities under Art. 12 nDSG – however, Art. 12 para. 5 nDSG provides an exemption for companies with fewer than 250 employees, provided the processing does not entail a high risk to the personality of the data subjects and is not carried out regularly on a large scale. These duties apply regardless of whether the AI is run by the association or by you. This is not legal advice.

The decisive difference lies in control and dependency. An association offering takes a lot of work off the firm – setup, maintenance, and Swiss hosting are handled. In return, the provider decides which models, which constructors, and what feature scope are available. Your own infrastructure reverses this: more self-responsibility, but free model choice, your own document base, and portability.

For most firms this is not an either-or question. An association GPT may suffice for standard questions, while a proprietary solution makes sense for sensitive mandate work or special workflows. Making a deliberate decision – rather than accepting a default – is the goal.

Comparison along neutral criteria

Data sovereignty: Both approaches can keep data in Switzerland. TREUHAND|SUISSE GPT emphasises Swiss servers and a separate «tenant» in the premium tier. Your own infrastructure additionally lets you define and contractually fix the exact storage location, encryption, and deletion periods yourself. Those who need maximum auditability have more leverage with self-operation; those who want a vetted standard solution are ready to start quickly with the association offering.

Vendor lock-in: An association offering ties you to one provider and to association membership – the provider defines models, constructors, and prices. A vendor-neutral gateway places several models (e.g. from different providers or self-hosted) behind one uniform interface; individual models can be swapped without changing the whole solution. This reduces dependency but shifts selection and maintenance to the firm or its integration partner.

Customisability & knowledge base: The constructors of TREUHAND|SUISSE GPT deliver curated industry knowledge (e.g. TREX articles) that individual firms do not have to maintain themselves. Your own RAG, by contrast, indexes a firm's specific documents – your own templates, mandate guidelines, internal directives – and answers on that basis. The two complement each other: curated association knowledge plus your own firm knowledge.

Cost: The basic version is free of charge for TREUHAND|SUISSE members (included in the membership fee); the premium tier is paid. The published premium prices (as of June 2026, see treuhandsuisse.ch/premium-gpt) are tiered: CHF 28 per user/month (from 10 users, 1.5 GB data RAG, 5 million tokens/month – the 10-user plan is reserved for TREUHAND|SUISSE members), CHF 25 per user/month (from 20 users, 3 GB, 10 million tokens/month), and CHF 20 per user/month (from 50 users, 3 GB, 10 million tokens/month); optionally an AI personalisation package with expert time on an annual basis. Your own infrastructure, by contrast, incurs setup and operating costs (integration, hosting, model usage), but offers per-request cost transparency and scaling to actual demand.

How to make the decision

  1. 01List use cases: which tasks should the AI concretely handle (professional questions, mandate documents, correspondence, research)?
  2. 02Determine data classes: are particularly sensitive personal data processed? If so, clarify nDSG duties (contractual arrangement under Art. 9, record under Art. 12 incl. SME exemption para. 5, data security under Art. 8).
  3. 03Assess the association offering: do the constructors of TREUHAND|SUISSE GPT (e.g. TREX-GPT) cover the standard cases? Is a premium tenant for internal data needed?
  4. 04Evaluate own needs: must firm-specific documents be integrated via RAG, several models be used, or other systems be connected through a gateway?
  5. 05Check vendor independence: are data export and model switching possible? Is there technical or contractual lock-in?
  6. 06Fix data location & sub-processors in writing: contractually agree Swiss hosting, encryption, and deletion periods.
  7. 07Start a pilot: test with a clearly scoped use case, measure result quality and mandate relevance, then scale.
  8. 08Consider combining: if sensible, run the association GPT for general matters plus your own RAG for firm-specific content in parallel.

When does which approach fit?

The association offering (TREUHAND|SUISSE GPT) fits when: the firm wants a ready-to-use, industry-specific solution without its own IT effort; the curated expert knowledge (e.g. TREX articles, cantonal tax questions) provides the greatest day-to-day benefit; and an existing association membership already covers access.

Your own AI infrastructure fits when: the firm wants to integrate its own documents and workflows deeply; vendor independence and model portability are strategically important; specific data-protection or compliance requirements demand a precisely defined data location and contractually fixed processing; or several tools (mailing, DMS, accounting) should be connected via one gateway.

In practice, many firms combine both: the association GPT for general professional questions, their own RAG for mandate- and firm-specific content. What matters is that for every service used, the data-protection framework (DPA, processing record, data security under Art. 8 nDSG) is cleanly documented.

Limits and caveats

No AI tool replaces professional responsibility. Neither an association GPT nor your own RAG releases you from the duty to review results. Language models can produce plausible-sounding but incorrect statements; for tax- and law-relevant questions, verification at the source (statute, FTA publication, professional literature) remains mandatory. This is not legal advice.

Your own infrastructure is not self-running. It requires integration know-how, ongoing maintenance, and deliberate model and hosting choices. For very small firms without an IT partner, the operating effort can outweigh the benefit; here a managed offering is often more pragmatic.

Conversely, with an association or third-party tool, do not rely on marketing claims alone: data location, sub-processors, deletion concept, and contractual basis (DPA) must be actively checked and agreed in writing. Anyone comparing several providers should look for interchangeability (export of your own data, no technical lock-in) – regardless of which path they choose.

FAQ

Does TREUHAND|SUISSE GPT store data in Switzerland?

According to the association, the solution runs on Swiss servers, omits internet search for data-protection reasons, and offers a separate «tenant» for company data in the premium tier. You should still have the exact data location, sub-processors, and deletion concept confirmed contractually for your specific use.

How much does TREUHAND|SUISSE GPT cost?

The basic version is free for TREUHAND|SUISSE members (included in the membership fee). The premium tier is tiered and published by firm size: CHF 28 per user/month (from 10 users), CHF 25 (from 20 users), and CHF 20 (from 50 users), each with 1.5–3 GB data RAG and 5–10 million tokens/month (as of June 2026, see treuhandsuisse.ch/premium-gpt). An optional AI personalisation package can be added.

What does «vendor-neutral multi-LLM gateway» mean?

A gateway that bundles several language models from different providers (or self-hosted models) behind one uniform interface. Individual models can be swapped without changing the entire solution – this reduces dependency on a single provider but requires selection and maintenance effort on the firm's side.

Do I need a data-processing agreement (DPA) for AI tools?

If the AI service processes personal data on your behalf, the processing must under Art. 9 nDSG rest on a contractual or statutory basis and ensure data security. The nDSG prescribes no written form for private controllers – but a written DPA is strongly recommended to demonstrate compliance with the legal requirements (EU GDPR Art. 28, by contrast, explicitly requires written form). The processing must in principle also be entered in the record under Art. 12 nDSG, though an exemption may apply for companies with fewer than 250 employees. This applies to association and proprietary solutions alike. This is not legal advice – consult a specialist if in doubt.

Can I combine both approaches?

Yes. Many firms use an association GPT for general professional questions and their own RAG for mandate- and firm-specific documents. What matters is that the data-protection framework is documented for every service used and that no unnecessary technical lock-in arises.

Related topics

MULTI-LLM GATEWAY · SERVICEMulti-LLM Gateway: eight providers, one entry point, compliance routingRAG ON YOUR OWN KNOWLEDGE · SERVICERAG on your own knowledge: answers from your documents – with sources, not made upTools · AI Bookkeeping SwitzerlandAccounto, Bexio (Kontera AI) & KLARA: AI Bookkeeping Compared for Fiduciary FirmsImplementation · Client Portal & RAGClient Portal with an AI Assistant: secure self-service chat on your own trustee knowledge (RAG)

Sources

  1. TREUHAND|SUISSE GPT – offizielle Verbandsseite
  2. Premium GPT (Preise & Staffeln) – TREUHAND|SUISSE
  3. Treuhand Suisse und Connect AI lancieren KI-Lösung (marktkom)
  4. Bundesgesetz über den Datenschutz (DSG/nDSG, SR 235.1) – Fedlex
  5. Datenschutzverordnung (DSV, SR 235.11) – Fedlex

FITS YOUR STACK?

What this looks like in your business – a 30-minute intro call.

Book a call