Kameleoon and the AI Act: how we safeguard your data

The EU Artificial Intelligence Act is now law. Many parts of it already apply and more will phase in over the next two years.

In this article, we’ll discuss what that means for your business, and what you can expect from Kameleoon as we work to safeguard your data.

Where Kameleoon fits within the AI Act

As an experimentation and personalization platform, Kameleoon is a “provider” for AI systems we build and supply in the eyes of the AI Act. Our customers are “deployers,” meaning you use our AI systems in a professional context on your digital properties. 

Most Kameleoon use cases are not “high risk” applications according to the AI Act; generally, use of Kameleoon necessitates transparency only: telling users when they are interacting with AI, or if content is generated by AI, as is the case from our Prompt-based Experimentation tool.

How we safeguard your data

We run audits, push security updates, and track real-world performance to address emerging risks early. 

We also align with the AI Act’s risk management and post-market monitoring expectations through:

• Risk management. Every Kameleoon AI system undergoes a structured risk assessment during design, scenario-based testing before launch, and continuous monitoring afterwards.
• Privacy protections. Our AI systems do not need to process personal data to work, and remind customers to not include personal or sensitive data and prompts or inputs.
• Data governance. We always use clean data to train, validate, and test our models and remove clear sources of bias.
• Transparent documentation. We maintain comprehensive technical documentation covering design choices, datasets, model performance, and robustness testing.
• Human oversight. All of our AI features can be monitored, paused, or altered by human operators.

What the AI Act means for PBX experiments

Prompt-based Experimentation (PBX) allows teams to safely test AI-generated experiences on live sites. It keeps a full record of who made what changes and when, and provides review points before launch that include clear on-page notices when live experiences involve AI or synthetic media. 

AI, Kameleoon, and you: a shared responsibility

Data security is very important to us at Kameleoon, and we have designed every AI-powered system to emphasize easy, effective, and secure experiences for our customers. 

If you are avoiding putting personal or sensitive data into prompts, using consent-aware executions where needed, using AI disclosures, and reviewing each AI variant before launch, you should have no trouble using Kameleoon and PBX to effectively optimize your web experiences in accordance with the AI Act.