Hugging Face's logo

sallani
/
PrivaMesh

Token Classification
Transformers
GGUF
French
English
mistral
privacy
anonymization
pii
legal
compliance
gdpr
rgpd
ner
on-premise
sovereign-ai
slm
privamesh
imatrix
conversational
Model card Files
xet
 Community
PrivaMesh / README.md
sallani's picture
sallani
Update README.md
3e85a3e verified
preview code
|
raw
history blame contribute delete
29.4 kB
---
language:
 - fr
 - en
license: apache-2.0
library_name: transformers
tags:
 - privacy
 - anonymization
 - pii
 - legal
 - compliance
 - gdpr
 - rgpd
 - ner
 - token-classification
 - on-premise
 - sovereign-ai
 - slm
 - privamesh
pipeline_tag: token-classification
base_model: mistralai/Mistral-Small-3.1
model_type: token-classification
datasets:
 - sallani/privamesh-legal-synthetic
metrics:
 - f1
 - precision
 - recall
---
# PrivaMesh Legal — Semantic PII Anonymization for Legal & Compliance Documents
<p align="center">
 <a href="https://huggingface.co/sallani/PrivaMesh"><img src="https://img.shields.io/badge/🤗%20HuggingFace-sallani%2FPrivaMesh-FFD21E?style=flat-square" alt="HuggingFace"/></a>
 <img src="https://img.shields.io/badge/License-Apache%202.0-4B73C4?style=flat-square&logo=opensourceinitiative&logoColor=white" alt="License"/>
 <img src="https://img.shields.io/badge/Base%20Model-Mistral--Small--3.1-FF6B35?style=flat-square&logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNCAyNCI+PHBhdGggZmlsbD0id2hpdGUiIGQ9Ik0xMiAyQzYuNDggMiAyIDYuNDggMiAxMnM0LjQ4IDEwIDEwIDEwIDEwLTQuNDggMTAtMTBTMTcuNTIgMiAxMiAyeiIvPjwvc3ZnPg==&logoColor=white" alt="Mistral"/>
 <img src="https://img.shields.io/badge/🇫🇷%20Sovereign%20AI-France-1A3A6B?style=flat-square" alt="Sovereign France"/>
</p>
<p align="center">
 <img src="https://img.shields.io/badge/French--first-Native%20FR%20%7C%20EN-7C3AED?style=flat-square" alt="French-first"/>
 <img src="https://img.shields.io/badge/RGPD%20%7C%20DORA%20%7C%20NIS2-Compliant-16A34A?style=flat-square" alt="RGPD"/>
 <img src="https://img.shields.io/badge/Deploy-On--Premise%20%7C%20Sovereign-DC2626?style=flat-square" alt="Deployment"/>
 <img src="https://img.shields.io/badge/Domain-Legal%20%7C%20Compliance-EA580C?style=flat-square" alt="Domain"/>
 <img src="https://img.shields.io/badge/Framework-PrivaMesh-6D28D9?style=flat-square" alt="PrivaMesh"/>
</p>
<p align="center">
 <img src="https://img.shields.io/badge/F1%20Score-97.3%25-7F77DD?style=flat-square" alt="F1"/>
 <img src="https://img.shields.io/badge/BERTScore-94.1%25-1D9E75?style=flat-square" alt="BERTScore"/>
 <img src="https://img.shields.io/badge/PII%20Categories-24-D85A30?style=flat-square" alt="Categories"/>
 <img src="https://img.shields.io/badge/Context-32k%20tokens-378ADD?style=flat-square" alt="Context"/>
 <img src="https://img.shields.io/badge/License-Apache%202.0-059669?style=flat-square" alt="Apache"/>
</p>
---
<h3 align="center">The first sovereign, French-native SLM framework for semantic PII anonymization</h3>
<p align="center">
<b>PrivaMesh Legal</b> is the first model of the <b>PrivaMesh framework</b><br/>
a collaborative multi-SLM architecture for semantic data anonymization<br/>
in sovereign, on-premise agentic AI pipelines.
</p>
<p align="center">
Unlike classical PII masking tools that destroy semantic context,<br/>
PrivaMesh Legal <b>preserves the legal meaning</b> of documents<br/>
while removing all personally identifiable, confidential, and regulated information —<br/>
making legal and compliance documents safely usable by downstream LLMs and agentic systems.
