Volentis.ai is a European enterprise AI platform that provides specialized AI agents for HR, Legal, Compliance, IT, and Finance departments. It answers employee questions using only a company's own approved documents, with full source attribution and no hallucinations. Volentis B.V. is headquartered in Zoetermeer, the Netherlands, and hosts all data in Germany and the Netherlands.

How does Volentis.ai prevent AI hallucinations?

Volentis.ai uses Retrieval-Augmented Generation (RAG) architecture. Answers come exclusively from the customer's approved documents, and if the information is not in those documents, the agent replies "I don't know" instead of generating a guess. Every answer includes a citation showing the source document and paragraph.

Is Volentis.ai GDPR compliant?

Yes. Volentis.ai is fully GDPR compliant and acts as a Data Processor under Article 28. All data is hosted in EU datacenters in Germany and the Netherlands, and customer data is never used for AI training. A Data Processing Agreement (DPA) is provided with every contract.

Is Volentis.ai EU AI Act compliant?

Yes. Volentis.ai is designed to comply with the EU AI Act and is classified as a limited-risk system. Transparency requirements are met through mandatory source attribution, audit trails, and clear disclosure that responses are AI-generated.

Where is customer data stored?

All customer data is stored exclusively in EU datacenters located in Germany and the Netherlands. No data leaves the European Union. Single-tenant and customer-managed deployments allow further control, including on-premise or private-cloud hosting.

Does Volentis.ai train on customer data?

No. Customer data is never used to train or fine-tune any AI model — not Volentis's models, and not any third-party models. Customer documents are only used at query time to retrieve relevant passages for the specific employee asking a question.

How is Volentis.ai different from ChatGPT or Microsoft Copilot?

Unlike general-purpose assistants, Volentis.ai answers exclusively from a company's own approved documents and cites every source. It is EU-hosted, GDPR compliant, does not train on customer data, and provides specialized agents per department. ChatGPT Enterprise and Microsoft Copilot do not provide EU-only hosting or source-attributed answers by default.

Which integrations does Volentis.ai support?

Volentis.ai integrates with Microsoft SharePoint, Microsoft Teams, Slack, and HR systems including SAP SuccessFactors, Workday, AFAS, and Personio. Enterprise Single Sign-On is supported via SAML 2.0 and OpenID Connect. Custom connectors can be built on request.

Which AI agents are available?

Volentis.ai offers six specialized agents: HR Agent, Legal Agent, Compliance Agent, IT Agent, Finance Agent, and International Agent for multi-country organizations. Each agent is tuned to the terminology, documents, and question patterns of its department.

Which deployment options are available?

Three deployment tiers are available. SaaS multi-tenant is the fastest to deploy and shares infrastructure across customers in the EU. Single-tenant provides a dedicated environment with bring-your-own-key (BYOK) encryption. Customer-managed allows on-premise or private-cloud deployment for maximum sovereignty.

How much does Volentis.ai cost?

Pricing depends on number of users, document volume, and deployment tier. Three tiers are published on the pricing page: Starter (up to 500 users, one agent), Professional (up to 2,000 users, multiple agents), and Enterprise (unlimited, with single-tenant or on-premise options). Contact sales for a specific quote.

How long does implementation take?

Most SaaS multi-tenant deployments are live within two to six weeks, including document ingestion, policy review, and user training. Single-tenant and customer-managed deployments typically take six to twelve weeks depending on infrastructure scope.

Which languages does Volentis.ai support?

The user interface is available in English, Dutch, German, and French. The AI agents understand and respond in 30+ languages, including all official EU languages. Employees can ask questions in their preferred language regardless of the document language.

Who owns the data in Volentis.ai?

The customer retains full ownership of all data — documents, queries, and answers. Volentis acts only as a Data Processor. On contract termination, all customer data is deleted according to the Data Processing Agreement terms.

How does Volentis.ai handle sensitive data?

Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Role-based access control (RBAC) restricts document visibility per user role. Single-tenant deployments support bring-your-own-key (BYOK) encryption where only the customer holds the encryption keys.

What audit trail does Volentis.ai provide?

Every query and every answer is logged with timestamp, user identity, source documents cited, and the exact response given. Logs are exportable and retained according to the customer's configured retention period. The audit trail supports GDPR subject access requests and regulatory audits.

