Terms of Service

“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where “control” means ownership or control of more than 50% of the voting interests.

“Change Order” means a written amendment to a Statement of Work, executed by both parties, modifying the scope, timeline, deliverables, or fees of an Engagement.

“Client Materials” means all documents, data, information, policies, systems access, and other materials provided by Client to DeepLayer for purposes of performing the Services, including but not limited to organizational charts, AI system inventories, security documentation, risk registers, and governance frameworks.

“Confidential Information” means all non-public information disclosed by one party (the “Discloser”) to the other (the “Receiver”), whether orally, in writing, or electronically, that is designated as confidential or that a reasonable person would understand to be confidential given its nature and the circumstances of disclosure.

“Deliverables” means the tangible work products specified in a Statement of Work, including but not limited to written reports, assessment findings, recommendations, policy drafts, training materials, roadmaps, and strategic advisory documents.

“Engagement” means a specific project or retainer arrangement governed by a Statement of Work under this Agreement.

“Personnel” means the consultants, advisors, analysts, and other professionals engaged by DeepLayer to perform the Services, whether employees or subcontractors.

“Pre-Existing IP” means methodologies, frameworks, tools, models, templates, know-how, scoring algorithms, and other intellectual property owned by or licensed to DeepLayer prior to or independently of any Engagement, including the DeepLayer AI Maturity Index methodology, the AI Corporate Scan framework, benchmark databases, and standard assessment templates.

“Services” means the professional advisory, consulting, assessment, and training services to be performed by DeepLayer as described in a Statement of Work.

“Statement of Work” or “SOW” means a document executed by both parties that describes the specific Services, Deliverables, timeline, fees, and other terms applicable to an Engagement. Each SOW is incorporated into and governed by this Agreement.

2.1 Service Areas. DeepLayer provides professional advisory and consulting services across the following practice areas, as specified in the applicable SOW: (a) AI Governance Advisory — design and implementation of AI governance frameworks, board-level reporting structures, responsible AI policies, ethical guidelines, and organizational AI strategies; (b) AI Security Assessment — evaluation of AI system vulnerabilities, adversarial threat modeling, model security testing, supply chain risk analysis, and security architecture review; (c) Regulatory and Compliance Advisory — guidance on compliance with the EU AI Act, GDPR as it relates to AI systems, sector-specific AI regulations, and preparation for regulatory audits and certification processes; (d) Executive AI Education — tailored training programs, workshops, and seminars for C-suite executives, board members, and senior management on AI risk, governance, and strategy; and (e) AI Corporate Scan (On-Site Assessment) — comprehensive, consultant-led organizational AI maturity assessments using the proprietary DeepLayer methodology, including stakeholder interviews, documentation review, and delivery of written assessment reports with scored findings and actionable recommendations.

2.2 Statement of Work. All Services shall be described in a Statement of Work. Each SOW shall specify, at a minimum: (a) the scope and description of Services; (b) the Deliverables; (c) the project timeline and milestones; (d) the fees and payment schedule; (e) the key Personnel assigned; and (f) any Client-specific requirements or assumptions. No Services shall commence until a SOW is executed by both parties.

2.3 Change Orders. Changes to the scope, timeline, or fees of an Engagement require a written Change Order signed by both parties. If Client requests work outside the agreed SOW scope, DeepLayer shall prepare a Change Order specifying the additional work, timeline impact, and fees. DeepLayer is not obligated to perform out-of-scope work absent an executed Change Order.

2.4 Standard of Care. DeepLayer shall perform the Services with the degree of skill, care, and diligence reasonably expected of a qualified professional advisor experienced in AI governance, security, and regulatory compliance. Services shall be performed in accordance with applicable professional standards and the specific requirements set forth in the SOW.

3.1 Cooperation. Client shall provide DeepLayer with timely access to Client Materials, personnel, systems, and facilities reasonably necessary for DeepLayer to perform the Services. Client acknowledges that DeepLayer's ability to meet timelines and deliver quality Deliverables depends on Client's cooperation.

