Legal · EU AI Act · CA · CO · UT

AI-use disclosure

Last updated: May 15, 2026

Draft — pending counsel review. This page is a good-faith summary of our practices; the legally binding text will be published here after qualified counsel in the relevant jurisdiction has approved the wording. For binding statements today, contact vamsy@qbridge.ai.

QB510K orchestrates 14 specialist AI agents to draft regulatory artefacts for FDA 510(k) submissions. Each agent uses Anthropic's Claude via API. This page implements the transparency obligations of EU AI Act Article 50, California AB 2013 (Generative AI Training Data Transparency), California SB 942 (AI Transparency Act), the Colorado AI Act (effective 2026), the Utah AI Policy Act, and the NIST AI RMF Generative AI Profile (NIST AI 600-1).

1. You are interacting with AI

Every agent-generated artefact in our platform is clearly attributed to the agent that drafted it. The agent's version + model are recorded in the audit ledger; the reviewer at each human-in-the-loop Gate sees that lineage before signing.

2. AI systems we operate

Agent	Purpose	Human oversight
Pathway Classifier	FDA class + product code + pathway recommendation	Gate G1 — RA Lead
Predicate Finder	Search live FDA 510(k) + De Novo databases	Gate G2 — RA Lead
SE Analyst	14-dimension comparison + 5-decision-point narrative	Gate G4 — RA + QA
Device Description / IFU / Labeling / Biocompat / Software / Cybersecurity / 510(k) Summary	Section drafts	Gate G6 — RA
Test Plan Architect	Bench / biocompat / software / EMC / clinical / human-factors scope	Gate G5 — RA + Eng
RTA Validator	Deterministic Refuse-to-Accept checklist (not AI)	Gate G7 — RA + QA
eSTAR Assembler	Fill the dynamic Acrobat eSTAR template (deterministic)	Gate G7
Submission Orchestrator	MDUFA payment + CDRH Portal upload (deterministic dispatcher)	Gates G8 + G9

3. EU AI Act risk classification

Every AI agent listed above is Limited-risk under Title III of the EU AI Act, subject to the Article 50 transparency obligations on this page. None of our agents performs:

Real-time remote biometric identification.
Biometric categorisation inferring sensitive attributes.
Emotion recognition in workplace or education.
Predictive policing or social scoring.
Generation of deepfake content.

We do not place a General-Purpose AI model on the EU market; we are an API consumer of Anthropic's Claude. Anthropic addresses Article 53 GPAI obligations directly.

4. Training data

We do not train the Claude models.
Your data is not used to train Anthropic's models. The Anthropic API operates in zero-retention mode by default for our calls.
We do not train any internal models on customer data.
Aggregated, fully anonymised operational telemetry (request counts, error rates, agent invocation counts) may be used to improve the product — never any customer regulatory artefact.

For Anthropic's training-data summary and copyright policy, see anthropic.com/transparency.

5. Human oversight on every consequential output

Every AI-generated artefact passes through a named human's signed Gate approval (PIN + FIDO2 WebAuthn assertion per 21 CFR Part 11 §11.200(a)) before it has any regulatory effect. The platform refuses to:

Send email to the FDA, sub-processors, or any external party on its own.
Submit a 510(k) on its own.
Pay the MDUFA user fee on its own.
Mutate any sub-processor system on its own.

6. Source-of-truth grounding (no fabricated regulatory citations)

Predicate citations, product codes, regulation numbers, and recognised consensus-standard references are verified against the live FDA databases at draft time. Agents that cannot ground a claim emit an explicit [TODO] marker instead of guessing. This is a binding platform invariant (CLAUDE.md §2.4).

7. Synthetic content marking

Each section draft carries its agent version + model identifier in the audit lineage, machine-readable by any downstream reviewer.

8. Decisions that are NOT automated

No regulatory submission decision.
No financial decision (payment).
No personnel decision.
No clinical decision about an individual.
No accept / reject decision by the FDA — that is the FDA's authority.

Article 22 GDPR is therefore not engaged by our standard workflow. If you believe a decision affecting you was made solely by automated means, contact privacy@qbridge.ai.

9. Limitations and known failure modes

Agents that lack required input emit explicit [TODO: …] markers rather than fabricating regulatory facts.
Agents are not certified medical-device software (SaMD). They produce regulatory drafts, not clinical decisions.
AI outputs are subject to the FDA's authority and the named regulatory lead's professional judgement. When an agent's output disagrees with FDA guidance, the guidance wins.

10. Incident reporting

Serious AI incidents are reported to the lead regulator in the affected jurisdiction within the applicable clock (EU AI Act Art. 73 forward-looking; GDPR Art. 33 if EU data subjects affected; HIPAA §164.410 if PHI involved). Affected customers are notified within 72 hours of our becoming aware.

11. Machine-readable mirror

A structured JSON mirror of this disclosure is at /.well-known/ai-disclosure for automated discovery (RFC 8615 well-known URIs).

12. Contact

AI governance enquiries: privacy@qbridge.ai. Privacy enquiries: same address.

Privacy enquiriesprivacy@qbridge.ai

Privacy Aviso (ES)Sub-processors AI use Terms Cookies ← Back home