Which company sizes use Volentis.ai?

Volentis.ai is designed for medium to large enterprises with 200 or more employees. Typical customers include European mid-market companies, multinationals with EU operations, regulated industries (financial services, healthcare, public sector), and HR consultancies serving enterprise clients.

What happens if the AI does not know the answer?

The agent explicitly replies that it does not have the information and suggests escalating to a human. It never fabricates a response. This behavior is enforced by the RAG architecture — the agent can only speak from retrieved source material.

Can employees access Volentis.ai from Microsoft Teams or Slack?

Yes. Volentis.ai offers native Microsoft Teams and Slack apps that surface the relevant agent where employees already work. Single sign-on ensures each user only sees the documents they are authorized to access.

Who founded Volentis.ai?

Volentis B.V. was founded in 2024 in Zoetermeer, the Netherlands. The company focuses on bringing trustworthy enterprise AI to European organizations with a strong emphasis on GDPR compliance, EU AI Act readiness, and European data sovereignty.

EU AI Act: The Practical Guide for European Enterprises

The EU AI Act is in effect. Discover what this means for your AI usage, what risks you face, and how to stay compliant. A practical guide for enterprises.

August 2025 marked a turning point. The EU AI Act, the world's first comprehensive AI legislation, officially came into force. And while most provisions only become fully applicable in 2026 and 2027, the message is clear: Europe takes AI regulation seriously.

For enterprises, this means navigating new obligations, risk categories, and compliance requirements. The question on many boardroom agendas: what does this actually mean for our AI initiatives?

The good news: the EU AI Act is not a prohibition law. It is a framework that enables responsible AI use. Most enterprise AI applications, from knowledge assistants to document analysis, fall under categories with manageable obligations.

The challenge: many organizations still do not understand exactly where their AI systems fall, which obligations apply, and how to demonstrate compliance.

This article provides a practical guide. No legal jargon, just concrete guidance. After reading, you will know which AI categories exist, where your applications most likely fall, and what steps to take.

The Structure: AI Categorized by Risk

The EU AI Act takes a risk-based approach. Not all AI is equal: a chatbot answering product questions is fundamentally different from a system that decides whether someone qualifies for a mortgage. The legislation recognizes this and creates four categories:

Category 1: Unacceptable Risk (Prohibited)

Certain AI applications are simply prohibited in the EU:

Social scoring systems (as used in China)
Biometric identification in public spaces (with exceptions for law enforcement)
Manipulative AI that exploits vulnerable groups
Emotion recognition in workplaces and educational institutions

This category is clear-cut: do not do it. Fines can reach up to EUR 35 million or 7% of global revenue.

Category 2: High Risk

AI systems that have significant impact on people's rights and safety:

Credit decisions and insurance pricing
Recruitment and selection (CV screening, interviews)
Education: admissions and assessment
Critical infrastructure
Medical diagnostics
Law enforcement

For high-risk AI, strict obligations apply:

Risk assessment and mitigation
Data quality requirements
Technical documentation
Human oversight
Registration in the EU database
Conformity assessment

Category 3: Limited Risk

This is where most enterprise AI applications fall, including:

Chatbots and conversational AI
AI-generated content
Emotion detection (outside prohibited contexts)
Biometric categorization

The obligations are manageable and primarily focused on transparency:

Inform users that they are communicating with AI
Make clear when content is AI-generated
Traceability of decisions

Category 4: Minimal Risk

AI systems with no specific obligations:

Spam filters
Video game AI
Inventory optimization

Here, only the general obligation to use AI "in a responsible manner" applies.

Where do enterprise knowledge assistants fall?

AI systems that make internal knowledge accessible, answer questions from documents, or support employees in finding information typically fall under "limited risk" (Article 52). This also applies to:

HR policy assistants
Legal knowledge bases
IT helpdesk AI
Internal search systems

The transparency obligation means in practice: users must know they are communicating with AI, and when in doubt, they should be able to see where information comes from.

Key Insight: Most enterprise AI applications (knowledge bases, HR assistants, helpdesk AI) fall under "limited risk" with manageable obligations. The focus is on transparency, not prohibition.

The Core Obligations: What Do You Need to Do?

