"We need to self-host for data sovereignty" is the most common AI infrastructure assertion in DACH boardrooms. It is also the most frequently incorrect.
Data sovereignty is a legitimate requirement. Self-hosting is one way to achieve it — but not the only way, and often not the best way. The decision deserves a framework, not a reflex.
The decision tree
Three questions determine whether self-hosting is necessary.
Question 1: Does your data actually need to stay on-premise?
Most companies conflate "data should not go to the US" with "data must stay on our servers." These are different requirements with different solutions.
DSGVO requires that personal data processed by third parties is protected by adequate safeguards. For EU-hosted API endpoints — Azure West Europe, AWS Frankfurt, Google Cloud Belgium — standard data processing agreements satisfy this requirement. The EU AI Act requires documented data governance; it does not mandate on-premise processing.
Self-hosting is genuinely necessary when your industry regulator explicitly requires on-premise data processing (rare in DACH, but exists in specific defence and critical infrastructure sectors), when your data classification policy — not just preference — prohibits any third-party processing, or when you process data subject to specific national security classifications.
For the vast majority of DACH Mittelstand companies, EU-hosted APIs satisfy data sovereignty requirements at a fraction of the self-hosting cost.
Question 2: Can you afford the operational reality?
Self-hosting is not a one-time hardware purchase. It is an ongoing operational commitment.
According to the DevTk.AI 2026 cost analysis, a fully self-hosted LLM operation — covering infrastructure provisioning, monitoring, model updates, security patching, and incident response — requires 1.5 to 2 dedicated ML engineers. In the DACH job market, ML infrastructure engineers command $120,000 to $180,000 annually — and positions take three to six months to fill.
The infrastructure itself requires GPU hardware or cloud GPU reservations ($2,500 to $5,000 monthly for a minimal production setup), networking and storage ($500 to $1,000 monthly), monitoring and alerting systems, security patching and compliance documentation, and model update cycles every six to eight weeks.
The Braincuber 2026 analysis puts the total cost of ownership at 2.5 to 3x the raw GPU cost. A setup that looks like $3,000 per month in compute actually costs $7,500 to $9,000 monthly when you account for everything.
Question 3: Does the volume justify the fixed cost?
Self-hosting has high fixed costs and low marginal costs. APIs have low fixed costs and linear marginal costs. The break-even depends on volume.
Below 50 million tokens per day — which covers most Mittelstand use cases — API-based deployment is cheaper even after accounting for the data sovereignty premium of EU-hosted endpoints.
Above 200 million tokens per day, self-hosting typically saves 50 to 70 percent on inference costs, justifying the operational overhead.
In between, the decision depends on team capability, growth trajectory, and how many use cases you plan to run through the infrastructure.
The middle path: managed private deployment
Between full self-hosting and public APIs, a middle option has matured significantly in 2025 and 2026: managed private deployments.
Providers like Azure AI's private endpoints, AWS Bedrock's VPC configurations, and specialised European inference providers offer models running on dedicated infrastructure in EU data centres, with data isolation guarantees, without the operational burden of managing the infrastructure yourself.
You pay a premium over shared API pricing — typically 30 to 50 percent more — but eliminate the ML engineering, hardware management, and operational overhead. For DACH companies whose primary requirement is data isolation rather than full infrastructure control, this is often the optimal architecture.
The recommendation framework
If your primary driver is DSGVO compliance: EU-hosted APIs with standard DPAs are sufficient for most use cases. Self-hosting adds cost without adding compliance benefit.
If your primary driver is industry regulation: Check the specific regulatory text. Most DACH industry regulations require data protection, not on-premise processing. Where on-premise is genuinely required, managed private deployments often satisfy the requirement.
If your primary driver is cost optimisation at scale: Self-hosting makes sense above the volume break-even — but only if you have or can hire the ML engineering team to operate it. Without operational capability, the savings evaporate in incident response and downtime.
If your primary driver is latency: Small models (3B to 7B parameters) self-hosted on a single GPU deliver sub-100ms inference — unachievable through APIs. For real-time production applications, this may be the deciding factor regardless of cost.
Book a fit call to evaluate your self-hosting decision. We assess your regulatory requirements, data sensitivity, volume projections, and team capability — then recommend the deployment architecture that satisfies your constraints without overbuilding. Book your fit call →
References: DevTk.AI, "Self-Host LLM vs API: Real Cost Breakdown 2026"; Braincuber, "Self-Hosted LLM vs API: Breakeven Cost & GPU Math," 2026; Effloow, "Self-Hosting LLMs vs Cloud APIs: Cost, Performance & Privacy Compared," 2026; GDPR Art. 28 (processor obligations); EU AI Act Art. 10–15 (data governance requirements).