Keep inference inside EU jurisdiction, minimize retention, and design the stack so prompts, outputs, and tool payloads do not persist unless they truly must. That matters because the AI Act brings traceability and governance duties, while GDPR still requires storage limitation for personal data, so “we do not train on your data” is not enough if logs still exist.
In 2026, privacy around AI is no longer a paragraph in a DPIA (Data Protection Impact Assessment); it is a set of very concrete infrastructure choices. Where prompts go, what gets logged, which country’s laws apply, and how much evidence you can show during an audit now define whether an AI project is viable for an EU company.
The real problem: AI that remembers too much
If we strip the jargon away, the core pain for EU startups and enterprises is simple: every prompt can contain personal data, trade secrets, or regulated information, and most AI stacks were not designed to forget. Logs, backups, observability tools, third‑party routers, and “debug mode” features quietly keep copies, often outside the EU and for longer than anyone ever decided explicitly.
At the same time, the EU AI Act is now real. It introduces obligations for high‑risk AI systems and general-purpose AI, including documentation, logging, and human oversight. GDPR has not gone anywhere either, especially the storage‑limitation principle: personal data must not be kept longer than necessary for the purposes it was collected. Put together, these two frameworks force us to rethink how inference works, not just how privacy policies are written.
What “zero data retention” really means (and why “we don’t train on your data” is not enough)
A lot of AI services now say “we don’t train on your data.” That sounds good, but it leaves several doors open: prompts may still be logged for abuse detection, quality evaluation, debugging, or analytics; they may live in backups; they may be accessible to operators or foreign law‑enforcement requests.
Zero data retention is a stricter idea.
It means that prompt and output content is processed in volatile memory and simply not stored once the response has been generated. No conversation logs, no content‑level analytics, no training datasets, no “we’ll delete it after 30 days.” Only minimal technical metadata (timestamps, token counts, request IDs) remains, and even that should be designed to avoid personal data.
This approach changes the risk model, if content never lands on disk at the provider, the attack surface for breaches, subpoenas, or misconfigured analytics shrinks dramatically. For many EU teams, that is the difference between “we hope nothing bad happens” and “we can explain, in concrete terms, what happens to data at every step.”finance.
How GDPR and the AI Act pull in opposite directions (unless you fix the architecture)
For most EU startups and enterprises in 2026, the bigger wins come from measures that are available right now: EU‑only processing, zero retention at the provider, endpoint isolation, strict key management, and minimal logging.
On paper, GDPR and the AI Act can feel like they are asking for different things:
- GDPR wants you to minimize data and delete personal information once it is no longer needed.
- The AI Act wants you to document and log what your high‑risk systems do, so that auditors and regulators can reconstruct decisions.
If we try to solve this only with policies, we end up in a deadlock: keep logs for audits, but also delete them quickly; keep data to prove decisions, but also prove we are not keeping data too long. The way out is technical: we must separate “content” from “evidence.”
A practical pattern looks like this:
- Do not keep raw prompts or model outputs at the provider, and avoid storing them in your own logs unless you have a clear, time‑bound reason.
- Do keep small, non‑personal audit records: timestamp, model version, request ID, approximate token usage, and a high‑level event type (“classification”, “summary”, “routing decision”)
- For genuinely high‑risk situations where you must keep more detail (for example, medical or financial decisions), store that content in your own controlled environment, under your own retention policies and access controls, not scattered across routers and third‑party logs.
Once we treat auditability as a separate data flow, it becomes much easier to satisfy both GDPR’s storage limitation and the AI Act’s need for traceability.
Where Regolo actually helps: making “forgetful AI” an infrastructure feature, not a slogan
This is where we want to be very concrete: our value is not that we have yet another API, but that our infrastructure aligns with the privacy and sovereignty story above.
Three properties matter in this context:
- Inference stays in Europe. Regolo run on data centers located under European jurisdiction, with strictly EU‑based processing. For a DPO or legal team, that makes data‑transfer analysis much simpler than with US‑centric platforms or opaque multi‑region setups.rivista+3
- Zero data retention is enforced at the architecture level. When a request hits our systems, prompt and output data are forwarded to the inference engine, processed in volatile memory, and then discarded. We do not log prompts, we do not store responses, and we do not reuse any of it for training or evaluation. Only minimal, non‑content metadata (timing, token counts) is kept for billing and high‑level statistics.codemotion+2
- We avoid acting as yet another “smart router” that inspects your content. Regolo.ai operates more like a direct gateway: you call our endpoint, we run the model in our Italian infrastructure, and we send back the response, without extra “magic” layers that rewrite your prompts or scan your data for product analytics. That reduces both the technical attack surface and the number of actors who can see your content.regolo+2
In practice, this means that if a European company wants to build an agentic, LLM‑heavy product without sending sensitive prompts to non‑EU clouds or retention‑heavy platforms, we can be the inference layer that makes that possible. We do not solve every compliance question, but we give your privacy and security teams a much cleaner starting point.
