← Back to home

AI Act Readiness Report

⚡ Demo — generated for previewRISK: HIGH
Product: https://hireai.io
AI feature: "AI recruiting tool that analyzes candidate CVs and resumes, then ranks them by fit-score. Recruiters upload job descriptions and our AI model scores applicants automatically."
⚠️ Not legal advice. This is a preliminary technical readiness scan. It identifies potential risk areas and missing documentation based on publicly available AI Act guidance. Always consult a qualified lawyer.

1. Risk Category Assessment

Annex III.4 — Employment / HREmployment / HR signal detected (Annex III.4)Sensitive personal data processing — GDPR Art. 9 intersectionFully automated decision-making — human oversight requiredB2C deployment — enhanced transparency obligations (Art. 50)

2. Missing Documentation Checklist

  • AI disclosure notice for users
  • Model / vendor inventory
  • Human oversight process
  • Data processing description
  • Audit logging for AI decisions
  • Privacy policy AI section
  • Opt-out mechanism for users
  • Bias / fairness evaluation
  • EU representative designation
  • Conformity assessment documentation

7 out of 10 documents are missing — typical for early-stage AI SaaS.

3. Questions for Your Lawyer

Does our AI system for candidate evaluation qualify as high-risk under Annex III.4 (Employment)?Are we required to register our AI system in the EU database before deployment?Is human review of AI recommendations sufficient, or do we need full human-in-the-loop?What additional data governance obligations apply given we process sensitive personal data?Does fully automated decision-making trigger additional user rights under Article 22 GDPR?What documentation should we request from our model provider to satisfy deployer obligations under Article 13?

4. Recommended Next Steps

  • Run a detailed legal compliance review within 30 days
  • Prepare conformity assessment documentation (Annex IV technical file)
  • Register your AI system in the EU database before market placement
  • Add AI disclosure notice to your website and product UI (Article 50)
  • Document data flow: what data feeds the AI, where output goes, who reviews it
  • Implement human review step before AI decisions are finalized
  • Set up audit logging for all AI-generated decisions (Article 12)
  • Review GDPR compliance for AI decision-making with personal data
  • Review your Data Processing Agreement (DPA) with your model provider
  • Establish a risk management process (Article 9)
  • Set up post-market monitoring (Article 72)
  • Book a 1-hour consultation with a qualified legal advisor
  • Re-scan every 6 months or when you add major AI features

Ready to scan your product?

Get your personalized report in 2 minutes. No credit card required.

→ Scan my product for free