**Article 9**

### Establishment and Maintenance of the Risk Management System

Meridian Analytics Solutions has developed and continues to operate a comprehensive risk management system for the Recruitment Decision Forest (RDF), recognizing its classification as a high-risk AI system under the EU AI Act. This system is formally documented, integrated into the product lifecycle management procedures, and subject to continuous monitoring and updating at defined lifecycle milestones, including design, development, deployment preparation, and post-market phases. The risk management framework ensures systematic coordination between cross-functional teams—comprising data scientists, software engineers, compliance specialists, and HR domain experts—to address risks throughout the system’s lifecycle and adapt to emerging findings or regulatory updates.

The risk management process is governed by a documented protocol specifying timelines for iterative reviews, typically conducted quarterly during active development and biannually post-deployment, or more frequently in response to significant software modifications, shifts in intended use, or post-market monitoring insights.

### Identification and Analysis of Known and Foreseeable Risks

Initial and periodic risk identification involved a thorough hazard analysis focusing on potential adverse impacts on candidate privacy, fairness in selection, and fundamental rights such as non-discrimination. This was performed using structured risk assessment methodologies such as Failure Mode and Effects Analysis (FMEA) combined with domain-specific impact mapping tailored to recruitment contexts.

Key known risks identified include algorithmic bias arising from historical recruitment data imbalances, inadvertent use of protected characteristics proxies, overfitting leading to unfair exclusion of qualified candidates, and potential data breaches affecting candidate confidentiality. Foreseeable risks also include misuse scenarios where recruiters might incorporate model scores as sole decision criteria contrary to intended supplementary use, or where output interpretations might be misunderstood by non-expert users leading to erroneous hiring decisions.

These identified risks were mapped against the system’s intended functionalities—screening and scoring candidates based on structured inputs such as application data, metadata, and historic hiring outcomes—to ensure alignment with actual use conditions.

### Risk Estimation and Evaluation Including Misuse Conditions

Risks were quantitatively assessed through metric-based evaluations and scenario analyses, estimating likelihood and severity with the aid of probabilistic modelling and sensitivity testing. Statistical fairness metrics—including demographic parity difference, equal opportunity difference, and disparate impact ratio—were calculated on a candidate dataset comprising over 150,000 anonymized historical applications sourced and preprocessed in compliance with data protection standards.

The system was tested under simulated misuse conditions, such as excessive reliance on model output by recruiters or use with incomplete candidate profiles, to evaluate risk amplification. These tests used stratified sampling and stress-testing methodologies to emulate operational challenges. Residual risks were tabulated with justification based on performance thresholds (e.g., maximum allowable bias metrics within a 0.05 tolerance range) and operational constraints, providing evidence-based rationale for subsequent mitigation efforts.

### Incorporation of Post-Market Monitoring Data in Risk Evaluation

Data from the post-market monitoring system—operational since the first deployment release—feed into the risk management cycle continuously. This system aggregates feedback from end-users and anonymized outcome tracking (e.g., hiring outcomes, candidate complaints, appeals) via secure logging and data aggregation pipelines. Quarterly analytical reports identify trends relevant to risk areas such as unexpected bias emergence or system performance degradation.

Adjustments to risk assessments incorporate these empirical insights, enabling dynamic calibration of the risk management measures. For instance, recent monitoring revealed a marginal increase in false negative rates for candidates underrepresented in the training data, prompting targeted model retraining and feature recalibration.

### Targeted Risk Management Measures

Risk mitigation measures prioritized design and operational interventions to eliminate or minimize risks where technically feasible, supplemented by user guidance and training. Key design decisions include:

- **Feature Selection and Data Preprocessing:** Exclusion of protected characteristics and proxies through automated feature auditing, supplemented by manual reviews targeting variables correlated with age, gender, ethnicity, or disability indicators to reduce bias vectors.

- **Model Architecture and Training Regime:** The use of ensemble Gradient Boosted Decision Trees (GBDT) facilitates interpretability and robustness. The model employs regularization parameters optimized to prevent overfitting and explicit class reweighting to address class imbalances. Training incorporates a stratified 10-fold cross-validation with a total of 300,000 decision-tree estimators trained on balanced subsets reflecting gender and age group diversity.

