New: Governed workflows with a human gate

Responsible AI and the EU AI Act

Informational document. Not legal advice.

1. What the AI Act is

Regulation (EU) 2024/1689 — the "AI Act" — is the European framework that regulates AI systems according to their level of risk. It applies in phases between 2025 and 2027.

This document explains, in plain language, how BiVelio is designed in line with its principles. It is informational and does not constitute legal advice or a certification of conformity.

2. The risk-based approach

The AI Act classifies AI systems into four levels, with obligations proportional to the risk:

Unacceptable riskProhibited practices (e.g. manipulation, social scoring). BiVelio performs none of them.

High riskUses in sensitive areas, with strict obligations for risk management, data, transparency and human oversight.

Limited riskTransparency obligations: the person knows they are interacting with an AI system.

Minimal riskMost uses; no specific obligations beyond good practice.

3. Where BiVelio fits

BiVelio is a governed operations layer that executes repeatable back-office work under human control. Most of these uses are limited or minimal risk.

The customer, as the deployer, decides what they use the platform for. Some uses could fall into higher categories depending on context; if so, additional obligations apply, which we help cover with our controls.

4. Human oversight

Every agent has a role, authority limits and policies. Critical decisions require human approval before they run: the "human gate".

A person can pause, review and roll back any action. AI executes the repeatable; people decide the critical.

5. Transparency

We make it clear when you are interacting with an AI system. Every action is logged with its context, permissions and the rule applied, so decisions are explainable.

6. Governance, traceability and audit

Every execution leaves a full audit trail: which agent acted, with what Brain context, under which policy and with what approval.

Activity logs and rollback capability exist, so any operation can be reconstructed and undone.

7. Risk management

Before automating, the Workers classify what is safe to automate and what needs human approval. Authority thresholds — for example, amounts — escalate to a person when exceeded.

8. Data and protection

Processing of personal data is governed by our Privacy Policy and our Data Protection (GDPR) Policy. Data is hosted in the EU, with the technical and organizational measures described in the GDPR document.

9. Shared responsibilities

BiVelio provides the governed layer and its controls. The customer decides the use cases and remains responsible for the compliance of their deployment.

We collaborate by providing traceability, configurable controls and documentation to support that compliance.

10. Status and review

This document is informational and will evolve with the phased entry into force of the AI Act and with our legal team’s review. For any questions, contact our Data Protection Officer.