Private LLM vs Public LLM: What Australian Organisations Need to Know in 2026
A private LLM runs on your infrastructure and keeps your data within your walls. A public LLM runs on someone else's servers and processes your data externally. For Australian organisations subject to the Privacy Act 1988, APRA prudential standards, or professional confidentiality obligations, this distinction determines whether AI adoption creates a compliance asset or a compliance liability.
Defining the Terms
The terminology around AI models has become muddled by marketing. Before comparing private and public LLMs, let us be precise about what each term means.
What Is a Public LLM?
A public LLM is a large language model operated by a third-party provider and accessed over the internet. You send your data to their servers, their infrastructure processes it, and the response is returned to you.
Examples of public LLMs:
- ChatGPT (OpenAI) — hosted in the United States
- Gemini (Google) — hosted across Google's global data centres
- Microsoft Copilot — hosted on Microsoft Azure (primarily US and EU)
- Claude (Anthropic) — hosted in the United States
- Perplexity AI — hosted in the United States
When you or your staff type a query into any of these services, the text of that query — and any documents uploaded alongside it — leaves your environment and travels to servers operated by a US-headquartered company.
What Is a Private LLM?
A private LLM is a large language model that runs entirely on infrastructure you control. Your data never leaves your premises. No third party processes your queries. No external server stores your documents.
A private LLM typically uses open-source models such as:
- Llama 3 (Meta) — high-performance general-purpose model
- Gemma 4 (Google) — efficient model optimised for enterprise tasks
- Mistral (Mistral AI) — strong reasoning and instruction-following
- Hermes Agent — fine-tuned for agentic workflows and document tasks
These models are deployed using tools like Ollama (for model management) and ChromaDB or similar vector databases (for document retrieval), running on hardware in your office, server room, or private data centre.
The Key Distinction
| Public LLM | Private LLM | |
|---|---|---|
| Where data is processed | Provider's cloud servers (overseas) | Your own infrastructure (on-premises) |
| Who has access | Provider's employees, systems, and subprocessors | Only your authorised staff |
| Who controls retention | Provider (per their terms of service) | You (per your own policies) |
| Internet required | Yes, always | No — runs fully offline |
| Model updates | Provider decides when and how | You decide if and when to update |
The Complete Comparison
Data Handling and Privacy
| Factor | Public LLM | Private LLM |
|---|---|---|
| Data leaves your premises | Yes | No |
| Third party processes your data | Yes | No |
| Data potentially used for model training | Depends on tier and provider | Never |
| Cross-border data transfer | Almost always (to US/EU) | Never |
| Data retention controlled by you | No | Yes |
| Full audit trail available | Limited | Complete |
| You can verify deletion | No | Yes |
| Compliant with APP 8 by default | No (requires assessment) | Yes (no disclosure occurs) |
| Compliant with APP 11 by default | Requires provider assessment | Under your direct control |
For organisations handling client-privileged information, patient health records, or regulated financial data, the data handling differences are not academic. They determine whether you can demonstrate compliance to a regulator, respond to a client query about data handling, or survive a privacy audit without qualification.
Performance and Capability
| Capability | Public LLM | Private LLM |
|---|---|---|
| General knowledge and reasoning | Excellent | Very good (model-dependent) |
| Creative writing and brainstorming | Excellent | Good |
| Enterprise document search (RAG) | Limited (doesn't know your docs) | Excellent (trained on your corpus) |
| Contract and document review | Generic (no firm-specific context) | Specific (knows your precedents) |
| Accuracy on your internal policies | Poor (hallucinates confidently) | High (retrieves from your actual documents) |
| Response latency | Variable (depends on server load) | Consistent (dedicated hardware) |
| Availability | Depends on internet and provider uptime | 100% uptime under your control |
| Customisation for your industry | None (same model for everyone) | Full (configured for your terminology and documents) |
A common misconception is that private LLMs are significantly less capable than public ones. In 2024, this was partially true. In 2026, open-source models have closed the gap substantially for enterprise use cases. For the document-centric tasks that matter most to professional services firms — summarisation, search, analysis, and drafting — a well-configured private LLM with retrieval augmented generation (RAG) outperforms a public LLM that has no access to your documents.
