Trust & governance
Built for trust
AIH Lab is designed so clinicians, hospitals, patients, and regulators can rely on what they read — and verify it.
The four pillars
No patient data
The platform stores deployment metadata only. Identifiable patient information is never collected.
Audit trail
Every pipeline transition is logged with actor, timestamp, and reason. Records are reconstructable.
Aligned with EU AI Act
Assurance Packs map to the obligations the AI Act places on high-risk healthcare AI providers and deployers.
Explicit evidence
Every published record carries a trust badge derived from its pipeline stage. No hidden status.
Compliance
AIH Lab is built to support compliance work, not to replace it. The platform is aligned with the EU AI Act, the GDPR, and the structure of ISO 42001 — and is explicit about the boundary between platform metadata and the underlying deployments.
Technical security
Postgres row-level security gates every read and write. Data is hosted in the EU. All access is over TLS. Service accounts are scoped per route handler.
Raise a concern
If you have observed a problem with an AI deployment recorded on the platform, the safety signal channel is the place to raise it.