# Guardia AI — EU AI Act Annex III Self-Assessment

**System:** Guardia AI — EU AI Act compliance platform (repository scanner, risk classifier, fairness metrics, documentation modules, AI chat assistant)
**Role under the Act:** Provider of the Guardia AI platform; deployer of a general-purpose model accessed via API (Groq-hosted Llama models)
**Assessment date:** 2026-07-05 · **Reviewed by:** Founder (human review of tool-generated output)
**Conclusion:** **Not high-risk.** No Annex III category applies. No Article 5 prohibited practice is implemented. Article 50 transparency obligations apply to the chat assistant and are met.

---

## Article 5 — Prohibited practices: none apply

Guardia AI does not use subliminal or manipulative techniques (5(1)(a)), does not exploit vulnerabilities of specific groups (5(1)(b)), performs no social scoring (5(1)(c)), no predictive policing of individuals (5(1)(d)), no untargeted facial-image scraping (5(1)(e)), no emotion recognition in workplaces or education (5(1)(f)), no biometric categorisation of sensitive attributes (5(1)(g)), and no real-time remote biometric identification (5(1)(h)). It processes source code and configuration files, not biometric or behavioural data about people.

## Annex III — High-risk categories, one by one

| § | Category | Applies? | Because |
|---|----------|----------|---------|
| 1 | Biometrics (identification, categorisation, emotion recognition) | **No** | Guardia processes no biometric data of any kind. Inputs are source code, dependency manifests, and configuration files. |
| 2 | Critical infrastructure (safety components: water, gas, electricity, transport, digital infrastructure) | **No** | Guardia is not a safety component of anything. Its output is a report; it has no control path to any physical or digital infrastructure. |
| 3 | Education and vocational training (access, evaluation, monitoring of students) | **No** | Guardia does not evaluate, admit, grade, or monitor students or learners. |
| 4 | Employment and workers' management (recruitment, promotion, task allocation, monitoring, termination) | **No** | Guardia makes no assessment of any employee or candidate. It analyses codebases, not people, and its users choose freely how to act on its reports. |
| 5 | Essential services (creditworthiness, insurance pricing, social benefits, emergency dispatch) | **No** | Guardia performs no scoring of natural persons and gates no one's access to any service. |
| 6 | Law enforcement | **No** | Guardia is not designed for, marketed to, or usable as a law-enforcement assessment tool. |
| 7 | Migration, asylum and border control | **No** | Out of scope entirely; no such functionality exists. |
| 8 | Administration of justice and democratic processes | **No** | Guardia's reports are compliance documentation for the customer's own use. It does not assist courts in fact-finding or interpret law bindingly — every report states it is not legal advice. |

## What DOES apply to us

- **Article 50 (transparency).** Our chat assistant interacts with natural persons, so users must be told they are talking to an AI system. They are: the assistant is labelled as AI and its answers carry a "general guidance, not legal advice" notice. LLM-drafted documentation is labelled as AI-generated and requires human editing.
- **GPAI deployer position.** We consume Llama models via the Groq API. We are not a provider of a general-purpose AI model (we train none, we fine-tune none, we place none on the market).
- **Good-practice measures we apply voluntarily:** audit logging, quality management system aligned with Article 17, post-market monitoring plan aligned with Article 72, a voluntary FRIA (Article 27 structure), and this published self-assessment.

## Structural argument on bias

We do not claim our software is "unbiased" — no one honestly can. We claim something verifiable instead: **Guardia AI makes no decisions about natural persons**, so the discriminatory-outcome harms the AI Act targets have no pathway through our product. The core scanner is deterministic (identical input → identical output, published signature lists). The LLM features are assistive text generation, clearly separated from rule-based results, always subject to human review.

---

*Self-assessment prepared with Guardia AI's own risk classifier ([published output](/trust/self-scan-report.json)) and reviewed by a human. This document is our good-faith analysis under Regulation (EU) 2024/1689; it is not legal advice and not a certification. If the product's functionality changes materially, this assessment will be redone and re-published.*
