LEGAL

EU AI Act Compliance

Last Updated: March 2026

This statement describes how Bosys designs, develops, deploys, and operates artificial intelligence systems in accordance with the EU Artificial Intelligence Act. We are committed to responsible AI governance, risk management, transparency, human oversight, and operational safety.

Limited Risk AIHuman OversightTenant-Isolated LearningFull Audit TrailTransparent DecisionsNo Prohibited AI

1. Scope of AI Systems

This compliance statement applies to AI systems integrated into the BOSYS platform including: decision-support engines, predictive analytics models, workflow automation systems, risk detection algorithms, data classification tools, anomaly detection systems, natural language processing components, and business intelligence engines.

2. AI Risk Classification

Most BOSYS AI systems fall under Limited Risk — providing recommendations, supporting decision-making, automating routine processes, and analyzing operational data. They do not make legally binding decisions, replace human judgment, control critical infrastructure, or perform biometric identification. BOSYS does not develop prohibited AI systems such as social scoring, manipulative behavioral, biometric surveillance, or mass profiling systems.

3. Human Oversight

BOSYS implements human oversight through manual approval workflows, administrative controls, user supervision, override capabilities, and review mechanisms. Users can review AI recommendations, modify AI outputs, approve automated actions, and disable automation at any time. Final authority always remains with human users.

4. Transparency and Explainability

Transparency measures include clear system outputs, decision logs, audit trails, explanation interfaces, and system documentation. Users can view system decisions, understand decision triggers, review historical actions, and monitor system behavior at all times.

5. Data Governance

Data governance processes include data validation, quality checks, access control, data classification, and retention policies — ensuring accuracy, reliability, security, and compliance across all AI operations.

6. AI Training and Model Use

BOSYS AI systems operate using tenant-specific learning models. AI training occurs only within the customer environment. Customer data is never used to train global models, shared across organizations, sold, or used for external AI development. Each organization maintains isolated AI learning behavior.

7. Bias and Fairness Controls

Safeguards to reduce bias include input validation, model evaluation, testing procedures, output monitoring, and human review. We continuously monitor AI systems to detect bias, reduce unfair outcomes, and improve system accuracy.

8. Accuracy and Reliability

AI performance management includes model validation, performance monitoring, error detection, system testing, and continuous improvement. AI outputs are designed to be reliable, consistent, and fully auditable.

9. Security of AI Systems

AI systems are protected with access restrictions, encryption, authentication, monitoring, logging, and backup systems — protecting AI models, training data, inference data, and system outputs.

10. Risk Management Framework

Risk management includes identification, assessment, mitigation, monitoring, and documentation across operational, security, data, compliance, and system risk categories.

11. Incident Management

AI incidents may include incorrect predictions, system malfunction, automation failure, unexpected behavior, or data processing errors. Incident response includes investigation, containment, correction, documentation, and notification.

12. Logging and Auditability

Detailed logs cover system decisions, user actions, data processing events, automation triggers, and error events — supporting compliance, security, accountability, and transparency.

13. Continuous Monitoring

AI systems are continuously monitored for performance, error detection, usage analysis, security, and system health — helping identify risks, prevent failures, and improve reliability.

14. AI Governance

Internal governance includes policy management, risk review, compliance oversight, security review, and system evaluation — ensuring responsible AI operation, regulatory compliance, and operational safety.

15. User Responsibilities

Users are responsible for reviewing AI outputs, verifying recommendations, maintaining system configurations, and monitoring automation behavior. Users should not rely solely on AI decisions, ignore system alerts, or disable safety controls.

16. Regulatory Alignment

BOSYS AI systems are designed to align with EU AI Act principles, responsible AI practices, data protection regulations, and security standards — through risk-based system design, human oversight, transparency, and safety controls.

17. Future Regulatory Updates

The EU AI regulatory environment continues to evolve. BOSYS will update this statement to reflect legal changes, technical changes, and operational improvements. Updated versions will be published on the website.

18. Contact Information

AI Governance Team: ai-compliance@bosys.ai. Privacy Office: privacy@bosys.ai. Security Team: security@bosys.ai. Legal Department: legal@bosys.ai.