EU AI Act Compliance

ThoughtSpot is committed to helping customers accelerate their agentic analytics journey while meeting their European Union (EU) Articial Intelligence (AI) Act obligations.

At ThoughtSpot, we are transforming how organizations interact with data through natural language search, automated insights, and intelligent forecasting. As AI regulations evolve, we remain committed to complying with all applicable laws and standards of compliance and to helping our customers understand and meet their own obligations under this regulation.

Trust is a core value of our company and is the foundation of our customer relationships. We have invested in building robust AI governance practices that reflect and evolve with both the spirit and the technical requirements of emerging global regulations. As a flexible agentic analytics platform that customers deploy across various use cases, compliance responsibilities are shared:

• ThoughtSpot's Commitment: Maintain platform integrity, transparency, and security, and provide customers with tools and information to support their compliance responsibilities.
• Customer Responsibilities: Assess and align their use of ThoughtSpot with regulatory and compliance requirements.

We will continue improving and evolving our platform and services alongside regulatory guidance to support your use of ThoughtSpot in accordance with applicable compliance requirements.

What follows is a high-level overview of the EU AI Act to help you understand this new regulatory framework and consider how it may apply to your use of ThoughtSpot.

The EU AI Act (“Act”) is the first comprehensive AI regulation, which addresses potential AI risks to health, safety, and fundamental rights. The Act imposes obligations upon actors in the AI supply chain, with requirements varying based on an AI system’s or model’s risk category. Most of the Act’s rules target high-risk AI. In contrast unacceptable-risk systems (like social scoring and manipulative AI systems) are banned entirely, and limited-risk systems need only meet light transparency standards.

The Act has extraterritorial reach, meaning it applies to organizations outside the EU if they place AI systems on the EU market or if the output produced by their AI system is used in the EU.

The Act entered into force on August 1, 2024, with requirements phasing in over time:

• February 2, 2025: Prohibitions on AI systems of unacceptable risk and AI literacy requirements took effect.
• August 2, 2025: Rules for general-purpose AI models, governance structures, and penalties took effect.
• August 2, 2026: The remainder of the Act—including obligations for high-risk AI systems—takes effect.
• August 2, 2027: Rules for AI systems integrated into regulated products.

Additional Information:

• EU AI Act: first regulation on artificial intelligence
• The EU Artificial Intelligence Act

Building ThoughtSpot to comply with the EU AI Act

ThoughtSpot develops an AI system and is considered a provider under the Act. As a provider, ThoughtSpot is implementing processes and programs to support compliance, including cross-functional AI governance, and helping customers comply by providing transparent, clear documentation, and transparency features enabling human oversight. At ThoughtSpot, making responsible AI a company priority ensures that everyone – from engineers to product managers – understands that they are individually and collectively accountable for upholding ThoughtSpot’s responsible AI principles.

By embedding AI directly in our services, we deliver a more powerful, integrated experience that maximizes AI benefits and performance for customers. This deep integration of AI also allows for robust AI governance by supporting transparency and native human-in-the-loop oversight. By revealing the logic behind every answer, customers can verify the relevance and accuracy of each response, resolve discrepancies, trust AI-generated insights, and meet the Act’s transparency and explainability requirements.

Preparing Customers to comply with the AI Act

How customers deploy ThoughtSpot determines their risk classification under the Act—while most business analytics uses fall into minimal or limited risk categories, deployments for purposes such as employment decisions, credit assessments, or educational evaluations may be classified as high-risk.

ThoughtSpot’s AI features are not intended for and should not be used for high-risk purposes, nor should they be changed into high-risk AI systems, as defined under the EU AI Act or similar legislation around the world.

Thus, customers who deploy AI systems under the Act should:

• Understand how AI is used within their organizations.
• Review their AI governance to ensure responsible AI deployments.
• Follow provider instructions for use.
• Assign appropriate human oversight for AI-assisted decisions.
• Monitor the operation of their AI deployments.

The EU AI Act represents a significant step toward responsible AI governance globally, and ThoughtSpot is committed to evolving alongside these requirements. We continuously monitor regulatory developments—including guidance from the European AI Office and emerging standards—to ensure our platform and practices remain aligned with the Act's objectives.

We view compliance not as a burden, but as an opportunity to reinforce the trust our customers place in us. As the regulatory landscape continues to develop, we will update this page and provide additional resources to support your compliance efforts.