Systemic Risk Assessment

Last Updated: May 5, 2026 · Next scheduled review: May 5, 2027

Performed in good faith under the framework of EU Digital Services Act Article 34. Counsel review pending before formal publication flag.

Scope. Chatalystar Inc. operates a paid, authentication-gated, adults-only platform that hosts (a) user-generated adult content from third-party-verified human creators and (b) generative-AI character interactions. This document covers material systemic risks arising from those services.

Methodology. Each risk is identified, supported by evidence, mapped to deployed mitigations (with hyperlinks to the specific policy or product page), and rated for residual risk after mitigation. Residual ratings are good-faith engineering judgments, not formal probabilistic estimates.

Cadence. The assessment is reviewed at least annually and after any material change in product surface, service volume, or applicable law.

1. Child sexual abuse material (CSAM)

DSA Art. 34(1)(a) — illegal content

Residual: low

Identification

Risk that real or simulated sexual material depicting minors is uploaded to the vault, generated by an AI character, or solicited from a creator. Zero-tolerance category under U.S., U.K., and EU law and the platform's own Community Guidelines.

Evidence base

Adult-content platform with image, video, and chat surfaces — the inherent risk surface for this category.
Vault upload pipeline (creator-supplied media) and AI chat / character pipelines (user-supplied prompts) are both potential vectors.
Industry-wide evidence base from NCMEC reports and the European Commission's transparency database.

Deployed mitigations

Hard 21+ floor for creators with third-party Veriff identity verification before publishing (reference).
Tiered application gate: under-18 blocked outright, 18-20 placed on protected waitlist, only 21+ proceed to verification (reference).
Sightengine two-tier scanning runs on every uploaded image and video; minor-suspected uploads are hard-blocked and queued for human review (reference).
Per-vault-session EIP-712 attestation binds every upload to the verified creator wallet — stolen sessions cannot publish (reference).
AI character system prompts and Sightengine content moderation layer reject any prompt designed to portray a minor (reference).
Public report inbox and report form route minor-suspected reports to the highest triage priority; confirmed CSAM is reported to NCMEC (reference).

Residual-risk assessment

Residual risk is meaningfully reduced by the layered controls above but is not zero, because no automated screening system reaches 100 % recall on novel material and because adversarial actors continually probe the upload pipeline. Residual-risk owner: Trust & Safety. Mitigation review cadence: quarterly.

2. Non-consensual intimate imagery (NCII)

DSA Art. 34(1)(b) — fundamental rights, dignity, private life

Residual: medium

Identification

Risk that intimate images of an identifiable person are uploaded without that person's consent — including 'revenge porn,' hidden-camera material, leaked private content, or non-consensual deepfakes of a real person.

Evidence base

Creator-uploaded media and AI deepfake-style generation are both established risk vectors industry-wide.
Reporter signals consistently rank NCII as one of the top inbound report categories on adult platforms.

Deployed mitigations

Creator Agreement requires creators to maintain government-issued ID and signed model releases for every depicted performer; Chatalystar serves as secondary records custodian and may demand documentation within 48 hours (reference).
Per-vault-session attestation + per-upload chain-of-custody mean each upload is bound to the verified creator and tamper-evident (reference).
Public report form and report@ inbox accept reports from the depicted subject (or parent / guardian / authorized representative) with 24-hour first-action SLA (reference).
AI characters cannot be prompted to portray a real identifiable person without verified consent (banned-content policy + system-prompt guardrails) (reference).

Residual-risk assessment

Residual risk is medium. Reactive removal (24h SLA) is the dominant control today; proactive perceptual-hash matching against an NCII victim database is a known mitigation gap that is on the Trust & Safety roadmap. Residual-risk owner: Trust & Safety. Review cadence: quarterly.

3. Terrorism content & violent extremism

DSA Art. 34(1)(a) — illegal content; TCO Reg. (EU) 2021/784

Residual: low

Identification

Risk that the platform is used to host or distribute terrorist content within the meaning of Regulation (EU) 2021/784, or to recruit / coordinate violent extremism via chat or profile surfaces.

