vebbopay.com - programmable money

1. Scope and Applicability

This AI Agent & Automation Policy ("Policy") governs the use of artificial intelligence agents, automated systems, and machine-learning-driven functionalities ("AI Agents") within the VebboPay platform operated by Cibeeo Inc SRL ("Cibeeo," "we," "us," or "our"). This Policy applies to all users who create, configure, deploy, or interact with AI Agents on VebboPay, including individual users, business customers, and their authorized representatives. By using AI Agent features on VebboPay, you acknowledge that you have read, understood, and agree to be bound by this Policy.

2. Definition of AI Agents within VebboPay

For the purposes of this Policy, "AI Agents" refers to autonomous or semi-autonomous software components within the VebboPay platform that are capable of:

Executing financial transactions (payments, transfers, deposits) on behalf of a user based on pre-configured rules, budgets, and instructions
Analyzing financial data and generating recommendations or automated decisions
Interacting with external financial systems, APIs, and payment networks as directed by the user
Processing and responding to natural language instructions for financial operations
Monitoring account activity and triggering automated responses based on defined conditions

AI Agents within VebboPay are designed to augment human decision-making in financial operations, not to replace it entirely. All AI Agents operate within parameters set by the user and are subject to the platform's safety controls and regulatory constraints.

3. EU AI Act Compliance

3.1 High-Risk AI System Classification

Cibeeo Inc SRL recognizes that AI systems used in the context of financial services may be classified as "high-risk AI systems" under Regulation (EU) 2024/1689 (the "EU AI Act"), particularly under Annex III, point 5(b), concerning AI systems used for creditworthiness assessment and credit scoring, and systems used in the management and operation of critical infrastructure.

In compliance with the EU AI Act, Cibeeo Inc SRL has implemented the following measures for high-risk AI systems deployed on VebboPay:

Risk Management System (Article 9): A continuous, iterative risk management process throughout the lifecycle of all AI Agents, including identification, analysis, estimation, and evaluation of risks
Data Governance (Article 10): Training, validation, and testing datasets are subject to appropriate data governance and management practices, including examination for biases
Technical Documentation (Article 11): Comprehensive technical documentation is maintained for all AI Agent systems prior to deployment and is updated throughout their lifecycle
Record-Keeping (Article 12): Automatic logging of AI Agent operations to enable traceability and auditability
Transparency (Article 13): AI Agent operations are designed to be sufficiently transparent to enable users to interpret and use outputs appropriately
Human Oversight (Article 14): Human oversight measures are built into all AI Agent systems (see Section 5 below)
Accuracy, Robustness, and Cybersecurity (Article 15): AI Agents are designed and developed to achieve appropriate levels of accuracy, robustness, and cybersecurity

3.2 Conformity Assessment

Where required by the EU AI Act, Cibeeo Inc SRL conducts conformity assessments of its high-risk AI systems and maintains an EU declaration of conformity. We cooperate with relevant national competent authorities and market surveillance authorities as required.

3.3 AI System Accuracy and Robustness Requirements

In accordance with Article 15 of the EU AI Act, Cibeeo Inc SRL ensures that AI Agents on VebboPay meet stringent accuracy and robustness standards:

Accuracy Metrics: All AI Agent models are evaluated against defined accuracy benchmarks relevant to their function (e.g., transaction classification accuracy, fraud detection precision and recall rates), and must meet minimum thresholds before deployment
Robustness Testing: AI Agents are tested for resilience against adversarial inputs, edge cases, data drift, and unexpected operational conditions to ensure consistent and reliable performance
Error Handling: AI Agents are designed with graceful degradation mechanisms — when confidence levels fall below acceptable thresholds, the agent will escalate to human review rather than proceed with an uncertain decision
Continuous Validation: Model performance is continuously monitored in production, with automated alerts when accuracy metrics deviate from acceptable ranges

4. User Responsibility for Agent Configuration and Actions

Users are solely responsible for:

The configuration, instructions, rules, budgets, spending limits, and parameters they assign to AI Agents
Ensuring that AI Agent configurations comply with applicable laws, regulations, and contractual obligations
Monitoring the performance and outputs of their AI Agents
Reviewing and approving transactions executed or recommended by AI Agents, particularly for high-value or sensitive operations
Maintaining appropriate access controls for AI Agent management (e.g., restricting who can modify agent configurations within a business account)
Understanding the limitations and potential risks of autonomous financial operations

VebboPay provides the platform infrastructure and execution environment for AI Agents. The intent, purpose, and specific instructions for AI Agent operations originate from and are determined by the user.

