As an AI strategy and compliance consultancy, we hold ourselves to the same standards we ask of our clients. We use AI across research, drafting, analysis, and content development. No AI-assisted output is delivered to a client or published externally without being reviewed, validated, and refined by an experienced human practitioner who takes full accountability for it.

Our use of AI is guided by five core principles: transparency, human oversight, proportionality, accountability, and continuous improvement. These align with the EU AI Act (Reg 2024/1689), the ICO AI and Data Protection Code of Practice (SI 2026/425), and the ISO 42001 standard for AI management systems. This statement is reviewed and updated whenever our AI tool usage materially changes.

We use Anthropic Claude (enterprise tier) for research, drafting, analysis, and content development. Claude operates under Anthropic's enterprise data processing agreement, which prevents customer data from being used to train their models. We also use Microsoft Copilot within the Microsoft 365 environment for productivity tasks, governed by Microsoft's data processing terms.

For technical development work on the Aria platform, we use AI-assisted QA tools. All QA output is reviewed by a qualified technologist before deployment. We maintain an internal AI tools register that records every tool, its purpose, what data it processes, the controls in place, and the review cadence. This register is available to clients on request.

All work delivered to clients is produced under the direct supervision and editorial control of an experienced practitioner. We treat AI outputs as a starting point, not a finished product. This applies to written deliverables, strategic recommendations, framework documents, platform outputs, and any other material produced in connection with client engagements.

Where AI supports analysis or scoring within the Aria platform, the underlying logic is validated, documented, and explainable. We do not rely on AI for decisions that have significant impact on individuals without appropriate human review. Our governance framework requires a documented review step for all AI-assisted outputs, consistent with the human oversight requirements of the EU AI Act and ICO AI Code of Practice.

We do not use AI to make or communicate legal, regulatory, or financial decisions on behalf of clients. We do not process confidential client data through consumer-grade AI tools that lack adequate data processing safeguards. We do not use AI-generated imagery or content in client deliverables without disclosure. We do not present AI-assisted work as entirely human-authored where the contribution of AI was material.

We do not allow AI tools to interact directly with clients or represent us in client communications without disclosure. All client-facing communications are written or reviewed by a human. We do not use AI tools that train on client data or that cannot provide evidence of appropriate data processing controls. These are not theoretical positions; they are practices we apply daily and review regularly.

Transparency about AI use is a professional standard we hold ourselves to because we ask our clients to do the same. We review this statement at minimum every six months and update it promptly when we adopt new tools, change our practices, or identify something worth disclosing. The statement references the UK GDPR, the Data (Use and Access) Act 2025, the ICO AI and Data Protection Code (SI 2026/425), and the EU AI Act (Reg 2024/1689).

If you have questions about how AI was used in a specific engagement or deliverable, please ask. We will answer honestly. Contact us at [[email protected]]. If you would like support developing your own AI transparency statement or governance documentation, visit www.thehumancto.co.uk to find out more about the Aria platform and our advisory services.