KAIA explained

Last updated: April 9, 2026

KAIA (Kertos Artificial Intelligence Agent) is Kertos’ AI-powered assistant that supports users in navigating complex compliance workflows across data privacy, information security, and the EU AI Act. Built into the Kertos platform, KAIA acts as a context-aware guide, answering questions, performing autofill actions, and helping teams streamline certification processes like ISO 27001 and GDPR. 

Purpose

KAIA is developed to help legal, privacy, and security teams efficiently handle compliance by:

  • Reducing manual research and repetitive tasks

  • Providing contextual guidance and detailed answers

  • Supporting onboarding, workflow navigation, and document preparation

Definition

We follow the ISO/IEC 22989 definition of an AI system:

"An engineered system that generates outputs (content, forecasts, recommendations, decisions) for a given set of human-defined objectives."

KAIA meets this definition through its proactive, knowledge-driven design and contextual assistance embedded directly into the Kertos platform.

Capabilities

  • Product & Compliance Q&A: 90%+ coverage of ISO 27001, GDPR, AI Act, and Kertos feature questions

  • Autofill System Setup: Enriches and fills vendor and systems data using internal and external sources

  • Context Awareness: Understands where the user is in the platform and tailors suggestions accordingly

  • User Guidance: Guides through step-by-step compliance workflows (starting with ISO 27001)

  • Company Context Awareness: Tailors answers based on your company specifications

  • Document Support: RoPA generation, risk catalog suggestions, policy drafting

Domain & Hosting

  • Hosted securely on AWS in Europe

  • All processing and storage comply with GDPR

  • Any future data transfers to the US (e.g., via Gemini) follow the EU-US Data Privacy Framework

Security & Ethics

  • Data Protection: No user data is used for model training

  • Bias Mitigation: Regular testing and feedback loops

  • Transparency: User feedback encouraged after each interaction

  • No Biometric Processing: KAIA does not use or store biometric data

Environmental Impact

KAIA runs on AWS, which is committed to achieving net-zero carbon emissions by 2040. By leveraging efficient cloud infrastructure and scaling model use based on demand, Kertos minimizes environmental impact while delivering reliable AI support.

EU AI Act Classification

KAIA is not considered a high-risk or prohibited system under the EU AI Act. It is subject to transparency obligationsunder Article 52 (AI systems interacting with natural persons).

FAQs
 

How is KAIA different from a general-purpose chatbot like ChatGPT?

KAIA is purpose-built for compliance. It combines expert models with platform context to provide relevant, regulation-aligned support across InfoSec, privacy, and AI Act workflows.

Can KAIA act on its own?

No. KAIA provides suggestions, autofills, and guidance, but the user is always in control and must approve or complete tasks manually.

Does KAIA store or learn from my data?

No user data is used for training. Interaction logs may be retained securely for limited periods to improve system performance, in line with our privacy policies.

What’s the difference between the chatbot and autofill parts of KAIA?

KAIA uses GPT-4.0 mini for chatbot interactions (e.g., Q&A) and Gemini for autofill features (e.g., vendors, systems). They’re connected via an orchestration layer to work seamlessly.

Is KAIA considered high-risk under the EU AI Act?

No. KAIA is classified as a general-purpose advisory system and is not considered high-risk or prohibited. It follows transparency requirements under Article 52.