AI & tech, explained clearly
24 terms from AI, law and web development — each explained in 3-4 sentences, without marketing fog. Updated: July 2026.
Artificial Intelligence
LLM (Large Language Model)
What is an LLM?
- A large language model is an AI model trained on vast amounts of text that understands and generates language — examples include GPT, Claude, Mistral and Gemini. LLMs answer questions, summarize texts, write code and form the basis for chatbots, RAG systems and AI agents. For GDPR-sensitive applications, EU-hosted alternatives such as Mistral on Scaleway (Paris) are available.
RAG (Retrieval-Augmented Generation)
What is RAG?
- RAG combines a language model with a searchable knowledge base: before answering, the system retrieves relevant documents and passes them to the model as context. The AI answers based on your own company data instead of training data alone — with far fewer hallucinations and always current content. RAG is the standard approach when companies want to make their documents, wikis or product data AI-searchable.
MCP (Model Context Protocol)
What is the Model Context Protocol (MCP)?
- MCP is an open standard by Anthropic (2024) that lets AI assistants securely access external tools and data sources — such as databases, CRMs or APIs. Instead of building a custom integration per tool, an MCP server exposes defined functions that any compatible AI client can use. This makes a company system 'AI-operable' without losing control over access.
AI Agent
What is an AI agent?
- An AI agent is an AI system that plans and executes multi-step tasks autonomously: it breaks a goal into steps, uses tools (search, databases, APIs) and checks intermediate results. Unlike a chatbot, an agent doesn't just answer — it acts. Under the EU AI Act this always requires human oversight (human in the loop) for critical decisions.
Prompt Engineering
What is prompt engineering?
- Prompt engineering is the deliberate crafting of instructions for a language model to obtain reliable, reproducible results. It includes role definitions, examples (few-shot), output formats and guardrails against unwanted behavior. In production systems, prompts are versioned, tested building blocks — not ad-hoc inputs.
Embedding
What is an embedding?
- An embedding translates text (or images) into a numeric vector that captures meaning: semantically similar texts sit close together in vector space. Embeddings are the foundation of semantic search in RAG systems — you search by meaning, not exact keywords.
Vector Database
What is a vector database?
- A vector database stores embeddings and finds the most semantically similar entries to a query within milliseconds (similarity search). It is the core of every RAG pipeline — common options include pgvector (a PostgreSQL extension, e.g. in Supabase), ChromaDB and Qdrant. For GDPR-compliant setups, EU hosting and deletion concepts matter most.
Fine-Tuning
What is fine-tuning?
- Fine-tuning further trains an existing language model on your own example data to permanently adapt style, format or domain language. It only pays off when prompt engineering and RAG are no longer sufficient — for most business use cases RAG is the cheaper, more flexible choice because knowledge stays updatable without retraining.
Hallucination (AI)
What is an AI hallucination?
- A hallucination is a convincingly worded but factually wrong answer from a language model — such as invented sources, figures or legal clauses. Countermeasures include RAG (answers backed by verifiable sources), confidence indicators and human approval for critical outputs. The EU AI Act requires transparency for AI-generated content.
Inference (AI operations)
What does inference mean for AI models?
- Inference is the live operation of a trained AI model — every request to an LLM is an inference call. Latency, cost per token and hosting location are decisive: EU providers such as Scaleway (Paris) enable GDPR-compliant inference without data transfers to the US.
Law & Compliance
EU AI Act
What is the EU AI Act?
- The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive AI law. It classifies AI systems by risk: prohibited practices, high-risk systems (strictly regulated), limited risk (transparency duties such as AI labeling, Art. 50) and minimal risk. Companies using AI must meet labeling, documentation and oversight obligations in stages from 2025/2026.
AI Labeling (Art. 50 AI Act)
When must AI content be labeled?
- Art. 50 of the EU AI Act requires that people can recognize when they interact with AI or view AI-generated content. In practice: chatbots identify themselves as AI, and generated text and images carry a visible notice (e.g. an 'AI-generated' badge). The obligations phase in fully from August 2026.