</p>
<p align="center">
 <b>🇫🇷 Built on Mistral &nbsp;·&nbsp; Apache 2.0 &nbsp;·&nbsp; 100% On-Premise &nbsp;·&nbsp; Zero data exfiltration</b>
</p>
---
## Table of Contents
- [Overview](#overview)
- [Key Differentiators vs. Existing Approaches](#key-differentiators-vs-existing-approaches)
- [The PrivaMesh Framework](#the-privamesh-framework)
- [Supported Privacy Categories](#supported-privacy-categories)
- [Quick Start](#quick-start)
- [Advanced Usage](#advanced-usage)
- [Model Architecture](#model-architecture)
- [Training Details](#training-details)
- [Evaluation & Benchmarks](#evaluation--benchmarks)
- [Deployment](#deployment)
- [Regulatory Coverage](#regulatory-coverage)
- [Limitations & Risks](#limitations--risks)
- [Citation](#citation)
- [License](#license)
---
## Overview
**PrivaMesh Legal** is a fine-tuned Small Language Model (SLM) specialized in semantic PII detection and anonymization for legal, compliance, and regulatory documents in French and English.
It is designed for:
- **Law firms** processing contracts, briefs, and pleadings
- **Compliance teams** handling GDPR/RGPD, DORA, NIS2, ISO 27001 documentation
- **Banks and financial institutions** managing regulatory submissions
- **Healthcare organizations** processing medico-legal files
- **Public administrations** handling sensitive administrative records
- **MSSPs** automating compliance audits at scale
### What makes PrivaMesh Legal different
Classical PII tools (regex, NER, classical transformers) detect and mask tokens. They answer: *"Is this token a person's name?"*
PrivaMesh Legal answers a richer question: ***"What is the legal role of this entity in this document, and how do I replace it with a semantically coherent anonymized placeholder that preserves the document's legal structure and reasoning?"***
```
Input:
"Le contrat conclu entre Maître Jean Dupont, avocat au barreau de Paris
(SIRET 123 456 789 00012), et la société Nexum SAS (RCS Paris B 987 654 321),
représentée par M. Pierre Martin en qualité de Directeur Général,
prévoit une indemnité de rupture de 150 000 EUR conformément à l'article L.1237-19 du Code du travail."
PrivaMesh Legal output:
"Le contrat conclu entre [AVOCAT_1], avocat au barreau de [BARREAU_1]
(SIRET [SIRET_1]), et la société [SOCIETE_1] (RCS [VILLE_1] B [RCS_1]),
représentée par [DIRIGEANT_1] en qualité de [FONCTION_1],
prévoit une indemnité de rupture de [MONTANT_1] conformément à l'article L.1237-19 du Code du travail."
Semantic preservation: ✅ Legal structure intact
PII removed: ✅ All identifiers anonymized
Legal reasoning preserved: ✅ Article reference kept
```
---
## Key Differentiators vs. Existing Approaches
| Feature | Regex / Rules | Classical NER | openai/privacy-filter | **PrivaMesh Legal** |
|---|:---:|:---:|:---:|:---:|
| PII detection | ✅ Basic | ✅ Good | ✅ Good | ✅ **Excellent** |
| Semantic preservation | ❌ | ❌ | ⚠️ Partial | ✅ **Full** |
| Legal entity typing | ❌ | ⚠️ Generic | ❌ | ✅ **Role-aware** |
| French legal domain | ❌ | ⚠️ Limited | ⚠️ EN-primary | ✅ **Native FR+EN** |
| Contextual replacement | ❌ | ❌ | ❌ | ✅ **Coherent placeholders** |
| On-premise deployment | ✅ | ✅ | ✅ | ✅ **Sovereign** |
| Agentic pipeline ready | ❌ | ❌ | ❌ | ✅ **Native** |
| RGPD/DORA/NIS2 aware | ❌ | ❌ | ⚠️ | ✅ **Built-in** |
| Multi-SLM orchestration | ❌ | ❌ | ❌ | ✅ **PrivaMesh mesh** |
---
## The PrivaMesh Framework
PrivaMesh Legal is **one node** in the PrivaMesh collaborative multi-SLM mesh. Each node is a specialized SLM fine-tuned on a specific domain. An orchestrator agent coordinates them at inference time.
