API Providers

Red Ink is software that requires access to a large language model (LLM) through an API (Application Programming Interface) to function. An API is a machine-to-machine interface that allows Red Ink to communicate directly with an LLM, which can be installed locally, on your network, or, most commonly, accessed via the Internet. If you do not run your own LLM, you will need a service provider that offers API access to your desired LLM.

You need either a Cloud API provider, a local API provider – or you get a self-hosted model

Today, cloud providers like OpenAI, Microsoft, and Google, as well as local providers, offer such services. While cloud providers typically offer the most advanced models, local providers often use open-source models. These may be slightly less powerful but can be a better option regarding data protection and support. Each user must make their own choice.

Commercial providers usually charge for API usage based on consumption (“pay-as-you-go”). This model is very inexpensive – often significantly cheaper than per-user monthly subscriptions – making it an attractive solution for businesses, especially those with multiple users.

Using API access generally allows for much better data protection, as providers offer commercial contracts that are unavailable for consumer services. For example, our law firm has a special contract with Google for its Cloud Platform, enabling us to use Red Ink with all data, including information subject to professional secrecy. This was not possible with conventional AI services.

Requirements for using Red Ink under (Swiss) Professional and Official Secrecy

To use Red Ink with information subject to (Swiss) professional or official secrecy, you must either operate the AI model yourself (on-premise) or use a provider that meets specific technical and organisational requirements. Besides adequate information security, the provider must contractually agree to process your data – including all secret information, not just personal data – only for your purposes and under your instruction. You must also have no reason to believe that a foreign authority could access your data (socalled foreign lawful access).

Foreign lawful access is a particular concern with non-Swiss providers, such as US tech companies like Microsoft, Google, OpenAI, Anthropic, or Perplexity. Many fear that the US CLOUD Act grants US authorities unlimited access to data processed by these providers. While this is clearly wrong and the public discussion is often emotional and lacks a factual basis, you must carefully evaluate the risk of foreign lawful access. This risk is not limited to the US but extends to other countries, including those in Europe. David Rosenthal has developed a widely adopted standard method to evaluate this risk, which is described in more detail here, and an Excel tool for this analysis can be downloaded here (it is free).

In practice, you can mitigate the risk of foreign lawful access to an acceptable level by implementing several measures. These measures restrict the legal and practical ability of foreign authorities to access your data, even when using a foreign provider with AI models running in data centres abroad, which is standard for cloud-based services. The following measures are typically recommended for using cloud-based AI services under (Swiss) professional and official secrecy, in addition to a standard provider agreement:

