EU AI Act posture
Ultron is operated from the European Union and is subject to Regulation (EU) 2024/1689, the Artificial Intelligence Act. This page sets out how we read the Act for our platform: the territorial scope, the roles we hold, the risk classification we believe applies and why, the prohibited practices we do not operate, the transparency duties we meet, our position on the general-purpose models we deploy, and where your own obligations begin when you build on Ultron. It is a posture statement grounded in the text of the Act, not a conformity certificate or legal advice.
Overview
- Regulation
- EU AI Act, Regulation (EU) 2024/1689
- Our posture
- Limited-risk, transparency obligations met
- Prohibited practices
- None operated
- Our roles
- Provider of an AI system and deployer of general-purpose models
- Article 50 transparency
- Users informed they interact with AI
- Transparency duties apply
- 2 August 2026
- Contact
legal@51ultron.com
The AI Act regulates AI by the risk a use poses, not by the technology itself. Most of Ultron is a general-purpose productivity surface: it drafts, plans, researches, and acts under human oversight. We read that as a limited-risk use carrying transparency duties rather than the heavier obligations reserved for high-risk systems. This page explains how we apply the Act, the specific articles in play, and where the line to your own duties sits.
Definitions
| Term | Meaning under the Act |
|---|---|
| AI system | A machine-based system that infers, from input, how to generate outputs such as predictions, content, recommendations, or decisions |
| Provider | A party that develops an AI system and places it on the market or puts it into service under its own name |
| Deployer | A party that uses an AI system under its own authority in a professional context |
| General-purpose AI model | A model trained on broad data that can perform a wide range of tasks, integrated into downstream systems |
| Prohibited practice | A use banned outright under Article 5 |
| High-risk system | A use listed in Annex III, or a safety component under Annex I, carrying the heaviest obligations |
| Limited-risk system | A use that triggers the transparency obligations of Article 50 |
Territorial scope
The Act applies to providers placing AI systems on the EU market and to deployers established or located in the Union, and it can reach providers and deployers outside the Union where the output of the system is used in the Union. Ultron is operated from Bucharest, Romania, so the Act applies to us directly. It also means that when you, as a customer, deploy a workflow whose output is used in the Union, the Act can apply to you regardless of where you are established.
Our roles
Under the Act, Ultron is a provider, because we develop and place an AI system on the market under our own name. We are also a deployer, because we use third-party general-purpose models, listed on the Subprocessors page, under our authority to deliver the service. We hold the provider and deployer duties that attach to a limited-risk system in those capacities. We are not the provider of the underlying foundation models; those obligations sit with the model makers, as described under General-purpose models below.
Risk classification
| Tier | Our position |
|---|---|
| Prohibited (Article 5) | Not applicable. We do not operate any practice banned under Article 5 |
| High-risk (Annex III) | Not our default. The platform is not marketed for the Annex III high-risk uses; using it that way is your decision and your compliance burden |
| Limited-risk (Article 50) | Our position. The platform interacts with people and can generate content, which triggers the Article 50 transparency duties we meet |
| Minimal-risk | Some features. Internal, non-interactive processing carries no specific AI Act obligation |
Classification is by use, not by the product as a whole. A single platform can host minimal-risk, limited-risk, and, depending on how a customer deploys it, high-risk uses. Our default posture covers the platform as we provide it; your specific configuration can change the classification for your deployment.
Prohibited practices
Article 5 bans a defined set of practices. We do not operate any of them. The practices most relevant to a platform like ours, and our position on each:
| Prohibited practice | Our position |
|---|---|
| Harmful manipulation or deception that distorts behaviour | Not operated. The platform is not built to manipulate people below the level of consciousness |
| Exploiting vulnerabilities of age, disability, or social or economic situation | Not operated |
| Social scoring leading to detrimental treatment | Not operated |
| Untargeted scraping of facial images to build recognition databases | Not operated. The ingestion tools do not assemble facial-recognition databases |
| Emotion inference in the workplace or education | Not operated |
| Biometric categorisation to infer sensitive attributes | Not operated |
Transparency duties
What Article 50 requires
Article 50 requires that people are informed when they interact with an AI system, unless it is obvious from the context, and that the output of a system that generates synthetic content can be identified as artificially generated or manipulated. Deployers of systems that recognise emotion or categorise people biometrically must inform the people exposed, and deployers who generate deepfakes must disclose that the content is artificially generated.