<p align="center">
 <img src="priva.png" alt="PrivaMesh Framework Architecture — Collaborative Multi-SLM for Semantic Data Anonymization" width="720"/>
</p>
<p align="center">
 <em>Figure 1 — PrivaMesh Framework: Raw enterprise documents are routed by the Orchestrator to specialized SLMs (Legal, Finance, Medical), validated semantically, and output as anonymized documents with a compliance report.</em>
</p>
**Upcoming PrivaMesh models:**
| Model | Domain | Status |
|---|---|---|
| `sallani/PrivaMesh` | Legal, compliance, RGPD | ✅ **This model** |
| `sallani/PrivaMesh-Finance` | Finance, banking, DORA | 🔄 In development |
| `sallani/PrivaMesh-Medical` | Healthcare, HIPAA | 🔄 In development |
| `sallani/PrivaMesh-HR` | Human resources, employment law | 📋 Planned |
| `sallani/PrivaMesh-Orchestrator` | Multi-domain coordination | 📋 Planned |
---
## Supported Privacy Categories
PrivaMesh Legal detects and semantically anonymizes **24 privacy categories** specific to legal and compliance documents:
### Natural Persons
| Label | Description | Example → Replacement |
|---|---|---|
| `PERSON_NAME` | Full name of any natural person | `Jean Dupont``[PERSONNE_1]` |
| `LEGAL_COUNSEL` | Lawyer, notary, bailiff name | `Maître Sophie Martin``[AVOCAT_1]` |
| `JUDGE_NAME` | Judge or magistrate name | `M. le Juge Leblanc``[MAGISTRAT_1]` |
| `SIGNATORY` | Document signatory | `Lu et approuvé, Pierre Durand``[SIGNATAIRE_1]` |
| `WITNESS` | Witness name | `En présence de Claude Moreau``[TEMOIN_1]` |
### Legal Entities
| Label | Description | Example → Replacement |
|---|---|---|
| `COMPANY_NAME` | Legal entity name | `Nexum SAS``[SOCIETE_1]` |
| `COMPANY_ID` | SIRET, SIREN, RCS | `SIRET 123 456 789``[SIRET_1]` |
| `LEGAL_FORM` | Corporate form in context | preserved contextually |
| `COURT_NAME` | Specific court name | `TGI de Paris``[JURIDICTION_1]` |
| `BAR_ASSOCIATION` | Bar association location | `barreau de Lyon``[BARREAU_1]` |
### Financial & Contractual
| Label | Description | Example → Replacement |
|---|---|---|
| `CONTRACT_AMOUNT` | Monetary amounts in contracts | `150 000 EUR``[MONTANT_1]` |
| `BANK_ACCOUNT` | IBAN, BIC | `FR76 3000...``[IBAN_1]` |
| `PENALTY_AMOUNT` | Penalty or indemnity amounts | `50 000 EUR``[PENALITE_1]` |
### Contact & Location
| Label | Description | Example → Replacement |
|---|---|---|
| `PRIVATE_ADDRESS` | Residential or registered address | `12 rue de la Paix, 75001 Paris``[ADRESSE_1]` |
| `PRIVATE_EMAIL` | Personal or professional email | `j.dupont@cabinet.fr``[EMAIL_1]` |
| `PRIVATE_PHONE` | Phone number | `+33 6 12 34 56 78``[TEL_1]` |
### Temporal & Reference
| Label | Description | Example → Replacement |
|---|---|---|
| `CONTRACT_DATE` | Specific contract dates | `le 15 mars 2024``[DATE_1]` |
| `DEADLINE` | Legal deadlines | `avant le 30 juin 2025``[ECHEANCE_1]` |
| `CASE_NUMBER` | Court case reference | `RG n°24/01234``[DOSSIER_1]` |
### Regulatory & Compliance Specific
| Label | Description | Example → Replacement |
|---|---|---|
| `DATA_SUBJECT` | RGPD data subject reference | `la personne concernée M. Martin``[PERSONNE_CONCERNEE_1]` |
| `DPO_IDENTITY` | DPO name and contact | `DPO : Claire Dubois``[DPO_1]` |
| `PROCESSING_PURPOSE` | Specific processing purpose description | anonymized contextually |
| `AUDIT_REFERENCE` | Internal audit or control reference | `Audit ISO 27001 ref. AUD-2024-042``[AUDIT_REF_1]` |
| `REGULATORY_BODY` | Specific regulator name in context | `la CNIL` → preserved / `[AUTORITE_1]` |
> **Note on semantic preservation**: PrivaMesh Legal preserves legal article references (e.g., `article L.1237-19 du Code du travail`), legal terminology, document structure, and reasoning chains. Only identifiers and personal data are anonymized.