The public LLM knows everything about the world but nothing about your firm. The private LLM knows everything about your firm and enough about the world to be useful.
Cost Comparison
| Cost Element | Public LLM (ChatGPT Enterprise) | Private LLM (AIRGAP LLM) |
|---|---|---|
| Per-user licence | AUD $45-$90/user/month | $0 |
| 10 users, 12 months | $5,400 - $10,800/year | $0 licence cost |
| 30 users, 12 months | $16,200 - $32,400/year | $0 licence cost |
| 100 users, 12 months | $54,000 - $108,000/year | $0 licence cost |
| Hardware (one-time) | $0 (cloud-hosted) | $2,000 - $25,000 |
| Deployment services (one-time) | $0 (self-service) | $10,000 - $50,000 |
| Monthly support | Included in licence | $1,500 - $3,000/month |
| Cost in Year 1 (30 users) | $16,200 - $32,400 | $28,000 - $71,000 |
| Cost in Year 2 (30 users) | $16,200 - $32,400 (again) | $18,000 - $36,000 (support only) |
| Cost in Year 3 (30 users) | $16,200 - $32,400 (again) | $18,000 - $36,000 (support only) |
| 3-year total (30 users) | $48,600 - $97,200 | $64,000 - $143,000 (conservative) |
| Cost per additional user | $45-$90/month (every user, forever) | $0 (no marginal cost) |
The cost crossover depends on team size and usage intensity. For organisations with 30+ users, the private LLM becomes cheaper within 18-24 months. For organisations with 100+ users, the private deployment is dramatically cheaper from year 2 onward because there are no per-seat fees.
More importantly: the cost comparison ignores the value of what you avoid. A data breach involving privileged client information or patient records carries costs — regulatory penalties up to AUD $50 million under the Privacy Act, professional indemnity claims, reputational damage, and client attrition — that dwarf the difference in deployment costs.
Compliance and Regulatory Alignment
| Regulation | Public LLM Impact | Private LLM Impact |
|---|---|---|
| Privacy Act 1988 (APP 8) | Cross-border disclosure to US/EU servers. You bear accountability for the overseas recipient's conduct. | No cross-border disclosure. APP 8 does not apply. |
| Privacy Act 1988 (APP 11) | Security depends on provider. Limited visibility into their controls, access, and subprocessors. | Security under your direct control. Full visibility. Auditable. |
| Privacy Act 1988 (APP 6) | Sending data to a third-party AI may constitute a use or disclosure beyond the original collection purpose. | Data used within your organisation for the purpose it was collected. No third-party disclosure. |
| APRA CPS 234 | Cloud AI expands your information security threat surface. Requires assessment of provider's security posture. | Reduced threat surface. No external data transmission. Security controls are yours. |
| APRA CPS 230 | Using cloud AI operationally may trigger material service provider obligations and third-party risk management requirements. | No third-party dependency. No CPS 230 trigger. |
| My Health Records Act 2012 | Section 77 penalties for unauthorised disclosure. Sending health data to external AI creates disclosure risk. | Data remains within your controlled environment. No disclosure occurs. |
| Legal Profession Uniform Law | Client privilege may be waived if information is disclosed to a third-party AI service. This risk cannot be mitigated by contract alone. | Privilege maintained. No third-party disclosure. Same confidentiality boundaries as your existing document handling. |
| Evidence Act 1995 | Privileged communications lose protection upon disclosure to third parties. AI query logs on external servers create discoverable records outside your control. | All processing internal. No records on external systems. Privilege preserved. |
For regulated Australian organisations, private LLM deployment does not merely reduce compliance risk — it eliminates entire categories of regulatory concern that public LLM usage creates.
What Public LLM Providers Say About Privacy (And What They Don't Say)
Public LLM providers are aware of privacy concerns and have responded with enterprise tiers, data processing agreements, and opt-out mechanisms. It is worth examining what these actually provide.
