1. Purpose
This policy sets out Hybrid Core BV's principles and commitments for the responsible development, deployment, and use of artificial intelligence (AI) technologies. It reflects the company's obligations under the EU AI Act and its commitment to the OECD AI Principles and the European Commission's Ethics Guidelines for Trustworthy AI.
2. Scope
This policy applies to all AI systems developed, integrated, or deployed by Hybrid Core BV, including those embedded in products and services offered to clients. It applies to all employees, contractors, and partners involved in AI research, development, and deployment activities.
3. Policy statement
Hybrid Core BV is committed to developing and deploying AI in a manner that is safe, transparent, fair, and human-centred. We recognise that AI technologies have significant potential to generate value and advance human capability, and that realising this potential responsibly requires embedding ethical considerations and robust governance into every stage of the AI lifecycle.
4. Principles
4.1 Human oversight and control
AI systems must support, not replace, human judgement in consequential decisions. Appropriate mechanisms for human oversight, review, and intervention must be designed into all AI systems from the outset. Humans must retain meaningful control over decisions that significantly affect individuals or organisations.
4.2 Transparency and explainability
AI systems should be transparent in their operation and outputs. Where an AI system makes or informs decisions that affect people, those affected should be able to understand the basis for the decision. Technical documentation must accurately describe the capabilities, limitations, and intended use of AI systems.
4.3 Fairness and non-discrimination
AI systems must not generate outputs that are discriminatory, biased, or that reinforce unjust inequalities. Training data, model design, and evaluation processes must account for potential sources of bias. Systems must be tested for fairness across relevant groups before deployment.
4.4 Privacy and data protection
AI systems must be designed and operated in compliance with GDPR and other applicable data protection law. Data minimisation, purpose limitation, and privacy by design principles apply to all AI development activities.
4.5 Security and robustness
AI systems must be resilient to adversarial attacks, data poisoning, and other security threats. Security testing must be conducted as part of the development process. Vulnerabilities identified post-deployment must be remediated promptly.
4.6 Accountability
Clear accountability must be established for all AI systems. This includes identifying responsible owners for each system, maintaining documentation throughout the AI lifecycle, and establishing processes for monitoring, auditing, and reviewing AI behaviour in deployment.
4.7 EU AI Act compliance
Hybrid Core BV will classify all AI systems according to the risk categories defined in the EU AI Act and comply with the obligations applicable to each risk level. High-risk AI systems will be subject to conformity assessment, registration, and post-market monitoring as required. Prohibited AI practices will not be engaged in under any circumstances.
4.8 Responsible innovation
AI research and development activities will be conducted in accordance with applicable research ethics requirements. Where AI systems are developed under EU-funded projects, the relevant ethics and responsible research and innovation frameworks apply.
5. Responsibilities
5.1 Management
Management is responsible for ensuring that AI governance is resourced and embedded in the company's operations, for approving high-risk AI deployments, and for ensuring regulatory compliance across the AI portfolio.
5.2 Development teams
Development teams are responsible for implementing responsible AI principles in their technical work, conducting appropriate testing and documentation, and raising concerns about potential harms or risks arising from AI systems.
5.3 Employees using AI tools
All employees using AI tools in their work are responsible for doing so in accordance with this policy, for not inputting confidential or personal data into unapproved external AI systems, and for exercising appropriate critical judgement when using AI-generated outputs.
6. Prohibited uses
The following uses of AI are prohibited at Hybrid Core BV:
- Subliminal manipulation of individuals without their awareness
- Exploitation of vulnerabilities of specific groups
- Social scoring systems that rate individuals based on behaviour in unrelated contexts
- Real-time remote biometric identification in publicly accessible spaces, except where explicitly permitted by law
- Any use classified as prohibited under the EU AI Act
7. Reporting and compliance
Employees who become aware of AI systems operating in a manner inconsistent with this policy must report the concern to management. Hybrid Core BV will investigate all reports and take appropriate corrective action. Serious incidents involving AI systems may be subject to external reporting requirements under the EU AI Act.
8. Monitoring and review
AI systems in deployment are subject to ongoing monitoring for performance, bias, security, and compliance. This policy and supporting procedures will be reviewed at least every two years to reflect developments in regulation, technology, and best practice.
9. Communication and awareness
Training on responsible AI is provided to all employees involved in AI development and deployment. The company's AI governance framework is communicated to clients and partners as relevant. This policy is published on the company's internal systems.
10. Review cycle
This policy is reviewed every two years by the Hybrid Core Management Team, or sooner in response to material changes in the EU AI Act, related regulation, or the company's AI activities.
11. Version control
Version: 1.0
Owner: Hybrid Core Management Team
Approved by: Hybrid Core Management
Effective Date: 01.06.2026
Review Period: Every 2 Years