Summary in 5 points
- ChatGPT Enterprise processes prompts on OpenAI infrastructure (US-managed, with limited EU residency options); Amaii processes prompts inside the customer environment — on-premise or private cloud in the EU.
- Amaii is model-agnostic (Llama, Mistral, Mixtral, EU-commercial) — ChatGPT Enterprise only offers OpenAI's own models.
- Both promise 'no training on your data'; only Amaii also keeps the data physically inside your environment, which matters for NEN 7510, DORA and BIO.
- Amaii delivers full audit logging at prompt/answer level and document-level RBAC; ChatGPT Enterprise offers admin tooling but limited prompt-level granularity.
- ChatGPT Enterprise charges per seat (typically $40–$60/user/month, 150-seat minimum); Amaii uses a licence-per-group plus infrastructure model that is often more favourable above 200 users.
Comparison table
| Criterion | Amaii | ChatGPT Enterprise |
|---|---|---|
| Data processing location | Customer infrastructure (on-premise or private cloud in EU) | OpenAI infrastructure (US, with limited EU residency) |
| Processing party | No third parties — all inside customer environment | OpenAI + US sub-processors |
| Training on customer data | No — model and data fully under customer control | No — contractually excluded by OpenAI Enterprise terms |
| Choice of language model | Open-source (Llama, Mistral, Mixtral) or EU-commercial | Fixed — OpenAI models only (GPT-4o, GPT-4.1, o-series) |
| GDPR-compliant | Yes, by design (no external processor) | Yes, contractually — via DPA and EU residency options |
| NEN 7510 / DORA / BIO ready | Yes, fit for strictly regulated sectors | Limited — US processor and sub-processors complicate alignment |
| Integration with internal sources | SharePoint, Teams, OneDrive, Confluence, Google Workspace, file shares, APIs | Connectors to Google Drive, SharePoint, Microsoft 365 (data routed through OpenAI) |
| Per-action audit logging | Full — user, document, prompt, answer | Admin Console + Compliance API, prompt-level granularity limited |
| Document-level RBAC | Yes, native | Workspace-level; inherits source permissions for connectors |
| Vendor lock-in | None — model and infrastructure are replaceable | High — tied to OpenAI's roadmap and pricing |
| Cost (indicative) | Per user group + infra; more favourable at scale | ~$40–$60 per user per month, 150-seat minimum |
| Time-to-PoC | 4–6 weeks | Days to activate; weeks to months for procurement & DPIA |
How ChatGPT Enterprise processes your data
ChatGPT Enterprise works by sending prompts — and any attached or retrieved context — to OpenAI's hosted models, primarily running in the United States. OpenAI contractually commits that Enterprise prompts are not used to train its public models, and offers a Data Processing Addendum (DPA), SOC 2 Type 2 reports and limited EU data-residency options. For many generic productivity scenarios that is enough.
For organisations working with patient records (NEN 7510), financial customer data (DORA), legal case files (professional secrecy) or government information (BIO), a fundamental problem remains: the data still passes through a US-based processor and US sub-processors. Even with EU residency the legal entity processing the data is US-incorporated, which is incompatible with several risk and compliance frameworks.
How Amaii processes your data
Amaii installs a private AI stack inside your own environment: a Retrieval-Augmented Generation (RAG) pipeline, a vector database and an LLM of your choice. When a user asks a question, every step — retrieval, embedding, generation — stays inside the customer infrastructure. There is no external API call to OpenAI, Microsoft, Google or any other US hyperscaler.
Documents can be synchronised from SharePoint, Teams, OneDrive, Confluence, Google Workspace or internal databases, but once they enter Amaii they are processed by a locally running language model. That makes Amaii suitable for sectors where every external data flow must first be approved by a Data Protection Officer or regulator — or where data sovereignty is a board-level requirement.
Compliance: GDPR, NEN 7510, DORA and the EU AI Act
ChatGPT Enterprise complies with GDPR through OpenAI's DPA and EU residency offerings. For NEN 7510 (healthcare) and DORA (finance) that is typically not enough: both frameworks require the organisation itself to retain full control over processors, models and logging — and to limit dependencies on non-EU critical ICT providers. Amaii operates without an external processor and gives full control over every layer.
- GDPR: with Amaii no external processor; with ChatGPT Enterprise there is one (OpenAI + sub-processors), even with EU residency.
