Free audit · 8 minutes · 3 frameworks

    Is your hiring AI actually compliant — or just confidently illegal?

    Score your stack against the EU AI Act, GDPR Article 22, and NYC Local Law 144 in eight minutes. Get a per-clause gap report, a remediation plan, and a board-ready PDF — without a consultant.

    62
    Clauses checked
    3
    Frameworks covered
    8 min
    To complete
    0 €
    Free, no consultant

    Chapter 01 — Why this exists

    Most hiring AI lives in a compliance grey zone.

    The EU AI Act classifies most CV-screening, ranking and assessment tools as high-risk. GDPR Article 22 limits decisions made solely by automated processing. NYC Local Law 144 requires bias audits and notification. Most companies are exposed on at least one — and do not know it.

    This scorecard is built from the actual statutory text. Sixty-two yes/no questions, mapped clause by clause. No legal advice — but a clear, evidenced map of where you stand and what to fix first, in the order regulators are likely to ask about it.

    You can finish it in eight minutes. The PDF is shareable with legal, security, and the board. The remediation plan is sequenced by risk, not by alphabet.

    Chapter 02 — How it works

    Eight minutes. A defensible answer.

    1. 01

      Map your stack

      List the AI features in your hiring flow — sourcing, screening, ranking, assessments, video analysis, predictive matching. Vendor-agnostic. We do not need product names.

    2. 02

      Answer 62 yes/no questions

      Each one cites the clause it maps to: AI Act Art. 6, 14, 26, 50; GDPR Art. 22, 35; NYC LL144 §20-871. No jargon — every question has a plain-English explanation.

    3. 03

      See your per-framework score

      Three scores out of 100 — one per framework. Plus a heatmap of which obligations you meet, partially meet, or fail. With the legal text underneath each row.

    4. 04

      Get the gap report

      Every gap with a recommended action, an owner (legal, security, HR, vendor), and a typical effort estimate. Sorted by regulatory exposure, not by ease.

    5. 05

      Download the board PDF

      A 4-page summary your CEO can read in coffee. Score, top three risks, top three quick wins, suggested 90-day plan. With every citation footnoted.

    What you see

    Three frameworks. One honest map.

    The scorecard does not invent rules. Every question maps to a published clause, with the article number visible. You can disagree with our interpretation — and the PDF includes every citation so your legal counsel can override us where they disagree.

    Where most companies fail

    • — No documented human review of AI-driven rejection decisions (GDPR Art. 22)
    • — No fundamental rights impact assessment for high-risk systems (AI Act Art. 27)
    • — No annual independent bias audit for tools used on NYC candidates (LL144)
    • — No candidate notification of automated processing in the application flow
    • — Vendor DPAs that do not flow down AI Act obligations to sub-processors

    What good compliance looks like

    • — Documented human-in-the-loop review for every adverse decision
    • — FRIA on file for every high-risk hiring AI feature, refreshed annually
    • — Bias audit results published or disclosable on request
    • — Plain-language candidate notice with opt-out and review rights
    • — Vendor contracts that name the AI Act role (provider, deployer) explicitly

    Frequently asked

    Is this legal advice?

    No. The scorecard is an educational tool that maps your stack against published statutory text. It is designed to make a productive conversation with your legal counsel possible — not to replace one. Every output cites the clause it relies on so a lawyer can verify or override our interpretation.

    Which frameworks are covered?

    EU AI Act (high-risk obligations), GDPR Article 22 and Article 35 (DPIA triggers for hiring), and NYC Local Law 144 (Automated Employment Decision Tools). Illinois AIVIA is on the roadmap. Equivalent UK guidance from the ICO is referenced where overlapping.

    Does this work if our AI is built in-house?

    Yes. Most clauses apply to the deployer regardless of whether the AI was built or bought. The scorecard asks about features and decisions, not vendors. In-house systems usually score worse on documentation and better on data minimisation — both show up in the report.

    How current is the AI Act mapping?

    Last reviewed against the Official Journal text dated 12 July 2024 and the August 2025 implementing regulations. Updated quarterly. Material changes are flagged in the changelog visible from the scorecard footer.

    What do I do with the PDF?

    Share it with legal, security, HR leadership, and vendors. The remediation plan is sequenced so you can negotiate vendor SOWs and internal roadmaps in the order that reduces regulatory exposure fastest. It is not designed to be filed and forgotten.

    Stop guessing

    Score your stack. Then fix it in order.

    TenPerZent ships with EU AI Act compliance, GDPR Art. 22 human-review workflows, and bias-audit logging built in — not bolted on. Sign up free and your hiring AI is auditable from day one.
    Try TenPerZent free

    Sources

    1. Regulation (EU) 2024/1689 — the EU AI Act, Official Journal, 12 July 2024.
    2. Regulation (EU) 2016/679 — the GDPR, Articles 22 and 35.
    3. NYC Administrative Code §20-870 to §20-874 — Local Law 144 of 2021.
    4. European Data Protection Board, Guidelines 1/2024 on automated decision-making.
    5. TenPerZent compliance team, mapping last reviewed Q1 2026.

    100 free screenings · No credit card · Live in 60 seconds

    Stop reading CVs. Start hiring better.

    Drop your next job description in. TenPerZent ranks every applicant with evidence and surfaces your top 5 — usually before your morning coffee.

    • EU AI Act ready
    • 60-second setup
    • Cancel anytime