EU AI Act Compliance Statement

1. Overview of the EU AI Act

The EU AI Act, Regulation (EU) 2024/1689, entered into force in August 2024 and establishes a risk-based framework for AI systems. Categories include prohibited, high-risk, limited-risk, and minimal-risk systems.

GlideRun's AI workflow automations primarily fall into limited-risk or minimal-risk categories. High-risk classification may apply where automations are deployed in Annex III domains such as employment screening, credit decisions, or regulated access determinations.

2. GlideRun's Role Under the EU AI Act

GlideRun may act as Provider where it develops and deploys AI systems, and as Deployer where it implements AI systems in customer operations. Each role carries distinct obligations.

This statement describes GlideRun's approach to both roles and how customer deployments are assessed before go-live.

3. Risk Classification

All automations deployed by GlideRun are classified before deployment using CompliVibe's risk classification engine against EU AI Act Annex III. Outcomes are documented as minimal risk, limited risk, or high risk.

Minimal risk covers most internal workflow automations. Limited risk covers AI-generated content and chatbot interactions requiring transparency. High risk triggers the full compliance regime.

4. Annex IV Technical Documentation

For AI systems that may be high-risk, GlideRun generates Annex IV technical documentation under EU AI Act Article 11. The documentation package covers all mandatory areas.

• §1 General description of the AI system.
• §2 Elements and development process.
• §3 Monitoring, functioning, and control.
• §4 Performance metrics and appropriateness.
• §5 Risk management system.
• §6 Changes to high-risk AI systems.
• §7 Harmonised standards applied.
• §8 EU declaration of conformity.
• §9 Human oversight measures.
• §10 Disabling measures.
• §11 Initial intended purpose.

Documentation is generated and maintained via CompliVibe and updated within 48 hours of relevant regulatory changes.

5. Human Oversight

All GlideRun automations include configurable human oversight checkpoints. Customers can require approval before sensitive actions and can pause, disable, or override automations.

High-risk deployments require human oversight by default and cannot take irreversible actions without an explicit override pathway.

6. Transparency Obligations

Where automations interact with natural persons, GlideRun supports disclosure that the person is interacting with an AI system. AI-generated content is marked where required.

Deep synthesis is prohibited unless expressly approved by the customer and supported by appropriate legal basis, disclosures, and safeguards.

7. Data Governance

Training data practices are documented where relevant under Article 10. Customer data is not used for model training without explicit written consent.

Data quality, bias, and performance measures are reviewed before deployment, with stricter review for high-risk use cases.

8. Post-Market Monitoring

Deployed automations are monitored through operational logs and CompliVibe's Evidence Vault. Performance metrics, anomalies, failure events, and human review events are logged.

Active systems are reviewed annually against updated EU AI Act guidance and customer usage context.

9. Incident Reporting

Serious incidents under EU AI Act Article 73 are reported to the relevant market surveillance authority within applicable timelines, including the 15-day reporting period where required.

Customers are notified immediately when an incident affects their deployment. CompliVibe's Evidence Vault provides the incident timeline and tamper-evident evidence package.

10. CompliVibe Partnership

GlideRun manages EU AI Act compliance in partnership with CompliVibe (complivibe.in). CompliVibe provides real-time obligation tracking across 719 mapped obligations, Annex IV documentation generation, risk classification, regulatory update monitoring, and hash-chained evidence management.

Customers may request their compliance documentation package at any time.