Evidence base

Niche, adults-only, paid-platform posture meaningfully reduces but does not eliminate the risk surface.
Direct-message and group-chat surfaces are the realistic vectors; bulk content distribution is not a platform pattern.

Deployed mitigations

Banned-content policy explicitly prohibits weapons trafficking, terrorism promotion, and instructions for serious physical harm (reference).
Sightengine moderation pipeline flags violent-extremism imagery on uploaded media (reference).
Standing process for handling EU TCO removal orders — addressed through the le@ inbox with 1-hour engagement target (reference).
All members are 18+ and all creators are 21+ Veriff-verified, narrowing the population of potential bad actors (reference).

Residual-risk assessment

Residual risk is low for the platform's intended use. The dominant residual exposure is misuse of one-to-one chat for radicalisation messaging, mitigated by the report flow and operator escalation. Residual-risk owner: Trust & Safety. Review cadence: semi-annual.

4. Minor access to adult content

DSA Art. 28 — protection of minors; AVMSD; UK OSA

Residual: medium

Identification

Risk that a person under 18 reaches NSFW surfaces of the platform — registers an account, views creator content, or interacts with AI characters in adult contexts.

Evidence base

Adult-content platform with NSFW imagery, video, and chat behind authentication.
Industry-wide evidence shows hard age gates at signup are partially circumventable; defence-in-depth is necessary.

Deployed mitigations

Members must be 18+ confirmed at signup and re-confirmed before any NSFW unlock (reference).
Creators must be 21+, third-party Veriff-verified before any content can be published (reference).
NSFW blur gate is on by default for unauthenticated visitors and for fresh accounts; deliberate user action is required to dismiss it (reference).
Under-18 attempts at the creator application gate are tracked as a privacy-respecting aggregate (no email, no IP) so we can monitor pressure on the gate (reference).
Robots / sitemap policy excludes NSFW surfaces from public crawl exposure.

Residual-risk assessment

Residual risk is medium until the EU age-verification wallet (eIDAS 2.0 / EUDI) and equivalent national schemes are integrated as supported AV signals. Self-attestation is a known weak link; integration with strong third-party age signals is on the Trust & Safety roadmap. Residual-risk owner: Trust & Safety + Product. Review cadence: quarterly.

5. Coordinated inauthentic behavior & impersonation

DSA Art. 34(1)(c) — civic discourse, electoral processes

Residual: low

Identification

Risk that the platform is used for coordinated inauthentic behavior (CIB) — networks of fake accounts, mass-impersonation of real creators, or coordinated harassment / scam campaigns.

Evidence base

Paid, Veriff-verified creator population sharply limits the supply of fake-creator accounts.
Member side has lower barriers, with the residual risk concentrated in fan-account impersonation of creators and scam DM patterns.

Deployed mitigations

Mandatory Veriff identity check for every creator account; impersonation of a verified creator is detectable and a permanent-ban offense (reference).
AI character labeling: every Simulated Presence reply is clearly labeled as AI in chat so members are not deceived about who they are talking to (reference).
Sign-in rate-limiting, anomaly detection on registration patterns, and IP / device fingerprinting reduce the cost of detecting fake-account farms.
report@ inbox accepts impersonation reports with the same 24-hour SLA as other policy violations (reference).

Residual-risk assessment

Residual risk is low for creator-side CIB and medium for member-side scam DMs. Continued investment in member-side anti-scam heuristics is the primary mitigation gap. Residual-risk owner: Trust & Safety + Engineering. Review cadence: semi-annual.

6. Targeted harassment, hate speech & gender-based violence

DSA Art. 34(1)(b) & (c) — fundamental rights, civic discourse

Residual: medium

Identification

Risk that members or creators are subjected to targeted harassment, hate speech against protected characteristics, or gender-based abuse via chat, profile, or content surfaces.

Evidence base

Adult platforms historically over-index on gender-based abuse directed at female-presenting creators.
Chat surfaces are the dominant inbound vector.

Deployed mitigations

Community Guidelines hard-prohibit hate speech, harassment, doxxing, and stalking with permanent-ban consequences for severe cases (reference).
Sightengine moderation layer flags hate-speech-coded content on uploads (reference).
Per-message report tooling routes harassment reports into the same triage queue with the same 24-hour SLA (reference).
Creators have block, mute, and report tools at the conversation level; appeals go to support@ within 30 days (reference).

