Responsible AI use.
AI is changing fast, and so is the regulation around it. We are aware of the risks, follow developments closely and deliver a demonstrable best-effort commitment to make every project comply with whatever applies to that use at that moment.
Aware of the framework, honest about the limits.
schwung.ai is a discovery lab of Schwung Reclame, not a certified compliance institute. What we do offer is a way of working in which risks are explicitly named, assessed and aligned with the client, before an AI application goes live.
GDPR, EU AI Act, IAMA, the Algorithm Register, WCAG, BIO and, for healthcare, NEN 7510: these frameworks are our starting point, not a tick-box exercise after the fact.
An AI chatbot for a municipality calls for something different than an internal text generator for a healthcare organisation. For each project we determine together with the client which obligations apply and which measures are appropriate.
Freedom from bias, 100% correctness of AI output or full explainability of large language models are not properties that can currently be guaranteed conclusively, anywhere in the world. We name those limitations rather than writing them away.
Best effort, documented.
What we do to limit risks, we record in writing for each project: in a short risk paragraph, model card or appendix to the delivery document. That way it can be verified afterwards which considerations were made.
Risk assessment up front
For every AI component we briefly assess the risk classification under the EU AI Act, and discuss with the client whether an IAMA, DPIA or registration in the Algorithm Register is needed.
Careful supplier choice
We prefer to work with model suppliers that offer enterprise terms in which input and output are not used to further train their models, and with EU hosting where that is technically available.
Human oversight as the default
AI supports, a person decides. For processes with an impact on citizens, patients or staff we set up a control moment as standard.
Transparency towards end users
Where people interact with AI-generated content or an AI system, we make that visible in line with art. 50 AI Act.
Documentation at delivery
For each AI component the client receives a short model card: what does it do, on which data, which limitations are we aware of, and which measures have we taken.
Honest about what lies outside our scope.
We do not claim full conformity with the EU AI Act or GDPR on behalf of our clients, that responsibility lies with them as the data controller. We make sure that our delivery supports their conformity and does not undermine it.
We are not (yet) ISO/IEC 42001 or NEN 7510 certified. For assignments where that is a requirement, we work together with partners who are.
We follow the regulation actively, but the field moves fast. If something changes during a project that has an impact on the application, we report it.
Compliance is always collaboration.
We ask clients to involve us in good time in choices about data, purpose and audience, and that the final decision, whether or not to deploy and with which safeguards, rests with them.
Questions about how we handle AI risks in a specific project? hallo@schwung.ai — and we will look together at what is appropriate for your situation.
This page is reviewed at least annually.