SOVEREIGNTY
Disclosure: Ownership, Models, Infrastructure
This page is a verifiable, legally substantive disclosure of feld.ai's ownership structure, model architecture, and infrastructure. It is intended for compliance teams, data protection officers, and anyone who wants to base sovereignty claims on facts, not trust.
1. Ownership & Jurisdiction
feld.ai GmbH, registered with the Regional Court of Feldkirch under FN 585408 w. Registered office: Kirchweg 7b, 6800 Feldkirch, Austria.
Managing Director: Martin Nigsch, sole signatory authority.
Ownership structure: Martin Nigsch holds 90% of shares. JARVA AG (Liechtenstein) holds 10% as a minority shareholder. JARVA AG is a Liechtenstein-based business angel with no operational control and no US connection.
There is no US parent company, no US ownership, and no US investor with board control. The company is subject exclusively to Austrian and European law. The CLOUD Act (18 U.S.C. § 2713), FISA Section 702, and Executive Order 12333 do not apply to feld.ai.
Why this matters: The European Court of Justice ruled in Schrems II (Case C-311/18, July 2020) that US law does not provide an adequate level of protection for the personal data of European citizens. Whether a provider is EU-sovereign depends not on where servers are located, but on the jurisdiction of the legal entity. feld.ai is an Austrian GmbH — a European legal entity under European law.
2. Model Architecture — Three Tiers
feld.ai operates a three-tier model architecture. All models run air-gapped on own GPU servers in Feldkirch. No model sends data externally. Zero API calls to OpenAI, Anthropic, Google Vertex, Azure OpenAI, or any other US service.
Tier 1: Large Open-Weights Models
For general document understanding, chat, and reasoning. Downloaded and run locally — no external API calls. Model families under evaluation: DeepSeek, GLM, Qwen, Llama, Mistral, Kimi, Gemma, Phi. feld.ai evaluates continuously and deploys what works best per use case. Customer preferences are respected where possible.
Tier 2: Proprietary Small Models
Built from the ground up by the feld.ai team. Particularly graph-based models for Excel parsing: table detection, layout understanding, cell classification, table classification, entity allocation, and mapping to ontologies. Designed for convergent solutions as close as possible to 100% precision with high inference efficiency.
Tier 3: Fine-Tuned & Re-Implemented Specialist Models
Fine-tuned small models for specific document types. Re-implementations of cutting-edge academic work in document AI. Optimized for high precision, high throughput, and production use.
Transparency: Open-weights models are published by global communities and companies. feld.ai does not write every line of model code itself. What feld.ai controls: the data flow. No model phones home. No model sends telemetry. No model has internet access. Weights are downloaded, reviewed, and operated in an isolated environment.
3. Infrastructure
feld.ai operates its own GPU servers in Feldkirch, Vorarlberg, Austria. Own hardware, own premises. No colocation with a third-party provider, no cloud provider, no hyperscaler.
No AWS, Azure, GCP
Not a single workload runs on US cloud infrastructure. Neither inference nor training, neither storage nor logging.
Air-Gapped Inference
The model layer has no internet access. Documents are processed without a single byte leaving the server toward the internet.
Deployment Options
feld.ai Cloud (Feldkirch), managed hosting in a data center of your choice, or full on-premises installation on your own infrastructure.
Subprocessors in the document path: None. In the entire document processing path — ingestion, classification, extraction, validation, correction — there is no subprocessor. All processing steps run on own infrastructure.
Only US subprocessor: Resend Inc. (USA) is used exclusively for sending newsletter emails. Resend has no access to documents, extraction results, customer data, or the processing platform. A data processing agreement is in place.
On-premises reference: Kendox runs the feld.ai platform as a fully independent instance, hosted at the data center provider of their choice.
4. Security & Auditability
feld.ai is in the process of obtaining ISO 27001 certification. The Information Security Management System (ISMS) is being built.
Encryption
TLS 1.3 for data in transit, AES-256 for data at rest.