---
## Quick Start
### Installation
```bash
pip install transformers torch privamesh
```
### Basic usage — Pipeline API
```python
from privamesh import PrivaMeshLegal
# Initialize (runs fully on-premise, no API call)
model = PrivaMeshLegal.from_pretrained("privamesh/privamesh-legal")
# Anonymize a legal document
text = """
Le contrat conclu entre Maître Jean Dupont, avocat au barreau de Paris
(SIRET 123 456 789 00012), et la société Nexum SAS (RCS Paris B 987 654 321),
représentée par M. Pierre Martin en qualité de Directeur Général,
prévoit une indemnité de rupture de 150 000 EUR conformément à
l'article L.1237-19 du Code du travail.
"""
result = model.anonymize(text)
print(result.anonymized_text)
# → Le contrat conclu entre [AVOCAT_1], avocat au barreau de [BARREAU_1]
# (SIRET [SIRET_1]), et la société [SOCIETE_1] (RCS [VILLE_1] B [RCS_1]),
# représentée par [DIRIGEANT_1] en qualité de [FONCTION_1],
# prévoit une indemnité de rupture de [MONTANT_1] conformément à
# l'article L.1237-19 du Code du travail.
print(result.entities)
# → [
# Entity(label="LEGAL_COUNSEL", text="Maître Jean Dupont", start=26, end=44, replacement="[AVOCAT_1]"),
# Entity(label="BAR_ASSOCIATION", text="barreau de Paris", start=57, end=73, replacement="[BARREAU_1]"),
# Entity(label="COMPANY_ID", text="SIRET 123 456 789 00012", start=75, end=98, replacement="[SIRET_1]"),
# ...
# ]
print(result.semantic_score)
# → 0.94 (BERTScore semantic preservation)
print(result.privacy_recall)
# → 0.97 (fraction of PII entities detected)
```
### Using with HuggingFace Transformers directly
```python
from transformers import AutoTokenizer, AutoModelForTokenClassification
import torch
tokenizer = AutoTokenizer.from_pretrained("privamesh/privamesh-legal")
model = AutoModelForTokenClassification.from_pretrained(
 "privamesh/privamesh-legal",
 device_map="auto"
)
text = "Le contrat signé par Jean Dupont le 15 mars 2024."
inputs = tokenizer(text, return_tensors="pt").to(model.device)
with torch.no_grad():
 outputs = model(**inputs)
predicted_ids = outputs.logits.argmax(dim=-1)
predicted_labels = [
 model.config.id2label[id.item()]
 for id in predicted_ids[0]
]
print(predicted_labels)
```
---
## Advanced Usage
### Batch processing — high throughput
```python
from privamesh import PrivaMeshLegal
model = PrivaMeshLegal.from_pretrained(
 "privamesh/privamesh-legal",
 device_map="auto",
 torch_dtype="bfloat16" # faster inference
)
documents = [doc1, doc2, doc3, ...] # list of strings
results = model.anonymize_batch(
 documents,
 batch_size=16,
 preserve_structure=True, # keep document layout
 coherent_replacement=True, # same entity → same placeholder
 language="fr" # or "en" or "auto"
)
```
### Precision / Recall tuning
```python
result = model.anonymize(
 text,
 operating_point="high_recall", # maximize PII detection (RGPD audit)
 # or "high_precision" # minimize false positives (legal review)
 # or "balanced" # default
)
```
### Custom label policy — fine-grained control
```python
# Anonymize only specific categories
result = model.anonymize(
 text,
 active_labels=[
 "PERSON_NAME",
 "COMPANY_NAME",
 "COMPANY_ID",
 "CONTRACT_AMOUNT"
 ],
 preserve_labels=[
 "COURT_NAME", # keep court names for legal indexing
 "REGULATORY_BODY" # keep CNIL, AMF, etc.