- **Explainability and Output Transparency:** Each candidate score is accompanied by feature attribution scores generated via SHAP (SHapley Additive exPlanations), enabling recruiters to understand the drivers of each ranking. This supports human-in-the-loop decision-making and counters overreliance or blind trust in AI outputs.

- **Access Controls and Security:** The system enforces strict role- and permission-based access control with encryption-in-transit and at-rest, coupled with anomaly detection to flag irregular data access attempts, minimizing data confidentiality risks.

- **User Education and Documentation:** Comprehensive technical documentation and tailored training modules are provided to recruiters. These modules cover system purpose, output interpretation, limitations, and recommended human oversight processes. Training is designed to match the expected technical knowledge and experience of typical HR professionals, including context-based scenarios demonstrating risks of improper use.

### Consideration of Interaction Effects Within Risk Management Measures

The risk management measures were designed with a holistic view of their interplay, ensuring that fairness interventions did not degrade overall system accuracy beyond predefined thresholds, and that explainability measures did not expose candidate data disproportionately. During design, interactions between security controls, data handling procedures, and model transparency features were evaluated to prevent new risk introductions from combined implementations.

For example, confidentiality protections limit data displayed in explanations to aggregated feature importance, avoiding disclosure of sensitive personal details. Similarly, mitigation techniques such as bias reduction algorithms were empirically tested to avoid negative impacts on the recall of qualified candidates from protected groups.

### Acceptability of Residual Risk and Mitigation Verification

Residual risks, defined as those remaining after implementation of all feasible mitigation measures, were assessed in accordance with the provider’s risk acceptance criteria reflecting industry benchmarks and ethical frameworks. A multi-criteria decision analysis concluded that residual bias metrics were within acceptable limits, with disparate impact ratios ranging between 0.81 and 1.22 across monitored demographics. Candidate data confidentiality risk was evaluated through penetration testing and passed with no critical vulnerabilities detected.

Prior to market release, the RDF underwent multiple rounds of internal and external testing including simulated real-world pilots involving anonymized data from three major European enterprises. Performance was benchmarked against conventional screening approaches, demonstrating statistically significant improvements in fairness and accuracy. Testing metrics incorporated precision, recall, and false positive/negative rates aligned with intended use.

### Comprehensive Testing Throughout the Development Lifecycle

Testing procedures have been integrated at all critical development phases: component-level unit testing, integration testing of the ensemble model, user acceptance testing, and pre-deployment trials. Metrics and probabilistic thresholds were defined in the test plans together with acceptance criteria tailored to recruitment contexts, e.g., maintaining recall above 85% for shortlisted high-potential candidates.

Real-world testing includes controlled beta releases under strict supervision within select client environments simulating various job categories and demographic conditions. Adverse events, such as unexpected scorer deviations or false exclusions, were automatically logged and analyzed. This feedback loop informs iterative improvements and compliance demonstrations.

### Special Attention to Vulnerable Groups Including Minors

The risk management process includes specific analysis of potential adverse impacts on persons under 18 years old and other vulnerable groups, although the system’s intended use in adult enterprise recruitment minimizes direct interaction with minors. Data flows were audited to exclude profiles of minors, verified through data provenance checks.

For vulnerable groups in the adult applicant pool—such as persons with disabilities or ethnic minorities—additional fairness audits were performed. The system’s fairness-enhancement methods and customized training aim to mitigate systemic disadvantages while preserving the model’s intended purpose. Deployment guidance explicitly restricts the system to contexts where adequate human oversight is assured to prevent harm to these groups.

### Integration with Other Internal Risk Management Procedures

The risk management system aligns with Meridian Analytics Solutions’ broader governance structures, including those required under applicable Union laws concerning cybersecurity and data protection. Article 9 risk management practices are integrated with the internal compliance management system, leveraging shared audit trails, risk registers, and continuous improvement processes to streamline regulatory adherence and operational efficiency without redundancy.