Pre-Hire Due Diligence Agent - FCRA, UK DBS, EU AI Act Annex III(4)(a) | Gosign

Pre-employment due-diligence AI falls under EU AI Act 2024/1689 Article 6 + Annex III(4)(a) High-Risk AI System classification because Annex III(4)(a) covers AI systems intended to be used for the recruitment or selection of natural persons in particular to place targeted job advertisements + analyse and filter job applications + evaluate candidates - and pre-employment due diligence is integral to candidate evaluation as the gateway between conditional offer and final hiring decision. Mobley v. Workday 2023 N.D. Cal. class action precedent confirms algorithmic discrimination in HR-software extends across the recruitment pipeline including due-diligence decisions that disparately impact protected categories. Conformity obligations: Article 9 risk management system mandatory throughout AI system lifecycle + Article 10 data and data governance ensuring training validation testing data quality + Article 11 technical documentation + Article 12 record-keeping AI system logs lifetime of system + 10 years post-decommissioning + Article 13 transparency and provision of information to deployers + Article 14 human oversight by natural persons + Article 15 accuracy robustness and cybersecurity + Article 16 conformity assessment under Annex VI internal control + Article 47 EU declaration of conformity + Article 48 CE marking. Deployer obligations Article 26: (1) deployers shall use high-risk AI systems in accordance with instructions for use + (2) assign human oversight to natural persons with necessary competence training and authority + (3) ensure input data relevant and sufficiently representative + (4) monitor operation and inform provider when serious incident or malfunction + (5) keep logs automatically generated by high-risk AI system 6 months minimum + (6) inform workers and worker representatives before deployment of high-risk AI system in workplace + (7) cooperation with national authorities. Article 27 fundamental rights impact assessment FRIA mandatory for deployers of high-risk AI systems Annex III before first use covering: (a) processes in which AI system will be used + (b) period of time and frequency + (c) categories of natural persons and groups likely to be affected + (d) specific risks of harm to persons identified + (e) measures to mitigate risks + (f) human oversight measures + (g) governance arrangements when foreseeable harms materialise. Penalties Article 99: prohibited practices EUR 35M or 7 percent global annual turnover + non-compliance high-risk obligations EUR 15M or 3 percent + provision of incorrect information EUR 7.5M or 1 percent + Spanish AESIA AI Supervisory Agency enforcement + national supervisory authorities. The agent operates under Article 9-15+26+27+47+48 framework: human oversight by Talent Acquisition Director + EEO Officer + DPO + transparency notification to candidate + record-keeping AI system logs + monitoring + bias audit + FRIA execution + cross-reference to Audit-Compliance-Agent + Candidate-Screening-Agent.

Multi-statute pre-employment background-check obligations create cascading consent and notice requirements across US jurisdictions. FCRA Fair Credit Reporting Act 15 USC 1681 Section 604(b)(2) requires clear and conspicuous standalone written disclosure to candidate before procurement of consumer report - the disclosure must be in a document consisting solely of the disclosure - meaning no liability waivers + no other clauses + no employer logo branding may accompany the disclosure form. Section 604(b)(3) requires written authorisation by candidate. Section 604(b)(3)(A) requires Pre-Adverse Action Notice with copy of consumer report and Summary of Consumer Rights under FCRA before any adverse action is taken + 5-business-day waiting period for candidate to dispute results. Section 615(a) Adverse Action Notice with reasons + reference to consumer reporting agency + candidate right to dispute. Section 616 wilful non-compliance creates statutory damages USD 100-1,000 per violation + actual damages + punitive damages + attorney fees - applied at class certification creates massive aggregate exposure across candidate pool. Spokeo v. Robins 2016 confirmed FCRA Section 604(b) standing requires concrete injury-in-fact - intangible procedural harm sufficient when statute creates substantive consumer protection. 38+ State Ban-the-Box Laws delaying criminal record inquiry until after conditional offer: California Fair Chance Act 2018 + NYC Fair Chance Act 2015 + Illinois Job Opportunities for Qualified Applicants Act 2014 + Massachusetts Criminal Offender Record Information Act + New Jersey Opportunity to Compete Act 2014 + Connecticut Public Act 16-83 + Pennsylvania Act 158 of 2020 + Washington Fair Chance Act 2018 + Oregon Senate Bill 421 + 25+ city Ban-the-Box ordinances. EEOC Enforcement Guidance on Consideration of Arrest and Conviction Records 2012 sets framework for Title VII compliance: (a) Title VII disparate treatment liability for blanket criminal record exclusions + (b) Title VII disparate impact liability requires individualised assessment + (c) factors: nature gravity offense + time-passed since offense + nature of job sought + (d) Targeted Screening reasonable in light of position + (e) Individualized Assessment reviewing candidate-specific circumstances. ICRAA Investigative Consumer Reporting Agencies Act California Civil Code 1786 effective 1975: 7-year lookback period for arrests not resulting in conviction + bankruptcies older than 10 years + paid tax liens older than 7 years + accounts placed for collection older than 7 years + California Civil Code 1786.16 disclosure requirements + 1786.22 candidate right to inspect file + 1786.40 wilful non-compliance USD 10,000 punitive damages. The agent automates compliance per multi-jurisdictional matrix: FCRA Section 604(b) standalone disclosure + Section 615(a) adverse action notices + 38-state Ban-the-Box conditional offer timing + ICRAA California 7-year lookback + EEOC individualised assessment factors + cross-reference to Candidate-Screening-Agent + Audit-Compliance-Agent.

