arXiv: SharedRequest: Privacy-Preserving Model-Agnostic Inference for Large Language Models

This publication, SharedRequest: Privacy-Preserving Model-Agnostic Inference for Large Language Models, introduces a novel cryptographic protocol designed to allow multiple parties to query a large language model without revealing their individual inputs or the model's outputs to each other or to the model provider. The framework achieves this through secure multi-party computation, enabling inference on sensitive data while maintaining data confidentiality. While not a regulatory mandate, this paper signals a significant technical development that could reshape how organizations approach data protection under frameworks like the EU AI Act and GDPR, particularly for high-risk AI systems that process personal data.

The primary organizations affected are those deploying or using large language models in regulated sectors such as healthcare, finance, legal services, and public administration, where client data privacy is paramount. Cloud service providers offering model inference APIs will also need to evaluate how this technology could reduce their liability for data processing. Compliance teams in these sectors should monitor this technique as a potential technical standard for achieving data minimization and purpose limitation by design, especially for cross-border data transfers.

Compliance teams should immediately assess whether their current model inference pipelines involve sharing raw data with third-party providers. If so, they should begin technical due diligence on privacy-preserving inference protocols like SharedRequest, engaging with legal and IT security to determine if such methods can satisfy Article 25 (Data Protection by Design) requirements. Additionally, teams should update their Data Protection Impact Assessments to consider this technology as a mitigation measure for high-risk AI systems, and prepare to advise product teams on integrating these protocols into future deployments.