legal documentation
DeepVA AI Act Addendum
Last updated: April 20, 2026
Introduction
This Addendum to the EU AI Act (“AI Act Addendum”) is entered into as a legally binding part of the Master Subscription Agreement (“MSA”) as well as any supplementary agreements (esp. the Side Agreement) between Aben DeepVA GmbH (“Provider” or “DeepVA”) and the Subscriber (“Deployer” or “Customer” or “Subscriber”) (collectively the “Parties”).
Preamble
Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonized rules on artificial intelligence (“AI Act”) establishes a new legal framework for the development and use of AI systems. Since the Customer integrates the DeepVA Services into its own business processes and/or software products, this AI Act Addendum aims to legally allocate the regulatory obligations between the Parties.
§1 Subject Matter and Order of Precedence
- This AI Act Addendum concretizes the principles set out in Section 1.18 of the MSA (“AI Governance”).
- In the event of substantive contradictions between this AI Act Addendum, the MSA, the SLA, or the Side Agreement, the provisions of this AI Act Addendum shall strictly prevail with regard to compliance with the AI Act.
§ 2 Regulatory Classification and Allocation of Roles
- Role of the Provider DeepVA provides AI models and services via API and platform accesses and acts in this respect as a “Provider” (Art. 3 No. 2 AI Act) of general-purpose AI models (GPAI) and of AI systems.
- Role of the Deployer The Customer uses the DeepVA Services under its own responsibility, determines the specific intended purpose, and acts as a “Deployer” (Art. 3 No. 4 AI Act).
- Risk Classification The Parties clarify that the DeepVA Services, in their standard version, are not designed or certified by the Provider as high-risk AI systems (Art. 6 AI Act), but are classified as systems with limited risk (transparency risk).
§ 3 Obligations and Warranties of DeepVA
- Transparency and System Documentation
DeepVA provides the Customer with the technical documentation required under the AI Act (esp. descriptions of system capabilities and limitations). - Protection of Training Data
DeepVA contractually and technically warrants that the input data (image, audio, video, text) provided by the Customer within the scope of contractual use will not be incorporated into the training pool of the global foundation models of DeepVA or its subcontractors (Third-Party AI Models) (so-called No-Training Policy). - Labeling (Watermarking / C2PA)
Insofar as DeepVA is obligated to do so under Art. 50 Para. 2 AI Act, DeepVA ensures that AI-generated or manipulated content (esp. synthetic media) is labeled as such in a machine-readable format (e.g., via C2PA metadata).
§ 4 Compliance Obligations of the Customer (Deployer)
- Prohibited Practices and High-Risk Systems In addition to Section 1.3 (n) and (o) of the MSA, the Customer is strictly prohibited from using the DeepVA Services for purposes that fall under Art. 5 AI Act (Prohibited AI practices, e.g., social scoring, real-time remote biometric identification) or Art. 6 AI Act in conjunction with Annex III (High-risk AI systems). If the Customer nevertheless deploys the Services in a high-risk context through its own configuration, Custom Prompting, or Fine-Tuning, the Customer itself becomes a fully responsible provider within the meaning of the AI Act. )
- Transparency Obligations towards End Users The Customer bears the sole legal responsibility for compliance with the information obligations pursuant to Art. 50 AI Act. The Customer shall imperatively ensure that natural persons are informed in a clear and comprehensible manner when they interact with an AI system or when AI-generated or synthetic content (so-called Deepfakes) is provided to them.
- Integrity of the Labeling The Customer undertakes not to remove, suppress, or technically alter the technical proofs of origin (watermarks, C2PA metadata) provided by DeepVA when displaying content to its end users.
Human Oversight The Customer implements appropriate internal processes to ensure that AI-generated outputs are critically reviewed for accuracy and freedom from hallucinations or impermissible bias before they are used for business purposes or published.
§ 5 Post-Market Monitoring and Incident Reporting
To fulfill the provider’s statutory post-market monitoring obligations, the Customer is obligated to inform DeepVA without undue delay—but no later than within 48 hours of becoming aware—in text form (e.g., via support ticket) if a “serious incident” (Art. 3 No. 49 AI Act) occurs or if there is a reasonable suspicion that the output of the DeepVA Services systematically violates Union law or national fundamental rights.
§ 6 Chain of Responsibility (Pass-Down upon Integration)
- Insofar as the Customer is granted the right to integrate the DeepVA Services into its own products under the Side Agreement (“DeepVA Enterprise Tier”), this § 6 constitutes an essential condition for maintaining this right: The Customer undertakes to seamlessly pass down the deployer obligations resulting from §§ 4 and 5 of this AI Act Addendum to its own end users through legally binding General Terms and Conditions.
- The Customer shall be strictly liable to DeepVA for the regulatory misconduct of its end customers as if it were its own misconduct.
§ 7 Indemnification and Liability
The Customer shall indemnify DeepVA upon first demand against all claims, damages, fines (esp. those pursuant to Art. 99 AI Act), and reasonable costs of legal defense resulting from the Customer or its end users (a) using the DeepVA Services contrary to § 4 for prohibited or high-risk systems, (b) violating the transparency obligations of Art. 50 AI Act, or © removing warnings or metadata.
With regard to liability claims incurred by the Customer due to faulty AI outputs (incl. IP infringements), the limitations and exclusions of liability set out in Section 10 of the MSA and Section 5 of the Side Agreement (esp. for Third-Party AI Models) shall continue to apply in full.
§ 8 Prevailing Special Conditions (Overrides to the MSA)
The Parties hereby expressly agree that the following provisions of this Addendum shall strictly prevail over the provisions of the Master Subscription Agreement (MSA) and shall replace or
modify them to that extent:
- Restriction of the AI Definition (Override to Sec. 1 MSA — Definitions)
Notwithstanding the broad definition of “AI” or “Artificial Intelligence” in Section 1 of the MSA, the applicability of this Addendum and all regulatory obligations is based exclusively on the legal definition of “AI systems” and “AI models” pursuant to Art. 3 AI Act. Conventional deterministic software components of the DeepVA Services are expressly not subject to the obligations of the AI Act. - Strict Restriction of Biometric Analyses (Override to Sec. 1.3 MSA — Acceptable Use)
In mandatory addition to and strengthening of Section 1.3 of the MSA, the Customer is hereby expressly and irrevocably prohibited from using the DeepVA Services—in particular the Face Recognition and Diversity Analysis modules—for practices that are prohibited under Art. 5 AI Act. This includes in particular, but is not limited to:
a) use for emotion recognition in the workplace or in educational institutions;
b) the biometric categorization of natural persons based on sensitive characteristics (such as ethnic origin, political opinions, religious beliefs, or sexual orientation);
c) the untargeted scraping of facial images from the internet or CCTV footage to create or expand facial recognition databases. - Prohibition of Model Training (Override to Sec. 4 MSA — Data Processing/Feedback)
Notwithstanding any usage rights to customer data granted in Section 4 of the MSA (or comparable clauses) for service improvements, DeepVA hereby bindingly warrants (so-called No-Training Policy): Neither DeepVA nor subcontractors engaged by DeepVA will use the input data (texts, images, audio, video) fed into the Services by the Customer or the generated outputs to train, fine-tune, or alter the weights of the underlying global AI foundation models (Foundation Models / GPAI). Any liability of the Customer for alleged copyright infringements arising from model training (Art. 53 AI Act) in relation to its input data is thereby excluded.
