AI Governance
Easylab AI integrates artificial intelligence responsibly, in strict compliance with European regulatory frameworks.
Compliance Documentation Center
NEWAccess all regulatory documents, sub-processor lists, and product-specific compliance information in one place.
Our Position
Easylab AI is an AI solution integrator, not an AI model producer. We select, deploy and operate functional AI services for our clients, under structured contracts covering DORA, GDPR and the AI Act.
Data Processor under GDPR
We act as a data processor within the meaning of Article 28 of the GDPR. Data protection terms are defined contractually according to each project's requirements.
ICT Provider under DORA
For financial entities, we qualify as a third-party ICT service provider. Our contracts cover the requirements of Article 30 of DORA.
Deployer under the AI Act
We classify every deployed AI system by risk level and implement the required documentation, transparency and human oversight measures.
Regulatory Frameworks
The three European regulations that structure our contracts and practices.
Regulation (EU) 2024/1689 on Artificial Intelligence
Progressive application from August 2025The world's first comprehensive legal framework for AI. Classifies systems by risk level and imposes proportional obligations for transparency, documentation and oversight.
- AI system classification by risk level (Art. 6, Annex III)
- Mandatory AI-assistance notice on every deliverable (Art. 50)
- Mandatory human oversight before dissemination
- Traceability: technical logs retained for 2+ years
- Ongoing monitoring of GPAI model compliance (Art. 51+)
Regulation (EU) 2022/2554 - Digital Operational Resilience
In effect since 17 January 2025Operational resilience framework for the financial sector. Governs ICT risk management, third-party providers and incident notification requirements.
- ICT sub-contractor register
- Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
- Major incident notification within 48 hours
- Audit and access rights for the client and the CSSF
- Exit plan and data portability provisions
Regulation (EU) 2016/679 - General Data Protection Regulation
In effect since May 2018The foundation of any responsible AI integration. Defines the obligations of data controllers and processors for the protection of personal data.
- Data protection clauses adapted to each contract
- Processing on documented instructions only (Art. 28)
- Technical measures: TLS 1.2+ encryption, AES-256
- Data breach notification within 72 hours (Art. 33)
- Prior authorisation for any sub-processor
Our Products Compliance
Each Easylab product has its own AI governance page, detailing its risk classification, regulatory obligations and compliance documentation.
EasyBoard Minutes
Limited risk (Art. 50)
AI-assisted board minutes generation for investment funds. Limited risk classification. Compliant with AI Act (Art. 50), GDPR, DORA. 5 governance documents available.
EasyClaw
Per-deployment classification
General-purpose autonomous agent platform -- AI deployer application (Article 26). Risk classification determined per deployment context. Complete documentation: system card, instructions for use, acceptable use policy, deployer guide.
EasyBlood
Limited risk (Art. 50)
AI-powered blood test analysis with personalized report generation. Educational content only, not a medical device. Article 50 transparency and embedded AI metadata.
Linkeme
Non-high-risk (Art. 6)
AI content automation for social media (text, image, video). Classified non-high-risk. Human oversight on every publication. 4 AI governance documents available.
LinkedInScope
Non-high-risk (Art. 6)
LinkedIn profile audit and AI photo generation. Classified non-high-risk. Article 50 transparency, AI watermark on generated photos. System card and transparency notice available.
Easylaw AI
Limited risk (Art. 50)
On-premise legal AI for law firms. Limited risk classification: AI-generated content with transparency obligation (Art. 50). 100% local deployment, zero cloud, attorney-client privilege guaranteed by architecture.
Governance Documents
Downloadable AI governance documents for Easylab service offerings.
AI Governance - Custom AI Services
Governance framework for custom AI development and integration services. Roles, obligations, transparency and AI Act compliance.
DownloadAI Governance - Automation & Workflows
Governance framework for AI automation and workflow services (n8n, APIs, integrations). Risk classification, human oversight, data protection.
DownloadAI Act compliant -- and we can help you get there.
Audit, legal documentation, training: our expert team guides your AI compliance journey, from SMEs to CSSF-regulated financial institutions.
Technology Partners
Every provider is evaluated on their certifications and compliance before integration.
Anthropic
ClaudePrimary LLM model provider
OpenAI
GPTComplementary LLM models
Google Cloud
GCPCloud infrastructure and Vertex AI
Amazon Web Services
AWSCloud infrastructure and EU hosting
Microsoft Azure
AzureCloud infrastructure and Azure OpenAI
n8n
n8n CloudAI workflow orchestration
Contractual Commitments
Documented and verifiable practices, embedded in our service agreements.
Frequently Asked Questions
By default, we prefer EU datacenters (Frankfurt, Dublin, Tallinn). For each project, hosting is documented and validated with the client.
No. Our providers' APIs (Anthropic, OpenAI) do not use submitted data for model training. This is a built-in property of API usage, not a configuration option.
As a deployer, we classify each deployed AI system according to the AI Act risk categories. For limited-risk systems, we implement the transparency obligations (Art. 50) and documentation. Human oversight is mandatory before any deliverable dissemination.
GDPR-compliant data protection clauses are integrated into our service agreements according to project requirements. They cover processor obligations and applicable technical and organisational security measures.
We apply notification within 48h (DORA) and 72h (GDPR). Each incident is documented with: nature, scope, affected systems and data, corrective measures and remediation plan.
Our contracts grant the client, its mandatees and supervisory authorities (CSSF, CNPD) audit, inspection and access rights to premises, systems and logs, in accordance with DORA and GDPR requirements.