Generative AI is already embedded in business processes. Claude drafts documents, analyzes data, supports customer service, and accelerates development. Its usefulness is no longer in question.
The real question is about data and compliance. And this is where most companies get it wrong.
“Certified” doesn’t mean “compliant”
Anthropic offers a platform with serious credentials: international information-security certifications — including one, still rare among providers, dedicated specifically to AI systems — and data encrypted both at rest and in transit. And a crucial point: on enterprise plans, customer data isn’t used to train the models.
A solid foundation. But it remains just that — a foundation. It covers the platform, not the way you use it. The principle of shared responsibility applies: the provider secures the infrastructure, but the company using Claude remains responsible for access, internal rules, and the data that gets entered into the tool.
A concrete example: connecting Claude to your email and documents
Today you can connect Claude directly to your work tools: email, shared documents, company chat. The connection is read-only — Claude can consult and search, but it can’t send emails or modify files. And it sees exactly what the connected user sees: no more, no less.
It seems simple, and technically it is. But before enabling the connection, you need to answer a few questions: which people or groups to authorize, and for which services; what categories of data pass through those mailboxes and documents, including any sensitive information; and how to handle the fact that the data being queried — while remaining stored in your own systems — travels to the provider’s infrastructure to be processed. From the standpoint of the data protection law, this last point makes the provider a data processor: it requires an appropriate contract and an update to your records of processing activities.
Setting up the connection takes a couple of hours.
Doing it properly takes a full day’s work and some upfront analysis.
The difference between the two paths is the difference between a risk and an investment.
Where the risks arise
Almost never from the platform. Almost always from the choices made upstream:
The wrong plan. Personal plans aren’t suited to business use. Only enterprise plans provide the contractual guarantees on data processing, exclusion from model training, and advanced controls.
Data with no defined residency. Keeping data processing in Europe requires a setup designed for it from the start.
Access out of control. Without centralized access and activity logs, there’s no traceability. And without traceability, there’s no compliance.
No shared rules across the team. An employee pastes sensitive data into a prompt, simply because no one ever defined what’s allowed and what isn’t.
None of these is solved by a certification. And none is solved by a do-it-yourself approach: it takes a properly designed integration.
Our role
At 7networks, we’ve been using Claude for some time now, rigorously integrated into our own processes.
We put that experience at our clients’ disposal:
Together we choose the right configuration; we secure access and data — provider contracts, data residency in Europe, centralized access, activity logs; we define clear usage rules and update the documentation required by the Federal Act on Data Protection.
Ten years of experience in infrastructure, security, and cloud — now extended to artificial intelligence as well.
We apply that same rigor to ourselves: we’re completing the international information-security certification process, in line with Swiss and European regulatory requirements.
AI in business isn’t a question of technology. It’s a question of governance. The right tool, poorly configured, remains a liability; well integrated, it becomes a defensible competitive advantage.
Planning to bring Claude into your organization, or looking to secure an adoption already underway?
It starts with understanding your environment. Let’s talk.