Platform under active development — Some features are in testing phase. Own antivirus engine currently in beta testing.
← Documentation

AI Governance & Policy Framework

EU AI Act compliance, risk management and regulatory framework.

Effective: January 1, 2026 — Version 2.1
Responsible: DigitalImpact GPT Ltd. — AI Governance Board
Review: Quarterly, or immediately upon regulatory change.

1. Regulatory Background

The AION Core platform complies with the following regulatory frameworks:

🇪🇺

EU AI Act (2024/1689)

EU Parliament and Council regulation on harmonized rules for artificial intelligence.

  • Risk-based classification system
  • Transparency requirements
  • Human oversight assurance
  • Documentation obligations
📋

ISO/IEC 42001:2023

AI Management System standard — governance framework for AI systems.

  • AI lifecycle management
  • Risk assessment processes
  • Continuous improvement cycle (PDCA)
  • Stakeholder engagement
🔒

GDPR (2016/679)

General Data Protection Regulation — personal data protection.

  • Data minimization principle
  • Purpose limitation
  • Data subject rights
  • Data Protection Impact Assessment (DPIA)
🛡️

NIS2 Directive

Network and information systems security directive.

  • Cybersecurity risk management
  • Incident reporting obligations
  • Supply chain security
  • Management accountability

2. AI Risk Classification

Risk levels per EU AI Act and AION Core module classification:

Risk LevelDescriptionAION Core ModulesObligation
MinimalGeneral AI applicationsMarket Scanner, Data ArchitectureVoluntary code of conduct
LimitedTransparency obligationNeural Engine, Decision PipelineUser notification
HighCritical decision supportRisk Governor, Governance EngineFull compliance, audit, DPIA
UnacceptableProhibited applications— Not applicable —Prohibition

3. Governance Structure

AI Governance Board

Strategic direction, policy approval

AI Ethics Officer

Ethics review, bias monitoring

DPO (Data Protection Officer)

GDPR compliance, DPIA coordination

CISO

Security architecture, incident management

AI Audit Team

Regular compliance audits

Model Risk Management

Model validation and monitoring

4. AI System Registry

AI system registry per EU AI Act Article 49:

FieldValue
System nameAION Core Platform
OperatorDigitalImpact GPT Ltd.
PurposeAI-powered research, decision support and knowledge management
Risk classificationHigh risk (selected modules)
Compliance statusActive — last audit: 2026 Q1
Human oversightHuman-in-the-loop for all critical decisions
Data sourcesPublic data, licensed databases, proprietary collection

5. Ethical Principles

⚖️

Fairness & Non-discrimination

AI decisions are free from discriminatory bias. Regular bias audits and fairness metrics applied.

👁️

Transparency & Explainability

Every AI decision is traceable. Explainability modules ensure human-interpretable decision logic.

🤝

Human Oversight

Human-in-the-loop and human-on-the-loop mechanisms at every critical decision point.

🌱

Sustainability

Energy-efficient model architecture, carbon footprint monitoring, optimized inference pipeline.

6. Policy Documents

POL-001AI Usage PolicyActive
POL-002Data Protection Policy (GDPR)Active
POL-003AI Risk Management FrameworkActive
POL-004Incident Response ProtocolActive
POL-005Model Validation PolicyActive
POL-006Code of EthicsActive
POL-007Third-Party Risk ManagementActive
POL-008Business Continuity PlanActive

7. Audit Schedule

TypeFrequencyResponsibleNext
Internal AI auditQuarterlyAI Audit Team2026 Q2
Bias & fairness auditSemi-annualAI Ethics Officer2026 H2
GDPR compliance auditAnnualDPO2026 Q4
External penetration testAnnualCISO + external auditor2026 Q3
EU AI Act compliance reviewAnnualGovernance Board2027 Q1