Residual-risk assessment

Residual risk is medium and concentrated in private-message harassment that is reactive-only by design. Residual-risk owner: Trust & Safety. Review cadence: quarterly.

7. Generative-AI misuse (impersonation prompts, jailbreaks, deceptive AI)

DSA Art. 34(2) — risks specific to generative AI

Residual: low

Identification

Risk that AI characters (Muses, Simulated Presence) are prompted to portray minors, real people without consent, or to generate content that violates platform policy or applicable law; or that members are deceived about whether they are talking to a human or an AI.

Evidence base

Generative-AI character interaction is a core surface of the platform.
Industry-wide evidence base on prompt-injection / jailbreak attempts is well-established.

Deployed mitigations

All AI characters (Muses + Simulated Presence) are anchored as fictional adults aged 18+; system prompts hard-prohibit minor portrayal (reference).
Simulated Presence requires the underlying Star to be a 21+ Veriff-verified human who has explicitly consented to the AI training (reference).
Every AI reply is clearly labeled in-product so members are never deceived about whether a message is human or AI (reference).
Banned-content policy + system-prompt guardrails reject prompts designed to portray a real person without verified consent (reference).
Sightengine and prompt-classification layers screen both AI-generated and AI-prompted output before it surfaces to the user (reference).

Residual-risk assessment

Residual risk is low. The dominant residual exposure is novel jailbreak techniques that bypass current prompt classifiers; mitigated by red-team review and rapid rule-pack updates. Residual-risk owner: AI Safety + Trust & Safety. Review cadence: quarterly.

8. Personal-data exposure & privacy of intimate users

DSA Art. 34(1)(b) — privacy, fundamental rights; GDPR

Residual: medium

Identification

Risk that users' real identities, payment data, intimate chat content, or NSFW media are exposed via breach, scraping, account takeover, or improper internal access.

Evidence base

Platform processes Veriff identity data for creators and intimate chat / media content for both members and creators.
Adult-content platforms are above-baseline targets for credential-stuffing and scraping.

Deployed mitigations

Veriff identity data and payment data are stored only as long as required by 2257 / KYC / AML obligations and are access-controlled to the compliance role (reference).
Privacy Policy documents the lawful bases, retention windows, and DSR mechanisms (reference).
Per-vault-session attestations are tamper-evident; access to creator media is gated through signed URLs with short TTL (reference).
Privacy@ inbox accepts GDPR / CCPA data-subject access, deletion, and portability requests (reference).

Residual-risk assessment

Residual risk is medium and is the standard residual exposure for any platform processing intimate user data. Residual-risk owner: Privacy + Security Engineering. Review cadence: annual + after any in-scope incident.

Scope limits and good-faith caveats

This assessment is published in good faith and references only capabilities that are actually deployed at the time of writing. Claims that reference a policy page or product surface link to it directly so a reader can verify.
Residual ratings (low / medium / elevated) are engineering judgments. They are not probabilistic risk scores and they are not audited.
The assessment is being prepared for counsel review; nothing here is a legal admission and the document is not a substitute for regulator-facing transparency reports filed under Art. 24 / Art. 42 of the DSA where those obligations apply.
The platform is not currently designated as a Very Large Online Platform (VLOP) under DSA Art. 33. We perform this assessment voluntarily as part of our standing trust posture.

Back to Home

Systemic Risk Assessment

Last Updated: May 5, 2026 · Next scheduled review: May 5, 2027

Performed in good faith under the framework of EU Digital Services Act Article 34. Counsel review pending before formal publication flag.

Cadence. The assessment is reviewed at least annually and after any material change in product surface, service volume, or applicable law.

1. Child sexual abuse material (CSAM)

DSA Art. 34(1)(a) — illegal content

Residual: low

Identification

Evidence base

Adult-content platform with image, video, and chat surfaces — the inherent risk surface for this category.
Vault upload pipeline (creator-supplied media) and AI chat / character pipelines (user-supplied prompts) are both potential vectors.
Industry-wide evidence base from NCMEC reports and the European Commission's transparency database.

