EU AI Act Compliance

VibeVoice takes the EU Artificial Intelligence Act seriously. This page explains how we classify our system, what obligations we fulfil, and how we ensure our AI agents operate transparently and safely for both our Customers and their callers.

1. Our AI Classification

Under Regulation (EU) 2024/1689 (the EU Artificial Intelligence Act, “AI Act”), AI systems are classified into four risk tiers: Unacceptable Risk (prohibited), High Risk, Limited Risk, and Minimal Risk.

VibeVoice operates as a Limited Risk AI system. Our voice agents interact directly with natural persons (callers) via speech. Under Article 50 of the AI Act, such systems must inform users that they are interacting with an AI. We fulfil this obligation through our mandatory AI disclosure feature (see section 2).

We do not classify VibeVoice as High Risk because it is not used in domains listed in Annex III of the AI Act (such as critical infrastructure, biometric identification, or employment decisions). Our system is a conversational assistant for appointment booking and customer enquiries.

2. Transparency Obligations (Article 50)

Callers who interact with a VibeVoice AI agent have a right to know they are speaking with an automated system. We fulfil this through:

• Mandatory opening disclosure: Every VibeVoice agent must include a first-message template that identifies the interaction as AI-assisted. Customers cannot disable this disclosure. Example: “Hello, I’m the virtual assistant for [Business Name]. I’m an AI — how can I help you today?”
• On-request confirmation: If a caller asks whether they are speaking to a human or a machine, the agent is configured to confirm it is an AI.
• Customer guidance: Our onboarding materials require Customers to disclose AI agent use in their own customer communications where required by local law.

3. Human Oversight

A core principle of the EU AI Act is that humans must retain meaningful control over AI systems, particularly in customer-facing applications. VibeVoice implements human oversight through:

• Configurable handoff threshold: Every agent has a configurable escalation trigger. When the agent detects uncertainty, urgency, or an explicit caller request for a human, it transfers the call to a live agent and logs the reason.
• Dashboard monitoring: Customers can review call transcripts, listen to recordings (where enabled), and audit agent behaviour in real time.
• Outcome logging: All calls are logged with intent classification, outcome, and escalation reason, giving Customers a complete audit trail.
• Agent version control: Changes to agent configuration are versioned. Customers can roll back to a previous configuration at any time.

4. Data Governance

Article 10 of the AI Act sets requirements for data governance in AI systems. Our commitments:

• No training on customer data without consent: We do not use call recordings, transcripts, or any Customer data to train or fine-tune our AI models. Customer data is processed solely to deliver the Service.
• Data minimisation: We collect only the data necessary to operate the Service. Caller telephone numbers are processed transiently and not retained beyond the call metadata retention period configured by the Customer.
• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• EU data residency: Core platform data is stored in EU data centres (Frankfurt). Where third-party sub-processors outside the EU are used, Standard Contractual Clauses are in place.

5. Prohibited AI Practices

Article 5 of the AI Act prohibits certain AI practices. We confirm that VibeVoice does not and will not:

• Use subliminal manipulation: Our agents do not use techniques that subvert users’ rational decision-making, exploit psychological biases, or use hidden persuasion techniques.
• Exploit vulnerabilities: We do not target vulnerable individuals (elderly, children, those in distress) with manipulative behaviour patterns.
• Conduct biometric categorisation: We do not use voice biometrics to infer sensitive attributes (ethnicity, political opinion, health status, etc.).
• Apply social scoring: We do not evaluate or score callers in ways that affect their access to services outside the stated purpose of the call.
• Deploy emotion recognition in employment contexts: VibeVoice is not used for hiring decisions, employee monitoring, or workplace surveillance.

6. Technical Documentation (Article 11)

As a Limited Risk AI provider, we maintain technical documentation covering:

• A description of our AI system, its intended purpose, and its capabilities and limitations
• Details of the AI models and APIs used (Vapi, ElevenLabs, Anthropic)
• Risk assessment and mitigation measures
• Human oversight mechanisms and escalation procedures
• Post-market monitoring and incident response procedures

This documentation is maintained internally and made available to competent authorities on request. Enterprise Customers subject to their own AI Act compliance obligations may request relevant documentation by contacting compliance@vibevoice.nl.

7. Contact

For questions about our EU AI Act compliance, or to request technical documentation:

• Email: compliance@vibevoice.nl
• Company: B-WYSE BV, Amsterdam, Netherlands