Does on-device AI require a Business Associate Agreement with anyone?

No, if the AI model runs entirely on the device and no data is transmitted to a third-party server. A BAA is required when a covered entity shares protected health information with a business associate. If data never leaves the device, there is no data sharing and no BAA requirement. Confirm this with your legal team using the specific feature scope, but the principle holds for standard on-device inference.

What if we want some AI features on-device and some in the cloud?

That is a common architecture called hybrid AI. Sensitive or offline-required features run on-device; features that need larger models or real-time data use cloud APIs. Each cloud-based feature needs its own data flow documentation and sub-processor review. The key is keeping them clearly separated so that on-device features do not inadvertently send data to the cloud in edge cases.

How do we prove to an auditor that data never left the device?

Through a combination of architecture documentation, network traffic logs from testing, and code review. Your engineering team can produce a network trace showing zero outbound requests during AI feature operation. The architecture documentation should trace every data input to its processing location and confirm it never passes through a network boundary. Most compliance teams accept this documentation for on-device features.

Can we use Apple Intelligence or on-device features built into the OS?

Apple Intelligence processes some data on Apple servers, specifically the Private Cloud Compute component. For enterprise use cases where zero data should leave the device, you need a model running locally via Core ML or llama.cpp rather than Apple Intelligence. Check the specific Apple Intelligence documentation for the feature you want - some processing is genuinely on-device, some uses Apple's servers.

How long does CISO sign-off typically take when the data flows are well documented?

With a clear data flow document showing zero third-party transmission, most enterprise CISO reviews take two to four weeks. Without documentation, the same review can take three to six months because the security team has to reverse-engineer the data flows themselves. Front-loading the documentation is the single highest-leverage action for reducing compliance delay.

Does on-device AI remove all compliance requirements?

No. On-device AI removes the data-sharing trigger (no sub-processor, no BAA for health data, no cross-border transfer). But the AI output itself may be regulated. If the app uses AI to support a clinical decision, the output is a medical device function and requires FDA consideration. If it is used in a financial recommendation, it may require disclosure. The data processing location simplifies compliance - it does not eliminate it entirely.

Writing

How to Add AI to an Enterprise Mobile App Without Triggering a Compliance Review: 2026 Playbook

A six-step playbook for CISOs and VPs of Engineering who need to ship AI features without opening a compliance review process that takes months.

Mohammed Ali Chherawalla · CRO, Wednesday Solutions

9 min read·Published Apr 24, 2026·Updated Apr 24, 2026

0xfaster with AI

0xfewer crashes

0xmore work, same cost

4.8on Clutch

Trusted by teams at American Express

In this article

Why AI features stall in compliance
What triggers a review and what does not
The six-step playbook
Step 1: Scope the AI feature
Step 2: Choose on-device or cloud
Step 3: Document data flows before writing code
Step 4: Check what leaves the device
Step 5: Get CISO sign-off pre-build not post-launch
Step 6: Build and document the audit trail
Frequently asked questions

Most enterprise AI initiatives stall not because the technology doesn't work, but because a six-month compliance review starts the moment engineering sends the first API key request to procurement. The review is not bureaucracy for its own sake. It exists because cloud AI vendors are sub-processors, and every sub-processor that handles regulated data needs legal review, a signed agreement, and an updated data processing registry.

On-device AI removes the sub-processor entirely. No data leaves the device. No third-party handles it. No agreement is needed. For a large subset of AI features, this is the fastest path from board mandate to shipped product.

This playbook gives you six steps to follow before writing a line of code. The goal is to arrive at launch with the compliance review already complete, not to skip it.

Key findings

Cloud AI APIs trigger a sub-processor review in most enterprise compliance frameworks. On-device AI does not, because no data is transmitted.

The most common delay is not legal review - it is the absence of a data flow document. Engineering teams that document flows before building cut review time from months to weeks.

CISO sign-off should happen before the first line of AI code is written, not before launch. Post-launch discoveries require rollback and are significantly more expensive to fix.

A hybrid architecture - sensitive features on-device, general features in the cloud - is common and manageable, but each cloud feature needs its own review track.

Why AI features stall in compliance

When your engineering team integrates a cloud AI API, they create a data flow that the compliance team has not seen before. User input travels from the app to a third-party server, gets processed by a model, and a response returns. In that moment, you have created a business relationship with a sub-processor.

Sub-processors require legal review (the vendor's Data Processing Agreement), security review (SOC 2 Type II report, penetration test results), privacy review (updated records of processing activity), and, for healthcare data, a signed Business Associate Agreement.

None of this is optional. All of it takes time. And the review cannot begin until someone produces a clear description of what data the AI API receives, under what conditions, and what it does with it.

On-device AI changes the answer to the first question in every compliance checklist: "Does this feature transmit personal data to a third party?" The answer becomes no. That single change removes most of the review requirements.

What triggers a review and what does not

The table below covers the most common AI implementation decisions and their compliance implications.

Implementation	Sub-processor	BAA (health data)	Data residency concern	Triggers full review
Cloud LLM API (OpenAI, Anthropic, Google)	Yes	Yes if PHI is sent	Yes	Yes
Your own model on your own cloud servers	Self (internal)	Depends on security controls	Depends on server location	Partial
On-device model via Core ML / llama.cpp	No	No	No - data stays on device	No
On-device model with cloud sync for outputs	No for AI	Depends on what is synced	Depends on where synced	Partial
Hybrid: on-device for sensitive, cloud for general	No for sensitive path	No for on-device path	No for on-device path	Only for cloud path

The key insight from the table: on-device AI removes the triggers. A hybrid architecture removes the triggers for the sensitive features while accepting the review burden for the non-sensitive ones.