Deployed mitigations

Hard 21+ floor for creators with third-party Veriff identity verification before publishing (reference).
Tiered application gate: under-18 blocked outright, 18-20 placed on protected waitlist, only 21+ proceed to verification (reference).
Sightengine two-tier scanning runs on every uploaded image and video; minor-suspected uploads are hard-blocked and queued for human review (reference).
Per-vault-session EIP-712 attestation binds every upload to the verified creator wallet — stolen sessions cannot publish (reference).
AI character system prompts and Sightengine content moderation layer reject any prompt designed to portray a minor (reference).
Public report inbox and report form route minor-suspected reports to the highest triage priority; confirmed CSAM is reported to NCMEC (reference).

Residual-risk assessment

2. Non-consensual intimate imagery (NCII)

DSA Art. 34(1)(b) — fundamental rights, dignity, private life

Residual: medium

Identification

Evidence base

Creator-uploaded media and AI deepfake-style generation are both established risk vectors industry-wide.
Reporter signals consistently rank NCII as one of the top inbound report categories on adult platforms.

Deployed mitigations

Creator Agreement requires creators to maintain government-issued ID and signed model releases for every depicted performer; Chatalystar serves as secondary records custodian and may demand documentation within 48 hours (reference).
Per-vault-session attestation + per-upload chain-of-custody mean each upload is bound to the verified creator and tamper-evident (reference).
Public report form and report@ inbox accept reports from the depicted subject (or parent / guardian / authorized representative) with 24-hour first-action SLA (reference).
AI characters cannot be prompted to portray a real identifiable person without verified consent (banned-content policy + system-prompt guardrails) (reference).

Residual-risk assessment

3. Terrorism content & violent extremism

DSA Art. 34(1)(a) — illegal content; TCO Reg. (EU) 2021/784

Residual: low

Identification

Risk that the platform is used to host or distribute terrorist content within the meaning of Regulation (EU) 2021/784, or to recruit / coordinate violent extremism via chat or profile surfaces.

Evidence base

Niche, adults-only, paid-platform posture meaningfully reduces but does not eliminate the risk surface.
Direct-message and group-chat surfaces are the realistic vectors; bulk content distribution is not a platform pattern.

Deployed mitigations

Banned-content policy explicitly prohibits weapons trafficking, terrorism promotion, and instructions for serious physical harm (reference).
Sightengine moderation pipeline flags violent-extremism imagery on uploaded media (reference).
Standing process for handling EU TCO removal orders — addressed through the le@ inbox with 1-hour engagement target (reference).
All members are 18+ and all creators are 21+ Veriff-verified, narrowing the population of potential bad actors (reference).

Residual-risk assessment

4. Minor access to adult content

DSA Art. 28 — protection of minors; AVMSD; UK OSA

Residual: medium

Identification

Risk that a person under 18 reaches NSFW surfaces of the platform — registers an account, views creator content, or interacts with AI characters in adult contexts.

Evidence base

Adult-content platform with NSFW imagery, video, and chat behind authentication.
Industry-wide evidence shows hard age gates at signup are partially circumventable; defence-in-depth is necessary.

Deployed mitigations

Members must be 18+ confirmed at signup and re-confirmed before any NSFW unlock (reference).
Creators must be 21+, third-party Veriff-verified before any content can be published (reference).
NSFW blur gate is on by default for unauthenticated visitors and for fresh accounts; deliberate user action is required to dismiss it (reference).
Under-18 attempts at the creator application gate are tracked as a privacy-respecting aggregate (no email, no IP) so we can monitor pressure on the gate (reference).
Robots / sitemap policy excludes NSFW surfaces from public crawl exposure.

Residual-risk assessment

5. Coordinated inauthentic behavior & impersonation

DSA Art. 34(1)(c) — civic discourse, electoral processes

Residual: low

Identification

Risk that the platform is used for coordinated inauthentic behavior (CIB) — networks of fake accounts, mass-impersonation of real creators, or coordinated harassment / scam campaigns.

Evidence base

Paid, Veriff-verified creator population sharply limits the supply of fake-creator accounts.
Member side has lower barriers, with the residual risk concentrated in fan-account impersonation of creators and scam DM patterns.

