Habicht AI LogoHabicht
DEEN
Request a demo
Habicht
SovereigntyComplianceFeaturesWho it's forPartnersFAQRequest a demo
DeutschEnglish
GDPR & EU AI Act

GDPR-compliant AI – with the EU AI Act considered from day one

Habicht is an AI platform designed for GDPR compliance from the ground up: data minimisation, self-service data-subject rights, gap-free logging and operation in your own house or an EU data centre. Every use case is additionally classified automatically by EU-AI-Act risk class – including exportable documentation.

More on the EU AI Act

What “built in” actually means

  • Risk class automaticallyEvery use case is automatically classified by EU-AI-Act risk class – with traceable reasoning.
  • Audit evidence at the push of a buttonAn exportable compliance documentation per version, ready for internal review and auditors.
  • Gap-free logging (7 years)Every AI action stays traceable and is retained for 7 years; every result carries a transparency marker.
  • Data-subject rights, self-serviceAccess, export and deletion under GDPR are integrated – not manual work.
Annex VII fields for technical documentation, an SBOM snapshot per release, transactional deletion cascades across all data stores, breach notification within 72h, and a supply chain designed for NIS2/CRA with signed container images. These functions are in implementation or designed for the respective requirements.
EU AI Act

The EU AI Act in three sentences

  1. The EU AI Act requires AI applications to be classified by their risk and – depending on the class – documented, monitored and made transparent.
  2. Obligations for most use cases apply from August 2026; high-risk systems need, among other things, technical documentation and risk management.
  3. It applies to anyone who provides or deploys AI in the EU – regardless of where the provider is based.

Contractual vs. built in

Data protection can be promised – or implemented in the application. We do the latter.

Only promises in the contract
  • Compliance lives in the terms and the data-processing agreement – not in the product.
  • Data sits in a US cloud; third-party access is excluded contractually, not technically.
  • Evidence has to be gathered manually.
  • Deletion and access are a ticket process.
Implemented in the application
  • Data protection and risk classification are built into the platform.
  • Operation in your own house or an EU data centre – no data outflow to the US cloud.
  • Compliance documentation is produced automatically per version.
  • Data-subject rights – access, export, deletion – run as self-service.
FAQ

Frequent questions on GDPR & the EU AI Act

Habicht is designed for GDPR compliance from the ground up: data minimisation, self-service data-subject rights, gap-free logging and operation in your own house or an EU data centre – with no data outflow to the US cloud.
Every use case is automatically classified by risk class, and you receive an exportable compliance documentation for auditors.
No. There is no training on your data (zero retention) – your content stays your content.
Either fully in your own data centre (on-premise), hybrid, or as SaaS in an EU data centre – never in the US cloud.

See Habicht in your own environment.

A short demo, tailored to your use case – on-premise, hybrid or in the EU cloud.

Request a demoSee all features