Trusted AI – Sovereign AI for Public Authorities, KRITIS & Regulated Organizations

Artificial intelligence is changing the way organizations capture data, process it, and make decisions. But for the public sector, security authorities, and critical infrastructures, one principle takes precedence over all efficiency: trust comes before speed. HybridForms responds with Trusted AI – a concept that combines AI capability with absolute control over data, infrastructure, and decision-making processes.

What is Trusted AI?

Trusted AI describes an AI concept in which every function is explainable, controllable, and fully compliant. No black box, no uncontrolled data flows to external services, no structural dependency on American or Asian platform providers.

In practice, this means: AI models and AI inference are operated entirely within the organization’s own infrastructure – on-premises, in a private cloud, or in a sovereign European hosting environment. Data control remains with the operator. For highly regulated domains such as law enforcement, government agencies, healthcare, and critical infrastructure operators, this is not an option but a fundamental prerequisite: operational and citizen data must never leave the controlled environment at any time.

The Security Model: Secure AI Presets & AI Services Broker

HybridForms implements Trusted AI through two core technical pillars:

HybridForms.AI Secure Presets

Purely administratively managed configuration profiles control which (detailed inference) AI functions are activated in which context. Privacy levels, models, and output filters are defined centrally – and cannot be viewed (and therefore not changed) by individual users or even process designers. Privacy is thus enforced, not expected on a trust basis.

HybridForms.AI Services Broker

The integrated AI Services Broker is the heart of the Trusted AI architecture – an intelligent control center between HybridForms and the AI models in use. This function is highly administrative and accessible only to users with the highest security clearance. It manages routing, logging, access rights, and the selection of permitted endpoints – both internal and external. Administrators thus retain full oversight and control over the entire AI deployment within an application at all times. Crucially: different AI models can be operated in parallel and selected according to context. If the organization switches AI providers or introduces new models, HybridForms continues to run without interruption. No adjustments to forms, processes, or workflows are necessary.

Audit trail & explainability
Every AI-assisted action in mobile form processes and digital workflows is comprehensively documented and traceable. For public authorities and regulated industries, this traceability is an indispensable compliance requirement.

Role-based AI governance
AI access and AI permissions follow the existing role and permission model of HybridForms. Field personnel, back-office clerks, and administrators receive precisely the AI support that corresponds to their function and security level.

On-Premises instead of Hyperscalers – Data Sovereignty as Standard

The major American cloud providers have democratized AI as a service. For organizations operating under GDPR, BSI IT-Grundschutz, NIS2, or sector-specific regulations, however, outsourcing sensitive data to external clouds is often legally impermissible – and always a loss of sovereignty.

»Anyone who does not know and cannot control their AI infrastructure does not know the risks either – and cannot take responsibility for them.« Martin Bene, CTO and Managing Director of icomedias, on the HybridForms Trusted AI principle

HybridForms is designed so that AI models and inference are operated entirely on dedicated servers, in dedicated data centers, or in sovereign European cloud environments. No data leaves the organization in an uncontrolled manner.

Target Groups: Who Benefits from Trusted HybridForms.AI

Trusted AI in HybridForms is aimed at organizations where data breaches or uncontrolled AI use would have existential consequences:

  • Public sector & government agencies: Administrations, ministries, and public offices operate under strict data protection law and statutory accountability requirements. Trusted AI enables AI support in mobile form processes, applications, and procedures – without risk to citizen data.

  • Law enforcement & security authorities: Operational documentation, investigation data, situation reports, and online criminal complaints are highly confidential and subject to the strictest data protection and security requirements. AI-assisted processes may only take place in fully shielded environments – Trusted AI is designed for precisely this purpose.

  • Critical infrastructure (KRITIS): Organizations such as energy suppliers, transport infrastructure operators, and healthcare facilities are subject to the highest requirements for resilience and data protection. AI must be fail-safe and fully operable locally.

  • Large enterprises & regulated industries: Large corporations in pharmaceuticals, finance, and industry face comparable requirements: IP protection, regulatory compliance, and control over proprietary data are non-negotiable.

