1) Executive summary

What you have (features): candidate sourcing & parsing, matching/ranking, interview automation, transcript analysis, productivity/performance analytics, HR chatbot, background checks/connectors, payroll anomaly detection.

Our call (buckets): core recruitment/selection and workers‑management features are High‑Risk (Annex III); any emotion recognition in workplace is Prohibited; chat/assistive UIs are Limited‑Risk (transparency). No LEA/public‑biometrics scope observed.

Top issues (fix first):

  1. High‑Risk track readiness — draft tech files per system (purpose, data, models, tests), oversight workflow, logs & monitoring; prep registration where required.
  2. Fairness/robustness tests — define pass/fail for bias parity, adverse impact, stability across languages/formats.
  3. Transparency & candidate rights — clear notices at capture points; review/appeal path; retention policy; human‑in‑the‑loop before adverse decisions.

Fast wins (7–14 days): obligation sheets per system; add UI notices; publish data/license & retention tables; seed CI job to fail on missing oversight/logging; ship bias test notebook skeleton.


2) System Register & Risk Map (CSV)

File: 10-register/system-register.csv

system-register.csv

Heatmap (10-register/risk-heatmap.md)

| System                          | Risk          |
|---------------------------------|---------------|
| Candidate Matching & Ranking    | High          |
| CV Parsing & Entity Extraction  | High          |
| Interview Transcript Analyzer   | High          |
| Emotion/Sentiment Scoring       | Prohibited*   |
| HR Support Chatbot              | Limited       |
| Productivity & Performance      | High          |
| Background Check Integrations   | High          |
| Payroll Anomaly Detection       | Minimal       |


3) Prohibited‑Use Triage (Art. 5)

# Prohibited‑Use Triage — HRMTech (evidence@DEMO_HASH)
- Emotion/Sentiment Scoring (workplace) → PROHIBITED
  - Evidence: repo/vision/emotion_net.py#L1–L220
  - Action: remove for EU scope or restrict to non‑workplace, non‑education contexts; document feature flag/default OFF.
- Social scoring of natural persons → Not observed (add AUP ban)
- Untargeted scraping of facial images for FR DBs → Not observed (add AUP ban)
- Predictive policing / LEA‑only uses → Not in scope
- Manipulative/exploitative practices targeting vulnerabilities → Not observed; document UX safeguards