3.2 Accuracy of Information. Client represents that all Client Materials provided to DeepLayer are accurate, complete, and current to the best of Client's knowledge. DeepLayer is entitled to rely on the accuracy of Client Materials without independent verification. Inaccurate or incomplete Client Materials may affect the quality, accuracy, and applicability of the Services and Deliverables.

3.3 Key Stakeholder Availability. For Engagements involving stakeholder interviews, workshops, or assessments, Client shall ensure the timely availability of designated key stakeholders. If Client fails to make stakeholders available within the agreed timeline, DeepLayer may adjust the project schedule and, if the delay exceeds fifteen (15) business days, submit a Change Order reflecting additional costs incurred.

3.4 Client Representative. Client shall designate a primary contact (the “Client Representative”) with authority to make decisions, provide approvals, and give instructions on behalf of Client in connection with each Engagement.

4.1 Delivery. DeepLayer shall deliver the Deliverables in accordance with the timeline and specifications set forth in the applicable SOW. All Deliverables shall be provided in the format specified in the SOW (or, if not specified, in a commonly used professional format).

4.2 Review Period. Client shall have ten (10) business days following delivery of each Deliverable (the “Review Period”) to review and either accept the Deliverable or provide written notice of material non-conformity with the SOW specifications (a “Deficiency Notice”). If Client does not provide a Deficiency Notice within the Review Period, the Deliverable is deemed accepted.

4.3 Remediation. Upon receipt of a valid Deficiency Notice, DeepLayer shall use commercially reasonable efforts to correct the identified non-conformities within fifteen (15) business days. Client shall have an additional five (5) business day review period for the corrected Deliverable. If the Deliverable still materially fails to conform, the parties shall discuss resolution in good faith, which may include scope adjustment, fee credit, or partial re-performance.

4.4 Client Feedback. Acceptance testing relates to conformity with SOW specifications. Disagreement with advisory recommendations, findings, scores, or strategic conclusions does not constitute a Deliverable deficiency, provided the recommendations are supported by the analysis performed and consistent with the agreed methodology.

5.1 Key Personnel. If a SOW designates key Personnel by name, DeepLayer shall not reassign such individuals without Client's prior written consent, not to be unreasonably withheld. In the event key Personnel become unavailable due to resignation, illness, or other circumstances beyond DeepLayer's reasonable control, DeepLayer shall promptly notify Client and propose a replacement of comparable qualification and experience.

5.2 Independent Contractor. DeepLayer Personnel are not employees, agents, or legal representatives of Client. Nothing in this Agreement creates an employment, partnership, joint venture, or agency relationship. DeepLayer retains full control over the means, methods, and manner of performing the Services, subject to the SOW specifications.

5.3 Non-Solicitation. During the term of any Engagement and for twelve (12) months following its completion, neither party shall directly solicit for employment or engagement any Personnel or employee of the other party who was materially involved in the Engagement, without the other party's prior written consent. This restriction does not apply to general recruitment activities not targeted at specific individuals (e.g., job postings on public job boards).

6.1 Fee Structure. Fees for each Engagement are set forth in the applicable SOW and may be structured as: (a) fixed-fee project pricing; (b) time-and-materials based on agreed daily or hourly rates; (c) retainer arrangements with a fixed monthly fee and specified scope; or (d) milestone-based payments tied to Deliverable acceptance. Unless otherwise stated in a SOW, fees are exclusive of applicable taxes.

6.2 Invoicing. DeepLayer shall invoice Client in accordance with the payment schedule specified in the SOW. For time-and-materials Engagements, invoices shall include reasonable detail of hours worked and activities performed. Invoices are payable within thirty (30) days of the invoice date, unless the SOW specifies otherwise.

6.3 Late Payment. Late payments accrue interest at the rate of 1.5% per month (or the maximum rate permitted by applicable law, whichever is lower), compounded monthly, from the due date until paid. DeepLayer may suspend Services upon fifteen (15) days' written notice if payment is overdue by more than thirty (30) days.