Human in the Loop
What does human in the loop mean?
- Human in the loop means: the AI proposes, a human decides. Critical actions — sending invoices, publishing content, customer communication — pass through human approval (approval gates). The EU AI Act anchors this principle as human oversight in Art. 26; well-built AI systems log every approval traceably.
GDPR
What does the GDPR regulate for AI applications?
- The General Data Protection Regulation governs any processing of personal data — for AI applications this mainly concerns prompts, training data and logs. In practice: clarify the legal basis, minimize or anonymize data, prefer EU hosting, implement retention limits and inform data subjects (Art. 13). Automated individual decisions require special safeguards under Art. 22.
E-Invoice (ZUGFeRD / XRechnung)
What is an e-invoice under ZUGFeRD or XRechnung?
- Since 2025, German companies must be able to receive structured electronic invoices in B2B. XRechnung is the purely machine-readable XML format (mandatory for public-sector clients); ZUGFeRD combines a human-readable PDF with embedded XML. Both satisfy EU standard EN 16931 — a plain PDF via email is not a legal e-invoice.
BFSG (German Accessibility Act)
What does the German Accessibility Act (BFSG) require?
- Since June 28, 2025, the Barrierefreiheitsstärkungsgesetz obliges many companies to offer digital products and services accessibly — including online shops, banking and booking flows. The practical benchmark is WCAG 2.1 AA (contrast, keyboard operation, screen-reader compatibility). Violations can trigger fines and cease-and-desist letters.
WCAG 2.1
What are the WCAG guidelines?
- The Web Content Accessibility Guidelines are the international standard for accessible websites, tiered into levels A, AA and AAA. Level AA — including sufficient contrast, keyboard navigation, alt texts and visible focus — is the baseline required in the EU (BFSG, EN 301 549). Accessibility also improves SEO and conversion for all users.
Web & Infrastructure
Next.js
What is Next.js?
- Next.js is the leading React framework for production web applications: server-side rendering, static generation, API routes and image optimization are built in. For businesses this means fast load times, strong SEO and one codebase for website and web app alike. Version 15 uses the App Router with React Server Components.
FastAPI
What is FastAPI?
- FastAPI is a modern Python framework for web APIs with automatic validation (Pydantic) and self-generated API documentation. It is the de-facto standard for AI backends because the Python ecosystem (LangChain, Transformers, pgvector clients) plugs in directly and asynchronous processing is built in.
Supabase
What is Supabase?
- Supabase is an open-source Firebase alternative built on PostgreSQL: database, authentication, file storage and realtime features in one, with an EU hosting option. Row Level Security enforces access rules directly in the database — and with pgvector, Supabase doubles as a vector database for RAG applications.
Docker
What is Docker?
- Docker packages applications with all their dependencies into containers that run identically everywhere — from a developer laptop to the production server. This makes deployments reproducible and server migrations predictable. Run on your own EU VPS, companies keep full data sovereignty instead of vendor lock-in with US clouds.
CI/CD
What does CI/CD mean?
- Continuous integration / continuous deployment automates the path from code change to production: every change automatically runs through tests, security scans and — on success — deployment. This drastically reduces error rates and turns releases into routine instead of risk. Typical tools: GitHub Actions, Gitea Actions, GitLab CI.
Server-Side Rendering (SSR)
What is server-side rendering?
- With server-side rendering, the server builds the finished HTML page and delivers it complete — instead of assembling it in the browser via JavaScript. Benefits: faster first paint, reliable indexing by search engines and AI crawlers (many don't execute JavaScript) and better performance on weak devices.
llms.txt
What is llms.txt?
- llms.txt is a convention (2024): a Markdown file in the website root that concisely tells AI crawlers who is behind the site, what services exist and which pages matter — the counterpart to robots.txt, but for content instead of access rules. Sites with llms.txt get cited more precisely by AI search engines like Perplexity or ChatGPT Search.
Term clarified — project pending?
I build RAG systems, AI agents and web applications that meet GDPR and EU AI Act requirements from day one. In a free intro call we'll clarify what makes sense for your project.
Free intro call