AI Disclosure

Subject: Classification of Natterbox AI Call Transcription System

Prepared by: Richard Waugh
Date: 02 June 2025
Version: 1.0

 

  1. Overview

This memo documents our internal assessment and classification of the AI system provided by Natterbox, which we use for transcribing telephone calls. The assessment follows the requirements and framework set out in the European Union Artificial Intelligence Act (EU AI Act).

  1. AI System Description
  • Provider: Natterbox
  • Functionality: Automated transcription of voice calls into text using speech-to-text AI.
  • Deployment Context:
    • Transcriptions are used internally by our employees for note-taking, CRM documentation, and assessment of sales or service opportunities.
    • Transcripts may also be used to inform coaching conversations with employees, but are not used for formal evaluation, ranking, or performance management.
  1. Classification Under the EU AI Act

Based on the classification framework set out in the EU AI Act:

  • System Risk Level: Limited Risk
  • Rationale:
    • The system is not used in any high-risk application area listed in Annex III of the EU AI Act.
    • The system does not make or support decisions about individual rights, employment status, hiring, or disciplinary outcomes.
    • The system is not used for biometric identification or surveillance.
    • Human review and oversight are maintained over all AI outputs.

As such, the system does not qualify as a high-risk AI system under the EU AI Act.

  1. Compliance Measures

In alignment with Title IV – Transparency Obligations of the EU AI Act, the following measures are in place:

  • User Awareness:
  • Employees are notified that AI-driven transcription takes place. We aim to notify participants about AI transcription where appropriate and feasible. We provide this information in our privacy policy and in communication templates. In cases where explicit disclosure is impractical, we rely on documented internal use policies and non-automated decision-making processes to mitigate risk. Practical Interpretation of Article 52 (Transparency)Article 52 requires that users interacting with an AI system are informed, but it does not prescribe how — and it allows flexibility as long as the intent is met.

 

Compliance without per call disruption:

We will achieve transparency through the following reasonable, layered approaches:

  • Privacy Policy Update (Passive Disclosure). We will include a clause such as: “We may use automated systems, including AI, to transcribe and analyse calls for documentation and quality assurance purposes.”
  • We will post this in the Website privacy policy. Sales/service terms and conditions.
  • Targeted Agent Training we will train agents if a call escalates into decision-making territory to make a disclosure.

Data Protection:

  • Transcriptions are stored and processed in accordance with our internal data protection policies and GDPR compliance.
  1. Vendor Communication

We have engaged with Natterbox to:

  • Confirm their system’s technical specifications and risk classification.
  • Request supporting documentation where applicable.
  • Ensure the system is maintained in line with regulatory standards.
  1. Conclusion

Our deployment of the Natterbox AI transcription system is consistent with the limited risk classification under the EU AI Act. We have implemented all relevant transparency and oversight measures and will review this classification if the use case changes.

Approved by:

Richard Waugh
Title: Head of Digital Service