  • Data Processing Agreement (DPA): This is a standard and basic requirement under both the Swiss Data Protection Act and the EU/UK GDPR. It also serves to contractually ensure that the provider and its own subcontractors are operating only under the instruction of the customer, which is partially seens as a requirement from a professional and official secrecy point of view.
  • Additional contractual clauses for secrets: These should include a commitment to keep all customer data secret, binding the provider and all subcontractors, not just their employees. A clause merely requiring security measures is It should also include a “defend-your-data” clause, obliging the provider to challenge every lawful access request through all available legal channels, even if not permitted to inform you. The secrecy obligation must extend beyond the contract term as required by law, and the DPA’s provisions should cover all customer data, not only personal data.
  • Zero data retention: A clause ensuring the provider does not store any AI model input or output, meaning no customer data remains on its systems after a query. This is usually linked to an “abuse monitoring” opt-out.
  • No use for provider purposes: An undertaking that the provider will not use customer data (AI input and output) for its own purposes, such as model training or human abuse monitoring. This option is often only available to certain customers through a special application process. If an abuse monitoring opt-out is granted, the provider’s operators will not review customer data, even if an automated system flags it as potentially abusive. In our view, professional and official secrecy does not prohibit a provider from using automated systems to filter or block usage it deems abusive.
  • No operator access without approval: An undertaking that the provider’s operators will not access customer data without your approval. This often requires a separate application or configuration (e.g., “Customer Lockbox” in the Microsoft environment). The contractual promise is usually enforced technically by the provider, but this differs from provider to provider.
  • Data residency: If customer data is stored, the provider should commit to storing it in the agreed or configured geographical region (e.g., Switzerland). However, accessing the latest AI models on Swiss-based data centres is often not possible with cloud providers, requiring customers to send AI requests to a model hosted elsewhere in Europe, which can be configured. Some providers also undertake to protect access to customer data from outside the EEA/Switzerland, such as Microsoft (“EU Data Boundary”), meaning that there is in principle no direct data access from outside that region.
  • Verified information security: An undertaking to maintain appropriate, verified information security measures, confirmed by audit reports like SOC 2 Type 2.
  • Customer configuration responsibility: Providers, especially cloud providers like Google and Microsoft, offer extensive configuration options. It is therefore largely the customer’s responsibility to correctly configure the AI services. This includes selecting desired geographical locations (which are usually not set in the contract), using only services that offer the necessary protections, blocking operator access, deactivating automatic Internet searches if problematic, and turning off
  • Liability limitation: While there is no requirement that liability must be unlimited for professional or official secrecy breaches, a provider should bear sufficient liability risk to ensure that a provider has sufficient incentive to comply with a contract. Typically, contracts provider for liability caps (sometimes supercaps) and exclude indirect damages, but provide no limitation for gross negligence or intent (which is also what Swiss mandatory contract law provides for). 

Every organisation bound by a professional or official secrecy obligation must on its own assess these measures and conclude that they meet the legal requirements for entrusting protected data to a provider. This includes conducting an assessment of foreign lawful access risks when using providers or data resources outside your own country, for instance, by using the David Rosenthal method. Such assessments typically involve clarifying the legal standards for lawful access in the relevant countries to determine whether the implemented measures will sufficiently protect the data against access attempts.

If you implement all these measures, we believe you can legally use cloud-based AI offerings under (Swiss) professional and official secrecy, which we consider is the currently established view. This is also the view of the Swiss Banking Association (see Cloud Guidelines) or the Swiss Bar Association (see Art. 38 of the Swiss Code of Professional Conduct). However, we provide no confirmation or assurance, and some hold a different view. For them, we recommend using Red Ink with a Swiss-based provider or an on-premise solution. Offerings for these alternatives are listed below. Red Ink is compatible with all of them, although which features can be used and how well they perform ultimately depends on the specific model and the AI server’s performance.

One further note of caution: Some of the models are able to do their own Internet search, in which case special rules can apply for the search terms passed to the Internet search engines (even if from the same provider). The use of this feature (aka search grounding) may not be advisable with professional secrecy data because the protections may not apply to them, depending on the provider. Similar issues may arise if you use models that call “tools”, including third party API and MCP services, in which case the model may pass along to these third parties data you have provided to the model, thus breaching confidentiality if no measures are taken. Red Ink supports such “tool” calls, as well, if you configure alternate models (which means that the users have to actively switch, reducing the risk that they unintentionally end up with the wrong model).

How to get the special contract amendments for users subject to professional and offical secrecy 

To make AI accessible to business users with professional and official secrecy obligations (e.g., attorneys, healthcare professionals, auditors, public authorities), we have negotiated corresponding contract addenda with Google and other providers. These are now available to relevant companies in Switzerland and, in some cases, Germany. We have expanded our model contract addendum for cloud providers to include a contract addendum for AI services (currently available in German here) and have convinced several Swiss providers to offer their services with this addendum.

The following table provides an overview of various cloud offers and – for those who prefer not to use the cloud – local providers whose AI services can be used with Red Ink. Last but not least, it also contains information on companies that offer self-hosted solutions. Please note that these offers are not from us. We provide no warranties for them or for the accuracy of the following information, and we receive no commission if you obtain API access from one of these providers. Everyone must evaluate for themselves which provider is the right fit.

