Short answer: European insurance companies can deploy AI in mobile apps fully GDPR-compliant by running inference on-device — data minimization is satisfied structurally because personal data never transmits outside the device. Fixed price, 4–6 weeks, money back.
Your GDPR officer rejected the AI claims triage feature because the inference API sends policyholder data to a US-based LLM provider. Your claims team is still triaging manually.
Every day of manual triage is a day your claims team spends on work a model could handle in seconds. The compliance block is real, but it's solvable with the right architecture - one your GDPR officer can sign off on because the data never leaves the EU or the device.
What decisions determine whether this project ships in 6 weeks or 18 months?
Four decisions determine whether this project ships in 6 weeks or circles through legal review for a year.
AI task scoping. Claims photo damage assessment, policy document summarization, and first-notice-of-loss triage have different model requirements. A multimodal model that assesses photo damage is a different build from a text model that summarizes policy documents. Building for all three in one sprint produces none of them well. Starting with the task that handles your highest claim volume - and delivers the clearest time saving to your claims team - means you have a result that justifies the next sprint.
On-device vs on-premise. If the policyholder's device runs the model, there is no data transfer at all. Your GDPR officer's objection evaporates structurally. If your EU-based servers run the model, there is no third-country transfer, but you retain a data controller obligation and need a DPA with whoever operates the infrastructure. The compliance path for on-device is shorter. The performance ceiling for on-device is lower. Your DPO and your engineering team both need to be in the room when this decision is made.
Special category data. Health and disability claims involve Article 9 data. The lawful basis for processing that data with AI is a separate legal question from standard claims data. "Legitimate interest" won't cover it. Your legal team needs to confirm the processing basis - medical diagnosis, social security, or vital interests - before any AI feature touches health claims data.
Model update cadence. An on-device model is a software artifact that needs to be updated when your claims policy changes or when the model's performance degrades on new input distributions. The mechanism for pushing model updates to policyholder devices has to be designed before you ship the first version, not figured out when you need to push the first update.
Most teams spend 4-6 months discovering these decisions by building the wrong version first. A team that has shipped this before compresses that to 1 week.
On-Device AI vs. Cloud AI: What's the Real Difference?
| Factor | On-Device AI | Cloud AI |
|---|---|---|
| Data transmission | None — data never leaves the device | All inputs sent to external server |
| Compliance | No BAA/DPA required for inference step | Requires BAA (HIPAA) or DPA (GDPR) |
| Latency | Under 100ms on Neural Engine | 300ms–2s (network + server queue) |
| Cost at scale | Fixed — one-time integration | Variable — $0.001–$0.01 per query |
| Offline capability | Full functionality, no connectivity needed | Requires active internet connection |
| Model size | 1B–7B parameters (quantized) | Unlimited (GPT-4, Claude 3, etc.) |
| Data sovereignty | Device-local, no cross-border transfer | Depends on server region and DPA chain |
The right choice depends on your compliance constraints, query volume, and task complexity. Wednesday scopes this in the first week — before any code is written.
Why is Wednesday the right team for on-device AI?
We built Off Grid because we hit every one of these problems in production. Off Grid is the fastest-growing on-device AI application in the world, with 50,000+ users running it today.
It's open source, with 1,650+ stars on GitHub and contributors from across the world. It has been cited in peer-reviewed clinical research on offline mobile edge AI.
Every decision named above - model choice, platform, server boundary, compliance posture - we have made before, at scale, for real deployments.
How long does the integration take, and what does it cost?
The engagement is four sprints. Each sprint is fixed-price. Each sprint has a named deliverable your team can put on a roadmap.
Discovery (Week 1, $5K): We resolve the four decisions - model, platform, server boundary, compliance posture. Deliverable: a 1-page architecture doc your CTO can take to the board and your Privacy Officer can take to Legal.
Integration (Weeks 2-3, $5K-$10K): We ship the on-device model into your app behind a feature flag. Deliverable: a working build your QA team can test against real workflows.
Optimization (Weeks 4-5, $5K-$10K): We hit the performance and compliance targets from the discovery doc. Deliverable: benchmarks signed off by your team.
Production hardening (Week 6, $5K): Edge cases, OS version coverage, app store and compliance review readiness. Deliverable: shippable build.
4-6 weeks total. $20K-$30K total.
Money back if we don't hit the benchmarks. We have not had to refund.
"Wednesday Solutions' team is very methodical in their approach. They have a unique style of working. They score very well in terms of the scalability, stability, and security of what they build." - Sachin Gaikwad, Founder & CEO, Buildd
Is on-device AI right for your organization?
Worth 30 minutes? We'll walk you through what your version of the four decisions looks like, what a realistic scope and timeline would be for your app, and what your compliance posture and on-device target mean in practice.
You'll leave with enough to run a planning meeting next week. No pitch deck.
If we're not the right team, we'll tell you who is.
Book a call with the Wednesday team
Frequently Asked Questions
Q: How does on-device AI satisfy GDPR data minimization for insurance apps?
GDPR Article 5(1)(c) requires that personal data be limited to what is necessary. An on-device model that processes data locally and produces an inference without transmitting the input satisfies minimization structurally — no personal data reaches any third-party processor.
Q: Does running AI on a European cloud server satisfy GDPR, or is on-device required?
EU-hosted cloud AI satisfies the cross-border transfer requirement but still requires a DPA with the provider. On-device eliminates the DPA requirement for the inference step entirely. For DPOs who have already rejected cloud AI configurations, on-device is typically the faster path to sign-off.
Q: How long does GDPR-compliant on-device AI take for a insurance app?
4–6 weeks. Week 1 resolves: data minimization architecture, model provenance, cross-border transfer elimination, and customer disclosure language. Disclosure drafting runs in parallel with the technical build — legal review doesn't become the long pole.
Q: What does GDPR-compliant on-device AI cost?
$20K–$30K across four fixed-price sprints, money back if benchmarks aren't met.
Q: What model provenance documentation do DPOs require for on-device AI?
DPOs ask whether the model was trained on personal data subject to GDPR. Open-source models with published data cards (Mistral, Gemma, Phi, LLaMA) are defensible. Closed commercial models with opaque training data require a much longer legal analysis. Wednesday defaults to open-source with published training documentation for all GDPR deployments.
Top comments (0)