Trust Center
EU AI Act
EU AI Act
Compliance Statement
This page explains how Enrich-CRM’s enrichment services relate to the EU Artificial Intelligence Act (Regulation EU 2024/1689), including our risk classification, the AI systems we use, and your rights.
Our enrichment AI systems are classified as Limited Risk — not high-risk under the EU AI Act.
We do not use prohibited AI practices: no social scoring, no subliminal manipulation, no real-time biometric surveillance.
We use AI to infer and match professional B2B data (job titles, emails, company info). We are transparent about this.
Human oversight is built into our pipeline. Enrichment results are informational — they never trigger automated decisions with legal effect.
As a French company, we are subject to EU AI Act from its full entry into force and will update our practices accordingly.
Questions about our AI systems? Contact us at privacy@enrich-crm.com — we respond within 48 hours.
This is an informational statement, not a legal certificate. It reflects our current understanding of the EU AI Act as of February 2026.
What is the EU AI Act?
The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) is the world’s first comprehensive legal framework for artificial intelligence, adopted on 13 June 2024 and entering into force on 1 August 2024. It applies to AI systems placed on the EU market or used in the EU, regardless of where the provider is established.
The Act establishes a risk-based classification framework:
Unacceptable Risk
Prohibited outright — social scoring, subliminal manipulation, real-time biometric surveillance in public spaces.
High Risk
Permitted with strict obligations — biometric ID, critical infrastructure, employment decisions, access to essential services.
Limited Risk
Transparency obligations apply — chatbots, AI-generated content, systems that interact with or infer about individuals.
Minimal Risk
No specific obligations — spam filters, AI-powered video games, basic recommender systems.
AI Systems We Use
Contact Data Inference
We use machine learning models to infer and match professional contact attributes — including job titles, seniority levels, professional email addresses, and LinkedIn profile associations — from identifiers you provide (domain name, name, known email). These models perform probabilistic inference and matching rather than generative AI.
Fields inferred / returned
Enrichment results are informational only. They are never used as the sole basis for automated decisions with legal or similarly significant effects on individuals.
Company Data Enrichment
We use AI-assisted data aggregation and classification to infer company attributes from public sources — including industry classification, headcount ranges, technology stack detection, and website content analysis. This is primarily rule-based and statistical aggregation, with limited machine-learning inference.
Fields inferred / returned
Company-level data does not relate to natural persons and therefore falls outside the scope of the EU AI Act's personal data provisions.
Risk Classification
Our classification: Limited Risk (contact inference) / Minimal Risk (company data)
We do not operate in any High-Risk AI system category as defined in Annex III of the EU AI Act.
Why we are not High-Risk
The EU AI Act’s Annex III lists high-risk AI system categories. Enrich-CRM does not fall into any of them because:
- Biometric identification and categorisation: We do not use biometric data. We process professional identifiers (email, name, domain), not physical characteristics.
- Critical infrastructure: We are a B2B SaaS data enrichment tool, not a component of critical infrastructure.
- Education and vocational training: We do not assess or make decisions on individuals' educational outcomes.
- Employment, workers management, and access to self-employment: We provide informational enrichment data to our clients. We do not make or automate employment decisions. Our clients are responsible for how they use enriched data in their own HR processes.
- Access to essential private services and public services: Enriched data is used for commercial B2B outreach and CRM management — not for access to credit, insurance, housing, or public services.
- Law enforcement: We do not provide services to law enforcement agencies for profiling or prediction.
- Migration, asylum, and border control: Not applicable to our use case.
- Administration of justice and democratic processes: Not applicable to our use case.
Our Transparency Obligations
As a Limited Risk AI system provider, the EU AI Act requires us to ensure a basic level of transparency. We meet these obligations as follows:
Disclosure that AI is used
This page constitutes our primary disclosure. We explicitly state that AI/ML models are used in our enrichment pipeline. Our Terms of Service and Privacy Policy also reference automated processing.
Nature and logic of processing
Section 2 of this page describes each AI system we use, what inputs it takes, what outputs it produces, and what it cannot be used for. We explain whether each system is probabilistic inference or rule-based matching.
No fully automated decisions with legal effect
Enrich-CRM enrichment results are always informational. They are delivered to our clients (who are the data controllers) and never directly trigger automated decisions with legal or similarly significant effects on individuals. Our clients bear responsibility for how they use enriched data.
Accuracy limitations
Enrichment results are provided on a best-effort, as-is basis. Our models have imperfect coverage and may produce incorrect results for some records. We explicitly disclaim warranty of accuracy in our Terms of Service. We do not guarantee that any inferred data point is correct.
Prohibited AI Practices — What We Do Not Do
The EU AI Act prohibits certain AI practices unconditionally. Enrich-CRM does not engage in any of them:
Your Obligations as a Client (Deployer)
Under the EU AI Act, you are a “deployer”
When you use Enrich-CRM enriched data in your own products, CRM, or automated workflows, you may be acting as an AI system deployer under the EU AI Act — particularly if you combine our output with your own AI systems.
As our client, you are responsible for:
- Ensuring enriched data is used only for lawful purposes and in compliance with GDPR as data controller
- Not using enriched data as the sole basis for automated decisions with legal or significant effects on individuals without appropriate human review
- Not using enriched data to enable any prohibited AI practice listed in Article 5 of the EU AI Act
- Conducting your own AI Act compliance assessment if you build AI systems on top of Enrich-CRM data
- Complying with our Enrichment Policy, which prohibits scraping, resale, and building competing datasets
EU AI Act — Application Timeline
EU AI Act published in the Official Journal.
Article 5 prohibitions on unacceptable-risk AI systems become enforceable.
Obligations for general-purpose AI models and their providers apply.
All remaining provisions, including high-risk and limited-risk obligations, become fully applicable.
Existing high-risk AI systems already on the market must comply by this date.
Your Rights Regarding AI-Processed Data
Even for data inferred by AI systems, your GDPR rights remain fully applicable. You have the right to:
Access
Know what data about you has been inferred by our AI systems.
Rectification
Correct inaccurate inferred data.
Erasure
Request deletion of inferred data from our systems.
Object
Object to the processing of your data, including AI-inferred attributes.
Explanation
Request a meaningful explanation of how an AI-inferred data point about you was produced.
CNIL complaint
Lodge a complaint with the CNIL if you believe your rights are not being respected.
To exercise any of these rights, contact our DPO at privacy@enrich-crm.com. We respond within 30 days.
EU AI Act Compliance Statement · Last updated February 2026 · ENRICH CRM SAS
Questions: privacy@enrich-crm.com