Quebec Law 25 and AI: Why On-Premise LLMs Win

Orientation, not legal advice. This article explains the strategy behind on-premise AI and how it lines up with Law 25’s intent. It is not a legal opinion. Confirm anything specific to your firm with your own counsel or with the Commission d’accès à l’information (CAI).

Every time you paste a client file into a cloud model, you are exporting it. Usually to American servers, under American law, subject to directives that can change between lunch and dinner. Quebec’s Law 25 already asks you to know where personal information goes and who can touch it. An on-premise LLM gives the only fully honest answer to that question: it goes nowhere, and only you can touch it.

That is not a sales pitch. It is just where the logic lands once you take both the law and the technology seriously. Below is the case, laid out plainly, including the parts that cut against convenience.

Key takeaways

• A prompt containing personal information is a data transfer. If it leaves your walls, Law 25’s questions about where it goes and who can access it are now your questions to answer.
• “The vendor says it’s secure” is not the same as “it never left.” Encryption and good intentions don’t change which legal jurisdiction can compel the data.
• On-premise and local models collapse the transfer risk to near-zero: no third party, data residency by construction, full auditability. That’s the cleanest Law 25 posture available.
• Control comes with responsibility. Run it yourself and you now own patching, access control, and security. There is no free lunch, only a different lunch.
• Cloud AI isn’t forbidden. It’s a decision you should be able to defend on paper.

Law 25, in plain language (and in scope)

Quebec’s Law 25 (formerly Bill 64) modernized the province’s private-sector privacy regime, and it leans hard on a few ideas that matter the moment you introduce AI into a workflow.

First, accountability. Your organization is responsible for the personal information it holds, including when you hand that information to a service provider to process on your behalf. Outsourcing the work does not outsource the responsibility.

Second, communication outside Quebec. When personal information is transferred outside the province, Law 25 expects you to assess that transfer, including the legal framework that applies wherever the data lands. The point isn’t that transfers are banned. The point is that you are supposed to know and to have weighed the exposure.

Third, transparency and governance. People are entitled to understand how their information is used, and your organization is expected to have policies, a privacy officer, and a paper trail showing you thought about this before something went wrong, not after.

The teeth are real. Under Law 25 and the CAI, non-compliance can draw administrative monetary penalties and penal fines that scale into the millions, or to a percentage of worldwide turnover, depending on the breach and the entity. We’re keeping the figures general on purpose, because the exact exposure depends on the facts and on provisions you should read with counsel, not from a blog. The honest summary: this is no longer a wrist-slap regime, and “we didn’t realize the tool was sending data abroad” is a weak place to be standing.

The hidden export: your prompt is a data transfer

Here is the part that most workflows quietly skip over. A prompt is data. A prompt containing a client’s name, a patient’s history, a contract, a financial statement, or a case file is personal information in motion. When that prompt goes to a cloud model, it has left your premises and, in most cases, the country.

So the question Law 25 wants you to answer becomes very concrete. Where did it land? Who, in that jurisdiction, can lawfully compel the provider to produce it?

That second question has a sharper edge than many people assume. The U.S. CLOUD Act of 2018 allows U.S. authorities, with appropriate legal process, to compel a U.S.-based provider to hand over data in its custody or control, even when that data physically sits in a Canadian data centre. Read that twice. The server can be in Montreal or Beauharnois, and a U.S. provider can still be the entity legally on the hook to produce it. Physical location is not the same thing as legal control.

This is why “our vendor encrypts everything” and “our vendor is SOC 2 certified” are reassuring but beside the point. Those statements speak to security. They do not change who can be ordered to produce the data, or under whose law. A transfer that you cannot fully see, audit, or reverse is still a transfer you are accountable for.

June 12 made the abstract concrete

If the governance risk ever felt theoretical, mid-June 2026 supplied a worked example. As reported, on June 12 the U.S. government required Anthropic to disable its Claude Fable 5 and Mythos 5 models for foreign nationals. We’re stating that as reported, as of mid-June 2026, and leaving the editorializing to others.

What matters for a Quebec business isn’t the politics. It’s the shape of the risk. A capability your team relies on can change, or disappear, by directive, overnight, for reasons that have nothing to do with you and nothing you can negotiate. That is a continuity and governance problem as much as a privacy one. If a core part of your workflow can be switched off by a foreign government’s instruction to a foreign vendor, you don’t actually control that workflow. You’re renting it, on terms that can be rewritten between lunch and dinner.

Law 25 pushes you to understand the framework your data lives under. June 12 is a reminder that the framework is not a static document. It moves.

Why on-premise is the cleanest answer

Run the model on hardware you own, inside your own network, and most of the hard questions stop being questions.

• No transfer. The prompt and the documents never leave your premises. There is no cross-border communication to assess because there is no cross-border communication.
• No third-party access. No vendor holds your data, so no vendor can be compelled to produce it. There is nobody in the chain to subpoena except you.
• Data residency by construction. Residency isn’t a clause you negotiated and hope holds. It’s a physical fact about a box in your office.
• Full auditability. You can log every query, every access, every model version, because it all happens on infrastructure you administer. That paper trail is exactly the kind of evidence an accountability regime rewards.