Access Controls
Least-privilege principle. Every user and every service has only the minimum required permissions.
Audit Logging
Logging of processing activities. Traceability of who accessed which data and when.
Data Isolation
Strict tenant separation. Your data trains exclusively your own model — never another customer's model.
GDPR: feld.ai enters into data processing agreements per Art. 28 GDPR. Technical and organizational measures (TOMs) are documented and provided on request.
EU AI Act: feld.ai monitors the regulatory requirements of the EU AI Act (Regulation (EU) 2024/1689) and is preparing for compliance. Risk classification and transparency obligations are being addressed as part of the ISMS build-out.
5. What Sovereignty Does NOT Mean
Sovereignty is often misunderstood as an absolute term. We disclose what we mean by it — and what we don't:
- Not: autarky in source code. Open-weights models are published by global organizations. feld.ai uses them but runs them exclusively locally, with no data flowing back.
- Not: every framework is European. Software stacks consist of open-source components of global origin. Sovereignty refers to control over data flows and jurisdiction, not the country of origin of every library.
- Not: no hardware from Asia or the US. GPUs are manufactured by Nvidia (US) and AMD (US). Sovereignty means control over operations — not over semiconductor fabrication.
- What sovereignty means at feld.ai: No data flow to non-European jurisdictions. No US legal claims on your data. Full control over inference, training, and data storage — on own hardware, under Austrian law.
This level of transparency is deliberate. As Nicolas Carniaux (former Global CIO, AXA XL Reinsurance) put it: "If a vendor cannot name which models it runs and where inference happens, it doesn't have a sovereignty story — it has a marketing problem."
Frequently Asked Questions
What jurisdiction does feld.ai fall under?
feld.ai GmbH is an Austrian limited liability company, registered with the Regional Court of Feldkirch (FN 585408 w). There is no US parent company and no US investor. The CLOUD Act, FISA 702, and Executive Order 12333 do not apply to feld.ai.
Who owns feld.ai?
Martin Nigsch holds 90% of shares and is the sole managing director. JARVA AG (Liechtenstein) holds 10% as a minority shareholder and business angel. There is no US ownership.
Does feld.ai use OpenAI, Anthropic, or other US AI APIs?
No. All AI models run on own GPU servers in Feldkirch. There are zero API calls to OpenAI, Anthropic, Google Vertex, Azure OpenAI, or any other US service. Neither in document processing nor in ancillary services.
What models does feld.ai use?
Three tiers: (1) Large open-weights models for general document understanding, chat, and reasoning — downloaded and run locally. (2) Proprietary small models built from the ground up by the feld.ai team — particularly graph-based models for table detection and Excel parsing. (3) Fine-tuned and re-implemented specialist models for classification and extraction. All three tiers run air-gapped on own servers.
Where are the servers located?
In Feldkirch, Vorarlberg, Austria. Own hardware, own premises. No colocation, no cloud provider, no hyperscaler.
Are there any US subprocessors?
In the document processing path, there is not a single US subprocessor. The only US sub-processor is Resend Inc. for sending newsletter emails. Resend has no access to documents, extraction results, or customer data.
Is feld.ai ISO 27001 certified?
ISO 27001 certification is in progress. The ISMS is being built. Data is encrypted with TLS 1.3 in transit and AES-256 at rest. Least-privilege access controls and audit logging of processing activities are implemented.
Does feld.ai train on my data?
If you use the human-in-the-loop correction feature, your corrections improve exclusively your own tenant-specific model. No other customer benefits from your data, and your data never flows into a shared model.
What does sovereignty NOT mean at feld.ai?
Sovereignty does not mean every line of code was written by feld.ai. Open-weights models are published by global communities. feld.ai selects these models carefully but runs them exclusively locally — no model phones home. Sovereignty means control over data flow and jurisdiction, not autarky in source code.
Are there customer deployments with a fully independent instance?
Yes. Kendox runs the feld.ai platform as a fully independent instance, hosted at the data center provider of their choice. Additional on-premises installations are available on request.