AI Transparency

Note: This page is intended solely as general information about the EU AI Act and its impact on our collaboration. It does not constitute legal advice and does not replace an individual legal assessment. In the event of any conflict between this information page and our General Terms and Conditions (GTC) the GTC shall prevail. Legally binding provisions on AI projects are set out exclusively in the GTC, in particular Section 4 (AI Regulation), Section 8 (AI Transparency) and Section 10 (Limitation of Liability).

The Regulation (EU) 2024/1689 — also known as the EU AI Act or AI Act (AI Regulation) — is the world's first comprehensive law regulating artificial intelligence. It entered into force on 1 August 2024 and will become fully applicable in stages by 2027.

The aim of the regulation is to foster trustworthy AI in the EU while protecting fundamental rights, safety and transparency. The AI Act applies to all actors who develop, make available or deploy AI systems in the EU.

The key milestones:

Date	Obligation
02.02.2025	Prohibition of unacceptable AI practices (already in force)
02.08.2025	Obligations for general-purpose AI models (GPAI)
02.08.2026	Transparency obligations (Art. 50) and high-risk systems
02.08.2027	Full application of all provisions

The AI Act classifies AI systems into four risk levels:

Risk level	Description	Requirements
Unacceptable	Manipulative AI, social scoring, real-time remote biometric identification in public spaces	Prohibited since 02.02.2025
High	AI in critical areas: HR decisions, creditworthiness assessment, biometrics, critical infrastructure	Conformity assessment, CE marking, technical documentation, 10-year retention
Limited	Chatbots, AI-generated content, deepfakes, emotion recognition	Transparency obligations: labelling and disclosure
Minimal	Spam filters, AI-powered recommendation systems, simple automations	No specific obligations, voluntary codes of conduct recommended

Most AI projects that Kuroko Labs develops for clients — such as chatbots, AI agents, RAG systems and content generation — fall into the category "Limited risk" and are subject primarily to the transparency obligations under Art. 50.

The AI Act distinguishes three key roles with different obligations:

Role	Who?	Obligations
Provider	OpenAI, Anthropic, Google, Meta — companies that develop AI models and place them on the market	Model safety, documentation, conformity assessment
Integrator	Kuroko Labs — integrates AI models into client-specific solutions	Technical documentation, providing transparency notices, supporting the deployer with compliance
Deployer	Our clients — deploy the finished AI system in their business operations	Compliance with the terms of use, monitoring in operation, informing end users, data protection impact assessment

As an Integrator , Kuroko Labs supports the professional integration of AI models into your solution. Responsibility for the correct risk classification and any regulatory conformity assessments for the specific intended use remains with the client as the deployer within the meaning of Art. 3 No. 4 of the AI Act (cf. GTC Section 2 (5)). After project handover, the full deployer responsibility lies with the client.

From 2 August 2026 the following transparency obligations apply:

• Interaction notice: End users must be informed before the interaction begins that they are interacting with an AI system — unless this is obvious.
• Labelling of AI-generated content: Text, image, audio and video generated by AI must be labelled as such in a machine-readable format.
• Deepfake labelling: Synthetically generated or manipulated content depicting real persons or events must be clearly disclosed as AI-generated.
• Emotion recognition / biometrics: Persons whose emotions are recognised or whose biometric data is categorised must be informed in advance.

Kuroko Labs supports the implementation of these transparency requirements in AI projects within the scope of the respective project contract. Responsibility for compliance with the transparency obligations during ongoing operation lies with the client as the deployer (cf. GTC Section 8 (2)).

After the handover of an AI project, you as the deployer are responsible for:

• End-user information: Ensure that your end users know when they are interacting with an AI system.
• Labelling obligation: AI-generated content must be labelled as such before it is published or shared.
• Monitoring: Monitor the AI system during ongoing operation for unexpected behaviour and document any incidents.
• Data protection: If your AI system processes personal data, you are responsible for compliance with the GDPR, including a data protection impact assessment (DPIA) pursuant to Art. 35 GDPR.
• Human oversight: For high-risk systems, human oversight must be ensured.
• Documentation: Retain the technical documentation provided by Kuroko Labs for at least 10 years.