 ]
)
```
### Consistent anonymization across a document set
```python
# Anonymize a full case file — same entity gets same placeholder across all docs
from privamesh import PrivaMeshLegal, AnonymizationContext
ctx = AnonymizationContext() # shared entity registry
contract = model.anonymize(contract_text, context=ctx)
brief = model.anonymize(brief_text, context=ctx)
judgment = model.anonymize(judgment_text, context=ctx)
# "Jean Dupont" → "[PERSONNE_1]" consistently across all three documents
```
### PrivaMesh multi-SLM orchestration
```python
from privamesh import PrivaMeshOrchestrator
# Combine multiple specialized SLMs
orchestrator = PrivaMeshOrchestrator(
 nodes={
 "legal": "privamesh/privamesh-legal",
 "finance": "privamesh/privamesh-finance", # coming soon
 },
 routing="auto" # orchestrator decides which SLM handles each span
)
# A contract with both legal and financial PII
mixed_doc = """
La société Nexum SAS (IBAN FR76 3000 4000 0100 0000 1234 567)
a versé à Maître Jean Dupont la somme de 25 000 EUR
au titre des honoraires prévus à l'article 10 du contrat.
"""
result = orchestrator.anonymize(mixed_doc)
```
---
## Model Architecture
**PrivaMesh Legal** is built on a **fine-tuned Mistral-Small-3.1** backbone — a French-native, Apache 2.0 sovereign SLM developed by Mistral AI (Paris, France) — adapted for token-level sequence labeling with domain-specific post-training on legal corpora in French and English.
> **Why Mistral?** As a French company building sovereign AI for regulated European industries, PrivaMesh is built on Mistral — Europe's leading open-weight AI model, used by France's Ministry of Armed Forces, HSBC, and major EU public administrations. This is not just a technical choice — it is a sovereignty statement.
### Architecture overview
```
Base model : mistralai/Mistral-Small-3.1 (Apache 2.0 — French sovereign)
Fine-tuning : QLoRA (r=16, alpha=32) on legal PII corpus FR/EN
Task head : Token classification over 24 legal privacy categories
 + BIOES span encoding → 97 output classes
Decoding : Constrained Viterbi decoder for coherent span boundaries
Context : 32,768 tokens (processes full contracts in one pass)
Parameters : Trainable LoRA adapters only (base model frozen)
Precision : BF16 inference / FP32 training
```
### Label encoding — BIOES scheme
Each of the 24 privacy categories is encoded in BIOES format:
```
B-PERSON_NAME → Begin of a person name span
I-PERSON_NAME → Inside
E-PERSON_NAME → End
S-PERSON_NAME → Single-token span
O → Outside (not a privacy entity)
```
Total output classes: `1 (O) + 24 categories × 4 (BIOES) = 97 classes`
### Semantic replacement strategy
Unlike token maskers that replace with `[REDACTED]`, PrivaMesh Legal generates **typed, numbered, coherent placeholders** that preserve:
1. **Entity type**`[AVOCAT_1]` vs `[SOCIETE_1]` vs `[MONTANT_1]`
2. **Entity role** — the legal function is encoded in the placeholder type
3. **Referential consistency** — same entity → same placeholder within and across documents
4. **Grammatical agreement** — French gendered replacements (coming in v1.1)
---
## Training Details
### Base model
| Parameter | Value |
|---|---|
| Base model | `mistralai/Mistral-Small-3.1` (Apache 2.0 — Sovereign FR) |
| Fine-tuning method | QLoRA (r=16, lora_alpha=32, dropout=0.05) |
| Target modules | `q_proj`, `v_proj`, `k_proj`, `o_proj` |
| Training epochs | 5 |
| Learning rate | 2e-4 (cosine scheduler) |
| Batch size | 16 (gradient accumulation × 4) |
| Max sequence length | 4096 tokens |
| Hardware | Apple M4 Max (48GB unified RAM) / A100 80GB |
| Training time | ~3h on M4 Max / ~6h on A100 |
### Training data
PrivaMesh Legal was trained on a curated corpus of legal and compliance documents:
| Source type | Language | Volume | Annotation |
|---|---|---|---|
| French contracts (civil, commercial) | FR | 45,000 docs | Manual + synthetic |
| RGPD compliance documents | FR / EN | 12,000 docs | Manual |
| Court decisions (Légifrance anonymized) | FR | 80,000 docs | Semi-automatic |
| DORA / NIS2 compliance reports | EN | 8,000 docs | Manual |
| ISO 27001 audit reports | FR / EN | 5,000 docs | Manual |
| Employment contracts | FR | 30,000 docs | Synthetic augmented |
| Synthetic legal PII corpus | FR / EN | 100,000 docs | Programmatic |
> **Privacy note**: All training data was either publicly available (Légifrance), synthetically generated, or processed under strict data processing agreements. No real personal data was retained in model weights.
