AI Act and engineer data
This guide is for operations leaders, DPOs, and works-council representatives at field-service businesses using VH3 AI in the EU or UK. It explains how the platform handles data about your engineers, what we have built in to keep that handling defensible, and the parts that remain your responsibility under the EU AI Act and GDPR.Skip to the template
Drop-in Markdown you can adapt and publish on your intranet.
1. How responsibility splits
VH3 AI Ltd builds and supplies the platform. Your organisation operates it inside your service business and decides which users see what. Under the AI Act, that split has a name:
We design for the deployer obligations on your side — but we do not perform them on your behalf. The notice and oversight steps in section 4 are yours to operate.
2. Why engineer-level data is treated differently
Most of what VH3 AI processes is operational data about jobs, sites, customers, and equipment. A subset is about named field engineers: who attended a job, when it started and finished, what the outcome was. The AI Act treats AI systems that monitor and evaluate the performance of workers as high-risk (Annex III, Category 4). That classification triggers obligations whether you call the system “monitoring” or not. Practical signals that matter:- Reports that name individual engineers alongside completion rate, on-time percentage, or job volume.
- Sentinels that flag a specific engineer for review.
- Connie answers that compare named engineers or summarise a single engineer’s recent work.
3. What VH3 AI does at the platform level
These are the design choices we have made so that the high-risk surfaces stay defensible. None of them remove your deployer obligations, but they reduce the operational and legal risk of using the features.Operational metrics, not HR scores
Engineer dashboards and report sections present individual metrics (completion rate, on-time percentage, job count) separately. The platform does not synthesise a single “engineer quality” number.
HR-decision refusal in the assistant
Connie is instructed to answer operational questions about engineers and to decline questions framed as HR decision support — for example, “who should I put on a performance improvement plan?” or “rank these engineers for promotion.”
No emotion or attitude inference
The assistant is instructed not to infer emotional state, motivation, attitude, or mental health from job notes or operational data. Sentiment classification on inbound email is suppressed for internal employee-to-employee communications.
Disclaimers carried through the stack
Engineer-category sentinel triggers and the engineer performance tool responses both carry an operational-metrics disclaimer. Connie surfaces this caveat when she presents the data.
Per-tenant exclusion controls
You can exclude individuals (resident engineers, subcontractors, anyone you choose) from engineer sentinels. See Sentinels for the exclusion model.
Human-in-loop by design
Sentinel triggers create cases for review. They do not write back to HR systems or trigger employment actions automatically.
4. What sits with you as the deployer
Four things stay your responsibility, regardless of what we build at the platform level.1
Inform your engineers
Under GDPR Articles 13 and 14, your engineers should be told that their operational performance data is processed by an AI system and what it is used for. The template in section 5 gives you a starting point.
2
Keep human oversight in your process
AI outputs should not be the sole basis for any employment decision. Pair them with direct observation and conversation. Note this in your performance-review process.
3
Manage exclusions and access
Decide which engineers fall inside the scope of monitoring, and which (typically resident engineers and subcontractors) do not. Use the exclusion controls to reflect that decision. Decide which roles in your organisation can ask engineer-specific questions.
4
Set retention to match your HR policy
Connie session history and operational data retention should align with your wider employment-data retention policy. Speak to your CSM if you need help configuring this.
5. Sample engineer notice template
A Markdown notice you can adapt and publish to your intranet or staff handbook. Replace each{{PLACEHOLDER}} with your own value, review with your DPO, then issue before AI-derived performance data is used in a review or coaching conversation.
6. Checklist before you issue the notice
- DPO or legal counsel review complete.
- All placeholders replaced.
- Lawful basis appropriate for your jurisdiction and any applicable collective agreement.
- Retention periods aligned with your wider data retention policy.
- Internal page set up where engineers can re-read the notice at any time.
- Process in place to handle Article 15, 16, and 21 requests.
- Works-council or employee-representative consultation completed where required.
Related
Sentinels
The monitoring layer and the exclusion controls.
Users and teams
Access, roles, and how cases route to the right people.
Connie
The assistant and the compliance boundaries built into it.
Deploying secure internal apps
Wider governance and IT-checklist view.