AI tool that screens and ranks job applicants for entry-level roles

High-risk AI systems must include human oversight measures to minimize risks to health, safety or fundamental rights.

High-risk AI systems must achieve and maintain a high level of accuracy, robustness and cybersecurity, with continuous testing to prevent malfunctions.

Providers of high-risk AI must ensure system compliance, affix CE mark, maintain quality management and documentation, and handle logging, conformity assessment, and corrective actions.

Providers must design AI systems interacting with people so that users are informed they are interacting with AI (not a human).

Individuals subject to high-risk AI decisions that significantly affect them have the right to obtain a clear, meaningful explanation of the AI system role and the main decision elements.

Colorado AI Act defines an automated decision-making technology as one that processes personal data to generate recommendations or scores used to make consequential decisions.

A developer of a high-risk AI system must use reasonable care to prevent known or foreseeable algorithmic discrimination.

A deployer of a high-risk AI system must use reasonable care to address discrimination risks and implement an iterative risk management program.

Data subjects have a right not to be subject to solely automated decisions (including profiling) producing legal or similarly significant effects on them.

Controllers must implement data-protection principles (e.g. minimization, pseudonymisation) into processing from the earliest design stages.

Controllers and processors must implement appropriate technical and organizational measures to secure personal data according to the risk (e.g. encryption, resiliency).

Requires DPIA before processing that is likely high-risk to rights, e.g. systematic automated profiling with significant effects.

Personal data processing must fit at least one lawful basis (e.g. consent, contract performance, vital interests, public task, legitimate interest).

NYC Local Law 144 mandates that employers using automated employment decision tools must conduct an annual bias audit of the tool and publicly post a summary of the results before use.

Under NYC law, employers must notify job candidates and employees at least 10 business days before using an automated employment decision tool.

Under CIRCIA, designated critical-infrastructure companies must report covered cyber incidents to CISA within 72 hours of discovery.

NY SHIELD Act requires entities holding private information to implement reasonable safeguards and notify affected NY residents of data breaches.

The EU 2024 update to the Product Liability Directive extends strict liability to digital products including AI-based systems.

Requires certain deployers of high-risk AI systems to perform a Fundamental Rights Impact Assessment (FRIA) before first use. Applies to public bodies, private entities providing public services, and deployers of high-ri…

Grants data subjects the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects or similarly significantly affects them. Three exceptions: contract n…

Establishes an affirmative defense for developers and deployers of high-risk AI systems. A defendant escapes liability if it (1) discovered and cured the violation through user-feedback channels, red-teaming, adversarial…