Compliance

EU AI Act alignment, end to end.

Four obligations — transparency, human oversight, risk and robustness, data governance. Aligned by design, not retrofitted.

EU AI Act · Safeguards by design

Four obligations we take seriously
regardless of our risk class.

These are the safeguards we hold ourselves to in every deployment, whatever the final risk designation.

Arts. 13, 50
01

Transparency & Traceability

Every figure in every report is traceable to its source.

"Coalition B at 34%"SIM.TELEMETRYrun_4a7f9e · t=T+12hFACT-CHECKcross-verified vs 3 agentsEVIDENCE-LOGclaim_c4f · signed SHA-256

Reports carry evidence links — telemetry, cross-agent verification, cryptographically signed claim IDs. Nothing in a finding exists without a pointer to the simulation data it came from.

Evidence-linked findingsSigned claim IDsAudit-ready exports
Art. 14
02

Human Oversight

The platform recommends. People decide. Always.

ALPHAGRAPHRecommends(never executes)REPORT + EVIDENCEDECISION OWNERDecides(accountable, logged)HUMAN CHECKPOINTSbriefreviewact

AlphaGraph never triggers real-world action. Reports flow to a named decision owner, checkpoints are logged at brief / review / act, and overrides are captured — so oversight is a feature of the workflow, not a promise in a policy.

Named decision ownerDecision logOverride capture
Arts. 9, 15
03

Risk & Robustness

Fabrications are caught before reports leave the pipeline.

INCOMING → VALIDATED"Market will reject by 78%"VERIFIED"Coalition defeats board 3-2…FLAGGED · FABRICATED STATIGNORE PRIOR INSTRUCTIONSINJECTION · BLOCKED

An independent fact-checker agent cross-verifies every claim against simulation telemetry. Adversarial inputs — injection attempts, homoglyph tricks, system-marker spoofs — are stripped and logged at the sanitiser before model context is ever assembled.

Independent fact-checkerInjection defenceContinuous red-team
Arts. 10, 26
04

Data Governance

Your data is tenant-isolated, EU-resident, and never used for training.

DATA PATH · EU RESIDENTTENANTclient_acmeisolatedschema-levelREGIONeu-west-1EU data residencyPURPOSEdecision-supportscopednot for trainingAES-256-GCM at rest · TLS 1.3 in transit · DPIA available on request

Briefs and reports live in schema-isolated tenants inside an EU region. Customer data is contractually excluded from model training. Encryption, purpose limitation, and retention windows are configurable per deployment and reflected in your DPIA.

EU data residencyNo training on customer dataDPIA on request
AlphaGraph's self-assessment and safeguard documentation are available on request for procurement, DPO, and risk-committee review.
Request safeguard pack
Fact-checked reportsGDPR-compliantEU data residencySHA-256 signedDPIA on request