AI Governance and Compliance at Zoovu

At Zoovu, Artificial Intelligence (AI) is at the core of our solutions, driving personalized digital experiences for our clients worldwide. As a company that takes AI governance and compliance seriously, we have established robust processes and controls to ensure the responsible development, deployment, and oversight of AI technologies.

1. Commitment to Compliance: EU AI Act and Internal Oversight

Following the introduction of the EU AI Act, Zoovu formed an internal AI Committee responsible for guiding and regulating all AI-related activities (The Safety, Ethics, AI, Legal, Security committee or “SEALS”). This committee has developed and disseminated an AI Policy across the organization, ensuring strict adherence to the provisions of the Act and embedding best practices throughout our operations. Key focus areas from the AI Policy include:

(a) Risk Classification

We categorize AI systems (e.g., minimal, limited, high, or unacceptable risk) to determine the necessary safeguards. Zoovu Advisor Studio (“ZOE”), Zoovu’s AI-powered conversational and discovery experience is assessed as limited-risk (gen-AI/assistive features for product discovery and content support), not falling into prohibited or high-risk categories.

(b) Transparency Obligations

• Zoovu believes in transparent and responsible AI. Whenever end-users engage with an AI-powered experience, Zoovu enables our clients to let users know they’re interacting with an AI system. To make this easy, Zoovu provides a default informational message within each AI system. This serves as a flexible template that clients can adapt to their brand voice and compliance needs. Clients have full control to customize the wording, add their own policies, terms, or notices, and decide how the disclosure appears in the experience.
• Clear communication about AI functionalities ensures clients and their corporate users are informed about how AI is employed in their journey.

(c) Robustness and Accuracy

• Our AI systems undergo rigorous testing and monitoring to maintain high performance, accuracy, and security. Zoovu conducts pre-release evaluations, red-teaming for prompt and response safety, periodic accuracy and regression testing, and continuous runtime monitoring for abuse and drift. Any material issues trigger rollback and corrective action.
• Zoovu uses a multi-layered prompt injection / jailbreak protection of its LLM-based solutions.
• As a further enhancement to the testing processes outlined above, Zoovu has implemented an AI Quality Tester—a mechanism that emulates interactions with our AI experiences and validates multiple aspects of their outputs, including hallucinations, factual accuracy, and correctness, tailored to our specific use cases. This approach streamlines the assessment of LLM responses by enabling the automated detection of potential issues, reducing the need for manual, post-factum review.

(d) Human Oversight

• We maintain human oversight at critical stages of AI operation to ensure reliable and ethical outcomes.
• Defined escalation paths allow teams to intervene whenever necessary.

(e) Governance

The SEALS Committee is responsible for AI governance, overseeing the ethical, secure, and compliant development and deployment of AI systems across Zoovu. Its key achievements and responsibilities include the following:

• Centralized Governance: Created a unified AI usage policy across all departments, replacing ad-hoc adoption with a controlled, tiered approval framework. Also ensuring all AI-related initiatives are aligned with our overall IT governance and compliance standards.
• Risk Mitigation Framework: Implemented a formal AI risk register that classifies AI systems by impact and likelihood, ensuring proportionate oversight.
• Vendor Independence: Introduced abstraction layers in our architecture to prevent over-dependency on any single AI vendor, improving resilience.
• Incident Review Protocol: Established a triage process for AI-related incidents or ethical concerns, reviewed monthly and reported to the executive committee.
• Education and Literacy: Zoovu trains its staff annually through company-wide AI literacy and ethical-use training sessions.

(f) Social & Ethical Firewall. Preventing bias

Zoovu maintains a dual-direction “ZEAL firewall” (Zoovu Ethics, Appropriateness, and Legality) designed to assess both inputs and outputs of generative systems:

• Brand-Safe Definition: Content must meet Zoovu’s standards for tone, inclusivity, factual grounding, and brand representation. Any language that could be perceived as misleading, biased, offensive, or outside of approved brand archetypes is automatically flagged for review. Clients can extend these standards for their needs, but not reduce the standards from our baseline.
• Zoovu employs a multi-faceted approach to avoid bias. This includes designing algorithms that can be interrogated for their logic, regular monitoring of outcomes for anomalous or potentially discriminatory patterns and continuous model refinement. While full explainability of complex AI can be challenging, the logic is based on user inputs, making the outcomes inherently traceable to the user's choices.
• Ethical Alignment: Our SEALS team defines ethical guardrails based on five dimensions — safety, fairness, transparency, privacy, and accuracy. These are cross-mapped against emerging frameworks such as the EU AI Act, OECD AI Principles, as well as industry best practices for AI management systems, including principles reflected in ISO/IEC 42001.
• Firewall Operations:
  • Static rules (regular expression and semantic classifiers) are maintained within the platform to detect non-brand-safe or ethically concerning input or output.
  • Dynamic policies are reviewed quarterly by SEALS and updated, or sooner if external regulation or incident reports warrant revision.
  • All generative templates undergo mandatory pre-deployment review for brand and ethical compliance.

(g) Datasets and data used to train our AI systems:

• Zoovu’s AI systems are built on foundation models sourced from approved providers, combined with generative templates developed by Zoovu and enriched with product information. All datasets used for evaluation are carefully curated to exclude sensitive information, and each release undergoes bias and quality testing as part of Zoovu’s standard review process.
• Algorithmic fairness: Zoovu is committed to mitigating bias in its AI models through regular testing, monitoring and by avoiding the use of sensitive personal data in its algorithms.

2. Integration with ISMS and Established Certifications

AI governance is fully integrated into Zoovu's Information Security Management System (ISMS), which is certified and audited under ISO 27001:2022 and SOC 2 Type 2 standards. This integration ensures:

• Risk Assessment: AI-related risks are proactively identified, evaluated, and managed within our overarching risk framework.
• Change Management: Updates or enhancements to AI systems follow controlled and documented processes.
• Secure Coding: Best practices in software development ensure code integrity and mitigate vulnerabilities in AI applications.
• Ongoing Monitoring: Regular audits, both internal and external, confirm our adherence to strict security and compliance measures.
• Incident Management: AI-related incidents—including model failures, data integrity issues, misuse, or anomalous behavior—are handled under our enterprise-wide incident response process, enabling rapid detection, triage, containment, and communication.

Furthermore, Zoovu has undertaken a Data Protection Impact Assessment (DPIA) for Zoovu Advisor Studio (“ZOE”), Zoovu’s AI-powered conversational and discovery experience. The DPIA is available at https://zoovu.com/legal/zoe-dpia.

By harmonizing these standards and best practices, Zoovu delivers AI solutions that are transparent, compliant, and secure. Our commitment to continuous improvement and collaboration underpins our mission to help businesses harness the power of AI responsibly and effectively. We remain dedicated to innovating while maintaining the highest ethical and regulatory standards-ensuring that AI at Zoovu benefits our customers with confidence and trust.

Obligatory disclaimer: The information above is provided for general information only, is non-binding, and does not form part of any contract or create any warranty, representation, or commitment. Content may change over time and may not always reflect the most current information.