Localign
AI safety

Sensitive-data detection, consent and guardrails

Status: Green

The controls that keep AI usage inside the customer's risk appetite: sensitive-data detection before forwarding to external models, explicit consent, model evaluation, and use-case guardrails.

Maps to ISO 42001 and parts of the AI Act
  • Documented risk classification of the AI system
  • Intended purpose and excluded use per Annex III category
  • Model inventory with versions, providers and intended uses
  • Mode A as the default for external AI models: no personal data shared until the customer activates Mode B
  • Sensitive-data detection before transfer to external models
  • Consent flow for external AI models, implemented in the product
  • Customer attestation at signing: no article 5 prohibited practices, with operational enforcement
  • Model evaluation for quality, bias and robustness (aligned with ISO 42001 clause 6.1.4)
  • Use-case guardrails with blocklist for prohibited practices (AI Act art. 5)
  • Transparency to end users (AI Act art. 50)
  • Human oversight capability (AI Act art. 14)
  • Fundamental Rights Impact Assessment (AI Act art. 27) building blocks published for deployer use
  • Post-market monitoring with feedback mechanism
  • Incident response specific to AI incidents (AI Act art. 73)
  • Documented model training policy (no training on customer data)
  • Suppression or labelling of AI-generated output where relevant