EU AI Act Compliance

Our Measures for the Responsible Use of Generative AI

How andweekly Implements the EU AI Act

Generative AI is a powerful tool in digital marketing – provided it is used responsibly and in compliance with legal standards. andweekly is committed to fully implementing the requirements of the EU AI Act. This page outlines our core measures in the areas of risk management, transparency, security and training.

1. Risk Management for AI Use

Responsible use of GenAI starts with a thorough evaluation of potential risks. andweekly ensures that all AI applications in marketing undergo a structured and documented assessment.

 

1.1. Risk Assessment and Classification of AI Applications

andweekly conducts systematic risk assessments for all deployed AI systems. While most use cases in marketing – such as text generation, data analysis, or strategic development – are generally considered low-risk, we carefully review each tool and application. Our goal is to identify potential risks early on – such as content inaccuracies, privacy violations, or algorithmic bias – and define appropriate mitigation measures. The analysis is fully documented and traceable, in line with EU AI Act requirements.

 

1.2. Human Oversight and Control Mechanisms

All AI-generated results at andweekly are subject to final human review by qualified team members. This safeguard ensures that no automated decisions are used without validation – and provides a legally sound basis for their use in customer work.

 

2. Transparency and Traceability

Transparency is a core principle in our use of GenAI. We systematically document our AI applications and ensure all processes are understandable and traceable.

 

2.1. Documentation of AI Usage

All use of AI at andweekly is consistently documented. This includes:

  • Use Cases: Detailed descriptions of AI-supported processes, workflows and generated outputs
  • Risk Management: Documented risk analyses, including identified risks and mitigation measures (see section 1)
  • Training: Records of all internal and external training activities, including content, feedback, attendance and certification
  • Data Privacy and Security: Evidence of GDPR-compliant practices, including data anonymization, pseudonymization and IT security measures
  • System Changes and Policies: Continuous logging of system updates and internal policy changes

 

2.2. Communication with Customers

We maintain full transparency with our customers about how AI is used in their projects – for example in data analysis or content production. At the same time, we make it clear that all strategic decisions and final outputs are developed and validated by our human experts. GDPR compliance and data security are always ensured (see section 3).

 

3. Data and IT Security

andweekly ensures that all data processed within AI workflows is collected, stored and used in compliance with GDPR. In addition, we implement technical and organizational safeguards – from encryption and access control to regular security audits.

For more details, see our Privacy Policy.

 

4. Training and Qualification

All employees and external freelancers who work with GenAI systems receive regular training. Training content includes:

  • Compliance Training in accordance with GDPR
    EU AI Act Awareness and application of GenAI
    Hands-on Training for working with AI technologies and workflow integration

All training sessions are documented, evaluated and updated as needed.

Hast Du Fragen oder Feedback?

Schreib uns! Wir freuen uns auf Deine Nachricht.