A small, realistic pattern: ask the model, keep the proof, forget the rest
To make this less abstract, here is a short Python code below sending a prompt to regolo.ai infrastracture using our core models via an OpenAI‑style API, receive an answer, and then immediately strip away all content before storing a tiny audit record.
You will need to replace the placeholders (YOUR_API_KEY, MODEL_ID_PLACEHOLDER, https://api.regolo.ai/v1) with values from the current Regolo.ai documentation, since endpoint details may evolve over time.
import os
import json
import requests
from datetime import datetime, timezone
REGOLO_API_KEY = os.environ.get("REGOLO_API_KEY", "YOUR_API_KEY")
REGOLO_BASE_URL = "https://api.regolo.ai/v1" # Check latest docs
MODEL_ID = "MODEL_ID_PLACEHOLDER" # Use a supported open model
def call_regolo_privacy_first(question: str) -> dict:
url = f"{REGOLO_BASE_URL}/chat/completions"
headers = {
"Authorization": f"Bearer {REGOLO_API_KEY}",
"Content-Type": "application/json",
}
messages = [
{
"role": "system",
"content": (
"You are an assistant for an EU company. "
"Answer concisely and avoid repeating personal data."
),
},
{"role": "user", "content": question},
]
payload = {
"model": MODEL_ID,
"messages": messages,
"max_tokens": 400,
}
resp = requests.post(url, headers=headers, data=json.dumps(payload), timeout=30)
resp.raise_for_status()
data = resp.json()
answer = data["choices"][0]["message"]["content"]
usage = data.get("usage", {})
request_id = data.get("id")
# Build a small, content-free audit event
audit_event = {
"timestamp": datetime.now(timezone.utc).isoformat(),
"provider": "regolo.ai",
"region": "eu-it",
"model": MODEL_ID,
"request_id": request_id,
"usage": usage,
"purpose": "internal_policy_draft", # your own label
}
return {"answer": answer, "audit_event": audit_event}
if __name__ == "__main__":
# Example: internal GDPR note without storing the prompt anywhere else
question = (
"Explain the GDPR storage limitation principle in plain English, "
"for an internal policy document."
)
result = call_regolo_privacy_first(question)
print("Model answer:\n")
print(result["answer"])
print("\nMinimal audit event (safe to log):\n")
print(result["audit_event"])Code language: Python (python)This pattern reflects the architecture we described: inference takes place on an EU, zero‑retention backend (Regolo.ai), the application receives the answer, and only a small, non‑personal audit record is stored long term. For most EU teams, this is a much easier story to tell in front of a DPO, a regulator, or a large customer’s security questionnaire.
FAQ
Is “no training on your data” enough for GDPR and AI Act?
Not really. If prompts and outputs are logged for weeks, they remain exposed to breaches and lawful access, even if they are not used for training. Zero retention goes further by removing those logs entirely.
How does EU data sovereignty help my risk profile?
Keeping inference in EU data centers with EU operators reduces cross-border transfer risk and simplifies impact assessments under GDPR and AI Act. Regulators increasingly look at where data actually flows, not just contract wording.
Are cryptographic proofs of inference ready for production?
zkML systems like DeepProve-1 prove full LLM inference is feasible, but current implementations target smaller models and niche use cases due to performance cost. They are promising for high-risk or regulated domains but not yet mainstream.
How do I secure routers and AI integration middleware?
Use stateless, pass-through proxies that normalize responses and handle auth entirely in memory, without caching or storing payloads. Avoid middleware that silently retries or buffers content, as it breaks zero-retention guarantees and enlarges the attack surface.
How does Regolo.ai document its privacy guarantees?
Regolo.ai publishes details on its zero-retention architecture, EU-only hosting, and compliance posture, describing ephemeral containers and in-memory processing of requests. This documentation can feed into your DPIA/FRIA and AI Act technical file.
🚀 Start your free 30-day trial at regolo.ai and deploy LLMs with complete privacy by design.
👉 Talk with our Engineers or Start your 30 days free →
- Discord – Share your thoughts
- GitHub Repo – Code of blog articles ready to start
- Follow Us on X @regolo_ai
- Open discussion on our Subreddit Community
Built with ❤️ by the Regolo team. Questions? regolo.ai/contact or chat with us on Discord