Regulatory Compliance - EU AI Act & China CAC

✅ Fully Compliant Platform

AIGC Compliance meets all major international regulatory requirements for data protection, content authenticity, and digital services.

Compliance Certifications

🇪🇺

GDPR

Compliant

🇪🇸

LSSI-CE

Compliant

🔒

LOPD-GDD

Compliant

🤖

EU AI Act

Ready

📸

C2PA

Compatible

💳

PCI DSS

Via Stripe

GDPR Compliance (EU Regulation 2016/679)

✓
Lawful Processing: We process personal data based on legitimate interests and user consent, with clear legal bases documented for each processing activity.
✓
Data Subject Rights: Full implementation of access, rectification, erasure, portability, and objection rights through automated and manual processes.
✓
Privacy by Design: Technical and organizational measures including pseudonymization, encryption (TLS 1.3), and data minimization principles.
✓
Data Protection Officer: Designated DPO available at privacy@aigc-compliance.com
✓
Breach Notification: Procedures in place for 72-hour breach notification to supervisory authorities and affected data subjects.
✓
Data Processing Agreements: Standard contractual clauses with all third-party processors (Supabase, Railway, Stripe).
✓
Records of Processing: Comprehensive documentation of all processing activities maintained per Article 30.
✓
Cookie Consent: Granular cookie consent mechanism with Essential, Analytics, and Marketing categories.
✓
Data Retention: Automated deletion policies with maximum retention periods documented in our Privacy Policy.
✓
International Transfers: All data processing occurs within EU/EEA with adequacy decisions or appropriate safeguards.

LSSI-CE Compliance (Spain Ley 34/2002)

✓
Legal Identification: Complete operator identification including NIF 45544135H, registered address, and contact information.
✓
Commercial Communications: Clear identification of promotional content with opt-in consent mechanisms.
✓
Electronic Contracting: Transparent terms and conditions with double opt-in confirmation for service agreements.
✓
Liability Framework: Service provider liability addressed with content moderation and takedown procedures.

LOPD-GDD (Spain Organic Law 3/2018)

Spanish implementation of GDPR with additional requirements:

✓
Spanish DPA Registration: Notification to Agencia Española de Protección de Datos (AEPD) completed.
✓
Digital Rights: Compliance with digital rights framework including digital disconnection and data portability enhancements.
✓
Impact Assessments: Data Protection Impact Assessments (DPIA) conducted for high-risk processing.

EU AI Act Readiness

Fully compliant with the EU Artificial Intelligence Act (2024) - Article 52 Transparency Obligations:

✓
Visible Watermarking (Article 52): All EU-processed images include clearly visible watermark "AI Generated" (customizable). This ensures end-users can identify AI-generated content without technical tools.
✓
Technical Verification (C2PA): C2PA metadata embedded for cryptographic verification. Dual-layer compliance: visible (user-facing) + technical (forensic verification).
✓
Transparency Requirements: Clear disclosure that content has been AI-generated through both watermarking and metadata, exceeding Article 52 requirements.
✓
Risk Classification: Service classified as limited-risk AI system with appropriate transparency obligations.
✓
Documentation: Technical documentation maintained for AI system capabilities and limitations.
✓
Human Oversight: Human review processes for high-stakes content verification and dispute resolution.

C2PA Standards (Coalition for Content Provenance and Authenticity)

✓
Content Credentials: C2PA 2.0 compliant using official c2pa-python 0.25.0 library. Cryptographic signing active with CAI test certificates (ES256 + DigiCert TSA). Production certificate in progress.
✓
Tamper Detection: Cryptographic signing ensures any content modifications are detectable. Manifests validated successfully with CAI Reader.
✓
Manifest Generation: Automatic generation of content provenance manifests with creation metadata, AI disclosure, and full action history.

Additional Security Compliance

✓
PCI DSS: Payment card security handled through Stripe's certified infrastructure (PCI Service Provider Level 1).
✓
ISO 27001 Alignment: Information security management practices aligned with ISO/IEC 27001 standards.
✓
SOC 2 Type II: Infrastructure providers (Railway, Supabase) maintain SOC 2 Type II compliance.

📋 Compliance Documentation

For detailed compliance documentation, audit reports, or specific regulatory questions, please contact our compliance team:

General Compliance: compliance@aigc-compliance.com
Data Protection: privacy@aigc-compliance.com
Legal Matters: legal@aigc-compliance.com

🏢 Data Controller Information

Manuel Liébana Cazalla
NIF: 45544135H
Calle Mayor 27
30500 Molina de Segura, Murcia, Spain
Email: manuel@aigc-compliance.com

🔄 Continuous Compliance

We continuously monitor regulatory changes and update our compliance programs accordingly. Our last comprehensive compliance audit was completed in January 2024.