AI subscriptions and hidden costs
AI solutions are multiplying for lawyers, accountants and physicians. Their publishers promise time savings, GDPR compliance and transparent pricing. But between the price displayed on the website and what you actually pay at the end of the month, there can be a considerable — and barely verifiable — gap.
This is not necessarily a question of bad faith. It is above all a question of pricing structure. Most of these services charge on a consumption basis: per token, per query, per document processed. And this consumption, you have no independent means of verifying.
1. The token: a unit of measurement you never see
In the world of AI, a token corresponds roughly to three or four characters of text. It is the basic unit that large language models use to process information — and often, to charge for their use.
The problem? A legal or medical document of a few pages can consume tens of thousands of tokens in reading alone. The generated response adds more. If you ask a complex question requiring several back-and-forth exchanges to refine the analysis, you multiply the tokens — and therefore the costs.
Independent analyses carried out by French practitioners show that a complete legal file, requiring several exchanges to refine a contractual analysis, can represent the equivalent of 10 to 20 standard messages. In this case, a subscription offering 200 to 300 monthly queries — as proposed by certain entry-level plans — can be exhausted within a few days of real professional use.
| A 100-page contract analysed by a legal-type AI can consume tens of thousands of tokens in the reading phase alone — before a single word of the response has been generated. |
Yet on your invoice, you don’t see tokens. You see one line: ‘monthly subscription’. Any overages appear on a separate line, often labelled ‘additional usage’ or ‘supplementary processing fees’. You have no independent tool to verify whether the count is accurate.
2. What published prices don’t show: the French legal market
The French legal AI market has become considerably more structured in 2024–2025. The Conseil National des Barreaux (CNB) evaluated around twelve solutions in March 2025 according to criteria of security, data sovereignty and reliability. Base prices now range from €45 to over €250 per user per month depending on the publisher.
But these figures only tell part of the story.
Direct hidden costs
Several categories of fees systematically escape pricing comparisons:
- Initial installation and configuration fees, which can amount to several hundred euros per firm depending on the solution chosen.
- Training fees, generally billed separately, estimated at 5 to 10 hours of onboarding for correct professional use.
- Quota overages: when a plan includes a limited number of monthly queries, each additional query is billed individually — at a rate rarely highlighted at the time of subscription.
- Mandatory complementary subscriptions: certain high-end solutions presuppose access to third-party document databases (case law, editorial databases), which require a separate subscription — sometimes from the same publisher, sometimes from a partner.
Estimated real annual costs — law firm in France (3 users)
| Cost item | Annual estimate |
| Subscriptions (base plan, 3 users) | €1,800 – €9,000 |
| Installation and configuration | €300 – €1,000 |
| Initial training | €300 – €800 |
| Quota overages (conservative estimate) | €200 – €1,500 |
| Complementary document subscriptions | €0 – €3,000 |
| Estimated real total | €2,600 – €15,300 |
Sources: comparisons published by French bar associations and professional bodies, 2025.
The structural problem: you cannot verify
Beyond the amounts, the question of verifiability is central. When an online service tells you that you have consumed 347 queries this month and charges you an overage accordingly, how can you check? You have no independent counter. You have no access to processing logs. From a consumer law perspective, you are in a position of obligatory trust.
This information asymmetry is particularly concerning for professions subject to strict ethical obligations regarding financial management — such as lawyers or accountants.
3. The specific case of medical practices: the HDS constraint
For healthcare professionals, the issue goes even further. In France, any digital solution that processes or stores personal health data must be hosted by a provider holding the HDS certification (Hébergeur de Données de Santé — Health Data Host), issued by the Agence du Numérique en Santé (ANS). This is a legal obligation, not an option.
What many physicians are unaware of: the CNIL clarified in 2021 that hosting health data with companies governed by US law — even those holding HDS certification — is not considered adequate under the GDPR. The reason: the American Cloud Act allows US authorities to access data stored by these companies, regardless of the physical hosting location.
In practice, this means that certain solutions marketed to French healthcare professionals — including under the label ‘GDPR compliant’ — may expose their users to real legal risk if they rely on American infrastructure.
| A physician who stores patient data with a non-HDS-compliant provider takes on personal legal liability — regardless of the certifications displayed by the AI solution publisher. |
On top of this legal risk, there are specific costs frequently omitted from commercial proposals:
- The additional cost of HDS-certified hosting compared to standard cloud hosting can represent a significant surcharge on the base price.
- The obligation to conclude a Data Processing Agreement (DPA) with each provider involved — including the AI solution publisher — is a GDPR legal requirement that few publishers mention proactively.
- In the event of an audit or incident, it is the practitioner — not the publisher — who bears primary responsibility before the authorities.
4. An alternative: fixed cost, your data stays with you
Faced with this opacity, a radically different approach is possible: one where artificial intelligence runs entirely on your own hardware, with no connection to any external service.
In this model, there are no tokens, no quotas, no overages. You know exactly what you pay — because your invoice has only one line: a fixed monthly fee. You transmit no confidential data to a third party. Your documents remain on your premises.
For a law firm, this means that professional confidentiality is preserved structurally, not simply through the contractual promise of a provider. For a physician, it eliminates any question relating to HDS compliance or the Cloud Act: the data never leaves the practice.
Comparison of pricing models
| Criterion | Cloud / SaaS solutions | Local AI (on-premise) |
| Pricing | Variable / consumption-based | Fixed monthly fee |
| Costs verifiable? | No — unilateral | Yes — predictable |
| Data transmitted to a third party | Yes | No |
| Cloud Act risk (USA) | Possible depending on publisher | None |
| HDS compliance (healthcare) | To be verified per provider | Structural (local data) |
| Professional privilege (lawyers) | Depends on contract | Structural |
| Quota overages | Frequent | None |
5. A legitimate objection — and its answer
One might object that experienced professionals already use online tools in a measured way: generic tasks — drafting a letter template, structuring an argument, rephrasing a paragraph — are delegated to online assistants, while sensitive data remains in-house. This approach is entirely valid, and we ourselves recommend it as a first step.
But it does not resolve the underlying problem — it merely relocates it. For a professional consumes the greatest number of tokens — and therefore generates the highest variable costs — precisely when submitting a complete file for analysis: an 80-page contract, a litigation file, a medical history. That is where quotas run out, where overages appear, and where the most sensitive data is transmitted to an external server. Measured use of online tools reduces exposure — it does not eliminate it.
A professional user reports: working with several AI models from the same publisher, he never reached the quota limit with the standard model — regardless of the complexity of his questions. However, when asking the latest top-tier model to generate a roughly twenty-page dossier from source files previously loaded into context, the response could not be completed: his quota was exhausted — not by the response itself, but by the volume of tokens required to load the preliminary documents. The work stopped halfway, with no reimbursement of the tokens already consumed.
The two approaches are therefore not competing: they are complementary. Online tools remain relevant for generic, non-confidential tasks. A local solution takes over where real added value — and real risk — begins.
To go further
Before committing to an AI subscription, here are the questions to ask systematically of any provider:
- What is the exact price per token or per query in the event of exceeding the included quota?
- Is your data hosted in France by an HDS-certified provider (for healthcare professions)?
- Is the provider subject to the American Cloud Act, directly or through its subcontractors?
- Do you have access to an independent, consultable and verifiable consumption log?
- What are the installation, training and early termination fees?
| An AI that runs on your own hardware, on your own premises, raises none of these questions — because it has access to nothing beyond what you entrust to it, at a cost you know in advance. |
