AI Transparency

Keeptrusts believes organizations should be transparent about how they develop, deploy, and govern AI systems. This page describes how AI is involved in the Keeptrusts platform and services, consistent with the transparency objectives of the EU AI Act (Regulation 2024/1689).

Keeptrusts operates as an infrastructure and governance layer between applications and AI providers. The platform routes, evaluates, logs, and enforces policies on LLM requests and responses.

The gateway itself does not generate model outputs. It applies deterministic policy rules, content filters, and routing decisions to traffic that flows between customer applications and third-party AI providers selected by the customer.

Under the EU AI Act risk framework, the Keeptrusts gateway operates as an infrastructure and governance layer that does not autonomously generate content, make decisions affecting natural persons, or fall within the high-risk categories defined in Annex III of the regulation.

Based on this assessment, the Keeptrusts gateway is classified as a minimal-risk AI system. Customers using Keeptrusts to govern their own AI systems should independently assess the risk classification of those downstream systems and configure appropriate governance controls accordingly.

Policy enforcement is rule-based and deterministic. Policies evaluate request and response content against configured conditions such as keyword matching, regular expressions, classification thresholds, and structured metadata checks.

Customers configure which policies apply to their traffic. Keeptrusts provides built-in policy templates and allows customers to define custom rules.

Keeptrusts provides disclaimer-injection policies and AI-generated content labeling capabilities to help customers meet their own transparency obligations, including those arising under Art. 52 of the EU AI Act (notification that content is AI-generated or that a person is interacting with an AI system).

Customers are responsible for configuring these features to meet their regulatory requirements and for determining whether Art. 52 obligations apply to their specific use cases.

Keeptrusts processes AI traffic on behalf of customers. Prompts, responses, and metadata are handled according to customer configuration, applicable retention settings, and the terms of the governing customer agreement.

Keeptrusts does not use customer AI traffic to train models or improve third-party AI systems. Audit records are retained for compliance and operational purposes as configured by the customer.

AI governance systems are probabilistic. While Keeptrusts improves oversight, policy consistency, and auditability, no system can guarantee that every unsafe or non-compliant output will be detected in all circumstances.

Customers retain responsibility for the appropriate use of AI within their organization and for evaluating whether governance controls meet their regulatory and ethical requirements.

For questions about this disclosure, contact legal@keeptrusts.com.