Skip to content
Back to all posts

by Ketl

March 19, 2026

12 min read

Swiss Document Management System: Why Hosting Alone Is No Longer Enough

A Swiss document management system is no longer just servers in Geneva or Zurich. If the AI reading your documents runs abroad, your sovereignty is an illusion. The real requirements for 2026.

Swiss Document Management System: Why Hosting Alone Is No Longer Enough

For the past three years, almost every document management system marketed in Switzerland has added the same line to its website: "hosted in Switzerland." It has become a standard sales argument, on a par with "cloud" or "secure." The problem is that this phrase no longer means very much.

Look closely at the technical architecture of these solutions and you find, almost without exception, the same pattern. Documents are indeed stored in Switzerland — but the moment something needs to read them, classify them or extract information from them — in other words, the moment AI enters the picture — the files are sent to a language model hosted in the United States or elsewhere in Europe. For the duration of an API call, your contracts, your client files, your HR records leave Swiss territory, are processed by infrastructure subject to extraterritorial laws, and come back.

This is the grey zone the present article aims to expose. Because for an organisation bound by professional secrecy or by the Swiss Federal Act on Data Protection (FADP/nFADP), the distinction between "hosted in Switzerland" and "sovereign" is no longer a technical detail. It is the line that separates a marketing promise from an actual legal guarantee.

The misunderstanding about what a document management system has become in 2026

For twenty years, a document management system was essentially a digital filing cabinet. Documents were scanned, indexed by hand, sorted into folder trees, and searched with a full-text engine. All the intellectual work — recognising what type of document one was looking at, deciding where it belonged, understanding its content — remained human. The hosting question boiled down to a single point: where are the files stored?

That era is over. Modern document management systems use AI to do precisely what used to be manual work: recognising that a PDF is a lease agreement, extracting the parties, the effective date, the rent amount, classifying it automatically in the right folder, flagging an unusual clause. This is what delivers the 50—80 % time savings that organisations are looking for. It is also what fundamentally changes the question of sovereignty.

Because for AI to do all of this, it has to read the document. Not store a copy of it — analyse its content, line by line. And depending on where that AI runs, the content of your documents physically transits through an infrastructure that is not yours, that is not in Switzerland, and that is not subject to Swiss law.

This is why the relevant question in 2026 is no longer "where is my data stored?" but "where is my data read?". The two answers should be identical. In practice, they rarely are.

The three sovereignty levels of a Swiss document management system

To cut through the marketing fog, here is the framework we use in our migration audits. It allows any solution to be sorted into one of three levels, from the most declarative to the most genuinely sovereign.

Level 1 — Declarative hosting. The vendor displays "hosted in Switzerland" but uses a Swiss cloud region of a US hyperscaler. The servers are physically in Switzerland, but the infrastructure operator falls under the CLOUD Act. If a US federal authority issues a request, the operator is legally obliged to hand over the data, regardless of where it physically sits. A Swiss region changes little of the underlying legal risk.

Level 2 — Sovereign hosting, delegated AI. The vendor uses a Swiss datacentre operated by a Swiss company. That is a real step up. But for the intelligent processing of documents — extraction, classification, semantic search — it calls out to a general-purpose large language model hosted outside Switzerland. Every analysed document makes a round trip abroad. This is currently the most common configuration on the market, including among vendors marketed as "100 % Swiss". Storage is sovereign; processing is not.

Level 3 — Complete sovereignty. Storage, operations and the AI models themselves are all in Switzerland, operated by a Swiss company. No document leaves Swiss territory at any point in its lifecycle. This is technically harder to build — it requires developing and training proprietary models rather than relying on commercially available LLM APIs. But it is the only level that stands up legally when the user is a lawyer bound by Art. 321 of the Swiss Criminal Code, or a compliance officer at a regulated financial institution.

The vast majority of solutions sold today as a "Swiss document management system" sit at level 2. Reaching level 3 is the substantive value Ketl brings. We made the deliberate, against-the-grain choice to develop our own AI models rather than rely solely on LLMs hosted by the major US tech companies.

Why general-purpose LLMs are a poor technical choice, on top of being a sovereignty problem

The subject is rarely addressed honestly, because it is uncomfortable for part of the market. But here is what we observe when deploying a document management system at a law firm or a Treuhand / fiduciary practice.

A general-purpose large language model — the kind you call through an API — is trained on terabytes of text scraped from the public web. It can write a poem, summarise an article, explain an equation. It is also capable of reading a contract. But ask it to process, month after month, tens of thousands of business documents — Vaud commercial lease agreements, Swiss tax filings, ICA-compliant insurance policies, articles of association of Swiss corporations — and three things become apparent.

First, it is wildly over-sized for the task. You are using a model trained to reason about Chinese philosophy to read a VAT payment reminder. This over-capacity has a real energy and financial cost. At scale, the API bill becomes absurd.

Second, it is less accurate than a specialised model on business documents. General-purpose LLMs are more prone to hallucinate on Swiss legal references, confuse concepts from French and Swiss law, and struggle with the French-German-Italian multilingual nature of Swiss documents. On classification tasks, Ketl reaches performance levels above those of general-purpose LLMs. Its results are auditable and its performance quantifiable, which is not the case when relying on a third-party LLM exposed to hallucinations.

Third, it makes you dependent on a foreign vendor whose pricing, usage policies and product roadmap you do not control. When that vendor changes prices or rate limits, your document management system is impacted overnight.

Smaller, specialised models trained on business-specific document corpora deliver better results on the real task. This is not a "less powerful but more sovereign" compromise: it is a technically sounder architecture. Sovereignty, in this specific case, is a welcome side effect of a better engineering choice.

What we see on the ground when the initial choice was wrong

Three years of deploying document management systems for clients leaving another provider have surfaced a few recurring patterns worth sharing.

The first, and most common: the organisation signed up for an internationally established product, installed locally by a trusted integrator. Two years later, after an implementation project that cost the equivalent of an annual salary, users are reluctant to adopt the product. The main reasons are user experience and the impossibility of having the product evolve in their direction. The product is rigid, and the integrator has neither the development capabilities nor the technical authority to meet business needs.

The second: the organisation signed up for a solution "hosted in Switzerland" without asking the AI processing question. Two years later, during a compliance audit, the DPO discovers that documents are sent abroad for analysis: the AI features turn out to depend entirely on a service managed outside Switzerland. The contract is live, migration is expensive, and teams have meanwhile poured tens of thousands of documents into the solution. Exit cost becomes the real issue.

The third: scope grows, the solution does not follow. An SME starts at 50 users and 100,000 documents. Three years later, it is at 200 users and 5 million documents. The external LLM API bill explodes, support degrades because the vendor does not really operate from Switzerland, and the integrations to business tools added along the way were never finished. The initial promise and the operational reality have drifted apart.

These three patterns are not inevitable. They almost always stem from an initial choice made on incomplete criteria — and notably from the absence of any question about the sovereignty of processing, not just of storage.

The questions to ask before signing

Here are the concrete questions our prospects ask us — and that we believe you should put to any document management system vendor marketing itself as Swiss. If even one of them is left without a clear written answer, that is itself a signal.

On physical hosting. In which datacentre, exactly, is the data stored? Which company operates that datacentre, and is it domiciled in Switzerland? Are backups also in Switzerland?

On processing. When the AI reads my documents to classify them or extract information, where does that AI physically run? Is this a call to a third-party service? If so, which one, and where?

On retention. When my data is sent to an AI, is any trace retained? Can that data be used for purposes other than the service I have subscribed to?

On the company. Is the document management system vendor a Swiss company, or the Swiss subsidiary of a foreign group? Who owns the capital? Are technical decisions taken in Switzerland?

On compliance. Can you provide a written data-flow map, in line with what the FADP requires from the data controller? Is that map auditable by a third party?

On reversibility. In the event of contract termination, in what format will my documents be returned, within what timeframe, and at what cost? Is reversibility contractually guaranteed or left to the vendor's goodwill?