Deployed mitigations

Mandatory Veriff identity check for every creator account; impersonation of a verified creator is detectable and a permanent-ban offense (reference).
AI character labeling: every Simulated Presence reply is clearly labeled as AI in chat so members are not deceived about who they are talking to (reference).
Sign-in rate-limiting, anomaly detection on registration patterns, and IP / device fingerprinting reduce the cost of detecting fake-account farms.
report@ inbox accepts impersonation reports with the same 24-hour SLA as other policy violations (reference).

Residual-risk assessment

6. Targeted harassment, hate speech & gender-based violence

DSA Art. 34(1)(b) & (c) — fundamental rights, civic discourse

Residual: medium

Identification

Risk that members or creators are subjected to targeted harassment, hate speech against protected characteristics, or gender-based abuse via chat, profile, or content surfaces.

Evidence base

Adult platforms historically over-index on gender-based abuse directed at female-presenting creators.
Chat surfaces are the dominant inbound vector.

Deployed mitigations

Community Guidelines hard-prohibit hate speech, harassment, doxxing, and stalking with permanent-ban consequences for severe cases (reference).
Sightengine moderation layer flags hate-speech-coded content on uploads (reference).
Per-message report tooling routes harassment reports into the same triage queue with the same 24-hour SLA (reference).
Creators have block, mute, and report tools at the conversation level; appeals go to support@ within 30 days (reference).

Residual-risk assessment

Residual risk is medium and concentrated in private-message harassment that is reactive-only by design. Residual-risk owner: Trust & Safety. Review cadence: quarterly.

7. Generative-AI misuse (impersonation prompts, jailbreaks, deceptive AI)

DSA Art. 34(2) — risks specific to generative AI

Residual: low

Identification

Evidence base

Generative-AI character interaction is a core surface of the platform.
Industry-wide evidence base on prompt-injection / jailbreak attempts is well-established.

Deployed mitigations

All AI characters (Muses + Simulated Presence) are anchored as fictional adults aged 18+; system prompts hard-prohibit minor portrayal (reference).
Simulated Presence requires the underlying Star to be a 21+ Veriff-verified human who has explicitly consented to the AI training (reference).
Every AI reply is clearly labeled in-product so members are never deceived about whether a message is human or AI (reference).
Banned-content policy + system-prompt guardrails reject prompts designed to portray a real person without verified consent (reference).
Sightengine and prompt-classification layers screen both AI-generated and AI-prompted output before it surfaces to the user (reference).

Residual-risk assessment

8. Personal-data exposure & privacy of intimate users

DSA Art. 34(1)(b) — privacy, fundamental rights; GDPR

Residual: medium

Identification

Risk that users' real identities, payment data, intimate chat content, or NSFW media are exposed via breach, scraping, account takeover, or improper internal access.

Evidence base

Platform processes Veriff identity data for creators and intimate chat / media content for both members and creators.
Adult-content platforms are above-baseline targets for credential-stuffing and scraping.

Deployed mitigations

Veriff identity data and payment data are stored only as long as required by 2257 / KYC / AML obligations and are access-controlled to the compliance role (reference).
Privacy Policy documents the lawful bases, retention windows, and DSR mechanisms (reference).
Per-vault-session attestations are tamper-evident; access to creator media is gated through signed URLs with short TTL (reference).
Privacy@ inbox accepts GDPR / CCPA data-subject access, deletion, and portability requests (reference).

Residual-risk assessment

Scope limits and good-faith caveats

This assessment is published in good faith and references only capabilities that are actually deployed at the time of writing. Claims that reference a policy page or product surface link to it directly so a reader can verify.
Residual ratings (low / medium / elevated) are engineering judgments. They are not probabilistic risk scores and they are not audited.
The assessment is being prepared for counsel review; nothing here is a legal admission and the document is not a substitute for regulator-facing transparency reports filed under Art. 24 / Art. 42 of the DSA where those obligations apply.
The platform is not currently designated as a Very Large Online Platform (VLOP) under DSA Art. 33. We perform this assessment voluntarily as part of our standing trust posture.