Security & Compliance
EU AI Act Compliance
The EU AI Act prohibits emotion inference in employment and education contexts. DeepaData's interpretation architecture provides a compliant path for AI systems that need to handle emotional context.
Enforcement Timeline
Article 5 prohibited practices take effect August 2, 2026. Organizations using emotion recognition or inference in prohibited contexts must demonstrate compliance before this date.
Article 5: Prohibited Practices
Article 5(1)(f) of the EU AI Act specifically prohibits:
“AI systems that infer emotions of a natural person in the areas of workplace and education institutions, except where the use of the AI system is intended to be put in place or into the market for medical or safety reasons.”
The prohibition applies specifically to inference — deriving emotional states from behavioral signals, biometrics, or patterns without explicit expression by the subject.
Interpretation vs. Inference
The distinction between interpretation and inference is critical for compliance. DeepaData interprets expressed and inferred content into explicit governed records — making the previously invisible, visible and auditable.
Deriving emotional states from indirect signals without explicit subject expression.
- ✗Facial expression analysis → emotion classification
- ✗Voice tone analysis → stress detection
- ✗Typing patterns → emotional state prediction
- ✗Behavioral patterns → mood inference
Structuring meaning from content the subject has expressed or that carries emotional significance — making it explicit, auditable, and revocable.
- ✓Text: “I'm feeling anxious” → captures expressed anxiety
- ✓Subject-authored content → structured affective record
- ✓Explicit statements → governance-ready artifacts
- ✓Consented disclosures → auditable documentation
Non-Inferential Architecture
DeepaData's architecture is designed around three principles that ensure compliance with Article 5.
1. Express Content Only
DeepaData only processes content that the subject has explicitly authored or consented to share. No behavioral signals, biometrics, or indirect data sources are used for emotional analysis.
2. Semantic Structuring, Not Prediction
The interpretation process maps expressed and contextually significant content to a structured schema (EDM). It does not predict, forecast, or infer emotional states beyond what the subject has explicitly communicated.
3. Consent-Bound Processing
Every artifact includes governance metadata documenting the consent basis. VitaPass provides cryptographic consent attestation, ensuring processing is always authorized by the subject.
Compliance Checklist
For organizations using DeepaData in EU-regulated contexts:
Interpret content into structured records — expressed or contextually inferred
Process text/speech that subjects have authored, interpreted into governed artifacts
Document consent basis
Include jurisdiction and consent_basis in every /v1/extract call
Seal artifacts for auditability
Use /v1/issue to create .ddna envelopes with cryptographic proofs
Use VitaPass for standing consent
Implement VitaPass scope grants for ongoing therapeutic or coaching relationships
Maintain certificate registry
Store certificate IDs for audit trail; retrieve via /v1/certificate/:id