Legal

Legal Disclaimer

Last updated: May 2026

Important Notice

KODEX-COMPLIANCE IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL ADVICE

This platform is a compliance assistance and scanning tool only. Nothing on this website or within the Kodex-Compliance application — including compliance scores, risk assessments, remediation roadmaps, AI chat responses, and generated reports — constitutes legal advice, legal opinion, or a legal determination of any kind.

No attorney-client relationship, solicitor-client relationship, or any other privileged relationship is formed by accessing, registering for, or using this service.

You must consult qualified legal professionals, compliance consultants, or certified auditors before making any compliance, regulatory, or business decisions. Reliance on Kodex output alone, without independent legal review, is done entirely at your own risk.

1. AI-Generated Content Disclaimer

Compliance scan results, risk assessments, recommendations, and reports produced by Kodex-Compliance are generated by artificial intelligence, specifically Anthropic Claude. AI assessments are probabilistic in nature and may contain errors, hallucinations, outdated information, or misinterpretations of applicable regulations.

Confidence scores displayed within the platform indicate the AI model's internal certainty level for a given assessment. They do not represent a guaranteed level of accuracy, completeness, or regulatory correctness.

AI-generated reports, remediation roadmaps, and recommendations are intended as starting points for human review and internal discussion — not as final determinations or authoritative compliance opinions. Every AI output should be reviewed and validated by a qualified human professional before being acted upon.

Kodex-Compliance does not guarantee the accuracy, completeness, currency, or reliability of any AI-generated output.

2. No Guarantee of Compliance

A high compliance score does NOT mean you are compliant with any regulation. A passing scan result does not certify, warrant, or guarantee regulatory compliance under any applicable law or standard.

Compliance is ultimately determined by the relevant regulatory authority, supervisory body, or certification entity — not by software. Only those bodies have the legal power to make binding compliance determinations.

Regulations, guidance documents, and enforcement priorities change frequently. Scan results reflect a point-in-time assessment based on the information available at the time of the scan. Kodex-Compliance does not guarantee that scan results remain accurate or applicable after the scan date.

3. Limitation of Liability

To the maximum extent permitted by applicable law, Kodex-Compliance shall not be liable for any regulatory fines, penalties, sanctions, enforcement actions, reputational harm, or other losses arising from your use of, or reliance on, this platform or its outputs.

Kodex-Compliance expressly disclaims liability for:

  • Business, operational, or strategic decisions made based on scan results
  • Errors, omissions, or inaccuracies in AI-generated content
  • Regulatory enforcement actions taken against you or your organisation by any competent authority
  • Losses arising from third-party data integrated into the platform via GitHub, Google Workspace, Notion, Slack, or other integrations
  • Interruptions, bugs, or inaccuracies in platform availability or functionality

The service is provided "as is" and "as available" without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

4. Framework-Specific Disclaimers

Each supported regulatory framework carries specific requirements that Kodex scanning cannot fulfil on its own. The following disclaimers apply to each framework individually.

GDPR

Kodex scans do not constitute a Data Protection Impact Assessment (DPIA) as defined under GDPR Article 35. A DPIA must be carried out by or under the responsibility of the controller, and may require consultation with a supervisory authority. Kodex output may inform but cannot replace a formal DPIA.

EU AI Act

Our risk classification self-assessment tooling has not been reviewed or verified by a notified body. High-risk AI system conformity assessments under the EU AI Act may require third-party conformity assessment procedures. Do not rely on Kodex classifications as a substitute for those procedures.

ISO 27001

Kodex scans are not a substitute for a formal ISO 27001 certification audit conducted by an accredited certification body. Only an accredited certification body can award ISO 27001 certification. Kodex results are internal readiness indicators only.

SOC 2

Kodex does not perform SOC 2 audits. Only a licensed Certified Public Accounting (CPA) firm registered with the AICPA can issue a SOC 2 report. Kodex output reflects a self-assessment of control design and does not constitute a SOC 2 Type I or Type II opinion.

NIS2 / DORA

Compliance determinations under the NIS2 Directive and the Digital Operational Resilience Act (DORA) are ultimately made by competent national authorities and relevant supervisory bodies. Kodex scans are an internal preparedness tool and do not represent an official compliance determination.

CRA (Cyber Resilience Act)

Product conformity assessments under the Cyber Resilience Act must be performed by authorized conformity assessment bodies for certain product categories. A Kodex scan is an internal technical review aid and does not satisfy mandatory third-party conformity assessment requirements.

HIPAA (Health Insurance Portability and Accountability Act)

Kodex does not constitute a HIPAA compliance certification, attestation, or Business Associate Agreement (BAA). HIPAA compliance requires a comprehensive assessment by qualified healthcare compliance professionals, including risk analysis, workforce training, and physical/technical safeguard implementation that is beyond the scope of automated tooling. A passing scan does not indicate that your organisation meets the requirements of the HIPAA Privacy Rule, Security Rule, or Breach Notification Rule.

5. Third-Party Integrations

Data pulled from GitHub, Google Workspace, Notion, Slack, and other connected services is used as evidence inputs into compliance scans only. Kodex-Compliance is not responsible for the accuracy, completeness, or currency of data sourced from third-party systems.

You are responsible for ensuring that data shared with Kodex-Compliance via integrations is accurate and that you have the right to share it. Integration connections are established and managed by you and can be revoked at any time via the Settings panel.

Kodex-Compliance is not affiliated with, endorsed by, or a partner of GitHub, Google, Notion, or Slack. Use of those services remains subject to their respective terms of service and privacy policies.

6. Professional Advice Recommendation

We strongly recommend engaging qualified legal counsel, certified compliance consultants, data protection officers (DPOs), or accredited auditors in conjunction with using this platform.

For high-stakes compliance matters — including regulatory submissions, supervisory authority interactions, certification audits, and breach notifications — Kodex insights should be treated as one input among many and must be combined with professional human review and judgment.

Consider Kodex-Compliance as a continuous readiness monitoring tool within a broader compliance programme, not as the compliance programme itself.

Contact

If you have questions about this disclaimer or the legal basis of our services, please contact us at contact@kodex-compliance.eu.

Contents
TABLE OF CONTENTS