Principles – Q&A

1. Access Control Device Overview & Ethical Design

• What role does AI play in your access control devices, and what is its purpose?

  The purpose of our access control devices is to accurately identify authorized individuals and control access to facilities. AI algorithms are used solely to enhance the accuracy and processing speed of identifying individuals through fingerprint and facial recognition, and such identification results are used for authentication and access authorization. The access control devices do not identify or infer sensitive characteristics such as race, gender, or age.

• Does this AI used in access control devices pose risks to fundamental human rights or public safety?

  No. AI used in access control devices is exclusively applied for basic identification purposes and is strictly designed not to perform surveillance, biometric categorisation, risk assessment, or any functions that could negatively affect individual rights or public order.

• Do you comply with AI ethical principles?

  Yes. We strictly adhere to core AI ethical principles, including fairness, transparency, and accountability, throughout the development and operation of our access control devices and related AI functions. These principles are reflected in our data processing and algorithm validation processes.

• How do you ensure that AI respects human rights and does not cause harm?

  Access control devices are designed with consideration for privacy and human rights and comply with applicable laws and regulations, including GDPR, as well as internal security policies. Access control management and user consent procedures are applied to prevent misuse.

2. Bias, Fairness & Accountability

• How are AI models trained, and what measures are taken to ensure data representativeness and diversity?

  Facial recognition models are trained using data that includes diverse races, ages, and genders. Data distributions are reviewed and supplemented as necessary to prevent imbalance and ensure representativeness.

• How do you identify and mitigate AI bias?

  Recognition performance is periodically reviewed across different groups to assess potential bias. Where necessary, data improvements and retraining are conducted to maintain fair performance for all users.

• How do you ensure that AI does not replace human responsibility and accountability?

  AI is used solely as a tool to enhance the accuracy and processing speed of identifying individuals for access control purposes, and final decisions and accountability always remain with humans, such as system administrators. All authentication results may be subject to human review, and roles and responsibilities are clearly defined.

• Does the AI-based product negatively affect sensitive attributes (e.g., race, gender) or lead to adverse actions against individuals?

  AI operates independently of protected characteristics such as race, gender, or age and is designed not to identify, infer, or categorise individuals based on protected such attributes

• Who holds ultimate responsibility for system operation and errors?

  AI is a tool, and ultimate responsibility for access control device operation and management lies with the operating entity. Human oversight procedures are in place to ensure prompt response in the event of errors.

• Is AI used in employment contexts, and are accommodations provided for persons with disabilities?

  The access control devices are used solely for access control and authentication purposes and are not used for employment-related decision-making. Alternative authentication methods (e.g., cards, mobile authentication) are provided to support accessibility for persons with disabilities.

3. Transparency & Automated Processing

• How is transparency in AI processing and authentication outcomes ensured, and are results subject to audit?

  All authentication results and processing activities of access control devices are automatically logged and managed transparently. Administrators can review authentication records and decision bases through system logs, which may be verified through internal audit procedures when necessary.

• How is the accuracy of AI results validated?

  Accuracy and reliability are continuously improved through internal reviews and expert feedback.

• What options do individuals have to consent to or opt out of AI-based authentication processes, and can they provide feedback on AI performance?

  The operating entity must obtain user consent during registration. Users may choose alternative authentication methods if they do not wish to use AI-based authentication. Feedback on AI performance may be submitted through our customer support channels.

• How do you explain decision rationales to operators and data subjects in an understandable manner?

  Authentication results are clearly displayed, allowing operators to easily verify matches against registered information. Detailed explanations can be provided through logs and records when necessary.

• To what extent does AI perform automated processing or authentication, and how is human oversight integrated?

  AI performs automated decisions only within a limited scope, such as access authentication. Final approval and policy settings are managed by the operating entity, and all results are subject to effective human oversight when required.

• Are guidelines provided for system use?

  Installation and operation manuals provide guidance on user registration, authentication, and access control device management functions. Relevant documentation is available upon request.

4. Data Management & Security

• What data sources are used to train AI models, and what are their origins?

  AI model training primarily uses internally collected and maintained data, as well as lawfully available external data sources.

• Is consent obtained for data collection and storage?

  Yes. Only data collected and stored with valid consent in accordance with applicable laws and regulations are used, and retention periods and usage scopes are managed in line with internal standards.

• How are data accuracy and integrity ensured?

  Data accuracy and integrity are ensured through data cleansing and validation processes. During transmission and storage, encryption, checksum verification, and hash value comparisons are used to maintain integrity.

• How do you ensure that datasets are fit for purpose, representative, and free from bias?

  Data is collected from diverse sources and conditions and is regularly reviewed and supplemented to minimize bias and ensure representativeness. Expert reviews and statistical analyses are used to select relevant attributes.

• What is the process for securely deleting data after the retention period expires?

  Data is securely deleted in accordance with applicable policies once retention periods expire, and systems are managed to ensure that no unnecessary data remains.

5. Risk Management

• Are there measures in place to address risks arising during system operation?

  Processes are in place to provide administrators of access control devices with manuals or response measures in the event of risks related to data protection, device performance, or errors in AI functions.

• How are environmental impacts of AI models addressed and mitigated?

  Access control devices use energy-efficient hardware and algorithms, and continuous optimization efforts are made to reduce unnecessary resource consumption and minimize environmental impact.

6. AI Literacy & User Capability Enhancement

• What is AI literacy, and how is AI user education conducted?

  AI literacy refers to the ability to understand the basic principles and operation of AI, use it effectively, and critically evaluate AI-generated outcomes. It goes beyond technical usage skills to include understanding AI’s limitations and capabilities and making ethical judgments. We strive to ensure that all stakeholders to the extent appropriate to their respective roles and responsibilities, involved in the design, development, operation, management, and use of access control devices and related AI functions can acquire AI literacy through education, guidance, or other appropriate means. We view AI literacy as a practical capability rather than a declarative concept, with a focus on recognizing and responding to AI malfunctions, bias, privacy risks, and potential legal liabilities. AI literacy initiatives are conducted in an appropriate scope and manner, taking into account the roles and responsibilities of stakeholders, including employees, system operators (administrators), and customer administrators. Typical content may include, but is not limited to:

  • Employees: Basic AI principles, potential bias and errors, accountability structures

  • Operators (Administrators): Handling authentication errors, alternative authentication procedures, log interpretation

  • Customer Administrators: Limitations of AI use, legal and ethical responsibilities, prevention of misuse

January 22, 2026