Responsible AI Policy

At Responsible AI Labs Pvt. Ltd. ("RAIL", "we", "us", or "our"), we build tools that help developers and enterprises evaluate and govern AI systems. This Responsible AI Policy describes the principles and practices we apply to our own products, including the RAIL Score Evaluator, Protected Generator, Compliance Tester, the RAIL Score MCP server, and our SDKs.

1. Scope

This policy applies to all AI products, services, and research conducted by RAIL, and to how we expect customers to use our Services. It complements our Terms of Service and Privacy Policy.

2. Our Principles

We evaluate AI content across eight dimensions, and we hold our own systems to the same standard:

Fairness: equitable treatment across groups; active bias detection and mitigation.
Safety: prevention of harmful, toxic, or unsafe outputs.
Reliability: factual accuracy, consistency, and calibrated uncertainty.
Transparency: clear reasoning, honest limitations, and no deceptive framing.
Privacy: data minimization and protection of personal data.
Accountability: traceable reasoning, explicit assumptions, and clear ownership.
Inclusivity: accessible and culturally aware language.
User Impact: positive value delivered at the right level of detail and tone.

3. Governance and Standards Alignment

We align our governance with recognized frameworks, including the NIST AI Risk Management Framework (Govern, Map, Measure, Manage) and ISO/IEC 42001 (AI management systems), and we track legal requirements such as the EU AI Act, India's DPDP Act and DPDP Rules, GDPR, HIPAA, and the CCPA. We maintain internal accountability for our AI systems and review this policy as regulations evolve.

4. How the EU AI Act Applies to Us

The EU AI Act (Regulation (EU) 2024/1689) has extraterritorial reach: it applies to providers and deployers outside the EU where the output of an AI system is used in the EU. We monitor our classification under the Act and the phased application of its obligations:

Prohibited practices (Article 5) and AI-literacy obligations (Article 4) have applied since February 2, 2025.
General-purpose AI (GPAI) model obligations and the governance role of the EU AI Office have applied since August 2, 2025.
The transparency obligations (Article 50) and the obligations for high-risk AI systems are scheduled to apply from August 2, 2026.

Current status as of June 12, 2026

The EU "Digital Omnibus on AI" package is a provisional political agreement only, reached by Council and European Parliament negotiators on May 7, 2026 and confirmed by Member State representatives on May 13, 2026, with formal adoption expected around July 2026. It has not been formally adopted or published in the Official Journal, so the August 2, 2026 dates remain legally in force. If adopted as agreed, the package would defer Annex III (use-based) high-risk obligations from August 2, 2026 to December 2, 2027 and Annex I (product-embedded) high-risk obligations from August 2, 2027 to August 2, 2028, and would provide a grace period until December 2, 2026 (reduced from six months to three months) for generative-AI systems placed on the market before August 2, 2026 to meet the Article 50(2) marking requirement. We are preparing on the basis of the dates currently in law and will update this policy if the amendments are adopted.

Our products are evaluation and governance tools. Where our Services produce or assist in generating content, and where Article 50 transparency obligations apply, we support marking and disclosure of AI-generated or AI-assisted content. Where customers deploy our outputs in high-risk contexts, customers remain responsible for their own conformity obligations, and our Compliance Tester is intended to support, not replace, that work.

5. Our Practices

5.1 Continuous Evaluation

Regular testing of our models for bias, safety, and reliability across diverse cases.
Red-teaming and adversarial testing, including prompt-injection detection.
Ongoing monitoring, incident response, and rapid issue resolution.
Independent and third-party review where appropriate.

5.2 Transparency and Documentation

Documentation of intended use, limitations, and known risks for our models.
Clear explanation of scoring methodology and dimension weights.
Disclosure of significant safety or fairness incidents and our response.

5.3 Privacy and Data Protection by Design

Data minimization, including optional client-side PII scanning so customers can mask or block sensitive data (including Indian identifier types and child signals) before submission.
No use of customer API inputs or outputs to train models that serve other customers.
Security safeguards consistent with Rule 6 of the DPDP Rules.

5.4 Human Oversight

We design our tools to augment human judgment, not replace it in consequential decisions. Our outputs are decision-support signals and should be reviewed by a qualified person before action is taken in high-stakes settings.

6. Acceptable Use and Prohibited Uses

We prohibit use of our Services to:

Enable unlawful surveillance or tracking without a lawful basis and required consent.
Discriminate on the basis of protected characteristics.
Generate harmful, hateful, or illegal content.
Deceive or manipulate vulnerable people.
Conduct tracking, behavioral monitoring, or targeted advertising directed at children (individuals under 18 under the DPDP Act).
Make automated decisions in high-stakes scenarios without human oversight.

Misuse may result in suspension or termination under our Terms of Service.

7. Reporting and Contact

We welcome questions, feedback, and reports of concerns about our responsible-AI practices, including suspected safety or fairness issues.

General and policy contact: hello@responsibleailabs.ai
Research and disclosures: research@responsibleailabs.ai

Responsible AI Labs Pvt. Ltd., 672, Ruchi Lifescapes, 2nd Floor, Jatkhedi, Bhopal, Madhya Pradesh, India - 462023