AI Responsibility

Version 2.0 – October 2, 2025

BARP is a trade name of Yepyr B.V., having its registered office in Breda (KvK 93769792, VAT NL866521641B01) in the Netherlands.

Introduction

Yepyr B.V. and BARP recognize the societal and legal importance of the careful use of artificial intelligence (AI). Our Software-as-a-Service (SaaS) platform is built in part on AI functionalities that contribute to analytics, pattern recognition, enrichment and Compliance reporting.

We follow the provisions of the EU AI Act (2024) and the General Data Protection Regulation (AVG). Our policies are professional, transparent and verifiable.

AI is deployed to deliver value, but always with attention to security, privacy and human oversight.

For non-technical readers: AI within BARP involves advanced software algorithms that recognize patterns and enrich data to provide support for analyses and reports. AI never makes autonomous or legally binding decisions within our services.

Application of AI within BARP.

BARP does not develop or provide AI systems that fall under the high risk category as defined in the EU AI Act. We do not build autonomous decision-making systems, biometric recognition, public scoring models or applications in critical infrastructure.

Within BARP, AI is deployed exclusively in the following contexts:

• BARP platform: pattern recognition, clustering, blockchain data enrichment and trend detection, always under human supervision.
• Support processes: document generation, debugging, language control and knowledge management.
• Commercial AI tools: deployment of applications such as Microsoft 365 Copilot, GitHub Copilot and ChatGPT exclusively to support knowledge work.
• Research and analysis tasks: when personal data is involved, we only use AI models running within EU sovereign infrastructure, with no onward transfer to jurisdictions outside the EU.

No automated decisions with legally binding consequences for users are performed.

Management measures

BARP applies the following principles to AI use:

• Human supervision. AI is a tool, never a substitute for professional judgment. Results are always reviewed by experts.
• Data Protection. AI applications are developed and used in compliance with the AVG. Personal data is processed only within this framework and never through unassessed external AI systems.
• Transparency. AI applications are traceable and accountable. There is no hidden automation or misleading output.
• Manageable dependency. AI supports processes, but it is not a singular decision-making mechanism.
• Standards and frameworks. BARP follows the EU AI Act (2024) and aligns with recognized frameworks and guidelines, including:
  • ISO/IEC 27001:2022 information security.
  • NIST AI Risk Management Framework (2023).
  • OWASP guidelines for secure software development.
• Periodic risk analyses. BARP conducts regular risk assessments to identify and mitigate potential new AI risks.
• Human and technical training. Employees are regularly trained in the responsible and safe use of AI applications.

For customers, AI functions are provided with clear disclaimers, and the ultimate responsibility for decisions lies with the user, where relevant.

Future assessment

The EU AI Act was enacted in 2024 and will take effect in phases starting in 2024. Yepyr B.V. and BARP will regularly update this statement and internal measures as specific obligations become applicable to our platform and services. New AI functionalities within BARP will be separately assessed and documented in line with the EU AI Act and the GDPR.