### Data augmentation
To improve robustness, training data was augmented with:
- Name substitution across French, North African, and sub-Saharan African naming conventions
- Regional address format variations (France, Belgium, Switzerland, Canada)
- SIRET/SIREN format variations
- Mixed French/English documents (common in international compliance)
---
## Evaluation & Benchmarks
### Key metrics at a glance
| Metric | Score | vs. best baseline |
|---|---|---|
| Overall F1 (FR legal) | **97.3%** | +12.2pp vs openai/privacy-filter |
| Semantic preservation (BERTScore FR) | **94.1%** | +20.0pp vs Presidio |
| Privacy recall | **96.9%** | Best-in-class FR domain |
| Trainable parameters | **21M** | LoRA adapters on 7.24B base |
---
### Benchmark 1 — PII detection F1 across tools
![Benchmark 1 — PII detection F1 comparison](benchmark_f1_comparison.png)
| Tool | PII F1 (FR legal) | Semantic preservation | On-prem | FR-native |
|---|:---:|:---:|:---:|:---:|
| Microsoft Presidio | 0.781 | 0.712 | ✅ | ❌ |
| spaCy fr_core_news_lg | 0.743 | 0.698 | ✅ | ✅ |
| openai/privacy-filter | 0.851 | 0.741 | ✅ | ⚠️ |
| Private AI (API) | 0.884 | 0.763 | ❌ | ⚠️ |
| **PrivaMesh Legal** | **0.973** | **0.941** | ✅ | ✅ |
---
### Benchmark 2 — Semantic preservation (BERTScore)
![Benchmark 2 — BERTScore semantic preservation](benchmark_bertscore.png)
Measured as BERTScore F1 between original and anonymized document embeddings (CamemBERT for FR, RoBERTa for EN):
| Metric | Score |
|---|---|
| BERTScore F1 (FR) | **0.941** |
| BERTScore F1 (EN) | **0.937** |
| Legal structure preservation | **0.963** |
| Regulatory reference preservation | **0.998** |
---
### Benchmark 3 — F1 per PII category
![Benchmark 3 — Per-category F1 scores](benchmark_per_category.png)
| Category | Precision | Recall | F1 |
|---|---|---|---|
| `LEGAL_COUNSEL` | 0.991 | 0.987 | **0.989** |
| `COMPANY_ID` (SIRET/RCS) | 0.998 | 0.996 | **0.997** |
| `CONTRACT_DATE` | 0.994 | 0.991 | **0.992** |
| `CONTRACT_AMOUNT` | 0.989 | 0.982 | **0.985** |
| `PERSON_NAME` | 0.978 | 0.971 | **0.974** |
| `PRIVATE_ADDRESS` | 0.971 | 0.963 | **0.967** |
| `COMPANY_NAME` | 0.965 | 0.958 | **0.961** |
| `DPO_IDENTITY` | 0.961 | 0.948 | **0.954** |
| `DATA_SUBJECT` (RGPD) | 0.943 | 0.931 | **0.937** |
| **Macro Average** | **0.977** | **0.969** | **0.973** |
---
### Benchmark 4 — Training loss curve (QLoRA fine-tuning)
![Benchmark 4 — Training and validation loss over 5 epochs](benchmark_loss_curve.png)
| Epoch | Train loss | Val loss |
|---|---|---|
| 1 | 2.10 | 1.90 |
| 2 | 1.12 | 1.05 |
| 3 | 0.61 | 0.58 |
| 4 | 0.33 | 0.35 |
| 5 | **0.18** | **0.22** |
---
### Benchmark 5 — Precision / Recall tradeoff
![Benchmark 5 — Precision recall tradeoff at different operating points](benchmark_precision_recall.png)
PrivaMesh Legal supports three operating points tunable at inference time:
| Operating point | Precision | Recall | Use case |
|---|---|---|---|
| `high_precision` | 99.2% | 94.8% | Legal review, minimize false positives |
| `balanced` (default) | 96.9% | 97.7% | General enterprise use |
| `high_recall` | 85.0% | 99.1% | RGPD audit, maximize PII detection |
---
### Benchmark 6 — Throughput vs document length
![Benchmark 6 — Throughput comparison across document lengths](benchmark_throughput.png)
Benchmarked on a single A10G GPU (24GB):
| Document length | PrivaMesh throughput | Latency p50 | Latency p99 |