The six-step playbook

Step 1: Scope the AI feature

Write a one-page feature brief that answers four questions before anything else happens.

What data does the AI receive? Be specific. "User input" is not an answer. "The user's spoken words recorded as audio on-device, processed by a local speech-to-text model, with the resulting text stored in the app's local database" is an answer.

What does the AI produce? A classification, a summary, a transcription, a recommendation. Name it.

Who sees the output? The user only, or does it flow to a backend system, a report, or another team?

What is the highest sensitivity category of data involved? Personal data, health data, financial data, or none of the above.

This brief is the input to every subsequent step. Write it before any technical design work begins.

Step 2: Choose on-device or cloud

Use the data sensitivity question from Step 1 to drive this decision. The framework is simple.

If the data is health data, financial account data, or any data your organization classifies as sensitive or confidential, default to on-device. The compliance savings outweigh the capability cost in almost every case.

If the data is non-sensitive (user preferences, public content, general text with no personal identifiers), cloud AI is a reasonable choice with standard review processes.

If you need capabilities that on-device models cannot match today (complex reasoning, real-time information), design a hybrid architecture where the sensitive inputs stay on-device and only non-sensitive queries go to the cloud.

Document the decision and the reasoning. "We chose on-device because the feature processes health data and on-device processing eliminates the sub-processor requirement" is the kind of statement that makes a compliance review go from four months to four weeks.

Step 3: Document data flows before writing code

A data flow document has four elements.

First, a diagram. Draw every step from data input to data output. Mark clearly where each step happens: on the device, in transit, or on a server.

Second, a data inventory. List every category of data the feature touches and classify it by sensitivity.

Third, a boundary list. Name every system boundary the data crosses. A system boundary is anywhere data moves from one system to another - device to server, app to OS framework, app to another app.

Fourth, a processing description. For each AI processing step, name where it runs, who operates that system, and what controls are in place.

An on-device AI feature with no cloud component has a simple data flow document: data enters the app, stays on the device, gets processed by a local model, and the output stays on the device. One page. The compliance team reviews it in a week.

Want a data flow document template that works for enterprise compliance reviews? A Wednesday engineer can walk you through it.

Get my recommendation →

Step 4: Check what leaves the device

This step catches the mistakes that turn a clean on-device architecture into a compliance problem after launch.

Check analytics. Most apps send crash reports, usage events, and performance metrics to analytics platforms. Confirm that no AI input, output, or intermediate state is included in any analytics event. Add explicit filters to your analytics SDK configuration to exclude AI feature data.

Check logging. Server-side logs often capture request payloads for debugging. If your app sends any logging data to a backend, audit what fields are included and confirm AI feature data is excluded.

Check crash reporting. Crash reporters can capture local app state at the moment of a crash. Audit your crash reporter configuration to confirm it does not capture AI model inputs or outputs.

Check sync. If your app syncs any local data to a server, audit what gets included. Transcriptions, summaries, and AI-generated content should only sync if that was explicitly designed and reviewed.

This audit takes one to two days with a senior engineer. It is worth doing before launch, not after.

Step 5: Get CISO sign-off pre-build not post-launch

The single most common compliance mistake is treating security review as a launch gate. It is not. It is a build gate.

When the feature brief, the architecture decision, and the data flow document are complete, schedule thirty minutes with your CISO or the relevant compliance authority. Present the three documents. Get explicit sign-off on the architecture before any code is written.

This meeting has two benefits. First, it surfaces any concerns before they are expensive to fix. A CISO who objects to the architecture post-launch creates a rollback. A CISO who raises the same concern before a line of code is written creates a design revision that takes days.

Second, it creates a paper trail. "CISO reviewed and approved the architecture on [date]" is a valuable statement for any future audit, regulatory inquiry, or vendor review.

Step 6: Build and document the audit trail

As the feature is built, maintain a running document that links each compliance decision to the code that implements it.

"We exclude AI feature data from analytics. See analytics configuration in [file path], lines [X-Y]."

"The model runs via Core ML. No network request is made during inference. See [file path]."

"Crash reporter is configured to exclude keys prefixed with ai_. See configuration in [file path]."

This document does not need to be long. Two to three pages covering each boundary from the data flow document and pointing to the code that enforces it. When an auditor asks how you ensured no data left the device, this is what you show them.

Case study — Federally regulated fintech exchange

0crashes after the Flutter architecture rebuild

“The app is much better now than when we started. They delivered on time, exceeded expectations, and found issues we didn't even know we had.”

VP Engineering, Fintech exchangeRead the case study →

Why this order matters

Every step in this playbook is reversible except one. Launching a feature that sends regulated data to an unapproved sub-processor requires either removing the feature or completing an emergency compliance review while the feature is live. Both options are painful.

The six steps are ordered so that the irreversible decisions happen last. Scope the feature, choose the architecture, document the flows, audit the boundaries, get sign-off, then build. By the time the first line of AI code is written, every compliance question has an answer on paper.

Wednesday has shipped AI features through enterprise compliance reviews at healthcare companies, fintech platforms, and regulated B2B SaaS products. The playbook above is what actually works.

Wednesday engineers have delivered AI features through HIPAA, SOC 2, and fintech compliance reviews. Book a call to scope your feature.

Book my 30-min call →

4.8 on Clutch

4x faster with AI2x fewer crashes100% money back