- NEN 7510: Amaii supports fully isolated processing of medical data inside the healthcare institution.
- DORA: Amaii provides audit trails and risk controls aligned with ICT third-party management — without dependency on a non-EU critical provider.
- EU AI Act: Amaii supports transparency requirements, logging obligations and risk classification of AI systems.
- BIO (public sector): Amaii operates within national borders without dependency on US hyperscalers.
Functionality: what can you do with it?
ChatGPT Enterprise excels at open-ended generative tasks: drafting, brainstorming, code generation, image generation, advanced reasoning with the o-series. It is a generic AI productivity layer connected to your data via Connectors. Amaii is not a generic chat assistant — it is a private company brain that answers questions grounded in your own contracts, case files, patient records, policies and historical projects.
Many organisations deploy both side by side: ChatGPT Enterprise for general productivity, Amaii for the confidential knowledge layer where compliance, traceability and accuracy matter more than raw capability.
Cost and scalability
ChatGPT Enterprise is priced per seat (publicly reported at roughly $40–$60 per user per month with a 150-seat minimum). At 500 users that is between $240,000 and $360,000 per year — recurring, scaling with the organisation. Amaii uses a licence model per user group plus infrastructure cost (own GPUs or EU cloud).
For small teams (under 100 users) ChatGPT Enterprise is often cheaper. From around 200 users — and certainly at high usage intensity — Amaii typically becomes more cost-effective. It also avoids vendor lock-in: model and infrastructure are replaceable, and per-token cost does not scale with seat count.
Governance, audit logging and RBAC
Amaii logs every AI interaction at the level of user, document, prompt and answer. For sectors with inspection or audit obligations (healthcare, finance, legal), that is a hard requirement. ChatGPT Enterprise offers an Admin Console, SSO/SCIM and a Compliance API that exposes events to platforms like Microsoft Purview — useful, but granularity at prompt and answer level is more limited and depends on what OpenAI chooses to expose.
Amaii's role-based access control (RBAC) works at document level and is independent of source-system permissions — useful when documents come from multiple sources or when separate AI rights are needed (e.g. a junior associate may see a case file but not query it via AI).
When do you choose ChatGPT Enterprise?
ChatGPT Enterprise makes sense when your organisation needs broad generative capability across many tasks (writing, code, image generation, advanced reasoning), most use cases concern non-confidential productivity, and your compliance posture allows a US-based processor. For mid-market companies without strict sector regulation, ChatGPT Enterprise is often the fastest route to broad AI value.
When do you choose Amaii?
Amaii is the right choice if at least one of these applies: your organisation falls under NEN 7510, DORA or BIO; you work with client privilege or professional secrecy; intellectual property or strategic information must not leave the organisation; you want to be independent of US Big Tech; or you want full control over model choice and audit logging.
- Healthcare institutions handling patient data under NEN 7510.
- Financial services and pension funds under DORA supervision.
- Law firms, notaries and legal departments with client privilege.
- Accounting and tax firms with professional secrecy.
- Public sector and executive agencies that must stay within BIO and data sovereignty.
- Consultancy and R&D with sensitive intellectual property.
Common misconceptions
"OpenAI promises not to train on our data, so we are safe." That commitment removes one specific risk (model contamination). It does not change where data is processed, who the processor is, or how that fits into NEN 7510, DORA or BIO. A private LLM solves the underlying processing-location question, not just the training question.
"EU residency is the same as EU sovereignty." Data residency means the data sits on EU servers. Sovereignty means the legal entity processing it is European and not subject to non-EU jurisdictions (such as the US CLOUD Act). ChatGPT Enterprise can offer the first; only a private LLM gives you both.
"Building a private LLM is too complex for us." Amaii ships a productised stack — the same components an OpenAI-style platform offers (chat, connectors, admin console, RBAC, audit logging) but installed in your environment. PoC in 4–6 weeks.
Bronnen en achtergrondinformatie
- EU AI Act (Regulation 2024/1689) - EUR-Lex
- GDPR (Regulation 2016/679) - EUR-Lex
- NEN 7510 — Information security in healthcare - NEN
- DORA — Digital Operational Resilience Act - EUR-Lex
- OpenAI Enterprise Privacy - OpenAI
