# AI in Business: What We Take Away from the FER Geneva Evening - Publication : 06/03/2026 - Temps de lecture : 7 min de lecture - Auteur : Guillaume We were fortunate to participate in an evening organized by **FER Geneva** (Federation of Romande Enterprises) in collaboration with **The Good Token Society**, around a theme that directly affects us: *AI in the workplace — understanding, deciding, framing*. Two panels, a well-filled room, speakers from the technical, legal, and institutional worlds. Here are the key takeaways. ## The data: where it goes, what it becomes This is the essential starting point. When an employee asks a question to an AI tool, their data goes to a data center — often abroad — to be processed, and returns in the form of an answer. Simple in appearance. But the real questions lie elsewhere: - Under what jurisdiction is this data center located? - Is the data retained, reused, used to train the model? - Who has access to it, and under what legal conditions? A point often overlooked: even if your data is *physically* hosted in Switzerland by an American provider, it remains subject to American law — and potentially accessible to US authorities. Geography is not enough. The essential distinction to make before choosing a tool: **does the provider reuse my data to train its general model?** If so, you lose all control. The answer should systematically be no — and be contractually guaranteed. ## Proprietary models vs open source: a false hierarchy For a long time, proprietary models (OpenAI, Anthropic, Google…) were believed to be incomparably superior to open-source models. This gap is closing very quickly. Open-source models — whether from Mistral in Europe or Asian labs — now achieve comparable performance in many use cases. The advantage of open source: you can host it yourself, at Infomaniak or on your own infrastructure. **The model and the data do not leave your perimeter.** Regarding Chinese models (DeepSeek, etc.): if they are hosted in your infrastructure in Switzerland, there is no data flow to China. However, political biases may exist on certain sensitive issues. In a standard business context, the difference is often marginal — and blind tests can objectively verify this. Last practical point often forgotten: **you don’t always need a large model.** For visual recognition, recommendation systems, or targeted prediction, smaller models that can be deployed locally do the job very well — without sending any data outside. ## Governance: who decides what in the company? This is the topic that generates the most friction in practice. Without a clear framework, employees find their own solutions — and sensitive data ends up in uncontrolled tools. *Shadow AI* is already a reality in many companies. Some principles that emerged from the discussions: - **Designate a reference person** on AI, even in a small structure. People need a contact person, not a prohibition. - **Offer a safe alternative** rather than prohibiting. If employees have an internal tool as convenient as ChatGPT, they will use it. - **Train before regulating.** Raising awareness of risks (what happens when you paste text into an interface, what happens to the data) is more effective than a memo. - **Adapt according to departments.** The needs, risks, and data handled are not the same between an HR, finance, or R&D department. A single, rigid policy does not work. Building a corporate AI policy must be **collaborative**: starting from the ground, identifying real uses, perceived risks, and drafting actionable rules — not a document that no one reads. ## The legal framework: under construction, but not nonexistent In Switzerland, there is currently no specific law on AI. The Confederation has signed the framework convention of the Council of Europe (human rights, democracy, rule of law), but remains at very general principles. Legislative adjustments are being considered — Code of Obligations, product liability law — without an overall framework. What already exists and applies: - The **LPD** (data protection law) imposes a legal basis for any processing of personal data. Sensitive data requires explicit consent. - The **trade secret** ceases to exist as soon as it is disclosed — even to a trusted provider. Including it in a provider's confidentiality sphere requires a specific agreement, not just general terms. - The **general terms** of LLMs deserve to be read. What they contain can be surprising — and binds the company. Regarding the European regulation on AI: it can apply to Swiss companies as long as they have an effect on the European market. A Swiss SME can, unknowingly, take on the role of "deploying entity" under the European regulation — with the obligations that come with it. The message from the present lawyers was clear: **act before, not after.** Once the data is out of your perimeter, you have few levers left — contractual or legal. ## Cybersecurity: AI industrializes existing threats Scams and intrusion attempts are not new. What is changing is their **scale and quality**. A phishing email written by an AI no longer has the characteristic spelling mistakes that once alerted. A synthesized voice from a few seconds of recording can convincingly imitate a director. Best practices to implement: - Pay attention to metadata (real sender, sending domain) more than to content - Establish verification processes for sensitive requests (transfers, access) - Follow alerts from the **National Cybersecurity Center (NCSC)**, which regularly publishes trends in incidents in Switzerland What was once the concern of large targeted companies is gradually becoming accessible to any malicious actor — and affects organizations of all sizes. ## What we take away AI is neither a threat nor a miracle solution. It is a powerful tool that, like any tool, needs to be chosen, configured, and framed carefully. The companies that do well are not those with the biggest budgets — they are those that ask the right questions from the start. Thank you to FER Geneva and The Good Token Society for the organization, and to the speakers for the quality of the discussions. ![AI in Business: What We Take Away from the FER Geneva Evening](https://www.mermio.ch/storage/50/conversions/01KK1V37HNYNPYCFCD434DC5PK-square.webp) [Contact us](https://www.mermio.ch/en/contact)