Trust / Compliance documents

How Tadeus classifies itself under the EU AI Act

This is the classification framework from our own trust hub applied to Tadeus itself, deployment by deployment. We publish it because we ask every vendor the same question and think you should too: not "are you compliant?" but "show me your classification reasoning."

v1.0 · Last reviewed 10 July 2026 · Owned by Founder

Checked against the European Commission's draft classification guidelines of 19 May 2026.

A maintained compliance document, not legal advice — take the reasoning to your counsel.

The classification, at a glance

Tadeus is a voice layer for workforce platforms: one AI agent holds real voice conversations with employees and returns structured, timestamped records to the systems the organisation already uses. Classification runs on use, so we classify each supported deployment separately.

Use caseArticle 50Annex III point 4DerogationDrift trigger to watch
Workforce listening campaignsIn scope — disclosure by design, evidenced per sessionNot high-risk as intended: outputs are aggregate-only and inform no individual outcomeNot claimed — not needed while outside Annex IIIRouting results into individual performance or task decisions
Policy briefing & comprehension checksIn scope — disclosure by design, evidenced per sessionNot high-risk as intended: confirms understanding, feeds no individual employment decisionNot claimed — not neededUsing comprehension results in individual performance management
Onboarding conversationsIn scope — disclosure by design, evidenced per sessionNot high-risk as intended: surfaces blockers and questions, not evaluations of the new joinerNot claimed — not neededReporting individual 'readiness' signals to managers during probation
Implementation & requirements interviewsIn scope — disclosure by design, evidenced per sessionNot high-risk: subject matter is systems and processes, not the personNot claimed — not neededRepurposing interview records to evaluate the interviewee
Market research & UX interviews (external participants)In scope — disclosure by design, evidenced per sessionOutside the employment context of Annex III point 4Not claimed — not neededRunning the same instrument on your own employees for evaluation
Candidate screening / performance evaluationNot a supported use. A deployment built this way is high-risk under Annex III 4This row existing in your deployment at all

The honest line

If a deployer routes Tadeus outputs into decisions about a named individual's performance, tasks, promotion, or termination, that deployment crosses into Annex III point 4 and the high-risk regime applies to it from 2 December 2027 — whatever this table says about intended use. The system does not decide its own classification; your deployment does.

The reasoning, row by row

Article 50: every deployment is in scope, and that's by design

Tadeus talks to people; there is no reading of Article 50 under which a voice agent holding a natural conversation is "obvious from context." So we don't argue the exception. Every conversation opens with the agent stating it is an AI, what the conversation is for, and what happens to the answers — and that disclosure is captured in the same structured, timestamped session record as everything else, per person, per date, per language. Disclosure increases candour rather than suppressing it, which makes this a rare obligation that pays for itself: the evidence is here.

Annex III: intended use keeps outputs aggregate and away from individual outcomes

Three architectural facts do the work. Tadeus has no individual scoring surface — there is no screen that ranks or rates a named employee. Listening campaigns return aggregate-only outputs: themes, distributions, and quality-weighted signal, not per-person verdicts. And Tadeus does not ingest performance data — there is nothing in the system to correlate a person's answers against their appraisal. A system deployed this way informs decisions about the organisation, not about named individuals, which is what keeps the intended deployments outside Annex III point 4.

The corollary is stated plainly in the callout above: those are properties of the intended deployment, not a legal force field. Session records are exportable by design — that's what makes the evidence obligations dischargeable — and an organisation that exports individual records into a performance process has changed the classification of its own deployment. We say so in our Instructions for Use, in onboarding, and here.

Derogation: not claimed, deliberately

We do not claim an Article 6 derogation for any supported use case — not because we couldn't construct an argument, but because we don't need one while intended deployments sit outside Annex III, and claiming one casually would convert a clear position into a filed claim to defend. If the Commission's final guidelines move the boundary and any supported use case lands in an Annex III category, our position is to either meet the full high-risk obligations for it or claim the derogation properly: documented assessment, EU database registration included. What we will not do is describe ourselves as "AI Act certified" — no vendor honestly can while the harmonised standards are still being finalised.

Registration posture

As of this version: no Tadeus use case is classified high-risk under Annex III point 4, no Article 6 derogation is claimed, and accordingly no EU database registration is currently required or filed. This position is re-run against every framework update — including the Commission's final classification guidelines, expected by the end of 2026 — and any change lands here and in the change log before it lands anywhere else.

The drift triggers we tell customers to watch

Classification drift is the main real-world risk for a listening tool, so these are the specific changes we tell deployers to treat as a re-classification event, not a configuration change:

  • Exporting individual-level session records into a performance review, PIP, or promotion process.
  • Adding per-individual filtering to any dashboard consumed by line managers.
  • Feeding conversation outputs into task-allocation or scheduling logic.
  • Using comprehension-check results to trigger consequences for a named person.
  • Deploying any conversation whose stated purpose to employees differs from the use its outputs are put to.

Any of these puts the deployment in Annex III point 4, and the deployer obligations under Article 26 — competent human oversight, log retention, informing workers and their representatives before use — attach to it. If you are planning one of these uses, run the classification memo for it first and talk to us: high-risk deployments need the full evidence trail, and we would rather help you build it than discover the drift later.

Review cadence and ownership

This classification is reviewed quarterly and at every regulatory change, and is owned by our Founder. The version and last-reviewed date at the top of this page are updated on every review, even when nothing changes — a review that leaves the classification untouched is still a review, and the change log records it.

Change log

  • 10 July 2026 — v1.0
    First public classification. Reviewed quarterly.