We deliver every engagement against the most stringent applicable AI framework - typically a combination of the EU AI Act, NIST AI Risk Management Framework, ISO/IEC 42001, OECD AI Principles and sector-specific guidance.
No system we ship goes to production without a regression evaluation harness covering hallucination, citation accuracy, bias, PII leakage and task accuracy. Scores are versioned with the code.
Generative outputs cite their sources. When the system writes, it cites; when it cannot cite, it abstains.
Consequential decisions are recommended by the system and accepted by a human. We design the human review experience as a first-class deliverable.
Every consequential system gets an independent red-team review - prompt injection, jailbreak, adversarial inputs, social engineering vectors. Findings are remediated before launch.
For public-sector and consumer-facing systems, we publish algorithmic transparency records in plain language, alongside the formal regulatory documentation.
We will not build systems prohibited by the EU AI Act or equivalent national prohibitions - social scoring, manipulative biometric profiling, real-time mass surveillance and similar. We do work on high-risk systems under the AI Act, with full conformity assessment, post-market monitoring and human oversight controls in place.
No - never without explicit, scoped, written consent. Our default architecture isolates client data in client-tenant storage and uses retrieval rather than training. When clients do consent to fine-tuning, training data is documented in the audit pack.
Bias and fairness testing is part of every evaluation harness we ship. For consequential decisions affecting individuals - credit, claims, hiring, healthcare - we run disparate-impact testing and document outcomes by relevant protected attributes within the constraints of applicable privacy law.
We support and implement C2PA content credentials for generated media. For text outputs, we attach provenance metadata where the consuming application can carry it, and we publish a clear distinction between human-authored and AI-generated content where it reaches end users.