01
GDPR / AVG
EU-based processing, clear data-purpose boundaries, data processing agreements, deletion rules and controlled access to client information.
- EU hosting options
- DPA under GDPR Art. 28
- Data minimisation by workflow
Compliance & Security
Compliance built into the AI operating layer.
UNIT2 treats governance as production infrastructure, not paperwork. Agent6 is designed around GDPR discipline, EU AI Act readiness, human oversight, auditability, secure deployment and clear operational responsibility.
Frameworks
Four control domains, designed from day one.
The point is not to claim generic compliance. The point is to make every AI workflow controllable, reviewable and explainable enough for management, IT, legal and operations.
02
EU AI Act
Risk classification, transparency, record-keeping, human oversight and robustness are considered before an agent enters production.
- Risk intake per workflow
- Human approval gates
- Audit trails for decisions
03
Dutch BIO
For public-sector environments, UNIT2 aligns deployment patterns with baseline information-security expectations and client-controlled infrastructure.
- Access controls
- Logging and separation
- Client infrastructure options
04
Secure by design
Least privilege, tool restrictions, approval boundaries and rollback rules are part of the system design — not afterthoughts.
- TLS and key-based access
- Permissioned tools
- Operational runbooks
AI Act classification
Every deployment starts with risk classification.
Most business agents are minimal or limited risk, but the classification depends on the actual workflow, data, users and consequences. UNIT2 makes that explicit during intake before the agent is configured.
Minimal riskInternal knowledge bases, proposal builders, scheduling, support drafting and operational assistants.
Limited riskCustomer-facing or content-generating agents where transparency and disclosure matter.
High riskCredit, education, critical infrastructure or regulated decision workflows requiring deeper conformity controls.
Human controlConsequential outputs route through named owners, approval gates and review queues.
Operational assurance
Compliance becomes visible in the workflow.
Policies only matter when the system can enforce them. Agent6 turns compliance into operational controls: passports, schemas, verification, approvals, logs and Correction Memory.
G
Govern
- Agent Passports define what each agent may and may not do
- Approval gates for customer-facing, financial and sensitive outputs
- Named accountable humans remain attached to consequential workflows
- Correction Memory turns review feedback into future operating rules
A
Assure
- Strict JSON Schema validation with automatic retries
- Chain-of-Verification for factual and consequential claims
- Hash-chained audit logs for reconstructable decisions
- Rollback and checkpoint recovery for production continuity
Documents
Runbooks and compliance documents available for review.
When a client moves toward deployment, UNIT2 can provide the practical documents legal, security and operations teams need to review the setup.
Data Processing Agreement
GDPR Art. 28 processing terms, responsibilities, subprocessors and data-handling boundaries.
Intake checklist
Workflow classification, risk category, transparency needs, human oversight and record-keeping requirements.
Agent Delivery SOP
Go-live checks for AI disclosure, access controls, logging, audit trails, approval gates and operational handover.
Next step
Review compliance before the first workflow goes live.
Start with the readiness scan or request the compliance documents for your legal, IT or security team.