Which certifications matter for an AI provider?

ISO 27001 is the minimum to work with larger clients. SOC 2 Type II is the standard for regulated sectors. Newer AI-specific certifications (like ISO 42001) are still emerging. For SMBs they're not mandatory but add confidence. Ask if the provider is working toward certification — shows direction.

What's the security difference between cloud and self-hosted?

Self-hosted is more secure if you have the expertise and resources to maintain it. Otherwise less secure — standalone deployments often aren't updated regularly and become vulnerable. For SMBs the cloud of a serious European provider is the better choice: professional security you can't afford in-house.

My provider says data is processed "in Europe." Is that enough?

No. Ask specifically: which country, which data center, who manages access. Most importantly: who processes the AI model request. If the AI request is forwarded to an American OpenAI server, "data in Europe" is technically true only for frontend infrastructure — but actual processing is in the US.

How often should I audit my AI system?

For small automations — annually. For medium systems with personal data — every 6 months. For high-risk (banking, medical) — every 3 months plus continuous monitoring. This is an important line in your maintenance contract — who pays for the audit, provider or you.

2026-05-227 min readBy The Cresare team

Data security in AI systems: what to require

A practical guide to evaluating security when choosing an AI provider. Which questions reveal the serious ones, what to include in the contract, and the most common oversights.

Data security is the first question companies in regulated sectors (banks, insurers, healthcare) ask before considering AI implementation. And the second question every SMB should ask, even if they're not legally required. This article is a practical guide to what to require and how to evaluate the answers.

Seven critical questions

These questions separate serious providers from those who will create problems after signing:

1. Where physically is the data?

Not "in the cloud," not "European infrastructure." Concretely: Frankfurt? Dublin? Stockholm? Include subcontractors. An OpenAI model processes in the US even if your frontend infrastructure is in Germany. This must be documented in the DPA.

2. Is data encrypted at rest and in transit?

TLS 1.3 for transit is the minimum. AES-256 at rest is the minimum. Ask whether keys are managed by the provider, you, or a third party (KMS). If they don't understand the question, that's already an answer.

3. Who from the provider's side has access to your data?

Healthy practice: only automated processes, no human eyes except on escalation. Escalations are logged and you have access to the log. Bad practice: "our whole team has access." That's a reason not to work with them.

4. Will your data be used to train future AI models?

Serious providers have a corporate agreement with the model maker (Anthropic, OpenAI) that explicitly excludes this. Ask for documentation. If they use another provider (open source model in standalone instance), the question doesn't apply — but it must be confirmed in writing.

5. How is a deletion request handled (GDPR Article 17)?

Is there an automated process or manual? How long does it take? Are data deleted from training sets (if used)? What proof do you get that deletion happened? This is the test that filters agencies that have never been through an actual GDPR audit.

6. What happens during an incident?

Do they have an incident response plan? Who will notify you, in what timeframe? Do they have a data-breach notification plan (GDPR Article 33 — 72 hours)? Ask for a specific past example, not a hypothetical.

7. What's their periodic review policy?

At minimum once per year, they should review the security configuration of your system. Better — quarterly. Best — automated scans and vulnerability checks. Serious providers have documentation of this cadence.

What to include in the contract

Minimum clauses that protect your interests:

DPA per GDPR Article 28 — mandatory. EU Standard Contractual Clauses for data transfer outside the EU, if applicable.
Retained intellectual property — code, data, and AI modules after launch are yours. Provider has no right to use similar work for other clients.
Concrete incident SLA — notification time, response time, full recovery time. Without numbers, this clause provides no protection.
Audit right — you have the right to commission an independent security audit annually at your cost.
Data exit — on termination, the provider gives you all data in a standard format within 30 days and certifies full deletion from their systems.
Subcontractors — list of all third parties with data access. Changes are agreed in writing.
No back-doors — explicit that the provider has no hidden access to your data and no employee can bypass control mechanisms.

Most common oversights we see

No one reads the DPA. Signed "just in case" without reading. Later, when an incident happens, nobody knows what the rights are.
Accesses are not periodically reviewed. Former provider employees retain active SSH keys or admin accounts months after departure.
Backups are not encrypted. Main database is well protected, but backups stored on a third-party cloud without encryption.
Logs kept too short. GDPR requires logs of critical actions for at least 1 year. Many providers keep 30 days and can't prove what happened during an incident.
Test environments use real data. Common mistake even with large providers. Real data in test environment means real risk.

How much good security costs

You often hear "good security is expensive." Not true for SMB. Good security in an AI project costs about 5-10% of one-time costs (500-1,500 EUR for a small project). That covers: segmented infrastructure, encryption with customer-managed keys, incident SLA, system documentation.

Poor security doesn't save money — it defers the cost. The first big CPDP investigation will cost between 5,000 and 50,000 EUR in legal fees and management time, even without a fine. A publicized serious data loss — twice that in lost trust.

Frequently asked questions

Which certifications matter for an AI provider?: ISO 27001 is the minimum to work with larger clients. SOC 2 Type II is the standard for regulated sectors. Newer AI-specific certifications (like ISO 42001) are still emerging. For SMBs they're not mandatory but add confidence. Ask if the provider is working toward certification — shows direction.
What's the security difference between cloud and self-hosted?: Self-hosted is more secure if you have the expertise and resources to maintain it. Otherwise less secure — standalone deployments often aren't updated regularly and become vulnerable. For SMBs the cloud of a serious European provider is the better choice: professional security you can't afford in-house.
My provider says data is processed "in Europe." Is that enough?: No. Ask specifically: which country, which data center, who manages access. Most importantly: who processes the AI model request. If the AI request is forwarded to an American OpenAI server, "data in Europe" is technically true only for frontend infrastructure — but actual processing is in the US.
How often should I audit my AI system?: For small automations — annually. For medium systems with personal data — every 6 months. For high-risk (banking, medical) — every 3 months plus continuous monitoring. This is an important line in your maintenance contract — who pays for the audit, provider or you.

Have a specific case and aren't sure which security requirements to set? Describe in the chat on the home page — the answer will include a risk assessment and what specifically to include in the contract.