6.4 Expenses. Reasonable travel, accommodation, and other out-of-pocket expenses incurred in connection with the Services are reimbursable by Client at cost, subject to Client's prior approval for expenses exceeding €500 individually. DeepLayer shall provide receipts upon request.

6.5 Taxes. All fees are exclusive of VAT, sales tax, withholding tax, and other applicable taxes. Client is responsible for all taxes, duties, and levies arising from the Services, other than taxes based on DeepLayer's net income.

7.1 Pre-Existing IP. DeepLayer retains all rights, title, and interest in and to its Pre-Existing IP. Nothing in this Agreement transfers ownership of Pre-Existing IP to Client. To the extent that Deliverables incorporate or are based upon Pre-Existing IP, DeepLayer grants Client a non-exclusive, non-transferable, royalty-free license to use such Pre-Existing IP solely as embedded in the Deliverables and solely for Client's internal business purposes.

7.2 Deliverable License. Upon payment of all applicable fees, DeepLayer grants Client a perpetual, non-exclusive, non-transferable license to use the Deliverables for Client's internal business purposes. Client may share Deliverables with its Affiliates, legal advisors, auditors, and regulators as reasonably necessary, subject to confidentiality obligations no less protective than those in this Agreement.

7.3 Client Materials. Client retains all rights in Client Materials. Client grants DeepLayer a limited, non-exclusive license to use Client Materials solely for the purpose of performing the Services during the applicable Engagement.

7.4 Aggregated Insights. DeepLayer may use anonymized, aggregated, and de-identified data derived from Engagements to improve its methodologies, develop industry benchmarks, and enhance its services, provided that such data cannot reasonably be used to identify Client or any individual. Client specifically consents to the use of anonymized assessment scores for inclusion in industry benchmark databases.

7.5 No Restrictions on General Knowledge. Nothing in this Agreement prevents DeepLayer from using the general knowledge, skills, and experience acquired in the course of performing the Services, including ideas, concepts, techniques, and know-how, provided that doing so does not disclose Client's Confidential Information or infringe Client's intellectual property rights.

8.1 Obligations. The Receiver shall: (a) hold the Discloser's Confidential Information in strict confidence; (b) not disclose it to third parties except as permitted herein; and (c) use it only for the purposes contemplated by this Agreement. The Receiver shall protect Confidential Information with at least the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care.

8.2 Permitted Disclosures. The Receiver may disclose Confidential Information to: (a) its employees, agents, and subcontractors who need to know for the purposes of this Agreement and are bound by confidentiality obligations no less protective; (b) its legal advisors, auditors, and regulators to the extent required; and (c) as required by applicable law, regulation, or court order, provided the Receiver gives the Discloser prompt notice (where legally permitted) and cooperates with efforts to obtain protective treatment.

8.3 Exclusions. Information is not Confidential Information if it: (a) is or becomes publicly available through no fault of the Receiver; (b) was rightfully known by the Receiver prior to disclosure; (c) is independently developed without reference to the Discloser's Confidential Information; or (d) is rightfully received from a third party without restriction.

8.4 Duration. Confidentiality obligations survive termination of this Agreement for a period of three (3) years, except for trade secrets which are protected indefinitely to the extent permitted by applicable law.

8.5 Return or Destruction. Upon termination of an Engagement or upon the Discloser's written request, the Receiver shall promptly return or destroy all Confidential Information, except for copies retained in automated backups or as required by law, provided such retained copies remain subject to the confidentiality obligations of this Agreement.

9.1 GDPR Compliance. To the extent that DeepLayer processes personal data on behalf of Client in the course of performing the Services, DeepLayer acts as a processor within the meaning of Regulation (EU) 2016/679 (“GDPR”). The parties shall execute a Data Processing Addendum (“DPA”) substantially in the form attached as Appendix B, setting forth the subject matter, duration, nature, and purpose of processing, and the categories of data subjects and types of personal data.

9.2 Data Minimization. DeepLayer shall process personal data only to the extent necessary to perform the Services. Client shall use reasonable efforts to minimize the personal data included in Client Materials and shall anonymize or pseudonymize data where practicable before providing it to DeepLayer.

