🇪🇺 Digital Services Act (DSA)

Compliance Document for Aegis IA

Date of internal validation: December 2025

Status: Compliant with obligations for B2B Intermediate Service Providers

1. Framework and Scope (Regulation EU 2022/2065)

1.1 Positioning of Aegis IA under the DSA

Aegis IA is an intermediate service provider, primarily falling into the category of "Simple Intermediary" and "Provision of B2B Technology Solutions".

Service Category DSA	Applicability to Aegis IA	Factual Justification
Simple Intermediary (Network transmission)	Yes	Consulting services and AI solution integration involve information transmission services.
Hosting Service (Data storage)	No	The AI solutions provided are deployed and systematically hosted by the SME customer on its own hardware due to reasons of sovereignty and confidentiality. Aegis IA is not responsible for storing content generated or processed by the AI.
Online Platform (PO/TGPO) (Public dissemination)	No	Aegis IA does not manage any public interface or service aimed at disseminating information to the public.

1.2 Date of Application

All legal obligations applicable to Aegis IA have been in effect since November 1st, 2025.

2. Compliance with the DSA's General Obligations

Aegis IA has implemented the required measures to ensure transparency and cooperation with authorities and users.

DSA Article	Legal Obligation	Aegis IA's Compliance Measure
Art. 11	Single Point of Contact for Authorities	A unique electronic point of contact is designated for communication with member state authorities, the Commission, and the European Digital Services Committee.
Art. 12	Single Point of Contact for Users	A direct and reliable point of contact (phone/email) is established to allow users (B2B clients) to communicate quickly and directly with Aegis IA.
Art. 13	Legal Representative	Not applicable. Aegis IA is established in France (European Union).
Art. 14	Transparency of Terms and Conditions	The Provider's T&Cs clearly and comprehensively describe restrictions on use regarding unlawful content and the use of AI systems, including managing the risk of "hallucination" (see Section 3).

3. Management of Unlawful Content (Contractual Responsibility)

Given that the risk associated with generating unlawful content through AI lies with the Client (the operator of the solution), Aegis IA ensures due diligence through technical and contractual measures:

3.1 Technical Diligence (Upstream Security)

• Application Filtering: The company uses a web application firewall to combat unlawful content.
• AI Configuration: The AI systems are configured advancedly to prevent providing "indirect" information related to illegal activities.

3.2 Transfer of Responsibility (Via T&Cs)

Contractual documentation (Terms and Conditions of Sale, Section 4.6) explicitly states:

• Operational Responsibility of the Client: The Client is designated as the sole operator and host of the AI and assumes full legal responsibility for any content generated or disseminated by these systems.
• Prohibition of Unlawful Content: Using Aegis IA's solutions to generate, process, disseminate, or store Unlawful Content (as defined by Union and national law) is strictly prohibited.
• Consequences: Non-compliance with this prohibition is grounds for immediate contract termination, protecting Aegis IA from the risks of illegal exploitation of its solutions.

4. Annex: Personal Data Management (GDPR)

In addition to the DSA, Aegis IA respects the General Data Protection Regulation (GDPR):

• Right to Rectification/Erasure: Customers and users have a permanent right to rectify, erase, or anonymize their personal data in case of registration on Aegis IA's website.
• Confidentiality: Aegis IA commits not to use customer data for purposes other than executing contractual missions.

Document established 2025/12/01 - Version 1.0