Compliance Overview
Regulatory frameworks that Crowdee is designed to support.
Crowdee is built to support organisations operating under EU regulatory frameworks. The platform's audit trail, human-in-the-loop design, and Germany-hosted infrastructure are aligned with the requirements of the Digital Services Act (DSA), the EU AI Act, the General Data Protection Regulation (GDPR), and the Network and Information Security Directive 2 (NIS2). Whether you are a Very Large Online Platform managing Article 17 transparency obligations, a deployer of high-risk AI systems documenting human oversight, or a compliance officer looking to demonstrate lawful data processing, Crowdee provides the tooling and documentation infrastructure to support your programme.
Crowdee is a technology platform and data processor. Your organisation, as the data controller, retains responsibility for your own regulatory compliance obligations. This section describes how Crowdee can support — but does not replace — your compliance programme. Nothing in this documentation constitutes legal advice. Consult qualified legal counsel for guidance specific to your regulatory situation.
Supported Regulatory Frameworks
DSA
Digital Services Act: content moderation audit trails and documentation for Articles 17, 34, and 35.
EU AI Act
AI system transparency, human oversight mechanisms, and risk documentation under the EU AI Act.
GDPR
Data processing agreements, data residency, retention schedules, and data subject rights.
Infrastructure & Security
Germany-hosted infrastructure, encryption, access control, and NIS2 security posture.
Audit Trail
Every verification run creates a complete, timestamped, immutable record of everything that happened during the run. This record is the foundation of Crowdee's compliance posture and is designed to be used directly as evidence in regulatory proceedings, content moderation disputes, or internal compliance reviews.
The audit record for each run includes: the pipeline that was executed and the version of that pipeline at the time of the run; the files processed and their enrichment metadata; the output of every AI stage, including the prompt context, the model's raw response, the validated structured output, and the stage verdict; the responses of every crowd worker who participated in any crowd stage, including the individual answers, submission timestamps, and IRA scores; and the final synthesis verdict, confidence score, scorecard, and human-readable explanation.
This record is accessible via the verification run detail endpoint:
GET https://api.crowdee.ai/v2/projects/{projectId}/verification-runs/{runId}
X-API-Key: crw_YOUR_API_KEYCompliance exports in PDF and JSON format are available from the Platform under Reports → Compliance.
Data Residency
All Crowdee infrastructure is hosted in Germany on netcup GmbH data centres. No customer content is transferred outside the European Union at any point during processing, storage, or backup. Crowdee does not use third-party content delivery networks that would route your data through non-EU infrastructure.
This means no Standard Contractual Clauses (SCCs) or adequacy decisions are required in connection with Crowdee's data processing — EU-to-EU data flows are covered by GDPR directly.
For enterprise deployments with specific data residency requirements beyond Germany — for example, data that must remain within a particular EU member state — contact sales@crowdee.ai to discuss options.
How is this guide?
Quality Control
Consensus thresholds, Inter-Rater Agreement scores, and response validation in crowd stages.
DSA Compliance
How Crowdee supports Digital Services Act obligations under Articles 17, 34, and 35.