CYBORA
Version: 1.0
Last updated: 2026-01-30
1. Purpose and Scope
This AI Act Governance Framework (“Framework”) defines how CYBORA governs, deploys, and monitors Artificial Intelligence (“AI”) systems in compliance with the EU Artificial Intelligence Act (AI Act) and applicable data protection laws.
The Framework applies to all AI systems used in connection with CYBORA’s call center, contact center, and AI-assisted communication services.
It complements and shall be interpreted consistently with CYBORA’s Terms & Conditions, Privacy Policy, and Data Processing Agreement (DPA).
The purpose of this Framework is to ensure lawful, transparent, ethical, and accountable use of AI technologies.
2. AI Governance Principles
CYBORA’s AI governance is based on the following principles:
- Lawfulness: AI systems are deployed in compliance with the AI Act, GDPR, and applicable national laws.
- Transparency: Individuals are informed when they interact with AI systems, where required.
- Human Oversight: AI systems are designed to support human decision-making and allow human intervention.
- Accountability: Roles and responsibilities for AI governance are clearly defined.
- Risk-Based Approach: AI risks are assessed, documented, and mitigated proportionally.
3. AI System Inventory and Classification
CYBORA maintains an internal AI System Inventory documenting all AI systems in use.
Each AI system is classified according to the risk tiers defined by the EU AI Act.
Classification is reviewed periodically and upon material changes to the system.
The inventory supports transparency, auditability, and regulatory readiness.
3.1 AI Risk Classification
Based on current service offerings, CYBORA AI systems fall into the following categories:
- Limited-Risk AI Systems:
Examples include voice bots, automated call routing, speech-to-text, and AI-assisted analytics.
These systems are subject to transparency obligations under the AI Act. - Minimal-Risk AI Systems:
Examples include internal optimization tools or AI used for quality analytics without direct impact on individuals.
These systems are permitted without additional regulatory obligations.
CYBORA does not deploy prohibited AI practices or high-risk AI systems as defined under the AI Act.
4. Transparency and User Information
CYBORA ensures that individuals are informed when interacting with AI-driven or automated systems.
Transparency notices may be provided verbally at the beginning of a call or through other appropriate communication channels.
Where required, individuals are informed of the purpose of AI use and the availability of human assistance.
These measures support compliance with both the AI Act and GDPR transparency requirements.
5. Human Oversight Measures
AI systems used by CYBORA are designed to operate under effective human oversight.
Human agents may intervene, override, or escalate AI-driven interactions where appropriate.
Procedures are in place to address AI errors, unexpected outcomes, or user concerns.
Human oversight measures are documented and periodically tested.
6. Data Governance and Data Protection
AI systems process personal data only in accordance with CYBORA’s Privacy Policy and DPA.
Data used for AI-supported services is limited to what is necessary for defined purposes.
Data minimization, access control, and retention limitations are applied consistently.
Special categories of personal data are not intentionally processed unless lawfully permitted.
7. Risk Management and Impact Assessment
CYBORA applies a risk-based approach to AI governance.
AI risks, including bias, accuracy, transparency, and misuse, are identified and assessed prior to deployment.
Mitigation measures are implemented and documented as part of internal risk registers.
Where applicable, assessments align with GDPR DPIA and AI Act risk management requirements.
8. Accuracy, Robustness, and Monitoring
CYBORA takes reasonable measures to ensure AI system accuracy, robustness, and reliability.
AI system performance is monitored on an ongoing basis.
Identified issues are investigated and addressed without undue delay.
System updates and retraining are performed in a controlled and documented manner.
9. Use of Third-Party and Group AI Systems
Where third-party or group-provided AI systems are used, CYBORA ensures that appropriate contractual and technical safeguards are in place.
Third parties are assessed for compliance with applicable AI and data protection requirements.
Responsibilities between CYBORA and third parties are clearly defined.
CYBORA remains accountable for AI governance within its service delivery scope.
10. Incident Management and Reporting
CYBORA maintains procedures to identify, assess, and respond to AI-related incidents.
Incidents that may impact individuals’ rights or safety are escalated internally.
Where required by law, relevant authorities and clients are notified.
Incident handling processes are aligned with existing security and data breach response procedures.
11. Roles and Responsibilities
CYBORA assigns clear roles for AI governance, including management oversight and operational responsibility.
The Data Protection Officer (DPO) supports oversight of AI systems involving personal data.
Employees involved in AI-supported services receive appropriate training and guidance.
Governance responsibilities are reviewed periodically.
12. Training and Awareness
CYBORA provides training to relevant staff on AI governance, ethical AI use, and regulatory requirements.
Training content is updated to reflect legal and technological developments.
Awareness initiatives support responsible AI use across the organization.
Completion of training may be documented for compliance purposes.
13. Documentation and Audit Readiness
CYBORA maintains documentation demonstrating compliance with the AI Act.
Documentation includes AI system descriptions, risk classifications, and governance controls.
Records are retained in accordance with internal retention policies.
Documentation may be made available to clients or regulators where required.
14. Continuous Improvement
This Framework is reviewed periodically to reflect changes in law, technology, or business operations.
Feedback from audits, incidents, and regulatory guidance is incorporated into updates.
CYBORA commits to continuous improvement of its AI governance practices.
Updates are approved through appropriate internal governance channels.
15. Contact Information
For questions related to AI governance or AI Act compliance, please contact:
