Principles of our Artificial Intelligence Policy

1. Our AIMS comprises a framework of general and specific AI policies (our AI Policy Framework), which shall be known and applied depending on your role and/or relationship with our organization. In this sense, the current AI Policies which have been defined, approved, published and communicated by our Management to all internal and external relevant parties in our organization are:

2. Our AIMS shall include, consider and reflect both our internal AI requirements, as well as laws, regulations and all relevant contractual obligations applicable to our different activities, particularly the European AI Regulation (EU AI Act) and the General Data Protection Regulation (GDPR). We shall review these requirements regularly, at least once a year, to ensure continuous compliance. Our Compliance Policy establishes the framework for meeting all legal, regulatory and contractual obligations, and the same principles and processes apply to AI-related compliance matters.

3. Also, in order to guarantee the effectiveness of our AIMS, our AI Policies (as well as the corresponding procedures, processes, objectives and controls) shall be regularly reviewed, both at planned intervals and when significant changes occur, to ensure a continuing suitability and adequacy. Thus, it is important to check the relevant and applicable AI Policies regularly, to know and apply the corresponding AI responsibilities and ensure compliance at all times.

4. Reviews of our AIMS regularly, at planned intervals (at least once a year) and when significant changes occur, shall be conducted both internally, as well as externally by independent auditors. These revisions shall help us analyze any effectiveness deviations to improve our AIMS and keep up-to-date with current AI best practices. However, on top of these revisions, we all as an organization shall commit to a continuous improvement of our AIMS on an everyday basis. We aim and are committed to promote a culture of awareness, adequacy, best practices and continuous improvement in artificial intelligence.

5. Our Management, our Chief Artificial Intelligence Officer (CAIO), the CAIO-Office and those persons designated as AI Delegates shall regularly review the compliance of AI systems, policies and procedures within their corresponding area of responsibility, to ensure that the appropriate AI policies, procedures, controls and/or other AI requirements are in place.

6. All AI systems developed, provided or used by our organization shall be governed by the fundamental principles of Transparency and Explainability, Fairness and Non-Discrimination, Human Oversight, Security and Robustness, Privacy and Data Protection, Responsibility and Accountability, and Sustainability. These principles guide all our AI activities and are embedded in our development lifecycle, operational procedures and governance frameworks to ensure responsible AI deployment.

7. The types of AI systems that we commercialize are limited to minimal or no risk systems, and systems subject only to information and transparency requirements, in accordance with the EU AI Act. We will not develop, provide or use AI systems classified as unacceptable risk. Our AI solutions are oriented towards data processing services and conversational interfaces for opinion analysis, sentiment analysis, text classification and natural language queries. Any exception to these limitations must be expressly authorized by CAIO-Office.

8. We implement a risk-based approach for all our AI systems. Before deployment of any AI system, a specific risk management system shall be established, and impact assessments on individuals, groups of people and society shall be conducted. Risks shall be continuously evaluated throughout the entire system lifecycle, and appropriate controls shall be implemented according to the identified risk level, considering aspects of security, privacy, fairness, transparency and safety.

9. We recognize that data quality, representativeness and management are fundamental for responsible AI systems. Datasets used in AI system development shall be subject to rigorous governance practices ensuring traceability, quality and provenance. Possible biases in data shall be assessed and mitigated. Strict segregation between data from different customers shall be maintained on our multi-tenant platforms. The use of real customer data in AI models and/or systems outside our platform is strictly prohibited under any circumstances. Any exception to this rule must be expressly authorized in writing by CAIO-Office.

10. All AI systems shall follow a structured lifecycle that includes requirements specification, design and development in accordance with responsible AI objectives, rigorous verification and validation before deployment, controlled deployment with defined release criteria, continuous operation and monitoring, maintenance and updates, complete technical documentation, record keeping throughout the entire lifecycle, change management for substantial modifications, and proper decommissioning when applicable.

11. To facilitate compliance, we shall give appropriate training and education in the relevant and corresponding AI policies and procedures applicable to the corresponding role and/or relationship with our organization. However, training and education for third parties may be omitted if it is provided externally to the extent applicable in relation to the activities conducted for our organization. Our CAIO, the CAIO-Office and/or our Management will decide to which extent training and/or education is applicable in each case.

12. We commit to transparency with our stakeholders. Users shall receive clear information about when they interact with AI systems. Customers shall have access to appropriate technical documentation about the AI systems they use. Notification mechanisms shall be established for stakeholders to communicate concerns about AI systems. Relevant incidents shall be communicated within established timeframes, and information to regulators shall be provided according to legal obligations.

13. The use of AI systems by employees is regulated and requires prior approval. The use of AI models and/or systems for internal purposes shall be allowed, provided it has been previously requested and approved by CAIO-Office. The use of real customer data in external AI systems is strictly prohibited. The use of confidential information of our organization and/or our customers in unauthorized AI systems is strictly prohibited. All employees must follow the AI Use by Employees Policy for compliance.

14. When third parties are involved in the lifecycle of our AI systems, strict controls apply. The incorporation of any underlying AI tool (components, models or third-party AI services integrated into our systems) without prior authorization is prohibited. Comprehensive risk assessment shall be conducted before integrating third-party components. Specific contractual requirements shall be established for AI suppliers to ensure alignment with our responsible AI approach. The distribution of responsibilities between organization, suppliers and customers shall be clearly assigned and documented.

15. We shall protect both our AI assets and the AI assets from third parties which we may manage, focusing on a balanced protection of the confidentiality, integrity and availability of these AI assets. An updated inventory of all AI resources including data, models, tools and systems shall be maintained as part of our asset management practices. AI assets shall be subject to the same information security measures and controls established in our Information Security Policy and related policies, including access control, encryption, backup and physical security measures. In the multi-tenant platforms that we operate, each customer shall have a separate account, in order to guarantee that data is segregated and only accessible to the corresponding account.

All these principles have been defined and approved by our Management and are herewith published and communicated for compliance by each corresponding party. 

Thank you for your collaboration.
Updated December 12, 2025
Last revision December 12, 2025