5. Human Oversight Requirements

In accordance with Article 14 of the EU AI Act, Cibeeo Inc SRL ensures that AI Agents on VebboPay are designed and operated with appropriate human oversight measures, including:

Human-in-the-Loop (HITL): For high-value transactions exceeding user-defined or platform-imposed thresholds, human approval is required before execution
Human-on-the-Loop (HOTL): Users can monitor AI Agent activities in real-time through the VebboPay dashboard and intervene at any time
Human-in-Command (HIC): Users retain the ability to override, pause, or terminate any AI Agent at any time, with immediate effect
Mandatory Review Periods: AI Agents operating autonomously for extended periods are subject to mandatory periodic review by the user
Escalation Mechanisms: AI Agents are programmed to escalate decisions to human users when encountering situations outside their configured parameters or when confidence levels fall below acceptable thresholds
Right to Human Review: Users and affected parties have the right to request human review of any decision made or recommended by an AI Agent. Cibeeo Inc SRL ensures that qualified personnel are available to conduct such reviews, provide explanations of the AI-driven decision, and override the automated outcome where appropriate

6. Transparency Obligations

Cibeeo Inc SRL is committed to transparency in all AI Agent operations on VebboPay:

Users are clearly informed when they are interacting with an AI system rather than a human
AI-generated recommendations, decisions, and transaction proposals are clearly labeled as such
Users are provided with meaningful explanations of how AI Agents arrive at decisions or recommendations
The capabilities and limitations of AI Agents are clearly documented and communicated to users
Where AI Agents interact with third parties on behalf of users, the AI nature of the interaction is disclosed in accordance with Article 50 of the EU AI Act

7. Automated Decision-Making Safeguards

Where AI Agent processing constitutes automated decision-making with legal or similarly significant effects on individuals within the meaning of Article 22 of the GDPR, Cibeeo Inc SRL implements the following safeguards:

Data Subjects are informed of the existence of automated decision-making, including meaningful information about the logic involved and the significance and envisaged consequences of such processing
Data Subjects have the right to obtain human intervention from Cibeeo Inc SRL, to express their point of view, and to contest the automated decision
Automated decisions are not based on special categories of personal data (Article 9 GDPR) unless explicit consent has been obtained or processing is necessary for reasons of substantial public interest
Regular reviews are conducted to ensure that automated decision-making systems remain fair, accurate, and free from unlawful discrimination

8. Agent Spending Limits and Safety Controls

VebboPay implements multiple layers of safety controls for AI Agent financial operations:

Per-Transaction Limits: Maximum amount that an AI Agent can execute in a single transaction, configurable by the user within platform-imposed maximums
Daily/Weekly/Monthly Aggregate Limits: Cumulative spending limits over defined time periods
Velocity Controls: Limits on the number of transactions an AI Agent can execute within a given time window
Counterparty Restrictions: Users can define allowlists and blocklists of recipients for AI Agent transactions
Geographic Restrictions: Users can restrict AI Agent transactions to specific countries or regions
Automatic Circuit Breakers: AI Agent operations are automatically suspended when anomalous patterns are detected, including unusual transaction volumes, rapid successive failures, or deviation from established behavioral baselines
Platform-Level Maximum Limits: Cibeeo Inc SRL imposes absolute maximum limits that cannot be overridden by user configuration, to ensure platform integrity and regulatory compliance

9. Prohibited Agent Activities

AI Agents on VebboPay may not be configured, instructed, or used to:

Engage in money laundering, terrorist financing, or any other financial crime
Circumvent sanctions, embargoes, or trade restrictions
Manipulate financial markets or engage in market abuse
Process transactions involving illegal goods or services
Circumvent or disable VebboPay safety controls, spending limits, or security measures
Engage in unauthorized data scraping, harvesting, or extraction
Impersonate human users or other AI Agents
Exploit vulnerabilities in VebboPay or connected third-party systems
Engage in any practice prohibited under Article 5 of the EU AI Act, including subliminal manipulation, exploitation of vulnerabilities, or social scoring
Process payments to or from sanctioned individuals, entities, or jurisdictions

Cibeeo Inc SRL reserves the right to immediately disable any AI Agent found to be engaged in or configured for prohibited activities, without prior notice to the user.

10. Agent Data Handling and Privacy

AI Agents on VebboPay process personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and our Privacy Policy. Specifically:

Purpose Limitation: AI Agents process personal data only for the specific financial operations they are configured to perform
Data Minimization: AI Agents access only the minimum data necessary to perform their designated functions
Storage Limitation: AI Agent operational data is retained only for as long as necessary for the purpose of processing and to comply with legal retention requirements
Integrity and Confidentiality: All data processed by AI Agents is protected by appropriate technical and organizational security measures, including encryption in transit and at rest
Data Protection Impact Assessments (DPIAs): Cibeeo Inc SRL conducts DPIAs for AI Agent features that involve high-risk processing of personal data, as required by Article 35 of the GDPR

11. Agent-to-Agent Transfer Security and Cryptographic Validation

Where AI Agents on VebboPay communicate with or transfer funds to other AI Agents (whether within the same user account, across accounts, or with external agent systems), Cibeeo Inc SRL implements the following security measures:

Mutual Authentication: All agent-to-agent communications are authenticated using mutual TLS (mTLS) and cryptographically signed tokens to verify the identity and authorization of both the initiating and receiving agents
Cryptographic Transaction Signing: Every transaction initiated by an AI Agent is cryptographically signed using asymmetric key pairs (e.g., ECDSA or EdDSA). The signature is verified by the receiving system before the transaction is processed, ensuring integrity, authenticity, and non-repudiation
Transfer Authorization Chains: Agent-to-agent transfers require a verifiable authorization chain linking back to the originating user's configuration and approval, preventing unauthorized delegation of financial authority
Replay Protection: All agent-to-agent messages include unique nonces and timestamps to prevent replay attacks
Encrypted Payloads: Data exchanged between agents is encrypted end-to-end, ensuring that transaction details, personal data, and operational instructions are protected from interception
Rate Limiting and Anomaly Detection: Agent-to-agent transfer channels are subject to independent rate limiting and behavioral analysis to detect and prevent abuse or cascading failures

12. Liability Framework for Agent Actions

The liability framework for AI Agent actions on VebboPay is structured as follows:

User Liability: Users bear primary responsibility for losses arising from the instructions, configuration, and parameters they provide to their AI Agents, including losses caused by misconfiguration, inadequate oversight, or failure to review agent activity
Platform Liability: Cibeeo Inc SRL is liable for losses directly caused by defects, errors, or malfunctions in the VebboPay platform infrastructure or AI Agent execution engine that result in actions inconsistent with the user's valid configuration
Shared Responsibility: In situations where losses result from a combination of user configuration and platform behavior, liability is apportioned based on the degree of contribution of each party
Force Majeure: Neither party is liable for failures or delays resulting from events beyond their reasonable control, including but not limited to network outages, acts of regulatory authorities, or failures of third-party payment networks

This liability framework is subject to and does not override applicable EU consumer protection laws, the proposed EU AI Liability Directive, and the Product Liability Directive as applicable.

13. Bias Prevention and Fairness

Cibeeo Inc SRL is committed to ensuring that AI Agents on VebboPay operate fairly and without unlawful discrimination. Our fairness commitments include:

Bias Testing: Regular testing and auditing of AI models and algorithms for biases related to protected characteristics under EU law, including race, ethnicity, gender, age, disability, religion, and sexual orientation
Fairness Metrics: Monitoring of defined fairness metrics across AI Agent operations, with established thresholds that trigger review and remediation
Training Data Review: Regular review of training datasets for representativeness and potential sources of bias
Third-Party Audits: Periodic independent third-party audits of AI systems for fairness and bias
Redress Mechanisms: Users and affected parties who believe they have been subject to discriminatory AI Agent behavior can report their concerns, and Cibeeo Inc SRL will investigate and take appropriate corrective action

14. Post-Market Monitoring

In accordance with Article 72 of the EU AI Act, Cibeeo Inc SRL has established a post-market monitoring system for all AI Agents deployed on VebboPay. This system is proportionate to the nature and risks of the AI systems and includes:

Continuous Performance Monitoring: Ongoing collection and analysis of data on AI Agent performance, accuracy, and reliability in real-world operational conditions
Incident Tracking: Systematic recording and analysis of AI Agent incidents, near-misses, malfunctions, and unintended behaviors, with root cause analysis and corrective actions
User Feedback Integration: Structured mechanisms for users to report issues, anomalies, or concerns regarding AI Agent behavior, which are analyzed and used to inform system improvements
Regulatory Reporting: Where a serious incident involving a high-risk AI system is identified, Cibeeo Inc SRL reports to the relevant market surveillance authority in accordance with Article 73 of the EU AI Act
Model Retraining and Updates: AI Agent models are periodically retrained and updated based on post-market monitoring findings, with all updates subject to validation and testing before deployment
Post-Market Monitoring Plan: A documented post-market monitoring plan is maintained for each high-risk AI Agent system, as required by the EU AI Act

15. Audit Trail and Logging

All AI Agent operations on VebboPay are subject to comprehensive logging and audit trails, including:

Agent creation, modification, and deletion events
All configuration changes, including who made the change and when
Every transaction initiated, executed, or rejected by an AI Agent, with timestamps, amounts, counterparties, and outcomes
All human interventions, overrides, approvals, and rejections
System alerts, escalations, and circuit breaker activations
Error events, failures, and exception handling
Data access events by AI Agents

Audit logs are retained for a minimum of five (5) years in accordance with applicable financial regulations and are available for review by authorized users, internal compliance personnel, and regulatory authorities upon request.

16. Policy Review and Updates

This AI Agent & Automation Policy is reviewed at least annually and updated as necessary to reflect changes in applicable laws and regulations (including the EU AI Act implementing measures), technological developments, industry best practices, and VebboPay platform capabilities. Material changes to this Policy will be communicated to users through the VebboPay platform and, where required, through direct notification.

17. Contact Information

For questions, concerns, or reports related to AI Agent operations, bias, fairness, or this Policy, please contact our AI Governance team:

Email: ai-governance@vebbopay.com
Company: Cibeeo Inc SRL
Subject Reference: AI Agent & Automation Policy Inquiry