Easylab AI -- Regulatory Documentation
EASYCLAW SYSTEM CARD
Technical Documentation -- Article 11, Regulation (EU) 2024/1689
Version 1.0|March 2026|EC-SC-2026-001
1.GENERAL DESCRIPTION
Annex IV(1)- --System name: EasyClaw
- --Provider: Easylab AI
- --Classification: General-purpose autonomous agent platform -- AI deployer application (Article 26). Risk classification is determined per deployment context, not globally.
- --Underlying model: OpenAI GPT-5.4 (GPAI model, provided by OpenAI)
- --Framework: OpenClaw orchestration layer
- --Intended purpose: Autonomous AI agent platform for B2B deployment
2.SYSTEM ARCHITECTURE
Annex IV(2)- --Core: OpenAI GPT-5.4 LLM
- --Orchestration: OpenClaw framework (Node.js)
- --Memory: Qdrant vector database, Mem0, Cognee, SQLite
- --Communication: Multi-channel (Telegram, iMessage, Email)
- --Security: exec-guardian daemon, chflags file protection, PIN authentication
- --Monitoring: Real-time dashboard (8 panels), Bridge Governor, Council Governor
3.CAPABILITIES
Annex IV(3)- --Autonomous task execution and scheduling
- --Persistent memory with extraction and distillation cycles
- --Multi-channel bidirectional messaging
- --System command execution within security boundaries
- --File management and code generation
- --Web research and data analysis
- --Inter-agent communication (Bridge protocol)
4.LIMITATIONS
Annex IV(4)- --No real-time autonomous internet browsing without configured tools
- --No biometric data processing capability
- --No image, audio, or video generation
- --Bounded by exec-guardian operational constraints
- --Requires human PIN approval for sensitive system operations
- --Cannot override chflags-protected configuration files
- --Inference quality dependent on underlying LLM capabilities
- --No guaranteed factual accuracy -- outputs should be verified
5.RISK MANAGEMENT
Art. 9- --14-layer security architecture
- --Rate limiting on inter-agent communications (50 msg/direction)
- --Automated memory distillation to prevent unbounded data growth
- --Real-time security monitoring and alerting
- --Human-in-the-loop for critical operations (exec-guardian PIN system)
6.DATA PROCESSING
Art. 10- --All data stored locally on deployment machine
- --LLM API calls to OpenAI for inference (subject to OpenAI's data policies)
- --No training on deployer data by the provider
- --Configurable data retention policies
- --GDPR-compliant data deletion capabilities
7.PERFORMANCE METRICS
Annex IV(5)- --System uptime: 99.7% (monitored)
- --Trust score: Real-time calculation based on operational metrics
- --Security incident rate: Logged and tracked via dashboard
- --Memory accuracy: Validated through distillation process
8.HUMAN OVERSIGHT MEASURES
Art. 14- --Exec Guardian daemon with PIN authentication
- --Real-time monitoring dashboard
- --Kill switch via Telegram or dashboard
- --Bridge Governor rate limiting
- --Council Governor multi-agent consensus
- --Comprehensive audit logging
9.CONFORMITY
Art. 43- --Self-assessment conducted per Article 43(2)
- --Quality management system per Article 17
- --Post-market monitoring per Article 72
- --This documentation maintained per Article 18