9.3 Security Measures. DeepLayer shall implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or destruction, consistent with the requirements of Article 32 GDPR and as further specified in the DPA.

9.4 Data Location. Personal data shall be processed within the European Economic Area unless the SOW expressly permits processing elsewhere, subject to appropriate safeguards under Chapter V GDPR (e.g., Standard Contractual Clauses, adequacy decisions).

10.1 Nature of Advisory Services. The Services constitute professional advisory opinions based on the information available to DeepLayer at the time of the Engagement. Recommendations, assessments, and maturity scores reflect DeepLayer's professional judgment and the application of its methodology to Client Materials. They are not guarantees of security, compliance, or operational outcomes.

10.2 No Certification or Audit. Unless a SOW expressly states otherwise, the Services do not constitute a formal audit, certification, or legal opinion. Assessment scores and findings do not represent certification of compliance with the EU AI Act, GDPR, or any other regulatory framework. Client should not represent DeepLayer assessments as regulatory certifications to third parties.

10.3 Evolving Regulatory Landscape. AI governance and regulation is a rapidly evolving field. Advice given reflects the regulatory environment as understood at the time of delivery. DeepLayer does not warrant that advice will remain current as laws, regulations, and industry standards change. Client is responsible for ongoing monitoring and may engage DeepLayer for update assessments under a new SOW.

10.4 Implementation Responsibility. Unless the SOW expressly includes implementation services, Client is solely responsible for implementing the recommendations contained in Deliverables. DeepLayer is not liable for outcomes resulting from Client's implementation (or failure to implement) recommendations.

10.5 Methodology Transparency. DeepLayer shall provide Client with a general description of the assessment methodology used, including the dimensions evaluated and the scoring framework. The underlying algorithms, weightings, calibration data, and benchmark databases constitute DeepLayer's Pre-Existing IP and are not subject to disclosure.

11.1 DeepLayer Warranties. DeepLayer warrants that: (a) it has the right and authority to enter into this Agreement and perform the Services; (b) the Services will be performed in a professional and workmanlike manner consistent with generally accepted industry standards; (c) Personnel assigned to Engagements will possess the qualifications and experience reasonably necessary to perform the Services described in the SOW; and (d) Deliverables will not, to DeepLayer's knowledge, infringe the intellectual property rights of any third party.

11.2 Client Warranties. Client warrants that: (a) it has the right and authority to enter into this Agreement; (b) Client Materials provided do not infringe the rights of any third party; and (c) Client's use of the Deliverables will comply with applicable law.

11.3 Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION 11, THE SERVICES AND DELIVERABLES ARE PROVIDED “AS IS.” DEEPLAYER DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. DEEPLAYER DOES NOT WARRANT THAT THE SERVICES WILL ACHIEVE ANY SPECIFIC BUSINESS OUTCOME, REGULATORY APPROVAL, SECURITY POSTURE, OR COMPLIANCE STATUS.

12.1 DeepLayer Indemnity. DeepLayer shall defend, indemnify, and hold harmless Client from and against third-party claims alleging that the Deliverables (excluding portions based on Client Materials) infringe a third party's intellectual property rights, provided Client gives prompt notice, grants DeepLayer control of the defense, and cooperates reasonably.

12.2 Client Indemnity. Client shall defend, indemnify, and hold harmless DeepLayer from and against third-party claims arising from: (a) Client Materials infringing a third party's rights; (b) Client's use of Deliverables in a manner not authorized by this Agreement; or (c) Client's implementation of recommendations in violation of applicable law.

13.1 Exclusion. NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST DATA, LOSS OF BUSINESS OPPORTUNITY, OR REPUTATIONAL HARM, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

13.2 Cap. DEEPLAYER'S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID BY CLIENT TO DEEPLAYER UNDER THE APPLICABLE SOW GIVING RISE TO THE CLAIM DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

13.3 Exceptions. The limitations in Sections 13.1 and 13.2 do not apply to: (a) breaches of confidentiality obligations; (b) indemnification obligations under Section 12; (c) a party's willful misconduct or gross negligence; or (d) DeepLayer's obligations under mandatory applicable law, including GDPR data breach liability.

