How Copyl fits into the EU AI Act
In the EU AI Act framework, Copyl serves as an AI system provider while our customers are the deployers responsible for how agents are used. Responsibilities are shared and clearly separated: Copyl delivers the platform, tools, and controls; customers configure agents, set policies, and operate the system within their legal and organisational context.
Risk-based approach
Copyl adopts a risk-based model consistent with the EU AI Act. Most Copyl agents support human decision-making and are therefore not classified as high-risk by design. Key points:
- Agents generate suggestions, analyses, and drafts to assist users.
- Agents do not make irreversible decisions without explicit human approval.
- Operations are governed by explicit permissions, policies, and scopes.
- Copyl is not designed for prohibited AI use cases; customers must not deploy such use cases on the platform.
- High-risk use cases require additional safeguards and explicit human oversight.
Human-in-the-loop by design
Human control is central to Copyl's design. Agents assist and automate routine tasks, but final decisions-especially sensitive or legally significant actions-remain under human accountability.
- Tasks: Agents propose tasks, actions, or suggested changes rather than unilaterally executing sensitive workflows.
- Approvals: Sensitive actions require human approval before execution; approval flows are configurable.
- RBAC: Role-based access control limits who can deploy, configure, approve, or run agents.
- Policy validation: Agents operate within customer-defined policies and constraints enforced at runtime.
- Rollback: Actions may be reversible where supported; audit trails enable investigation and remediation.
- Accountability: Agents never replace human responsibility for decisions taken in production environments.
Transparency and explainability
Copyl emphasizes transparent operation and clear communication about AI involvement:
- Users are informed when AI-generated content or suggestions are presented.
- Agent outputs are labelled and scoped to the intended role and purpose.
- Known limitations of AI outputs are surfaced; AI may be incorrect and should be validated by users.
- Final responsibility for decisions always remains with the authorised human operators.
Traceability, logging, and audit
Enterprise-grade traceability is provided to support compliance and operational control:
- Versioned agent configurations and policies.
- Comprehensive logs of agent actions, tool usage, and decisions.
- Traceable inputs and outputs stored alongside execution metadata.
- Audit trails suitable for internal review and regulatory inspection.
Data usage and AI models
Copyl separates customer data from model training and preserves customer control:
- Copyl does not train models on customer data.
- When external models are used, model selection and usage are transparent to customers.
- Customers retain control over data, agent configurations, and permissions.
Marketplace and third‑party agents
Copyl offers a governed marketplace for agents. Marketplace agents must declare intended use, scope, and required permissions. Copyl reserves the right to restrict or remove agents that do not meet platform or regulatory requirements.
What customers are responsible for
Customers remain responsible for safe, lawful deployment and operation:
- Configure agents to match organisational policies and legal requirements.
- Ensure human oversight and approvals where required by law.
- Monitor agent performance and remediate issues identified in audit logs.
Closing
Copyl is designed for regulated, real-world enterprise use. Compliance, governance, and control are core principles that enable organisations to adopt AI safely and responsibly.
Related resources
For broader platform guidance on governance and data controls, see the compliance overview: How Copyl Solves Compliance, Security, and Data Governance for AI
Contact us for compliance documentation or enterprise-specific guidance.