1. Risk Management & Compliance¶
Purpose
Central overview of all regulatory and ethical requirements for AI projects, from EU AI Act to incident response and safety checklists.
Compliance is not a brake — it is the brakes on a car that allow you to drive fast safely. This module centralises requirements from the EU AI Act, internal values and ethical frameworks.
2. Modules in This Section¶
| Module | Description |
|---|---|
| EU AI Act | Risk classification, obligations per risk level, timeline and compliance checklist |
| Risk Management | Risk analysis, mitigation and continuous risk monitoring |
| Ethical Guidelines | Operational ethical frameworks: fairness audit, representativeness, equal treatment |
| Validation Requirements | Evidence standards per risk level for audit compliance |
| Incident Response | Emergency stop, reporting obligation, escalation procedure |
| Incident Response Playbooks | Concrete playbooks per incident type |
| Red Teaming | Security testing: jailbreaks, prompt injection, harmful output |
| AI Safety Checklist | Safety checklist for go-live |
3. Privacy-by-Design (GDPR)¶
Privacy is not an afterthought, but a design choice. Minimum rules that always apply:
- Data minimisation: collect/process only what is necessary.
- Purpose limitation: do not automatically reuse data for other purposes.
- Transparency: user/data subject knows when AI is being used.
- Security: access, logging and retention are in place before go-live.
No go-live without a completed Data & Privacy Sheet and documented logging and retention agreements.
4. Agentic AI & Constitutional AI¶
When AI systems perform actions autonomously (Collaboration Mode 4 & 5), the focus shifts to Constitutional AI: technical restriction of the action radius and real-time monitoring that blocks actions when hard boundaries are crossed.
Next step: Determine the risk class of your system via the Risk Pre-Scan. → See also: Risk Classification | Decision Matrix