14.1 Term. This Agreement commences on the date of execution by both parties and remains in effect until all Engagements are completed or terminated, unless terminated earlier in accordance with this Section 14. Individual Engagements have the term specified in the applicable SOW.

14.2 Termination for Convenience. Either party may terminate this Agreement or any individual SOW upon sixty (60) days' prior written notice. For project-based Engagements, Client shall pay for all Services performed and expenses incurred through the effective date of termination, plus any non-cancellable commitments made by DeepLayer in reliance on the SOW.

14.3 Termination for Cause. Either party may terminate this Agreement or any SOW immediately upon written notice if the other party: (a) materially breaches this Agreement and fails to cure within thirty (30) days of written notice specifying the breach; (b) becomes insolvent, files for bankruptcy, or has a receiver appointed for a substantial portion of its assets; or (c) ceases to conduct business in the ordinary course.

14.4 Effect of Termination. Upon termination: (a) DeepLayer shall deliver all completed and in-progress Deliverables to Client; (b) Client shall pay all fees due for Services performed through the termination date; (c) each party shall return or destroy the other's Confidential Information in accordance with Section 8.5; and (d) licenses granted under Section 7.2 shall survive with respect to Deliverables for which fees have been paid.

14.5 Survival. The following provisions survive termination: Sections 1 (Definitions), 7 (Intellectual Property), 8 (Confidentiality), 9 (Data Protection), 10 (AI-Specific Advisory Terms), 11.3 (Disclaimer), 12 (Indemnification), 13 (Limitation of Liability), and 15 (General Provisions).

15.1 Governing Law. This Agreement is governed by the laws of the Netherlands. Any dispute arising out of or in connection with this Agreement shall be submitted exclusively to the competent courts of Amsterdam. The UN Convention on Contracts for the International Sale of Goods is excluded. If the SOW specifies “US Law Elected,” the Agreement is instead governed by the laws of the State of Delaware, with exclusive jurisdiction in the courts of Wilmington, Delaware.

15.2 Amendment. This Agreement may only be amended by written instrument signed by authorized representatives of both parties. SOWs and Change Orders constitute amendments to the extent they supplement or modify the terms herein.

15.3 Assignment. Neither party may assign this Agreement without the other party's prior written consent, except that either party may assign to an Affiliate or to a successor in a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee assumes all obligations under this Agreement.

15.4 Force Majeure. Neither party is liable for delays or failures in performance caused by events beyond reasonable control, including natural disasters, war, terrorism, pandemics, government actions, or infrastructure failures. The affected party shall promptly notify the other and use reasonable efforts to mitigate the impact. Payment obligations are not subject to force majeure.

15.5 Severability. If any provision of this Agreement is held invalid or unenforceable, the remaining provisions continue in full force. The invalid provision shall be reformed to the minimum extent necessary to make it valid and enforceable while preserving the parties' original intent.

15.6 Entire Agreement. This Agreement, together with all executed SOWs and Appendices, constitutes the entire agreement between the parties regarding the subject matter hereof and supersedes all prior negotiations, representations, and agreements. For software platform access, the separate DeepLayer End User Agreement applies.

15.7 Notices. All notices under this Agreement shall be in writing and delivered by email with confirmation of receipt, registered mail, or recognized overnight courier to the addresses specified in the applicable SOW. Notices are effective upon confirmed receipt.

15.8 Waiver. No waiver of any right or remedy is effective unless in writing. A waiver of any breach does not constitute a waiver of any subsequent breach.

15.9 Counterparts. This Agreement may be executed in counterparts, including by electronic signature, each of which constitutes an original and all of which together constitute one agreement.

15.10 Marketing Reference. DeepLayer may reference Client as a client of DeepLayer in marketing materials and proposals, unless Client opts out in writing. Case studies or detailed references require Client's prior written consent.