Login
Hire

Responsibility by Design

The DORG ecosystem provides the technical infrastructure and ethical-regulatory framework to support organizations in the responsible adoption of digital employees. Final responsibility always rests with the organization.

[ Founding Principle ]

Shared Responsibility

The DORG ecosystem clearly distributes responsibilities and tools among the parties.

Each organization remains fully and exclusively responsible for compliance with the regulations applicable to the activities carried out by the DORGs it uses — including the EU AI Act, GDPR, and any other relevant industry regulations.

DORG Society, DORG Agency, and DORG University collaborate to provide support, guidelines, and tools that facilitate compliance, without replacing the competent authorities in monitoring and law enforcement. Adherence to the Code of Conduct is a necessary condition for participating in the DORG ecosystem, but it is not sufficient to guarantee full regulatory compliance.

DORG SRL / DORG Society Infrastructure and ethical oversight — Technical architecture for transparency and traceability — Ethical supervision through pseudonymized data — DORG University competency certification — Conditional activation mechanism for governance — Compliance audit on software license usage.

Customer Organization Operational and regulatory responsibility — Risk classification for activities assigned to DORGs — Designation of the Human Oversight Supervisor (HOS) — GDPR compliance as Data Controller — Competency verification before production use — Timely application of mandatory updates.

[ GDPR ]

Privacy by Design

In the Private Cloud model, data resides within the Customer’s Azure infrastructure under their direct control. DORG SRL has no access to the Customer’s environment or data.

The Customer operates as the Data Controller for the personal data of its employees and collaborators. DORG SRL acts as the Data Processor, with a scope limited to operations performed through the software.

  • Data minimization through Role-Based Access Control (RBAC)
  • Purpose limitation
  • Retention and deletion control in the hands of the Customer
  • Data sovereignty through private cloud
  • DORG SRL does not access Customer data

[ Human Oversight Supervisor ]

Operational Compliance

Every Dorg has a manager who supervises it. The HOS has the tools to define in advance, monitor during execution, and verify after the fact every action taken by the Dorg. The HOS has the authority to intervene and suspend DORG operations in the event of violations or critical issues.

The manager decides which level of oversight to apply to each task based on risk and compliance requirements.

  • Definition of applicable rules and procedures
  • Choice of Human-in/on-the-loop based on the risk profile
  • Parameterizable Q logs
  • Memory retention definable by question type
  • LOGS for post-verification

[ Decision Traceability ]

LOG of every action

Every question, every action performed by the Dorg, and every response is logged in the system

  • Interactions
  • Skill invocations
  • Decision chains
  • Human oversight events
  • Escalations
  • Configuration changes

[ EU AI Act ]

Ethics is not declared. It is applied within the architecture.

The EU AI Act requires transparency, traceability, and human oversight.

The DORG Code of Conduct translates these principles into concrete obligations for organizations: classify activities by risk level, maintain adequate documentation, ensure that people retain final decision-making priority.

The technical architecture makes these principles operational. Access controls do not act on the language model—they act before it. Every request is authenticated and verified against the user’s permissions before it reaches the orchestration layer: the DORG cannot execute actions that the user is not authorized to request, and it is not the model that determines this.

Every step of this chain is recorded in logs: which user, which role, which competency invoked, which data passed, which response generated. Traceability is not a retrospective report—it is an architectural property that allows every decision chain to be reconstructed and demonstrates that controls were in place.