"We don't train on your data" (Enterprise tiers)
Most providers now offer enterprise plans that exclude your data from model training. This addresses one concern but not the fundamental issue: your data still travels to and is processed on their servers. The data is still subject to:
- Their employee access controls (which you cannot verify)
- Their subprocessors (which may change without notice)
- Their legal jurisdiction (US law, including potential government access under CLOUD Act or FISA)
- Their security posture (which you must take on faith)
Not training on your data is necessary but not sufficient for organisations with genuine confidentiality obligations.
"Your data stays in Australia" (Regional hosting)
Some providers offer Australian-region hosting. This helps with APP 8 (cross-border disclosure) but does not address:
- Third-party processing (a US company still processes your data, even if the server is in Sydney)
- The provider's employee access (staff in any country may access data for support or monitoring)
- Vendor lock-in (the provider can change regions, terms, or pricing at will)
- Auditability (you still cannot inspect exactly what happens to your data)
Regional hosting is better than overseas hosting, but it is not equivalent to on-premises control.
"We have SOC 2 and ISO 27001"
Certifications demonstrate that the provider has security processes. They do not:
- Give you visibility into specific handling of your data
- Prevent authorised employees from accessing your information
- Override the legal jurisdiction in which the provider operates
- Protect you if the provider experiences a breach
Certifications are about the provider's general posture, not about your specific data.
The Models Behind Private LLMs in 2026
A common concern is that private LLMs use "lesser" models compared to the cutting-edge public offerings. This deserves a factual response.
The Current Landscape of Open-Source Models
| Model | Parameters | Strength | VRAM Required | Suitable For |
|---|---|---|---|---|
| Llama 3 (70B) | 70 billion | Strong general reasoning, instruction following | 48GB | Large enterprise deployments |
| Llama 3 (8B) | 8 billion | Fast, efficient, good for most tasks | 8GB | Small-medium teams |
| Gemma 4 | Various | Efficient, strong at structured tasks | 8-24GB | Document analysis, summarisation |
| Mistral Large | 123 billion | Excellent reasoning and multilingual | 80GB+ | Complex analysis, multi-language |
| Mistral (7B) | 7 billion | Fast, capable, low resource requirement | 8GB | Quick queries, high-volume use |
| Hermes Agent | Various | Agentic tasks, tool use, document workflows | 8-48GB | Automated document processing |
These models are free to download, free to run, and free to deploy commercially. There are no licence fees, no per-query costs, and no terms of service restricting how you use them with your own data.
How RAG Bridges the Knowledge Gap
Public LLMs have vast general knowledge but know nothing about your documents. Private LLMs know less about the world but, when combined with Retrieval Augmented Generation (RAG), know everything about your documents.
RAG works by:
- Indexing your internal documents into a vector database (such as ChromaDB)
- When a user asks a question, finding the most relevant document passages
- Feeding those passages to the LLM as context
- Generating a response grounded in your actual documents, with citations
The result: a private LLM with RAG gives answers sourced from your contracts, policies, precedents, and records — with references to the specific documents. A public LLM gives general answers based on its training data, which may be outdated, incorrect, or irrelevant to your specific context.
For a law firm reviewing contracts, a healthcare provider searching clinical guidelines, or a financial services firm checking compliance policies, the RAG-powered private LLM is more useful than a public LLM precisely because it knows your documents.
Who Should Choose Private LLM
Private LLM deployment is the right choice for organisations that meet any of the following criteria:
-
You handle legally privileged information. Law firms, barristers, in-house legal teams. Privilege may be waived upon disclosure to a third party. Private deployment preserves privilege absolutely.
-
You process patient health data. Hospitals, clinics, allied health providers, aged care. The My Health Records Act 2012 imposes criminal penalties for unauthorised disclosure. Private deployment eliminates third-party disclosure.
-
You are APRA-regulated. Banks, insurers, superannuation funds, wealth managers. CPS 234 requires you to manage information security risk, and CPS 230 requires you to manage third-party operational risk. Private deployment reduces both.
-
You serve government clients. Defence industry, contractors, consultancies with government engagements. Sovereign data requirements may prohibit external AI processing. Private deployment keeps data within Australian-controlled infrastructure.
-
You have 20+ staff who would benefit from AI. At this scale, private deployment is cost-competitive with public LLM subscriptions within 18-24 months while providing superior privacy, compliance, and customisation.
