**Article 9**

### Establishment and Maintenance of the Risk Management System

Vanguard Human Capital Technologies has instituted a comprehensive risk management system for Contractual Separation Insight, recognizing its classification as a high-risk AI system due to its potential impact on employees’ contractual status and fundamental labor rights. This system is documented within the Product Lifecycle Risk Management Protocol (PLRMP) version 4.3 and has been continuously maintained since initial development in 2023. The system encompasses initial risk analyses at design inception, iterative reassessment during development, and scheduled post-deployment reviews aligned with product updates every six months or in response to significant changes in labor law or corporate policy frameworks.

### Identification and Analysis of Known and Foreseeable Risks

Through a structured hazard analysis completed in Q4 2023, the risks inherent to Contractual Separation Insight were catalogued with particular attention to impacts on worker health, safety, and fundamental rights, including potential discrimination or wrongful contract termination. Key risks identified include algorithmic bias arising from imbalanced training datasets, misinterpretation of policy language due to ambiguous legal texts, and overreliance on quantitative performance metrics. These risks were identified through literature reviews on AI decision support in HR, stakeholder consultations with labor law experts, and preliminary algorithmic stress tests simulating diverse demographic profiles. Consideration was given to reasonably foreseeable misuse scenarios, such as deployment without adequate user training or attempts to manipulate input data to skew recommendations.

### Risk Estimation and Evaluation Under Intended and Misuse Scenarios

Quantitative risk estimation applied probabilistic modeling using a risk matrix where the likelihood and severity of adverse outcomes were derived from empirical data including a validation dataset of 12,000 anonymized employment records with ground-truth contract decisions and expert-annotated outcomes. False positive termination recommendations were observed at a base rate of 1.8%, while false negatives appeared at 2.3%, both within thresholds pre-defined for acceptable operational risk. Misuse case evaluations, including adversarial input testing and simulated operator errors, resulted in an increased potential risk factor of up to 4.5% false positive rate under worst-case conditions, quantified through scenario-based simulations conducted with domain experts. These categorical risk estimations informed the prioritization of mitigation measures.

### Post-Market Risk Evaluation Supported by Monitoring Systems

Contractual Separation Insight integrates a post-market monitoring module that aggregates anonymized deployment data and user feedback through secure telemetry channels. Monthly reports analyze system decisions against documented labor outcomes, with discrepancies flagged for further investigation. This continuous data gathering facilitates early detection of emerging risks such as performance degradation due to evolving labor policies, shifts in workforce composition, or systemic biases that may arise during prolonged operational use. Anomalies detected trigger risk reassessments and adaptive updates in collaboration with compliance officers. Evidence from twelve months of post-market monitoring shows stable model performance with residual risk metrics consistently below 3%.

### Adoption of Targeted Risk Management Measures

To mitigate the identified risks, development decisions emphasized dataset diversification, algorithmic transparency, and user-centered design. The ensemble random forest models were trained on a balanced corpus of over 50,000 labeled cases, reflecting diverse sectors, demographics, and geographic jurisdictions within the EU. Large language models (LLMs) employed for policy interpretation were fine-tuned on a corpus of standardized labor contracts and regulatory texts, ensuring contextual accuracy. Model explainability is provided through feature importance scores and natural language justifications generated alongside recommendations, facilitating user comprehension and contestability. Additionally, automated bias detection subroutines flag potential discriminatory patterns for review before deployment. User guidance documentation and training materials contextualize system limitations and instruct on appropriate interpretation of outputs, addressing variations in presumed technical proficiency among HR operators.

### Consideration of Combined Requirements and Interaction Effects

Risk management measures have been designed in coordination to balance robustness, usability, and compliance. Algorithmic tuning ensures reduction of bias without sacrificing predictive accuracy, while explainability features enhance transparency without overwhelming end-users with technical detail. Training modules are aligned with the information provisions under Article 13, emphasizing responsible system use and fostering trust. The iterative design process incorporated ethical reviews and usability testing during alpha and beta phases, confirming that the layered safeguards collectively reduce residual risk to acceptable levels while maintaining decision-making efficiency.

### Determination of Residual Risk and Acceptability

Residual risks were quantitatively evaluated through Monte Carlo simulations combining uncertainties from model predictions, data variation, and user interaction scenarios. Results indicate that the overall residual risk of erroneous or unfair contract termination recommendations remains below 3%, a threshold benchmarked with industry best practices and input from external labor law consultants. Residual risks are further reduced in practice by integrated human-in-the-loop workflows requiring HR professionals to review and confirm AI-generated recommendations. The combination of technical design mitigations, procedural controls, and user training underpins this risk profile.

### Testing for Risk Management Optimization

Comprehensive testing regimes were implemented, including unit testing of algorithmic components, integration testing of the ensemble system, and end-to-end validation against representative use cases. These tests covered both synthetic and real-world datasets, with a final round of penultimate validation involving simulated deployment contexts involving HR practitioners. Test metrics included precision, recall, false positive and false negative rates, bias indices (e.g., disparate impact ratio), and interpretability scores, all measured against pre-established probabilistic thresholds aligned with intended system functionalities. User acceptance testing confirmed the sufficiency of transparency and procedural safeguards.

### Real-World and Lifecycle-Spanning Testing Activities

Testing protocols encompassed real-world pilot deployments conducted over three quarters in select multinational corporate clients, monitored under controlled conditions with informed consent and anonymized data handling. Feedback from these pilots informed iterative refinements, including adjustments to LLM contextual parsing and risk communication interfaces. Testing is scheduled for repetition with each major software update and immediately prior to market release, ensuring ongoing compliance with evolving performance criteria.

### Special Attention to Vulnerable Groups

Risk assessments and testing exercises explicitly included analysis of potential adverse impacts on persons under 18 years of age and other vulnerable groups, consistent with demographic metadata present in training and validation datasets. Data protection and ethical screening steps ensured no unauthorized profiling or discriminatory treatments occur on the basis of age, disability, or minority status. Sensitivity analyses confirmed stability of recommendations across these groups, and training materials emphasize caution and human oversight when handling cases involving vulnerable employees.

### Integration with External Risk Management Obligations

The internal risk management system aligns with relevant EU standards for AI system quality and safety, integrating processes required under complementary Union legislation such as labor law directives and data protection requirements. Documented coordination mechanisms ensure that aspects governed by external provisions are harmonized with Contractual Separation Insight’s internal risk protocols, preventing duplication and ensuring comprehensive coverage across the full risk spectrum.