The written answers to these questions tell you more about a solution's real sovereignty than any sales brochure.

When is a sovereign Swiss document management system essential, and when is it merely a comfort?

To be honest: not every organisation needs level 3. For a small business handling mostly supplier invoices and routine administrative correspondence, a level 2 — or even level 1 — document management system may well be enough, provided the choice is made with eyes open.

By contrast, the moment an organisation falls into one of the following categories, full sovereignty stops being a comfort and becomes an imperative:

Professions bound by criminal-law professional secrecy — lawyers, notaries, doctors, private bankers — for whom confidentiality is not a commercial option but a statutory obligation, breaches of which are punishable under the Swiss Criminal Code.

Organisations handling particularly sensitive data within the meaning of the FADP — health, political or religious opinions, genetic data, social welfare records — where any uncontrolled transfer becomes a tangible legal risk.

Players regulated by FINMA, which must be able to document precisely where their data sits, who accesses it, and under which rules, in line with the circulars on outsourcing.

Organisations holding intellectual property or strategic know-how — biotech, medtech, precision engineering, research — where the leak of an R&D document to a foreign jurisdiction means a loss of competitive advantage.

For these organisations, the economic case for a level 1 or 2 solution does not hold up against a single incident. Part of the purpose of an article like this one is to make visible a risk that is invisible until it materialises.

The Swiss document management system market in 2026: where to look for what

To close on something concrete, here is how the Swiss document management system market is currently structured — without naming brands, but with enough detail to guide your research.

There are, first, the historical Swiss document management system providers, often emerging from the ERP and accounting world, deeply integrated with Swiss business software. They typically sit at level 1 or 2 on the sovereignty grid. Their strength is integration and local anchoring; their weakness is the modernity of their AI engine, which frequently relies on third-party service calls.

There are, next, the localised European document management system vendors, originally based in France, Germany or Austria, who have opened a Swiss region. They can reach level 2 when the datacentre is genuinely Swiss, but the vendor itself remains subject to its national law, and AI processing is almost always delegated to an LLM outside Switzerland.

There are the document management modules of the major collaboration platforms — the ones everyone already uses for office productivity. Convenient and well-integrated, but clearly level 1 the moment one takes the sovereignty question seriously.

And there is, finally, a more recent generation of AI-native Swiss document management systems, to which we belong, which has chosen to develop its own AI models to reach level 3. This segment is still small, because the technical barrier to entry is high. But it is the only one that fully meets the requirements of regulated sectors.

What we have built with Ketl, and why

We began building Ketl with a simple intuition: intelligent document solutions already existed, but none of them could be used by a Swiss law firm without legal compromise. Either the solution was powerful and shipped data abroad, or it was sovereign and remained functionally primitive.

We made the harder bet: developing our own artificial intelligence models, smaller than general-purpose LLMs, but trained specifically on the business documents our clients handle — Swiss legal instruments, commercial leases from both French- and German-speaking cantons, tax filings, financial contracts aligned with Swiss law. These models are roughly a thousand times lighter than a general-purpose LLM, which makes them efficient enough to run entirely on our Swiss infrastructure, without any call to third-party services, and precise enough to outperform general-purpose LLMs on the tasks that matter to our clients.

Ketl currently processes more than 26 million documents for over 250 active users across 11 sectors — law firms, fiduciaries, private banks, insurance companies, real estate, wealth management. No document leaves Swiss territory at any point in its lifecycle. This is what we call a level 3 Swiss document management system, and in our view it is the only credible definition of a Swiss document management system in 2026.

To see concretely what this looks like on your own documents, you can request a free demo at ketl.ch/demo. If you would rather discuss your needs first, without any commitment, write to contact@ketl.ch — our Geneva-based experts will be glad to advise.

Article written by the Ketl team. Our offices are located at 15 Avenue de Sécheron, 1202 Geneva, with a presence in Lausanne by appointment. We are a Swiss company, operated from Switzerland, and we intend to remain so.

Join the
Future of Work