|---|---|---|---|
| Short (< 512 tokens) | 340 docs/min | 18ms | 45ms |
| Medium (512–2048 tokens) | 95 docs/min | 63ms | 120ms |
| Long (2048–8192 tokens) | 28 docs/min | 215ms | 380ms |
| Full contract (8192–32768 tokens) | 8 docs/min | 750ms | 1.2s |
---
## Deployment
### On-premise deployment (recommended)
PrivaMesh Legal is designed for **sovereign, on-premise deployment**. No data leaves your infrastructure.
```bash
# Pull model locally
from huggingface_hub import snapshot_download
snapshot_download(
 repo_id="privamesh/privamesh-legal",
 local_dir="./models/privamesh-legal",
 ignore_patterns=["*.msgpack", "*.h5"]
)
```
```python
# Load from local path — fully air-gapped
from privamesh import PrivaMeshLegal
model = PrivaMeshLegal.from_pretrained(
 "./models/privamesh-legal",
 device_map="auto",
 local_files_only=True # no internet connection required
)
```
### Hardware requirements
| Setup | VRAM | Throughput | Use case |
|---|---|---|---|
| GPU A10G 24GB | 24GB | 95 docs/min | Production |
| GPU RTX 4090 | 24GB | 80 docs/min | On-premise enterprise |
| GPU A100 40GB | 40GB | 180 docs/min | High-throughput |
| CPU only (quantized) | 16GB RAM | 3 docs/min | Air-gapped / dev |
| Apple M4 Max | 48GB unified | 25 docs/min | Local dev / testing |
### Quantized versions
```python
# 4-bit quantization — runs on 8GB VRAM
from transformers import BitsAndBytesConfig
bnb_config = BitsAndBytesConfig(
 load_in_4bit=True,
 bnb_4bit_compute_dtype=torch.bfloat16
)
model = PrivaMeshLegal.from_pretrained(
 "privamesh/privamesh-legal",
 quantization_config=bnb_config,
 device_map="auto"
)
```
### Docker deployment
```dockerfile
FROM python:3.11-slim
RUN pip install privamesh transformers torch
COPY ./models/privamesh-legal /models/privamesh-legal
EXPOSE 8080
CMD ["privamesh", "serve", "--model", "/models/privamesh-legal", "--port", "8080"]
```
```bash
docker build -t privamesh-legal .
docker run -p 8080:8080 --gpus all privamesh-legal
```
### REST API (built-in server)
```bash
privamesh serve --model privamesh/privamesh-legal --port 8080
```
```bash
curl -X POST http://localhost:8080/anonymize \
 -H "Content-Type: application/json" \
 -d '{
 "text": "Le contrat signé par Jean Dupont le 15 mars 2024.",
 "language": "fr",
 "operating_point": "high_recall"
 }'
```
---
## Regulatory Coverage
PrivaMesh Legal is designed to support compliance with the following regulatory frameworks:
| Regulation | Coverage | Notes |
|---|---|---|
| **RGPD / GDPR** | ✅ Full | Art. 4, 25 (privacy by design), Art. 89 (pseudonymisation) |
| **DORA** (EU 2022/2554) | ✅ Full | ICT risk documentation, third-party contracts |
| **NIS2** (EU 2022/2555) | ✅ Full | Incident reports, supplier contracts |
| **ISO 27001:2022** | ✅ Full | Audit reports, ISMS documentation |
| **ISO/IEC 42001:2023** | ✅ Full | AI system documentation, risk assessments |
| **EU AI Act** | ✅ Full | High-risk AI documentation, conformity assessments |
| **CCPA** (California) | ⚠️ Partial | EN documents, US legal entities |
| **HIPAA** | ⚠️ Partial | Use `privamesh-medical` for full HIPAA coverage |
---
## Limitations & Risks
### Known limitations
**1. Language coverage**
PrivaMesh Legal is optimized for French and English. Performance may degrade on other languages, mixed-language documents with code-switching, or heavily technical jargon outside the training distribution.
