# AI Usage Addendum **Aquil — ISO 27001 ISMS Management Service** **Version:** 1.0 **Effective date:** 2026-04-07 This AI Usage Addendum ("**Addendum**") forms part of and is incorporated by reference into the Aquil MSA between Sokigo AB and Customer. In case of conflict between this Addendum and the MSA on AI matters, this Addendum prevails. ## 1. Purpose The Aquil Service includes features that use artificial intelligence, including large language models, to assist Customer with document generation, gap analysis, requirement matching, audit planning, process modelling and similar tasks. This Addendum sets out the specific terms applicable to those features. ## 2. AI provider and infrastructure - **Model provider**: Microsoft Azure AI Foundry. - **Model**: `gpt-oss-120b` (open-weights model deployed in Sokigo's Azure tenant). Sokigo may add or replace models from time to time, provided that any new model is hosted in the EU/EEA under equivalent or stronger contractual and technical safeguards. - **Region**: Sweden Central. - **Encryption**: key material for the Azure Foundry deployment is held by Sokigo in Azure Key Vault, Sweden Central. Microsoft does not hold these keys. (Application-layer per-tenant file encryption is separately described in the Trust page and DPA.) - **No training**: Sokigo does not use Customer Data, prompts or completions to train any AI model. Microsoft does not use prompts or completions submitted to Customer's deployed model to train its services. - **No retention beyond session**: AI prompts and completions are not retained by Sokigo beyond the lifetime of the user session, except where Customer explicitly saves AI output as part of Customer Data. ## 3. Customer responsibilities By using the AI features, Customer: a) Acknowledges that AI output is generated probabilistically and **may contain errors, omissions, fabrications or biases**. b) Agrees that AI output is **informational only** and is **not** legal, audit, regulatory or compliance advice. c) Is solely responsible for **reviewing, validating and approving** AI output before relying on it. d) Will not present AI output as Sokigo's professional advice or opinion. e) Warrants that it has all necessary lawful bases under GDPR and other applicable law for any personal data submitted to AI features, including for any incidental special-category data, and that submission of such data through the Service is consistent with Customer's notices to data subjects. f) Will not submit prompts or content that violate the AUP. ## 4. AI as a core feature; no separate opt-out The AI features are an integral part of the Service. Customer cannot use the Service in any meaningful capacity without accepting that submitted content may be processed by AI features. Read-only access (Viewer role) does not invoke AI processing. Use of any role other than Viewer constitutes Customer's documented instruction (under the DPA) to process content via the AI features described in Section 2. ## 5. Sokigo responsibilities Sokigo will: - Maintain the technical and contractual safeguards described in Section 2. - Display AI features clearly so users understand they are interacting with AI (transparency under EU AI Act art. 50). - Log AI usage at the metadata level (feature, model, token counts, timestamps, organisation and user IDs) — never the prompt or completion content. - Apply reasonable safeguards against prompt injection and abuse. - Notify Customer of material changes to the AI provider, model or processing region in accordance with the DPA Sub-processor change notification process. ## 6. EU AI Act - Sokigo currently classifies the AI features in Aquil as **limited risk** under the EU AI Act, primarily because output is informational, human review is required, and the system does not make automated decisions producing legal effects on data subjects. - Sokigo monitors AI Act developments and will update this Addendum if obligations applicable to Aquil change. - Customer remains responsible for its own AI Act obligations as a deployer where applicable. ## 7. No additional warranty NOTHING IN THIS ADDENDUM CREATES ANY WARRANTY ABOUT THE ACCURACY, RELIABILITY OR FITNESS FOR PURPOSE OF AI OUTPUT. THE DISCLAIMER IN MSA SECTION 9 APPLIES IN FULL. ## 8. Liability allocation for AI output Without prejudice to the limitations of liability in MSA Section 11, Customer agrees that Sokigo is not liable for any decision, action or omission taken by Customer or any third party in reliance on AI output. --- **[End of AI Addendum]**