The Illusion of a Single Provider
When users query a virtual assistant on their phone or computer, they generally expect a direct, bilateral relationship with the device manufacturer. Yet, behind the scenes, artificial intelligence reveals a much more fragmented reality. Recent revelations published by the specialized media outlet The Information indicate that Apple is reportedly relying on competitor models, notably Google's Gemini, as well as Nvidia's infrastructure, to design and train future versions of Siri.
This complex technological alliance highlights a growing phenomenon: the invisible outsourcing of queries and AI model training. For the general public, as well as for businesses and public institutions, this raises a fundamental question: Who are we actually trusting with our data when we submit a query to a smart assistant?
The Artificial Intelligence Outsourcing Chain
To understand the risks associated with this opacity, we need to break down how a modern assistant works. Unlike early generations of assistants based on rigid rules, today's tools leverage agentic AI. This concept refers to systems capable of not only answering a question, but also executing complex tasks by planning actions and calling upon various background services.
When a query is made, it first undergoes vectorization (generating a mathematical fingerprint called an embedding) to capture its semantic meaning. The assistant must then decide which large language model (LLM) is best suited to respond. In a closed, proprietary model, this decision is made inside a black box. Your question could thus be forwarded to a tech subcontractor, transit through foreign servers, or be used to train third-party models, without you having any say in the matter.
This cross-border data transit poses a significant challenge in Quebec, where Law 25 imposes strict requirements on personal information protection. According to Quebec's Commission d'accès à l'information, organizations must conduct a privacy impact assessment before transferring data outside the province. However, how can such an assessment be carried out when a proprietary assistant's processing chain is inherently opaque and constantly changing?
Transparent Orchestration as a Sovereign Shield
Faced with this critical dependency, the Quebec-based platform ProductivIA offers a radically different architecture, built on transparency and the principle of governed no-code. Unlike the phenomenon of vibe coding (which involves generating code on the fly using AI without auditing or structure, a practice deemed risky by the UK's National Cyber Security Centre, or NCSC), ProductivIA relies on a stable and secure application environment running directly in the browser.
At the heart of this ecosystem, the Assistant application is not locked into a single provider. It acts as a transparent orchestrator. Through the assistant_services mechanism, the user or organizational administrator knows exactly how queries are routed. If a task requires querying the company's Base documentaire (using Retrieval-Augmented Generation, or RAG, to anchor responses in real documents), the operation takes place locally within the organization's secure, isolated logical silo.
For model evaluation and comparison, the GoIA application allows users to explicitly submit the same query to different engines. This lets users measure the biases and performance of each model. Most importantly, for public institutions or businesses subject to strict confidentiality obligations, the platform can be configured so that the Assistant communicates exclusively with the sovereign model, Matania. Hosted on Quebec infrastructure, Matania guarantees that no personal information crosses borders or is used to train third-party models without the organization's knowledge.
Toward Shared Infrastructure Responsibility
Digital sovereignty is not limited to the choice of language model; it encompasses the entire technology stack. This is why a coherent approach pairs the browser-based application platform with a native, verifiable operating system. By installing a sovereign distribution like Boreal-OS directly on the hardware, organizations free themselves from the mandatory telemetry of commercial operating systems while extending the useful life of their computers.
The issue of query sovereignty invites us to look past the marketing promises of universal assistants to analyze the reality of their infrastructure. Only a transparent, documented, and configurable architecture allows organizations to leverage artificial intelligence without compromising their independence or regulatory compliance.