Our posture
- It is clear in the product that you are interacting with an AI assistant, not a human.
- Content produced by the platform is the output of an AI system, and our AI output disclaimer makes that explicit.
- We do not operate emotion-recognition or biometric-categorisation features that would trigger the deployer disclosure duties for those practices.
- Where you use Ultron to communicate with other people, you must not present AI-generated content as human where that would mislead, and you carry your own Article 50 duty toward those people.
General-purpose models
The Act places specific obligations on the providers of general-purpose AI models, such as technical documentation, a policy to respect Union copyright law, and a summary of training content, with additional obligations for models posing systemic risk. Ultron does not provide those models; we deploy them through the providers on the Subprocessors page, who hold the provider-side obligations for their models. As a deployer, our duties are the transparency and oversight duties described on this page, applied to the system we build on top of those models.
Human oversight
The Act expects meaningful human oversight for the uses to which its oversight requirements apply. The platform's approval gate, the ability to pause and take over a run, and the audit trail are the mechanisms that provide it. The full design, and how it supports both the AI Act and Article 22 of the GDPR, is documented on the Automated decisions and human oversight page.
Interface with the GDPR
The AI Act sits alongside the GDPR; it does not replace it. Where a use involves personal data, both apply: the GDPR governs the lawfulness of the data processing, and the AI Act governs the risk and transparency of the AI system. Our data processing position is in the Privacy Policy and the Data Processing Addendum, and our model-data position is in How we use your data for AI. This page addresses only the AI Act layer.
Your obligations
When you build a workflow or an agent on Ultron and put it in front of other people, you may become a deployer, and in some cases a provider, of an AI system in your own right. If your use falls into a high-risk category under Annex III, for example certain uses in employment and worker management, access to essential private or public services, or creditworthiness, the corresponding obligations are yours: risk management, human oversight, transparency to affected people, record-keeping, and registration where required. Ultron gives you the transparency and oversight controls to support compliance, but the classification of your specific use, and the duties that follow, rest with you.
Documentation and cooperation
Enterprise customers who need documentation to support their own conformity work, such as a description of the system, the oversight controls, and the model-data position, can request it from legal@51ultron.com. We cooperate in good faith with competent authorities exercising powers under the Act, and we will tell affected customers about a request that concerns them unless the law prevents us.
Timeline
The Act entered into force on 1 August 2024 and applies in phases.
| Date | What applies |
|---|---|
| 2 February 2025 | Prohibitions on unacceptable-risk practices, and AI literacy obligations |
| 2 August 2025 | Obligations for providers of general-purpose AI models, and the governance framework |
| 2 August 2026 | The Article 50 transparency obligations for limited-risk systems, and high-risk obligations for systems under Annex III |
| 2 August 2027 | High-risk obligations for AI systems that are safety components of products regulated under Annex I |
We track the phased application and the Commission guidance, and we update this page and the underlying controls as obligations take effect.
Penalties
The Act sets administrative fines by severity. Operating a prohibited practice can attract fines up to the higher of 35 million euro or 7 percent of total worldwide annual turnover. Breaching other obligations, including the transparency duties, can attract fines up to the higher of 15 million euro or 3 percent of turnover. Supplying incorrect information to authorities carries a lower tier. The size of the exposure is the reason our posture is to stay clearly within the limited-risk tier and to keep prohibited practices off the platform entirely.
Changes
Our reading of the Act will evolve as the remaining phases take effect and as the Commission issues guidance and harmonised standards. Material changes to this posture are reflected here with an updated timestamp, and enterprise customers relying on it for their own conformity work are notified on request.
Contact
Questions about our AI Act posture, and requests for documentation to support your own conformity work, go to legal@51ultron.com.