Skip to main content
PolicySpeak

AI Policy

Last updated: 30 May 2026.

This policy describes how PolicySpeak builds and operates AI-powered features, what we ask of customers, and what limits we acknowledge.

Sub-processors

PolicySpeak's features are delivered with the help of AI sub-processors. We do not train or fine-tune AI models on your content, and we do not use your content to tune our prompts or choose between models — that work uses only publicly available EU policy documents (legislation, consultations, press releases, and official institutional output). When you use a generation feature, your content is sent to our AI sub-processors at that moment to produce your output, under data-processing terms.

Sub-processor identity and the contractual terms that govern each sub-processor are disclosed to customers under NDA on request, rather than published preemptively. Write to security@policyspeak.com for the sub-processor disclosure package.

Accuracy and hallucination

PolicySpeak generates briefings, drafts, and analyses using AI models. AI models can produce incorrect or incomplete output. We design our pipeline to reduce this risk in three ways:

  1. Source citation: we link generated claims back to the source document they came from. Where we use citation markers like [1], you can click through to the original.
  2. Automated verification: we run automated citation-verification passes on generated output to catch misattribution and ungrounded claims.
  3. Human-in-the-loop posture: PolicySpeak is a research and drafting tool. It is not a substitute for the professional judgment of the public-affairs practitioner who uses it. The platform is built to assist, not replace, human decision-making.

When we improve a prompt or change a model version, we document the change internally and run regression tests on the affected feature before it ships.

EU AI Act

PolicySpeak is committed to operating in compliance with the EU AI Act (Regulation 2024/1689). Specifically:

  • We do not deploy our system for any prohibited practice under Article 5 (no social scoring, no biometric inference of sensitive attributes, no behavioral manipulation, no real-time remote biometric identification, no exploitation of vulnerabilities).
  • We do not deploy our system as a high-risk AI systemunder Annex III. PolicySpeak does not make automated decisions about individuals' legal rights, employment, education, essential services, or access to public benefits. PolicySpeak is a productivity tool for professionals.
  • For our transparency obligations (Article 50), users are clearly informed when they are interacting with AI-generated content. Briefings, drafts, and analyses produced by PolicySpeak are labeled as such.

AI literacy

Our staff complete training on responsible AI use, including the failure modes of large language models, the limits of automated reasoning, and the obligation to verify AI-generated claims before relying on them. We expect our customers to apply equivalent judgment when using PolicySpeak's output.

Data sources

PolicySpeak's intelligence pipeline ingests:

  • Public EU institutional documents (EUR-Lex, EP Open Data, Council, Commission)
  • Public press feeds (RSS, social posts, and newsletters with redistribution rights)
  • Public stakeholder data (lobbying register, MEP profiles, Commission organigram)

We do not scrape paywalled content. We do not bypass copyright restrictions. Where we have a licensing relationship with a content provider, we honor the terms of that license.

Model versioning and change management

When we change which underlying language model serves a feature, we:

  1. Run regression tests on the affected feature's evaluation suite.
  2. Log the change in our internal model routing documentation.
  3. Disclose material changes in our changelog if they affect observable output quality.

Customers are notified of material changes to AI model behavior at the same cadence as other material product changes. Sub-processor changes are notified to customers separately under the terms of their DPA.

Inputs we discourage or refuse

PolicySpeak is not designed for and should not be used to:

  • Generate content intended to deceive, manipulate, or mislead public officials or the public
  • Infer sensitive personal attributes about individuals (including political opinions where not publicly stated, religious belief, sexual orientation, health status, ethnic origin)
  • Produce automated decisions affecting any individual's legal rights, employment, or access to services
  • Generate large-scale unsolicited communications (spam, mass-personalized phishing-shaped outreach)
  • Reverse-engineer the system, extract our prompts, or build competitive products from our outputs

If our automated systems detect inputs that appear to violate this policy, we may refuse to process them and notify the organization admin.

Reporting concerns

If you observe PolicySpeak producing output that violates this policy, or if you have concerns about how AI is being applied in your organization's workspace, write to security@policyspeak.com. We respond within a few business days.

Updates

We will update this policy when our practices change. Material changes are notified to organization admins by email before they take effect.