Type Provider Description
Cloud Google
  • Advantage: Particularly powerful, versatile models
  • Offering: Chatbot, app, API (Vertex) for multimodal models, text-to-speech, speech-to-text and image generation; also offers access to Anthropic models
  • Location: Europe
  • Data Processing Agreement: Yes
  • Professional-/Official Secrecy Amendment: Yes, with contractual addendum [use only Vertex API (not Gemini API), and for web grounding the ‘enterpriseWebsearch’ option]
  • Zero data retention: Yes
  • Abuse monitoring: Opt-out upon request (follow the below process)
  • How to get it: For “normal” customers who are not subject to professional or official secrecy, you can obtain a first contract online here or via a Google partner; for those, who are subject to professional or offical secrecy, proceed as follows (note that this is only for regulated and registered entities, e.g., law firms in the commercial registry, not private individuals or private practitioners [even with a UID] and not service providers to law firms or businesses acting for them; service providers need to register the firm itself; there will be a check whether the entity is registered and the names match):
    1. Register an online account on the Google Cloud Platform here. Make sure you do this using the primary email account you will later on receive the contract amendment. Make sure you have accepted the Terms of Service. We regularly get feedback from Google that this has not happened, and your application will not be completed.
    2. Provide us at support@redink.ai the following information in a fresh e-mail (each piece of information on a fresh line):
      1. 12-digit payments profile ID (BCN) associated with existing profile (customers can access this via the console after having logged in; instructions for accessing the payment settings page for customers are here – make sure you don’t get the 16 digit number);
      2. full customer legal entity name (should be an ‘AG’ or ‘GmbH’);
      3. legal entity street address;
      4. primary contact name (must be a natural person);
      5. primary contact email (this should be the same one with which the Google account has been registered);
      6. primary contact phone;
      7. document language preference.
    3. We then send this information to our contact at Google, who will initiate the process for getting you the (contract addendum on professional secrecy).
    4. You will get the contract electronically for signing (DocuSign); unfortunately, you have to expect this to take many weeks, and it may be even longer if your firm is not in the commercial registry (the request has to be processed manually in various steps).
    5. Review the contract addendum and sign it if you are fine with it.
    6. Once the contract addendum is in place, an opt-out from abuse monitoring is still required. This is granted to law firms upon request and will again take two weeks. You will find the link in the contract addendum.
    7. For the technical setup of the Google Cloud Service Accounts, we recommend that you contact your existing IT consultant. If they are unable to assist, Google can certainly make a recommendation. The technical configuration of Red Ink is described in detail in the manual. See also here.

