Responsible AI and the EU AI Act
1. What the AI Act is
Regulation (EU) 2024/1689 — the "AI Act" — is the European framework that regulates AI systems according to their level of risk. It applies in phases between 2025 and 2027.
This document explains, in plain language, how BiVelio is designed in line with its principles. It is informational and does not constitute legal advice or a certification of conformity.
2. The risk-based approach
The AI Act classifies AI systems into four levels, with obligations proportional to the risk:
Unacceptable risk — Prohibited practices (e.g. manipulation, social scoring). BiVelio performs none of them.
High risk — Uses in sensitive areas, with strict obligations for risk management, data, transparency and human oversight.
Limited risk — Transparency obligations: the person knows they are interacting with an AI system.
Minimal risk — Most uses; no specific obligations beyond good practice.
3. Where BiVelio fits
BiVelio is a governed operations layer that executes repeatable back-office work under human control. Most of these uses are limited or minimal risk.
The customer, as the deployer, decides what they use the platform for. Some uses could fall into higher categories depending on context; if so, additional obligations apply, which we help cover with our controls.
4. Human oversight
Every agent has a role, authority limits and policies. Critical decisions require human approval before they run: the "human gate".
A person can pause, review and roll back any action. AI executes the repeatable; people decide the critical.
5. Transparency
We make it clear when you are interacting with an AI system. Every action is logged with its context, permissions and the rule applied, so decisions are explainable.
6. Governance, traceability and audit
Every execution leaves a full audit trail: which agent acted, with what Brain context, under which policy and with what approval.
Activity logs and rollback capability exist, so any operation can be reconstructed and undone.
7. Risk management
Before automating, the Workers classify what is safe to automate and what needs human approval. Authority thresholds — for example, amounts — escalate to a person when exceeded.
8. Data and protection
Processing of personal data is governed by our Privacy Policy and our Data Protection (GDPR) Policy. Data is hosted in the EU, with the technical and organizational measures described in the GDPR document.
9. Shared responsibilities
BiVelio provides the governed layer and its controls. The customer decides the use cases and remains responsible for the compliance of their deployment.
We collaborate by providing traceability, configurable controls and documentation to support that compliance.
10. Status and review
This document is informational and will evolve with the phased entry into force of the AI Act and with our legal team’s review. For any questions, contact our Data Protection Officer.