AI Glossary
for SMEs.

An AI agent is a program that can read data from your systems, make decisions based on defined instructions and objectives, and execute actions (writing to a CRM, generating a report, sending a notification) without human intervention at each step. Unlike a simple chatbot, an agent has access to external tools and can chain multiple steps to complete a complex task.

RAG is an architecture that separates knowledge from the model. Instead of relying solely on what the model "knows" from training, RAG first searches for relevant information in your documents or databases, then uses that information as context to generate the response. The result: much more accurate responses based on your real information, and verifiable (the model can cite the source). It's the technology that allows an AI agent to answer questions about your contracts, procedures, or business data without "hallucinating" information.

The Model Context Protocol is a standardized communication protocol (launched by Anthropic in 2024) that allows language models (LLMs) to connect directly to external tools such as ERPs, CRMs, databases, or APIs, without writing custom integration code for each case. MCP defines how the model "asks" systems and how they "respond", with built-in authentication, auditing, and permission control. It is model-agnostic: it works with Claude, GPT-4, and any LLM that implements it.

A private AI portal is an exclusive instance of an AI agents platform that operates on the client's infrastructure (or a dedicated contracted server), so data never mixes with other users' or leaves the controlled environment. It's the alternative to using public AI tools like ChatGPT, where data is sent to third-party servers. In the context of GDPR, a private portal is the recommended solution for companies handling sensitive data about clients, employees, or internal processes.

Data architecture is the set of decisions about how an organization's data is stored, organized, related, and governed. For AI agents to work correctly, they need clean, structured data with clear meaning. Without solid data architecture, agents work on fragmented, outdated, or contradictory information, producing incorrect or unreliable responses. A data architecture for AI includes: source integration (ERP, CRM, Drive), cleaning and normalization, definition of a business glossary, and access permission configuration.

GDPR (EU Regulation 2016/679) is the European personal data protection standard. For companies using AI, the most relevant articles are: Art. 28 (requiring a Data Processing Agreement with any provider accessing personal data), Art. 20 (right to data portability), and the principles of minimization and purpose limitation. In practice, using ChatGPT or public AI tools with customer data without adequate GDPR guarantees can result in fines of up to 4% of annual global turnover.

Regulation (EU) 2024/1689, known as the EU AI Act, establishes obligations for AI system providers and users based on their risk level. For professional use in SMEs (limited to high risk), the main obligations are: AI activity records (Art. 12), transparency to end users (Art. 13), mandatory human oversight in critical decisions (Art. 14), and robustness and cybersecurity (Art. 15). Penalties for non-compliance can reach €35 million or 7% of global turnover. Full application for most systems is August 2026.

A Large Language Model is an artificial intelligence system trained on enormous amounts of text to understand and generate natural language. The most well-known LLMs are GPT-4 (OpenAI), Claude (Anthropic), and Gemini (Google). On their own, LLMs have limitations for enterprise use: they don't know your internal data, they can "hallucinate" information, and they can't execute actions in your systems. That's why in enterprise environments they're combined with techniques like RAG (to give them access to your information) and MCP (to connect them to your tools).