Depending on the risk category, different obligations apply. For most enterprise AI (limited risk), the requirements are concrete and achievable.

Transparency Obligations (Article 52)

AI disclosure: Users must know they are interacting with an AI system, not a human. This can be simple: "You are speaking with an AI assistant."
Content marking: AI-generated text, audio, or images must be identifiable as such. For internal systems, this means clear labeling.
Source attribution: While not explicitly required by the AI Act, this aligns with the spirit of the law. When AI generates answers, best practice is to show the sources.

Governance Requirements

Regardless of the risk category, the law recommends:

AI register: Document which AI systems you use
Risk assessment: Periodically evaluate the impact
Responsibilities: Appoint an AI officer
Training: Ensure users understand how AI works and what its limitations are

The Overlap with GDPR

The EU AI Act does not replace GDPR. They complement each other. If your AI processes personal data (and that is almost always the case), both regulations apply:

| GDPR | EU AI Act | |------|-----------| | Legal basis for processing | Risk categorization | | Privacy by design | Transparency requirements | | Data subject rights | Human oversight | | DPA required | Technical documentation |

Organizations that take GDPR seriously have a head start: the principles of transparency, accountability, and data governance are comparable.

Pro Tip: If you already have GDPR compliance in order, you have a head start. The principles of privacy by design, documentation, and accountability translate directly to AI Act compliance.

Timeline: When does what need to be in place?

August 2025: Law in effect, prohibited practices apply immediately
February 2026: Governance rules and obligations for general-purpose AI
August 2026: High-risk AI obligations fully in effect
August 2027: Full enforcement for all systems

The message: there is time to prepare, but do not wait until the last moment.

Fines and Enforcement

The EU is not modest with sanctions:

Prohibited AI practices: up to EUR 35 million or 7% of global revenue
High-risk violations: up to EUR 15 million or 3% of revenue
Incorrect information to regulators: up to EUR 7.5 million or 1.5% of revenue

National regulators are still being designated, but existing authorities (such as the Dutch Data Protection Authority in the Netherlands) are expected to play a role.

Compliance in Practice: From Theory to Implementation

Understanding legislation is step one. Implementing it within your organization is where things get complex. Here is a practical step-by-step plan.

Step 1: AI Inventory

Map out which AI systems your organization uses:

Internally developed AI
AI functionalities in SaaS products
Third-party AI integrations
Experiments and pilots

Many organizations underestimate how much AI they actually use. That "smart search function" in your knowledge base? That is AI. That automatic categorization in your ticketing system? Also AI.

Step 2: Risk Classification

Per identified system:

Which category does this fall under?
Which obligations apply?
What is the current compliance status?

Tip: involve both IT and Legal. The technical reality and legal interpretation need to align.

Key Insight: Many organizations underestimate how much AI they already use. That "smart search function"? AI. That automatic categorization? Also AI. Start with a complete inventory.

Step 3: Gap Analysis

Identify where you fall short:

Is transparency notification missing?
Are sources not traceable?
Is documentation missing?
Is human oversight not defined?

Step 4: Remediation Planning

Prioritize based on:

Risk level (high-risk first)
Timeline (when do obligations take effect?)
Impact (how many users, how many decisions?)

Step 5: Vendor Assessment

For AI you procure: evaluate vendors on:

EU data residency
AI Act compliance statements
Transparency capabilities
Audit trail functionality

Ask explicitly: "How does this product help me comply with the EU AI Act?"

Pro Tip: Include the question "How does this product help me comply with the EU AI Act?" in every AI-related RFP. Vendors that do not have a clear answer are not ready yet.

The Role of Procurement

AI compliance starts with procurement. Include AI Act requirements in:

RFPs and vendor selection criteria
Contracts and SLAs
Due diligence checklists

What to Look for in Compliant AI Solutions

EU-hosted: Data stays in Europe
Transparent operation: You can explain how the system arrives at answers
Source attribution: Every output is traceable to input
Audit logs: Who asked what, when, and what was the answer
Human oversight: Ability to review AI decisions
No training on customer data: Your data does not improve the model for others

Frequently Asked Questions and Misconceptions

"Do we need to stop using AI until we are compliant?"

No. Most enterprise AI can continue to run. The emphasis is on transparency and documentation, not prohibition. Start by inventorying and work toward full compliance in phases.

