Trust / Compliance documents
How Tadeus classifies itself under the EU AI Act
This is the classification framework from our own trust hub applied to Tadeus itself, deployment by deployment. We publish it because we ask every vendor the same question and think you should too: not "are you compliant?" but "show me your classification reasoning."
v1.0 · Last reviewed 10 July 2026 · Owned by Founder
Checked against the European Commission's draft classification guidelines of 19 May 2026.
A maintained compliance document, not legal advice — take the reasoning to your counsel.
The classification, at a glance
Tadeus is a voice layer for workforce platforms: one AI agent holds real voice conversations with employees and returns structured, timestamped records to the systems the organisation already uses. Classification runs on use, so we classify each supported deployment separately.
| Use case | Article 50 | Annex III point 4 | Derogation | Drift trigger to watch |
|---|---|---|---|---|
| Workforce listening campaigns | In scope — disclosure by design, evidenced per session | Not high-risk as intended: outputs are aggregate-only and inform no individual outcome | Not claimed — not needed while outside Annex III | Routing results into individual performance or task decisions |
| Policy briefing & comprehension checks | In scope — disclosure by design, evidenced per session | Not high-risk as intended: confirms understanding, feeds no individual employment decision | Not claimed — not needed | Using comprehension results in individual performance management |
| Onboarding conversations | In scope — disclosure by design, evidenced per session | Not high-risk as intended: surfaces blockers and questions, not evaluations of the new joiner | Not claimed — not needed | Reporting individual 'readiness' signals to managers during probation |
| Implementation & requirements interviews | In scope — disclosure by design, evidenced per session | Not high-risk: subject matter is systems and processes, not the person | Not claimed — not needed | Repurposing interview records to evaluate the interviewee |
| Market research & UX interviews (external participants) | In scope — disclosure by design, evidenced per session | Outside the employment context of Annex III point 4 | Not claimed — not needed | Running the same instrument on your own employees for evaluation |
| Candidate screening / performance evaluation | — | Not a supported use. A deployment built this way is high-risk under Annex III 4 | — | This row existing in your deployment at all |
The honest line
If a deployer routes Tadeus outputs into decisions about a named individual's performance, tasks, promotion, or termination, that deployment crosses into Annex III point 4 and the high-risk regime applies to it from 2 December 2027 — whatever this table says about intended use. The system does not decide its own classification; your deployment does.
The reasoning, row by row
Article 50: every deployment is in scope, and that's by design
Tadeus talks to people; there is no reading of Article 50 under which a voice agent holding a natural conversation is "obvious from context." So we don't argue the exception. Every conversation opens with the agent stating it is an AI, what the conversation is for, and what happens to the answers — and that disclosure is captured in the same structured, timestamped session record as everything else, per person, per date, per language. Disclosure increases candour rather than suppressing it, which makes this a rare obligation that pays for itself: the evidence is here.
Annex III: intended use keeps outputs aggregate and away from individual outcomes
Three architectural facts do the work. Tadeus has no individual scoring surface — there is no screen that ranks or rates a named employee. Listening campaigns return aggregate-only outputs: themes, distributions, and quality-weighted signal, not per-person verdicts. And Tadeus does not ingest performance data — there is nothing in the system to correlate a person's answers against their appraisal. A system deployed this way informs decisions about the organisation, not about named individuals, which is what keeps the intended deployments outside Annex III point 4.
The corollary is stated plainly in the callout above: those are properties of the intended deployment, not a legal force field. Session records are exportable by design — that's what makes the evidence obligations dischargeable — and an organisation that exports individual records into a performance process has changed the classification of its own deployment. We say so in our Instructions for Use, in onboarding, and here.
Derogation: not claimed, deliberately
We do not claim an Article 6 derogation for any supported use case — not because we couldn't construct an argument, but because we don't need one while intended deployments sit outside Annex III, and claiming one casually would convert a clear position into a filed claim to defend. If the Commission's final guidelines move the boundary and any supported use case lands in an Annex III category, our position is to either meet the full high-risk obligations for it or claim the derogation properly: documented assessment, EU database registration included. What we will not do is describe ourselves as "AI Act certified" — no vendor honestly can while the harmonised standards are still being finalised.
Registration posture
As of this version: no Tadeus use case is classified high-risk under Annex III point 4, no Article 6 derogation is claimed, and accordingly no EU database registration is currently required or filed. This position is re-run against every framework update — including the Commission's final classification guidelines, expected by the end of 2026 — and any change lands here and in the change log before it lands anywhere else.
The drift triggers we tell customers to watch
Classification drift is the main real-world risk for a listening tool, so these are the specific changes we tell deployers to treat as a re-classification event, not a configuration change:
- Exporting individual-level session records into a performance review, PIP, or promotion process.
- Adding per-individual filtering to any dashboard consumed by line managers.
- Feeding conversation outputs into task-allocation or scheduling logic.
- Using comprehension-check results to trigger consequences for a named person.
- Deploying any conversation whose stated purpose to employees differs from the use its outputs are put to.
Any of these puts the deployment in Annex III point 4, and the deployer obligations under Article 26 — competent human oversight, log retention, informing workers and their representatives before use — attach to it. If you are planning one of these uses, run the classification memo for it first and talk to us: high-risk deployments need the full evidence trail, and we would rather help you build it than discover the drift later.
Review cadence and ownership
This classification is reviewed quarterly and at every regulatory change, and is owned by our Founder. The version and last-reviewed date at the top of this page are updated on every review, even when nothing changes — a review that leaves the classification untouched is still a review, and the change log records it.
Change log
- 10 July 2026 — v1.0
First public classification. Reviewed quarterly.