Note that we are only acting as an intermediary here and can neither speak for Google nor the other parties involved (we also do not receive any payment; we are doing this as a service to the community). You must also assess for yourself whether the contract is sufficient for you.
Cloud Microsoft
  • Advantage: Particularly powerful, versatile models; many companies already have contracts with Microsoft
  • Offer: Chatbot, app (“Copilot”), API for multimodal models, text-to-speech, speech-to-text and image generation
  • Place of operation: Europe
  • Data Processing Agreement: Yes, but not for use with internet searches
  • Professional-/Official Secrecy Amendment: Yes, with contract addendum (does not apply to search terms for internet searches)
  • Zero data retention: unclear
  • Abuse monitoring: Opt-out only for customers directly supported by Microsoft (i.e. large customers) (API); no abuse monitoring for “Copilot”
  • How to get it: Via distribution partners (so-called CSPs), according to this process (analogous to M365)
  • Note: There are various versions of “Copilot” that offer different levels of protection, and it is often unclear to users which version they are dealing with.
Cloud OpenAI
  • Advantage: Particularly powerful, versatile models
  • Offer: Chatbot, app, API for multimodal models, text-to-speech, speech-to-text and image generation
  • Place of operation: USA
  • Data Processing Agreement: Yes
  • Professional-/Official Secrecy Amendment: No, not interested (rejects requests)
  • Zero data retention: Only for large customers
  • Abuse monitoring: Takes place
  • How to get it: Online
Switzerland MTF
  • Advantage: Local provider, additional services
  • Offer: API for open source language models (GPT OSS 20b, Gemma 3.4b) for business customers
  • Location: Switzerland
  • Data Processing Agreement: Yes
  • Professional-/Official Secrecy Amendment: Yes
  • Zero data retention: Yes
  • Abuse monitoring: No
  • How to get it: info@mtf.ch
Switzerland AlpineAI
  • Advantage: Local Provider, Comprehensive Swiss AI product suite, US-Cloud Act independent Swiss provider; Focus on highly regulated sectors (healthcare, government authorities)
  • Offer: SwissGPT includes chat, speech-to-text, assistants, and agents, provider of API and customized GPT solutions; note that AlpineAI applies certain token limits, which may restrict the size of the requests made (relevant, e.g., when upload large documents)
  • Location: Switzerland, Davos & Zurich
  • Data Processing Agreement: Yes
  • Professional-/Official Secrecy Amendment: Yes
  • Zero Data Retention: Yes
  • Abuse Monitoring: No
  • How to get it: Registration  (see also here for help to get a working API key)
Switzerland Safe Swiss Cloud
  • Advantage: Local provider, additional services
  • Offer: PAI Chat, PAI API, PAI Enterprise, PAI Developer, PAI Integration (MCP servers, etc.). Available models: Apertus 70 B (ETH/EPFL), DeepSeek 70 B & 670 B and others
  • Place of operation: Switzerland
  • Data Processing Agreement: Yes
  • Professional-/Official Secrecy Amendment: Yes
  • Zero data retention: Yes
  • Abuse monitoring: Possible
  • More information: https://safeswisscloud.com/en/private-ai/
  • How to get it: Contact Safe Swiss Cloud: Contact form
Self-hosted OnPremAi
  • Advantage: No reliance on a provider at all (your LLM is fully under control and you have no additional costs, regardless how much and often you use it) 
  • Offer: The company offers (a) three different pre-configured systems (various sizes) to run open source LLM on premise (with open source models, such as GPT OSS) and (b) a service to keep the customer’s solution up-to-date (hardware,  software, model)
  • Place of operation: At the user’s location (on-prem)
  • Data Processing Agreement: Not applicable
  • Professional-/Official Secrecy Amendment: Not needed
  • Zero data retention: Yes
  • Abuse monitoring: Not applicable
  • More information: https://onprem.ai/de/platform/
  • How to get it: Contact form: Kontakt – onprem.ai

 

Of course, there are other providers that may also be suitable. The list is not exhaustive and is not a recommendation or legal advice, but rather information we hope you find helpful. Compare the providers. If another Swiss provider is willing to sign a contract with our sample contract addendum, they should contact us. Any errors or suggested changes to the above table should also be reported to us. OpenAI is also welcome to contact us if it is willing to offer its services in compliance with professional and official secrecy regulations, or at least to discuss this (unlike Microsoft and Google, it has not done so to date). We will continue to monitor Microsoft closely due to the unsatisfactory situation regarding abuse monitoring opt-out and internet searches.

Not all of the models you may want to use may necessarily have to provide protection for professional and official secrecy data even if you are subject to such rules. It may be worthwhile to subscribe to additional models and services in order to benefit from models that are suitable for research purposes (e.g., AI-based Internet search, deep research), where special protection is often not an issue (of course, you need to train users to select these models only when permitted). Perplexity, Anthropic and OpenAI are popular choices in this area (but again, these providers do in our view not offer sufficient protection for professional or official secrecy). If you want to use Anthropic or OpenAI models, you may get access to them through Google (Anthropic) or Microsoft (OpenAI).