Governance & Legal

Security Statement

This Security Statement describes the security-minded approach expected for the EUAIC website and related AI compliance technology communications.

This page is written for website visitors, procurement teams, compliance reviewers and prospective customers. It is intended to make EUAIC’s website terms and policy position clear without pretending to be legal advice.

Contact EUAIC View legal centre

AIEU

Read policy

Check scope

Review responsibilities

Contact EUAIC

Govern

Read policy → Check scope → Review responsibilities → Contact EUAIC

Security approach

AI compliance information, enquiry records and customer discussions can be commercially sensitive. EUAIC’s website and service communications should be supported by proportionate safeguards, access control, secure configuration, maintenance and monitoring.

Technical safeguards

Expected safeguards may include HTTPS, secure hosting, least-privilege access, patching, backup discipline, logging, malware protection, firewall controls, careful deployment practice and review of third-party services used by the website.

Operational safeguards

Security also depends on human behaviour: access should be limited to authorised personnel, sensitive information should be handled carefully, incidents should be escalated promptly and changes should be reviewed before deployment.

Limitations

No website or system can be guaranteed absolutely secure. This statement explains the intended security posture and does not create a warranty, certification or independent assurance report.

Reporting concerns

Security concerns should be reported privately with affected URL, description, steps to reproduce, time observed and evidence. Reporters must not access data, disrupt systems or publish details before responsible review.

Evidence and governance sensitivity

AI compliance records can include vendor evidence, internal system descriptions, risk decisions, technical documentation references and oversight notes. Even when not highly sensitive, such records should be treated as business information requiring appropriate care.

Incident readiness

Security readiness should include a practical process for identifying, escalating, investigating and documenting suspected incidents. Serious issues may require customer communication, legal review, supplier engagement and post-incident improvement.

Customer responsibilities

Customers should apply their own security measures, including access control, staff training, secure configuration, careful data entry, approved user management and review of downloaded evidence or exported records.

How this policy should be read

This page is written for website visitors and corporate reviewers. It should be read together with the Legal Notice, Privacy Policy, Cookie Policy and Terms of Use. Where a customer has a signed agreement, order form, statement of work, data processing addendum or service schedule, that document will take priority over this general website wording for the relevant service.

Contact and review

Questions about this policy can be raised through the EUAIC contact route. A useful enquiry should identify the page, the concern, the affected service or communication, and any relevant reference. Policies should be reviewed when the website, service model, supplier stack, cookie configuration, platform features or customer contracting process changes.

Important note

These website policies are written for clear corporate communication. They do not replace a signed agreement, formal legal advice, regulatory advice, security assurance or a customer-specific data processing addendum.

Legal pages

Related EUAIC policies

Use these pages to review privacy, cookies, terms, security, accessibility and responsible AI information in a structured way.

Privacy PolicyUnderstand how EUAIC handles website enquiries, business contact details, communication records, privacy rights and retention.TermsRead EUAIC website terms covering acceptable access, intellectual property, no legal advice, external links and liability boundaries.AccessibilityRead EUAIC accessibility principles for responsive layouts, readable structure, clear navigation and inclusive website improvement.Legal CentreAccess EUAIC legal information including privacy, cookies, terms, legal notice, security, GDPR, accessibility and responsible AI policies.Cookie PolicyRead how the EUAIC website may use essential cookies, analytics cookies, security technologies and visitor preferences.Acceptable UseReview acceptable use expectations for EUAIC website access, enquiry forms, security, communication and responsible conduct.GDPR ComplianceReview EUAIC GDPR principles for website enquiries, data minimisation, retention, rights requests and responsible communication.Data ProcessingRead EUAIC data processing information covering customer instructions, controller and processor roles, security and sub-processor review.Sub-processorsReview how EUAIC may approach third-party providers, hosting, infrastructure, analytics, communication tools and customer review.Service LevelsUnderstand EUAIC service level themes for availability, planned maintenance, support expectations and incident handling.Refunds & CancellationReview EUAIC refund and cancellation principles for subscriptions, implementation, consulting, custom work and agreed contracts.Anti-SpamRead EUAIC anti-spam principles for responsible business emails, communication quality, unsubscribe handling and sender reputation.Intellectual PropertyReview EUAIC intellectual property rules for website content, branding, graphics, software descriptions and design materials.ComplaintsLearn how to raise EUAIC website, enquiry, service, privacy, security, accessibility or billing concerns for professional review and response.Responsible AIReview EUAIC responsible AI principles covering governance, oversight, transparency, evidence, risk review and accountability.AI Governance DisclaimerRead the EUAIC disclaimer explaining that AI compliance information is general and does not replace professional advice.Legal NoticeReview EUAIC legal notice information including company identity, website ownership, intellectual property and professional advice limitations.Responsible DisclosureRead EUAIC responsible disclosure expectations for reporting security issues safely, privately and without unauthorised exploitation.Data RetentionReview EUAIC data retention principles for enquiries, communication records, website logs, service records and deletion requests.Modern SlaveryRead EUAIC’s modern slavery and ethical trading statement for responsible business conduct and supplier awareness.Equality & InclusionRead EUAIC’s equality, diversity and inclusion statement for respectful access, communication and responsible business culture.

Questions

Frequently asked questions

Can I test the website security?

Only with written authorisation.

Does this statement guarantee security?

No. It explains the security approach and does not create a guarantee.

How should concerns be reported?

Privately, with enough detail to investigate safely.