Choosing between open and proprietary AI is not a choice between freedom and quality. Some models ship with available weights but restrictive licences, some proprietary services can be deployed in controlled regions, and some open systems require costly operations to run. The decision should rest on the actual task, the licence, the data involved, security, quality, total cost, operational capacity and the exit plan.
Defining the terms
The Open Source Initiative defines open AI by the freedoms to use, study, modify and share it, together with access to the preferred form for modifying the system. "Open weights" only means the weights are available; it does not guarantee the data, the code, the licence or enough freedom to call it open in the strict sense.
Proprietary can mean a closed API, a commercially licensed model or a managed platform. Each case requires reviewing the exact contract.
Comparison
| Criterion | Open/self-hosted | Proprietary/API |
|---|---|---|
| Control | High if operated well | Depends on the provider |
| Initial time | Longer | Shorter |
| Operations | Client's responsibility | Managed |
| Quality | Depends on task and tuning | Can be high, and can shift |
| Transparency | Variable | Generally limited |
| Cost | Hardware and team | Usage and subscription |
| Exit | More technical options | Lock-in risk |
| Security | Own controls, own burden | Provider controls and configuration |
There is no universal winner.
Licensing
Worth checking:
- Commercial use.
- Sector or size restrictions.
- Redistribution.
- Modification.
- Attribution requirements.
- Use of generated outputs.
- Patents.
- Future licence changes.
- Licensing of the data and the code.
A free download does not grant the right to any use.
Quality on real tasks
It should be measured with your own test set covering:
- Accuracy.
- Faithfulness.
- Language and terminology.
- Format.
- Abstention.
- Safety.
- Latency.
- Cost.
Public benchmarks point the way, but they don't replace testing with the company's own documents, customers and tools.
Data and privacy
For a proprietary API, review retention, training use, region, support, sub-processors and transfers. For a self-hosted deployment, control the infrastructure, the logs, the backups, the administrators and deletion.
Self-hosting the model does not remove GDPR obligations. The organisation simply becomes the operator of more components.
Security
Open
- Provenance of the weights.
- Integrity and signing.
- Dependencies.
- Vulnerabilities.
- Inference code.
- Isolation.
- Updates.
Proprietary
- Identity and permissions.
- Regions.
- Silent changes.
- API abuse.
- Availability.
- Vendor chain.
- Export.
Both options require adversarial testing.
Total cost
Open:
- GPU/CPU.
- Power.
- Storage.
- Engineering.
- Availability.
- Monitoring.
- Updates.
- Security.
Proprietary:
- Tokens.
- Calls.
- Storage.
- Connectors.
- Limits.
- Support.
- Data egress.
- Dependency.
Cost should be calculated per valid task, not per token or per GPU.
Performance and scale
A small local model may be enough for classification; an advanced model via API can add value for complex reasoning. A routing architecture can select the model based on the risk and difficulty of each task.
The decision can be hybrid:
- Local for sensitive data.
- API for public content.
- Fallback alternative.
- Common gateway.
- Stable evaluation and format.
Dependency and portability
Lock-in is reduced with:
- Your own interface layer.
- Versioned prompts and tests.
- Separated data.
- Standard formats.
- Alternative providers.
- Periodic substitution tests.
- An exit clause.
Switching models isn't trivial: behaviour and costs vary. Automated evaluation makes it possible to compare alternatives.
Transparency and explainability
Access to the weights doesn't explain an answer. Useful transparency covers the data, the purpose, the evaluation, the limits and the operations. A closed provider can offer solid documentation; an open model can lack it entirely.
What matters is the evidence, not the label.
Operations
Before self-hosting, it's worth confirming:
- 24/7 staffing where needed.
- Patching.
- Capacity.
- Scaling.
- Observability.
- Incident management.
- Recovery.
- Decommissioning.
If the organisation can't maintain it, theoretical control turns into risk.
Decision matrix
| Criterion | Weight | Evidence |
|---|---|---|
| Quality | 25 | Own evaluation |
| Data/control | 20 | Architecture and contract |
| Total cost | 15 | Scenarios |
| Security | 15 | Testing and controls |
| Operations | 10 | SLA and capacity |
| Licence | 10 | Legal review |
| Portability | 5 | Switch test |
Weights should be adapted to each case.
Test plan
- Define test cases and decision gates.
- Select two or three candidates.
- Run the same test set on each.
- Measure quality, cost and latency.
- Review security and licensing.
- Test operations and the exit path.
- Decide and record the conditions.
Common mistakes
- Calling something open source when it's only open weights.
- Choosing based on benchmarks alone.
- Ignoring the licence.
- Comparing per-token cost with hardware cost.
- Assuming local is secure by default.
- Not accounting for operations.
- Depending on an API with no exit plan.
- Fine-tuning a model without a test set.
- Not tracking provider or model changes.
- Choosing a single model for everything.
Checklist
- Definition and licence.
- Real use cases.
- Quality and abstention.
- Data and privacy.
- Security.
- Total cost.
- Operational capacity.
- Portability.
- Alternative provider.
- Versioned decision.
Frequently asked questions
Is open weights the same as open source?
Not necessarily. It must meet the freedoms and availability defined by the Open Source Initiative.
Is open AI always cheaper?
Not always. It can remove API usage costs, but it adds infrastructure and a team of your own.
Is proprietary AI always more secure?
Not by definition. It depends on the controls, the contract, the configuration and the available evidence.
Can open and proprietary AI be combined?
Yes. A hybrid architecture can route each task according to its sensitivity, cost and difficulty.
Summum IA compares open and proprietary models with its own evaluation, total cost and exit architecture before recommending a solution.