Create a structured, living AI governance document that translates legal requirements into concrete product and engineering guidelines for OpenProject.

The goal is to ensure that Begin of the insertionthe LLM provided by usEnd of the insertion Begin of the deletion all currentEnd of the deletion and Begin of the insertionallEnd of the insertion Begin of the deletion futureEnd of the deletion AI features are designed and implemented in compliance with European and German regulations, while remaining practical for product development.

This document will serve as the foundation for all AI-related decisions, and should be maintained and extended as regulations evolve.

**Scope**

The governance sheet should include and structure the following areas:

**1\. EU AI Act**
Risk classification framework:

* Prohibited

* High-risk

* Limited risk

* Minimal risk


Identification of high-risk triggers, especially:

* Employment-related features

* Project evaluation or performance assessment

* Automated decision-making Begin of the insertion


What LLM models can we use for us and host for clients

* What licenses work?

* Which models are forbidden by the EU AI Act (based on size or trainings data involved)?End of the insertion


**2\. GDPR (DSGVO)**

* Data minimization principles

* Purpose limitation

* User consent and transparency requirements

* Guidelines for processing project and user data in AI contexts


**3\. German Employment Law**

* AI literacy obligations for employees

* Implications for deploying AI features in workplace environments