-
Your staff are already using AI informally. If people are pasting sensitive data into ChatGPT without approval, you have an immediate governance problem. Private deployment gives them a sanctioned alternative that is more useful (because it knows your documents) and safer (because data stays internal).
Who Should Choose Public LLM
Public LLM services remain the better choice in some scenarios:
- Your organisation does not handle sensitive or regulated data
- You need AI primarily for marketing content, social media, or public-facing communications
- You have fewer than 10 users and no internal document corpus
- Speed of deployment is the overriding priority (public LLMs are available immediately)
- Your use cases are general-purpose rather than document-specific
There is no shame in choosing a public LLM when your risk profile supports it. The issue arises when organisations with genuine compliance obligations default to public LLMs because they seem easier, without assessing the regulatory implications.
The Hybrid Approach
Some organisations adopt a hybrid strategy: public LLM for non-sensitive tasks, private LLM for anything involving regulated or privileged data.
This can work, but it requires:
- Clear policies defining what constitutes "sensitive" data
- Staff training on which tool to use for which task
- Technical controls preventing sensitive data from reaching the public LLM
- Regular auditing to verify compliance with the boundary
In practice, AIRGAP LLM finds that most regulated organisations are better served by deploying private AI for all internal tasks. The cost difference is negligible once you have the infrastructure, and the governance overhead of maintaining a split approach often exceeds the value.
Making the Decision
If your organisation handles sensitive data in a regulated industry, the comparison between private and public LLMs is not primarily about capability or cost. It is about control.
A public LLM offers convenience in exchange for surrendering control over where your data goes, who processes it, and what happens to it afterwards.
A private LLM requires more upfront investment in exchange for retaining complete custody of your data, full compliance demonstrability, and a system configured specifically for your documents and workflows.
For Melbourne-based organisations evaluating this decision, AIRGAP LLM offers a confidential initial consultation to assess your specific situation — your data sensitivity profile, compliance obligations, team size, and use cases. No obligation, no sales pressure, just a clear-eyed assessment of which approach suits your organisation.
Book a consultation or call us to discuss your requirements.
Frequently Asked Questions
What is the difference between a private LLM and a public LLM?
A private LLM runs on infrastructure you control — your own server, on your premises, with no external data transmission. A public LLM (such as ChatGPT, Gemini, or Copilot) runs on the provider's cloud servers, meaning your data leaves your environment and is processed by a third party. The core difference is data custody: private means you retain full control, public means you delegate control to the provider.
Is a private LLM as capable as ChatGPT or GPT-4?
For enterprise document tasks — summarisation, search, drafting, contract review, and Q&A against internal knowledge — modern open-source models like Llama 3, Gemma 4, and Mistral perform comparably to public LLMs. Public LLMs have broader general knowledge and stronger creative writing, but for business workflows involving your own documents, private models deliver equivalent or superior results because they are configured specifically for your data.
Do Australian privacy laws require private LLM deployment?
The Privacy Act 1988 does not explicitly mandate private deployment. However, APP 8 (cross-border disclosure) and APP 11 (security of personal information) create significant compliance obligations when sending sensitive data to overseas cloud AI providers. For organisations handling privileged, health, or financial data, private deployment is often the most practical path to compliance — not because the law demands it specifically, but because it eliminates the hardest compliance challenges.
Can I run a private LLM without a dedicated IT team?
Yes. A deployment partner like AIRGAP LLM handles the initial setup, configuration, and ongoing maintenance. Your organisation needs no AI expertise or dedicated infrastructure team. The system runs on a single server (or a Mac Mini for smaller teams) and requires minimal day-to-day management once deployed.
How much does a private LLM cost compared to ChatGPT Enterprise?
ChatGPT Enterprise costs AUD $45-$90 per user per month — for 30 users, that is $16,200-$32,400 per year in perpetuity. A private LLM deployment costs $15,000-$35,000 upfront (hardware plus setup) and $1,500-$2,500 per month in support, with zero per-user fees. By month 18-24, the private deployment is cheaper, and the cost advantage grows with every additional user.