SecurePoint USA
SecurePoint USAEnterprise Compliance
Request Demo
← Back to Home

AI Compliance & Transparency

EU AI Act, CCPA ADMT, and Responsible AI Practices

Effective Date: January 16, 2026
Last Updated: January 16, 2026
Compliance: EU AI Act (Aug 2026), CCPA/CPRA (Jan 2026)

1. AI Use in Our Platform

SecurePoint USA uses Artificial Intelligence (AI) in two distinct contexts:

Development Assistance

AI tools assist in code development to maximize efficiency. All AI-generated code undergoes rigorous human review, security audits, and compliance validation.

Operational Assistance

AI generates risk summaries for sanctions screening matches. All summaries are advisory only and require human review before any access decision.

2. Human-in-the-Loop Guarantee

AI Assists, Humans Decide

SecurePoint USA never makes automated-only access or screening decisions. All AI outputs are reviewed by qualified human personnel before any action is taken. This applies to:

  • Visitor access approvals or denials
  • Sanctions screening adjudication
  • Risk assessment classifications
  • Compliance determinations

3. EU AI Act Compliance (Effective August 2, 2026)

3.1 Risk Classification

Under the EU AI Act, our AI-assisted risk summarization for visitor screening may qualify as a High-Risk AI System under Annex III (employment and access control). We proactively comply with high-risk requirements:

High-Risk AI Compliance Measures:

  • Human oversight: All AI outputs require human review and approval
  • Transparency: AI usage disclosed to all users and data subjects
  • Accuracy and robustness: Continuous monitoring of AI performance
  • Data governance: Training data documented and validated
  • Technical documentation: AI methodology and limitations documented
  • Record-keeping: All AI-assisted decisions logged in immutable audit trails

3.2 Training Data Transparency

Our AI models are trained on:

  • Public sanctions lists: OFAC, UN, EU, DFAT, SECO, UK HMT (21,851+ entities)
  • Generic language models: Azure OpenAI (GPT-4), Groq for text summarization
  • No customer data: Your visitor data is never used for training

3.3 AI Model Limitations & Accuracy

Known Limitations:

  • • AI summaries are interpretive and may contain inaccuracies
  • • Name matching can produce false positives (similar names)
  • • AI cannot interpret complex geopolitical nuances
  • • Recommendations are advisory only, not definitive
  • Average accuracy: 95%+ for exact name matches, lower for partial matches

3.4 Right to Human Review

Under Article 14 of the EU AI Act, individuals have the right to:

  • Request explanation of any AI-assisted decision
  • Challenge AI outputs through human review
  • Object to automated processing
  • Access audit logs showing AI involvement in their screening

4. CCPA/CPRA Automated Decision-Making Technology (ADMT) Compliance

Pre-Use Notice (Effective January 1, 2026)

California law requires advance notice when Automated Decision-Making Technology (ADMT) is used for decisions that have "significant effects" on consumers. SecurePoint USA uses ADMT for:

  • Purpose: Generating risk summaries for sanctions screening matches
  • Technology: Large Language Models (Azure OpenAI GPT-4, Groq)
  • Methodology: AI cross-references visitor data with sanctions lists and generates narrative summaries
  • Significant Effect: May inform (but not determine) visitor access decisions

4.1 Consumer Rights Regarding ADMT

California residents have the right to:

  • Opt-Out: Request that your information not be processed via ADMT
    Note: This may result in longer processing times for manual screening
  • Explanation: Receive details about how ADMT was used in your screening
  • Appeal: Challenge any ADMT-assisted decision through human review
  • Access: View AI-generated summaries related to your screening

4.2 How to Exercise Your ADMT Rights

To opt-out or appeal an ADMT decision:

  1. Email support@securepointusa.com with subject "ADMT Opt-Out Request" or "ADMT Appeal"
  2. Include your full name, visit date, and facility name
  3. We will respond within 30 days with confirmation or alternative processing options

5. Data Privacy & AI Processing

5.1 What Data Goes to AI Providers

When AI is used for risk summarization, the following data is sent to Azure OpenAI or Groq:

  • Visitor name (for name matching analysis)
  • Sanctions list match results (entity names, match scores)
  • Publicly available sanctions entity details

✓ Data is encrypted in transit (TLS 1.3) and at rest
✓ Data is not used for training AI models (contractually enforced)
✓ Data is processed in real-time and not permanently stored by AI providers

5.2 AI Providers & Data Processing Agreements

  • Azure OpenAI (Microsoft): GDPR-compliant DPA, SOC 2 certified, US-based
  • Groq: GDPR-compliant DPA, US-based
  • Contractual Protections: Both providers contractually prohibited from using customer data for training

6. Regulatory Compliance Framework

EU AI Act (Aug 2026)

  • ✓ High-risk AI system procedures
  • ✓ Human oversight requirements
  • ✓ Training data transparency
  • ✓ Technical documentation
  • ✓ Audit trail maintenance

CCPA/CPRA (Jan 2026)

  • ✓ ADMT pre-use notice
  • ✓ Consumer opt-out rights
  • ✓ Appeal process
  • ✓ Methodology disclosure
  • ✓ Risk assessments

GDPR (Ongoing)

  • ✓ Lawful basis for processing
  • ✓ Data minimization
  • ✓ Right to explanation
  • ✓ Right to object
  • ✓ Data protection by design

ITAR/EAR Compliance

  • ✓ Sanctions screening
  • ✓ Export control validation
  • ✓ Audit trail for all screenings
  • ✓ 10-year record retention

7. Quality Assurance & Continuous Monitoring

Despite AI assistance, we maintain enterprise-grade standards:

  • 99.9%+ uptime SLA with enterprise monitoring
  • Sub-second screening (33.3ms average response time)
  • Comprehensive audit trails for all AI-assisted decisions
  • Multi-tenant architecture with complete data isolation
  • Regular security audits and vulnerability assessments
  • Continuous AI performance monitoring to detect drift or degradation

8. Contact & Support

For questions about AI compliance, ADMT opt-out requests, or to exercise your rights:

AI Compliance Inquiries: support@securepointusa.com
ADMT Opt-Out/Appeal: support@securepointusa.com (Subject: "ADMT Request")
Privacy Inquiries: privacy@securepointusa.com
Response Time: 30 days or less

Legal Disclaimer

This AI Compliance Statement is provided for informational purposes. SecurePoint USA provides advisory risk assessments only. Final access and compliance decisions remain the responsibility of the controlling organization. AI outputs are suggestive, not definitive, and must be reviewed by qualified human personnel before any action is taken.

For specific legal guidance on AI compliance, EU AI Act, or CCPA ADMT requirements, consult qualified legal counsel.