Assistive AI Functions in Practice: Mobile Forms & Workflows

Trusted AI in HybridForms is not an autonomous system – it is an assistive tool that provides targeted support to specialists without replacing their oversight and approval responsibilities. AI functions are exclusively requested actively and in direct processing context: the professional user reviews, evaluates, modifies, and approves. Automated exclusions or independent decisions are conceptually excluded.

This concept is designed to meet the requirements for human oversight and control under the EU AI Act: AI acts exclusively in the directly requested processing context by trained personnel – without autonomous decisions, without dynamic suggestion mechanisms, and fully operable on dedicated servers.

In practice, a range of assistive functions are available directly within the form and workflow context, for example:

  • Textual image description: AI automatically describes photos and videos as structured text input – without manual transcription. Ideal for comprehensive documentation in field operations, inspections, or case processing.

  • Image analysis for hazards & damage: AI identifies safety-relevant features in photos and videos – such as cracks in load-bearing structures, hazardous material classes, fire loads, or injury patterns. This reduces overlooked anomalies, accelerates initial assessment, and produces legally sound documentation – in accident reports, infrastructure inspections, and KRITIS site visits.

  • Audio & video transcription: Spoken content is automatically converted to text – based on locally operated language models, without data transmission to external services. Applicable for dictated situation reports or evidence uploaded by citizens via the online police portal.

  • Summarization of documents & media: Extensive documents, reports, and media files are automatically condensed into structured summaries. The result is a proposal – control and approval remain with the responsible case officer.

  • Anomaly & consistency checking: AI detects inconsistencies and anomalies in form data and evidence – such as contradictory statements in case descriptions. This supports quality assurance and review processes without replacing human judgment.

  • Translation support: Foreign-language texts, complaints, and documents are translated on a non-binding basis – as a working aid for back-office case officers. Responsibility for legally relevant translations remains with qualified personnel.

  • Flagging of potentially dangerous content and circumstances: AI detects and marks content and circumstances prior to detailed review by specialists – and presents this content for examination with elevated priority. The primary target use case includes immediate police action requirements.

All functions operate within the security architecture of the AI Services Broker – seamlessly integrated for the user, fully controlled for the administrator, and granularly configurable via Secure AI Presets. The broker layer is administered at the highest level and is not accessible even to tenant administrators.

Compliance by Design: Security, Privacy & EU AI Act

European AI regulation is taking shape. The EU AI Act classifies AI systems in the areas of public safety, critical infrastructure, and law enforcement as high-risk systems with far-reaching requirements for transparency, documentation, and human oversight.

HybridForms Trusted AI is designed from the ground up for these requirements. Audit trail, granular AI governance via the AI Services Broker, and complete local data storage form the technical foundation for demonstrable compliance – not as a retroactive effort, but as an integral part of the product design. Security by Design, Privacy by Design, and Compliance by Design are not marketing promises but architectural principles embedded in every layer of the platform.

Organizations can thus demonstrate: AI systems are under human control, data is not processed in an uncontrolled manner, and decision-making processes in mobile form processes as well as back-office workflows are fully documented.

Supported Regulatory Frameworks (specific to implementation):

  • EU AI Act
  • GDPR Art. 25 (Privacy by Design)
  • NIS2 Directive
  • BSI IT-Grundschutz
  • ISO/IEC 27001
  • Sector-specific requirements: KRITIS, police law, healthcare

Made for Europe: Digital Sovereignty

Digital sovereignty is no longer an ideological position – it is a strategic necessity. Organizations that have made critical infrastructure and processes dependent on a few global providers are increasingly experiencing the fragility of this dependency: geopolitical shifts, data scandals, or changed terms of service by major platforms.

HybridForms implements digital sovereignty technically and architecturally – equally in mobile form processes, in complex review and approval workflows, and in the AI layer. Those who wish to deploy AI without relinquishing control over their own data will find in HybridForms a platform that consistently delivers on this promise.

Made for Europe is a design decision: for European data protection law, European transparency and accountability standards, and European technical norms. In a world where AI is becoming part of critical infrastructure, trust matters more than any question about the range of features.