Self-Assessment — VODR Organism

Constitutional Commitment

Why this page exists

VODR Organism is a regulatory intelligence tool. It assesses other AI systems against applicable regulatory frameworks. It is itself an AI system subject to those same frameworks. This page discloses how VODR Organism assesses its own compliance posture — the same way it assesses yours.

This is not a legal certification. It is not an audit report. It is an honest disclosure of what we track, what we've completed, what we're working on, and what we don't yet know. The product that publishes its own gaps honestly is the product worth trusting.

EU AI Act Classification

Risk classification

Assessment: VODR Organism is classified as a General Purpose AI system subject to transparency obligations under EU AI Act Article 13. It does not fall within Annex III high-risk categories. It does not make decisions affecting individuals' fundamental rights. It provides reference data for human professionals to use as one input among many.

Role: Vodr is a provider of an AI system. Customers who integrate VODR Organism into their own compliance workflows are deployers and bear their own deployer obligations under the EU AI Act.

Confidence: This classification reflects our current assessment. We will update it if enforcement guidance changes this determination.

Compliance Posture

Current status by domain

Requirement	Framework	Status	Notes
Transparency disclosure	EU AI Act Art. 13	Complete	This page. Terms of Service Section 1.4.
No legal advice disclaimer	EU AI Act · General	Complete	Terms Section 2. Displayed at point of use on homepage.
Data minimization	GDPR Art. 5(1)(c)	Complete	System descriptions processed to generate classification results only. Not retained beyond subscription period.
Privacy Policy	GDPR Art. 13/14	Complete	vodr.ai/privacy. Reviewed against Article 13 requirements.
Sub-processor disclosure	GDPR Art. 28	Complete	vodr.ai/sub-processors. Named list with data processing roles.
DPA availability	GDPR Art. 28	Complete	Available on request: privacy@vodr.ai.
Terms of Service	General	Complete	vodr.ai/terms. Includes acceptable use, liability limitations, arbitration.
EU/EEA arbitration carve-out	GDPR · EU Consumer Law	Complete	Terms Section 13.3. EU users retain right to local courts and DPA complaints.
Right to object to legitimate interest processing	GDPR Art. 21	Complete	Privacy Policy Section 4 and 10.1.
Data portability format specified	GDPR Art. 20	Complete	Privacy Policy Section 10.1 — JSON or CSV.
Accuracy disclaimer at point of use	EU AI Act · General	Complete	Displayed below classify input on homepage.
Incident response plan	NIS2 · General	In progress	Internal plan drafted. Not yet formally documented and tested.
Vulnerability disclosure process	CRA Art. 13	In progress	privacy@vodr.ai currently accepts reports. Formal VDP page pending.
Conformity assessment	EU AI Act Art. 43	Not applicable	Not required for General Purpose AI systems below high-risk threshold.
CE marking	EU AI Act	Not applicable	Not required until high-risk classification or GPAI model designation.

What We Don't Know

Open questions

The EU AI Act enforcement guidance on General Purpose AI systems is still developing. The following are open questions we are monitoring:

Whether VODR Organism will be designated a GPAI model with systemic risk as defined under EU AI Act Article 51 as the system scales
How enforcement authorities will interpret the transparency obligations for AI systems that produce reference data rather than decisions
Whether specific jurisdiction-level requirements (Texas TRAIGA, Colorado AI Act) impose additional obligations on AI compliance tools themselves

We will update this page when guidance or enforcement practice clarifies these questions.

Version History

Changes to this assessment

Date	Change
2026-03-27	Initial publication. Baseline assessment against EU AI Act, GDPR, NIS2, CRA.