"Does our knowledge base AI fall under high risk?"

Probably not. An AI that searches internal documents and answers questions typically falls under limited risk (Article 52). High risk applies when AI makes significant decisions about people's rights, employment, credit, or health.

"What if our AI vendor is not EU-based?"

The AI Act applies to AI deployed in the EU, regardless of where the vendor is based. Ask your vendor about:

Where data is processed
Whether EU-specific options are available
How they support compliance

"Is open-source AI exempt?"

Partially. Open-source AI models are exempt from some provider obligations, but if you deploy them in your organization, the deployer obligations still apply.

"How does this relate to sector-specific regulation?"

The AI Act works alongside existing regulation. In financial services, healthcare, and other regulated sectors, additional requirements may apply. The AI Act is a floor, not a ceiling.

"What if we only use Microsoft/Google/AWS AI?"

The major cloud providers are working on compliance, but the responsibility for correct use lies with you. Their tools may be compliant; your implementation determines whether you are compliant.

Conclusion: Compliance as Competitive Advantage

The EU AI Act is often presented as an obstacle. But forward-thinking organizations see it differently: it is an opportunity.

In a world where consumers and business clients are increasingly critical of AI usage, "we comply with the EU AI Act" is a trust signal. It communicates: we take AI seriously. We take privacy seriously. We take your rights seriously.

Organizations investing now in compliant AI are building a foundation that:

Builds trust with customers and employees
Minimizes risks with future legislation
Enables faster adoption (less resistance)
Prevents vendor lock-in (EU-hosted options are portable)

The EU AI Act is not the last piece of AI legislation. It is the first. Organizations that learn to navigate this landscape now are better prepared for what comes next.

The practical question is not "should I take this seriously?" The answer is yes. The question is "how do I start?" And the answer: start by inventorying, classifying, and documenting. Find vendors that support compliance. And remember: transparency is at the core.

AI you can trust starts with AI you can explain. To users, to regulators, and to yourself.

Bottom Line: The EU AI Act is not an obstacle but an opportunity. Organizations investing now in compliant AI are building a trust advantage that is hard to catch up to.

Ready to experience this?

Discover how Volentis can help your team with reliable AI answers from your own documents.

Book a demo View use cases

EU AI Act: The Practical Guide for European Enterprises

The Structure: AI Categorized by Risk

Category 1: Unacceptable Risk (Prohibited)

Category 2: High Risk

Category 3: Limited Risk

Category 4: Minimal Risk

Where do enterprise knowledge assistants fall?

The Core Obligations: What Do You Need to Do?

Transparency Obligations (Article 52)

Governance Requirements

The Overlap with GDPR

Timeline: When does what need to be in place?

Fines and Enforcement

Compliance in Practice: From Theory to Implementation

Step 1: AI Inventory

Step 2: Risk Classification

Step 3: Gap Analysis

Step 4: Remediation Planning

Step 5: Vendor Assessment

The Role of Procurement

What to Look for in Compliant AI Solutions

Frequently Asked Questions and Misconceptions

Conclusion: Compliance as Competitive Advantage

Tags

Ready to experience this?

Ready to eliminate shadow AI risks?

EU AI Act: The Practical Guide for European Enterprises

The Structure: AI Categorized by Risk

Category 1: Unacceptable Risk (Prohibited)

Category 2: High Risk

Category 3: Limited Risk

Category 4: Minimal Risk

Where do enterprise knowledge assistants fall?

The Core Obligations: What Do You Need to Do?

Transparency Obligations (Article 52)

Governance Requirements

The Overlap with GDPR

Timeline: When does what need to be in place?

Fines and Enforcement

Compliance in Practice: From Theory to Implementation

Step 1: AI Inventory

Step 2: Risk Classification

Step 3: Gap Analysis

Step 4: Remediation Planning

Step 5: Vendor Assessment

The Role of Procurement

What to Look for in Compliant AI Solutions

Frequently Asked Questions and Misconceptions

Conclusion: Compliance as Competitive Advantage

Tags

Ready to experience this?

Related articles

AI in HR: How to Transform Your Team from Question Desk to Strategic Partner

AI in Legal: How Smart Contract Analysis Transforms Your Team

Ready to eliminate shadow AI risks?