Detailed contractual provisions can be found in our General Terms and Conditions (Section 4 and Section 8).

Depending on the respective project contract, the handover of an AI project may include, among other things, the following documentation:

• Model Card: Description of the AI model used, its capabilities, limitations and known risks.
• Data Card: Information about the training data and data sources used (where applicable).
• Risk classification: Classification of the system under the EU AI Act with justification.
• Human oversight guide: Description of how human oversight can be ensured in operation.
• Technical integration documentation: API descriptions, configuration and operating instructions.
• DPIA template: Template for the data protection impact assessment (where personal data is processed).

The type and scope of documentation depend on the individual project contract and the risk classification of the respective AI system.

Kuroko Labs is guided by the following principles for the responsible use of artificial intelligence:

• Transparency: We communicate openly where and how AI is used.
• Human control: AI systems support human decision-making — they do not replace it. We implement human-in-the-loop mechanisms where required.
• Data quality: We pay attention to the quality and integrity of the data processed in AI systems.
• Security: AI systems are developed with appropriate security measures.
• Hallucination risk: AI-generated content may be erroneous, incomplete or factually incorrect. Human review of AI outputs before use is always required (cf. GTC Section 4 (2)).
• Bias awareness: We take care, within our means, to ensure that AI systems do not reinforce unfair prejudices (bias). However, complete freedom from bias cannot be guaranteed.
• Continuous improvement: We monitor regulatory developments and adapt our processes accordingly.

The AI Act provides for substantial fines in the event of violations:

Violation	Fine
Prohibited AI practices	Up to EUR 35 million or 7% of worldwide annual turnover
Transparency violations (Art. 50)	Up to EUR 15 million or 3% of worldwide annual turnover
False information provided to authorities	Up to EUR 7.5 million or 1% of worldwide annual turnover

In addition, GDPR fines (up to EUR 20 million or 4% of annual turnover) may apply where AI systems process personal data. Fines are imposed on the respective obligated party — for violations of the labelling obligations by the deployer, Kuroko Labs as the integrator is not liable (cf. GTC Section 8 (2)).

The use of AI systems that process personal data is additionally subject to the requirements of the General Data Protection Regulation (GDPR). In particular:

• Art. 22 GDPR — Automated decision-making: Data subjects have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning them. Kuroko Labs generally recommends incorporating human review.
• Art. 35 GDPR — Data protection impact assessment (DPIA): For AI systems that process personal data on a large scale, a DPIA must be carried out. Kuroko Labs provides templates for this purpose.
• Legal basis: The processing of personal data by AI systems is generally based on Art. 6 (1) (b) GDPR (performance of a contract) or Art. 6 (1) (f) GDPR (legitimate interest).

Further information can be found in our Privacy Policy.

Germany implements the EU AI Act through the AI Market Surveillance Act (KI-MIG) , which was adopted by the Federal Cabinet on 11 February 2026 and is currently in the parliamentary process.

Key points:

• The Federal Network Agency (Bundesnetzagentur) will act as the central AI supervisory authority in Germany.
• No additional requirements beyond the EU AI Act will be introduced.
• Regulatory sandboxes will be established to foster innovation.
• Sector-specific supervision: BaFin for AI in the financial sector, BSI for AI cybersecurity.

For questions about our AI transparency notices, the AI Act or your obligations as a deployer, please contact:

Kuroko Labs GmbH
Poccistraße 5, 85375 Neufahrn bei Freising
Email: wessal@kurokolabs.ai
Phone: +49 176 30472811

Further legal information:

• General Terms and Conditions (GTC) — in particular Section 4 (AI Regulation) and Section 8 (AI Transparency)
• Privacy Policy
• Legal Notice

Currency notice: AI regulation is still evolving. The content of this page reflects the state of knowledge as of the stated date and will be updated in the event of material changes to the legal situation. It is the client's responsibility to independently keep informed about the applicable legal situation. For the liability provisions, we refer to GTC Section 10.