โ† Back to Trust Center

Annex III Self-Assessment

Category-by-category analysis of whether Guardia AI falls into any EU AI Act high-risk category, including the Article 5 prohibited-practices check. Conclusion: not high-risk; Article 50 transparency obligations apply to the chat assistant and are met.

Generated: 5 July 2026 ยท Reviewed by a human

Conclusion

Not high-risk. No Annex III category applies. No Article 5 prohibited practice is implemented. Article 50 transparency obligations apply to the chat assistant and are met.

Article 5 โ€” Prohibited practices: none apply

Guardia AI does not use subliminal or manipulative techniques (5(1)(a)), does not exploit vulnerabilities of specific groups (5(1)(b)), performs no social scoring (5(1)(c)), no predictive policing of individuals (5(1)(d)), no untargeted facial-image scraping (5(1)(e)), no emotion recognition in workplaces or education (5(1)(f)), no biometric categorisation of sensitive attributes (5(1)(g)), and no real-time remote biometric identification (5(1)(h)). It processes source code and configuration files, not biometric or behavioural data about people.

Annex III high-risk categories, one by one

ยงCategoryApplies?Because
1Biometrics (identification, categorisation, emotion recognition)NoGuardia processes no biometric data of any kind. Inputs are source code, dependency manifests, and configuration files.
2Critical infrastructure (safety components: water, gas, electricity, transport, digital infrastructure)NoGuardia is not a safety component of anything. Its output is a report; it has no control path to any physical or digital infrastructure.
3Education and vocational training (access, evaluation, monitoring of students)NoGuardia does not evaluate, admit, grade, or monitor students or learners.
4Employment and workers' management (recruitment, promotion, task allocation, monitoring, termination)NoGuardia makes no assessment of any employee or candidate. It analyses codebases, not people, and its users choose freely how to act on its reports.
5Essential services (creditworthiness, insurance pricing, social benefits, emergency dispatch)NoGuardia performs no scoring of natural persons and gates no one's access to any service.
6Law enforcementNoGuardia is not designed for, marketed to, or usable as a law-enforcement assessment tool.
7Migration, asylum and border controlNoOut of scope entirely; no such functionality exists.
8Administration of justice and democratic processesNoGuardia's reports are compliance documentation for the customer's own use. It does not assist courts in fact-finding or interpret law bindingly โ€” every report states it is not legal advice.

What DOES apply to us

  • Article 50 (transparency). Our chat assistant interacts with natural persons, so users must be told they are talking to an AI system. They are: the assistant is labelled as AI and its answers carry a "general guidance, not legal advice" notice. LLM-drafted documentation is labelled as AI-generated and requires human editing.
  • GPAI deployer position. We consume Llama models via the Groq API. We are not a provider of a general-purpose AI model (we train none, we fine-tune none, we place none on the market).
  • Good-practice measures we apply voluntarily: audit logging, quality management system aligned with Article 17, post-market monitoring plan aligned with Article 72, a voluntary FRIA (Article 27 structure), and this published self-assessment.

Structural argument on bias

We do not claim our software is "unbiased" โ€” no one honestly can. We claim something verifiable instead: Guardia AI makes no decisions about natural persons, so the discriminatory-outcome harms the AI Act targets have no pathway through our product. The core scanner is deterministic (identical input โ†’ identical output, published signature lists). The LLM features are assistive text generation, clearly separated from rule-based results, always subject to human review.