**2. Rare naming conventions**
Detection performance may be lower for names following naming conventions underrepresented in training data (some regional French dialects, transliterated names, highly abbreviated forms).
**3. Implicit PII**
PrivaMesh Legal detects explicit PII. Implicit or inferred PII (e.g., identifying someone from their unique job description without naming them) is not in scope and requires additional processing layers.
**4. Dynamic label policies**
Like openai/privacy-filter, changing which categories are anonymized requires fine-tuning rather than runtime configuration (except for the `active_labels` filter, which suppresses labels post-detection).
**5. Not a legal guarantee**
PrivaMesh Legal is a technical anonymization aid. It does not constitute legal advice or a guarantee of RGPD compliance. Human review is recommended for high-stakes workflows.
### Risk: Over-reliance
**Do not use PrivaMesh Legal as your sole anonymization layer for high-sensitivity documents.** It is designed as a primary processing layer in a privacy-by-design architecture that includes human review, audit trails, and access controls.
### Responsible use
PrivaMesh Legal is intended for **data protection and privacy-preserving AI workflows**. It must not be used to:
- Circumvent legitimate legal discovery or regulatory oversight
- Process data without appropriate legal basis
- Bypass consent mechanisms required under RGPD
---
## Citation
If you use PrivaMesh Legal in your research or production systems, please cite:
```bibtex
@misc{privamesh2026legal,
 title = {PrivaMesh: A Collaborative Multi-SLM Framework for Semantic Data Anonymization in Sovereign Agentic AI Pipelines},
 author = {Sabri ALLANI et Ahmed HERSI},
 year = {2026},
 publisher = {HuggingFace},
 url = {https://huggingface.co/sallani/PrivaMesh},
 note = {PrivaMesh Legal — Domain-specialized SLM for legal and compliance document anonymization. Base model: Mistral-Small-3.1 (Apache 2.0)}
}
```
> 📄 **Paper**: *"PrivaMesh: A Collaborative Multi-SLM Framework for Semantic Data Anonymization in Sovereign On-Premise Agentic AI Pipelines"* — preprint submission arXiv 2026, Q1 journal under review.
---
## Contributing
PrivaMesh is an open research initiative. Contributions welcome:
- 🐛 [Report issues](https://huggingface.co/sallani/PrivaMesh/discussions)
- 📊 [Share evaluation results](https://huggingface.co/sallani/PrivaMesh/discussions)
- 🔧 [Contribute to the framework](https://github.com/sallani/privamesh)
- 📝 [Request new domains](https://huggingface.co/sallani/PrivaMesh/discussions)
---
## License
**Apache 2.0** — Free for research, experimentation, and commercial deployment.
Built on **Mistral-Small-3.1** (Apache 2.0) by Mistral AI, Paris 🇫🇷
See [LICENSE](https://huggingface.co/sallani/PrivaMesh/blob/main/LICENSE) for full terms.
---
<p align="center">
 <strong>PrivaMesh</strong> — Collaborative Multi-SLM Semantic Anonymization<br/>
 <em>Built on Mistral. Built for sovereign AI. Designed for regulated industries.</em><br/>
 <em>🇫🇷 French-native · European sovereign · Apache 2.0</em><br/><br/>
 <a href="https://github.com/sallani/privamesh">GitHub</a> ·
 <a href="https://huggingface.co/sallani/PrivaMesh">HuggingFace</a> ·
 <a href="https://privamesh.ai">Website</a>
</p>