EU AI Act Compliance • Regulation (EU) 2024/1689

AI Act Compliance Statement

How Flowen aligns with the European Union's Artificial Intelligence Act

1. Introduction

The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) is the world's first comprehensive legal framework for AI. It entered into force on 1 August 2024 and applies in phases through 2027.

Flowen, operated by Industrinät AB (org.nr: 556886-5835), uses AI features as part of its business management platform. This page explains which AI features we provide, how they are classified under the AI Act, and the obligations we and our customers share.

2. Provider Information

Provider: Industrinät AB

Organization number: 556886-5835

Address: Gothenburg, Sweden

Role under AI Act: Deployer of third-party AI models, integrator of AI features into Flowen

Contact: privacy@flowen.eu

3. AI Components in Flowen

Flowen integrates the following AI services. All AI processing happens on EU infrastructure with EU-based providers.

3.1 Mistral AI (France)

  • Chat assistance and document Q&A
  • Meeting transcription summarization
  • Search query understanding (Flowen Search)
  • Content drafting suggestions

Data location: EU only. Provider: Mistral AI SAS, France.

3.2 OpenAI Whisper (self-hosted)

  • Audio-to-text transcription for meetings and voice notes
  • Runs on Flowen's own EU servers (OVH, France)

Open-source model executed on EU infrastructure. No data leaves our servers.

3.3 ElevenLabs (optional, voice features)

  • Text-to-speech for Flowen Voice (when enabled)

Used only when voice features are explicitly enabled.

3.4 Azure Document Intelligence (optional, receipts/OCR)

  • OCR for receipts and invoice extraction
  • Microsoft EU data residency

Used only for receipt-matching workflow when enabled.

3.5 Qdrant (self-hosted vector database)

  • Semantic search and retrieval for AI knowledge base
  • Hosted on Flowen's own EU servers

4. Risk Classification

The AI Act classifies AI systems into four risk levels. Flowen's AI features fall into the limited-risk and minimal-risk categories.

Unacceptable risk (Article 5) — NOT used

Flowen does not use social scoring, biometric categorization, emotion recognition in workplaces, predictive policing, or any other practice prohibited under Article 5.

High risk (Annex III) — NOT used

Flowen does not deploy AI in regulated high-risk areas (recruitment decisions, credit scoring, critical infrastructure, law enforcement, education access, etc.).

Limited risk (Article 50) — APPLIES

Flowen's chat assistance and content generation features fall under transparency obligations: users are always informed when they are interacting with AI or viewing AI-generated content.

Minimal risk — APPLIES

Search, transcription summarization and OCR fall under minimal-risk uses. No specific obligations beyond general principles apply.

5. Transparency Obligations (Article 50)

Under Article 50 of the AI Act, both providers and deployers of AI have transparency duties. Flowen meets these as follows:

  • AI interaction disclosure: AI chat features in Flowen are clearly labeled as AI-powered. Users always know when they are interacting with a machine.
  • AI-generated content labeling: Drafts and suggestions produced by AI are marked as such within the Flowen interface.
  • Synthetic content: Flowen does not generate deepfakes or synthetic media. Voice synthesis (when enabled) is clearly labeled.
  • No covert manipulation: No AI feature in Flowen is designed to subliminally influence user behavior.

6. Customer Responsibilities (Article 50)

When you use Flowen, you may become a deployer of AI under the Act. This means you have your own obligations:

  • Inform your end users when AI-generated content (drafts, summaries, suggestions) is shared with them externally.
  • Label synthetic content if you publish AI-generated text, images or audio externally.
  • Train your staff in basic AI literacy (Article 4) when they interact with Flowen's AI features as part of their work.
  • Do not use Flowen's AI features for prohibited practices listed in Article 5 (e.g. biometric categorization, social scoring).

7. No Autonomous AI Agents

Flowen does not deploy autonomous AI agents that make decisions or take actions without human review. All AI output in Flowen is a suggestion or draft presented to a human user, who decides whether to accept, edit or discard it. AI never sends emails, creates invoices, or modifies customer records on its own.

8. EU Data Sovereignty

  • Hosting: OVH (France) and Hetzner (Germany)
  • AI providers: Mistral AI (France), self-hosted Whisper and Qdrant
  • Company: Industrinät AB (Sweden)
  • No CLOUD Act exposure: No US-based providers process Flowen production data
  • No data transfers outside EU/EEA

9. AI Act Application Timeline

1 Aug 2024
AI Act entered into force.
2 Feb 2025
Prohibited practices (Article 5) and AI literacy (Article 4) start applying.
2 Aug 2025
Rules for general-purpose AI (GPAI) models and governance apply.
2 Aug 2026
Main body of the Act applies, including transparency obligations under Article 50.
2 Aug 2027
Full application, including high-risk system rules in Annex I.

10. Updates to This Statement

As the AI Act is applied in phases and as we adopt new AI features, this statement will be updated accordingly. Material changes will be communicated to active customers by email.

11. Contact

For AI Act, GDPR or compliance questions:

Email: privacy@flowen.eu

DPO: Daniel Olsson (daniel@flowen.eu)

Phone: +46 31 788 45 12

See also our Privacy Policy, Terms of Service and the Legal overview.