Now the honest caveats, because pretending they don’t exist would be its own kind of dishonesty. When you bring the model in-house, you also bring in-house the patching, the access control, the backups, the physical security, and the basic discipline of running infrastructure properly. The risk doesn’t vanish, it changes hands, from “a foreign jurisdiction might compel my vendor” to “I am responsible for securing this.” For most regulated Quebec firms that is a far better trade, because it’s a risk you can actually see, manage, and govern. But it is a real responsibility, and anyone who tells you on-premise is effortless is selling, not advising.

What this looks like for a Quebec firm

You don’t need a research lab. You need a deployment shape that matches your data’s sensitivity. For a law office, an accounting practice, a clinic, a notary, or an agency, three shapes cover almost everything.

A capable workstation. A single well-specified machine with a good GPU can run strong open models for a small team. Good fit for drafting, summarizing, and research where the material is sensitive but the volume is modest.

An on-prem server. One shared box on your network serves the whole office, with proper user access controls and logging. This is the sweet spot for most professional firms: central, governable, and out of the cloud.

Air-gapped. For the most sensitive matters, a machine with no internet connection at all. Nothing in, nothing out. The data physically cannot leave. Slower to update and use, but absolute on residency.

The models themselves have caught up to the point that this is genuinely practical. Open-weight families like Qwen, Mistral, Gemma, DeepSeek, and gpt-oss deliver serious capability you can run locally, and we owe those projects credit for making sovereign AI viable for ordinary businesses rather than only hyperscalers. Served through tooling like Ollama or vLLM, and paired with a private RAG setup over your own documents, you get a system that reasons over your contracts, files, and knowledge base without any of it ever touching someone else’s server. We walk through the build in how to replace cloud AI with a local LLM, and the full stack in own your compute: the self-sovereign local AI stack.

Cloud isn’t forbidden. It’s a decision.

None of this means you can never use a cloud model. It means cloud use should be a deliberate, documented choice rather than a default nobody examined.

There are legitimate cases. Non-sensitive work with no personal information in the prompt. A vetted provider with contractual terms and a transfer assessment you’ve actually done. Tasks where the data has been properly de-identified before it ever leaves. The deciding move is to document the choice: what data is involved, why this provider, what jurisdiction applies, what your assessment concluded. That record is what turns “we used a cloud tool” into “we made a defensible decision,” which is the difference Law 25 cares about. We lay out the trade-offs in detail in local AI vs cloud AI.

The sovereignty throughline

If you’ve spent time around Bitcoin, this logic is already in your bones. Not your keys, not your coins. Run your own node, verify, don’t trust. The reason is always the same: keep the final say in-house, so no third party stands between you and the thing you depend on.

AI is the next layer of the same idea. Your firm’s knowledge, your clients’ information, your ability to keep working tomorrow, none of it should sit at the mercy of a vendor’s terms or a foreign directive. On-premise AI is simply self-custody for your data and your capability. One more layer brought back under your own roof. That’s the whole argument behind sovereign AI in Canada and the broader sovereignty work we do.

Frequently asked questions

Does using ChatGPT or Claude with client data break Law 25?

Not automatically, but it puts you squarely in scope. Sending personal information to a cloud model is a transfer, often outside Quebec, and Law 25 expects you to have assessed that transfer and the foreign legal framework it falls under. Doing it without that assessment, or without informing and protecting the people involved, is where firms get exposed. This is orientation, not legal advice; confirm your specific situation with counsel or the CAI.

Does a Canadian data centre solve it?

It helps with residency, but it doesn’t close the question. Under the U.S. CLOUD Act of 2018, a U.S.-based provider can be legally compelled to produce data in its control even when that data physically sits in a Canadian facility. Physical location and legal control are two different things, and Law 25 is concerned with both.

Is on-premise AI Law 25 compliant?

On-premise AI removes the cross-border transfer and third-party-access problems by design, which makes it the cleanest posture available. But “compliant” is a status your whole organization earns, not a property of a single tool. You still need proper access controls, logging, security, and governance around the system. On-premise makes compliance far more achievable; it doesn’t grant it automatically.

What does on-premise AI cost a small firm?

Less than most people expect. A capable single workstation suitable for a small team is a one-time hardware purchase in the range of a good office computer, not an enterprise data centre. A shared on-prem server for a whole office costs more but replaces recurring per-seat cloud fees. The real return is what you stop paying for: transfer risk, vendor lock-in, and the chance of a capability disappearing by directive. We scope the right shape per firm in our consulting engagements.

Bring it in-house, properly

If your firm handles personal information and you want AI without the cross-border exposure, the cleanest path is to do on-premise right the first time. Our AI Sovereignty Consulting service is built for exactly this: regulated Quebec organizations that need capable local AI deployed with the access controls, auditability, and governance the law rewards. We handle the architecture so you keep the data, the control, and the paper trail.

Prefer to build it yourself? Start with our guide to replacing cloud AI with a local LLM, or browse the turnkey Sovereign AI boxes we ship ready to run. Either way, the data stays where it belongs: with you.