innFactory AI Consulting from Rosenheim, Germany advises DACH-region enterprises on GDPR-compliant integration of gpt-oss – OpenAI’s first open-weight models since GPT-2. With CompanyGPT you can operate gpt-oss securely and self-hosted in your own infrastructure.
What is gpt-oss?
On 5 August 2025, OpenAI released gpt-oss-120b and gpt-oss-20b under the Apache 2.0 license – the first open-weight release since GPT-2 in 2019. For DACH enterprises, this is a turning point: for the first time, OpenAI-style models can be operated fully self-hosted, without API dependency.
Model variants
gpt-oss-120b
- 117B total parameters, 5.1B active (Mixture-of-Experts)
- Performance: Matches or exceeds OpenAI o4-mini on coding, reasoning, tool use and mathematics
- Hardware: Runs on a single 80 GB GPU (A100/H100/MI300) thanks to native MXFP4 quantisation
- Recommended for: Enterprise workloads, RAG pipelines, coding agents
gpt-oss-20b
- 21B total parameters, 3.6B active (Mixture-of-Experts)
- Performance: Matches or exceeds OpenAI o3-mini, especially on maths and health topics
- Hardware: ~16 GB of memory – runs on high-end laptops and workstations
- Recommended for: Edge deployment, local developer tools, data-sensitive prototypes
Why gpt-oss for DACH enterprises
GDPR-compliant self-hosting
Apache 2.0 permits commercial use, modification and redistribution without copyleft. This allows gpt-oss models to be operated in your own infrastructure or in EU clouds – without data leaving for OpenAI.
Broad deployment ecosystem
At launch, OpenAI partnered with the following platforms: Azure, AWS, Hugging Face, vLLM, Ollama, llama.cpp, LM Studio, Fireworks, Together AI, Baseten, Databricks, Vercel, Cloudflare, OpenRouter.
Particularly relevant in the EU:
- Azure AI Foundry in West Europe and Germany West Central
- AWS Bedrock Marketplace in Frankfurt
- Cloudflare Workers AI with EU edge routing
Compliance and sovereignty advantages
- Air-gapped deployment possible (government, defence, critical infrastructure)
- Full auditability of model weights
- No API telemetry flowing to OpenAI
gpt-oss vs. proprietary GPT models
| Aspect | gpt-oss | GPT-5.x / Frontier |
|---|---|---|
| Licence | Apache 2.0 | Proprietary |
| Self-hosting | Yes | No |
| Vision input | No | Yes |
| Frontier performance | Close to o3/o4-mini | Higher |
| GDPR risk | Minimal (self-hostable) | Higher (cloud API) |
For GDPR-critical workloads gpt-oss is the natural choice – even though the frontier GPT models remain superior for peak performance in vision and complex reasoning.
Related models
- gpt-oss-safeguard: Dedicated safety variant for content moderation
- OpenAI Privacy Filter: Apache 2.0 PII detection model – ideal as a preprocessing layer in front of gpt-oss
Integration with CompanyGPT
With CompanyGPT gpt-oss can be operated as a GDPR-compliant alternative to GPT-5.x via Azure inside your infrastructure. For hybrid setups we combine gpt-oss (for sensitive workloads) with cloud-hosted GPT models (for peak performance) – with intelligent per-use-case routing.
Our recommendation
gpt-oss-120b is the GDPR-compliant default recommendation in 2026 for enterprises that need OpenAI-class quality without cloud-API dependency. For edge scenarios and developer workflows, gpt-oss-20b is the ideal companion.
We support you with hardware selection, deployment architecture and integration into existing knowledge and ERP systems. Contact us for a no-obligation initial consultation.