UK pre-employment criminal record disclosure operates through three-tier DBS framework with Rehabilitation of Offenders Act 1974 protections. UK Disclosure and Barring Service DBS Liverpool basic check: (a) any candidate consent + (b) discloses unspent convictions only per Rehabilitation of Offenders Act 1974 rehabilitation periods + (c) custodial 6 months 4 years rehabilitation period + (d) custodial 6-30 months 7 years + (e) custodial 30 months-4 years 7 years + (f) custodial 4+ years never spent + (g) cautions and reprimands and warnings filtered per DBS Filtering Rules effective 28 November 2020. DBS standard check (regulated workforce only): (a) spent and unspent convictions + (b) cautions reprimands warnings + (c) per Police Act 1997 Part V Schedule 4. DBS enhanced check (working with children or vulnerable adults): (a) spent and unspent convictions + (b) cautions reprimands warnings + (c) chief constable other relevant information + (d) cross-check Children's Barred List or Adults' Barred List + (e) per Safeguarding Vulnerable Groups Act 2006. Rehabilitation of Offenders Act 1974 (ROA 1974) protections: (a) Section 4 protection from discrimination on basis of spent conviction + (b) Section 5 disclosure not required except for excepted occupations + (c) Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 listing excepted positions including children's social care + healthcare + financial services + legal services + (d) Mansfield v. Crown Prosecution Service 2019 confirming ROA protection extends to internal employer assessment. DBS Filtering Rules effective 28 November 2020 modify what appears on DBS standard and enhanced checks: (a) single conviction filtered when 11+ years passed + custodial sentence not imposed + offence not specified offence + (b) cautions filtered after 6 years (adult) or 2 years (under 18) + offence not specified offence + (c) all youth disposals filtered after 5.5 years + offence not specified. UK Modern Slavery Act 2015 Section 54 Annual Statement on Slavery and Human Trafficking for businesses with annual turnover GBP 36M+ + supply chain due diligence including labour recruitment + Gangmasters and Labour Abuse Authority GLAA + Home Office Modern Slavery Helpline. UK Asylum and Immigration Act 1996 + Immigration Asylum and Nationality Act 2006 + Online Right to Work Check service + Tier 2 Skilled Worker visa + sponsor licence verification + civil penalties up to GBP 20,000 per illegal worker + criminal penalties Section 21 knowingly employ illegal worker. The agent automates DBS application per role eligibility + ROA 1974 spent conviction filtering per Section 4 + Section 5 + Filtering Rules + Modern Slavery Act 2015 Section 54 supply chain check + Right to Work Check + cross-reference to Audit-Compliance-Agent + Onboarding-Workflow-Agent.

Form I-9 Employment Eligibility Verification per Immigration and Nationality Act Section 274A 8 USC 1324a creates mandatory employer obligation to verify identity and work authorisation of every new hire. USCIS Form I-9 lists three categories of acceptable documents: List A documents establishing both identity and employment authorisation (US Passport + Permanent Resident Card + Foreign Passport with I-551 stamp + Employment Authorization Document EAD) + List B documents establishing identity only (US Driver's License + State ID Card + Federal ID + School ID with photograph) + List C documents establishing employment authorisation only (Social Security Card + birth certificate + USCIS-issued documents). Section 1 of Form I-9 requires candidate self-attestation by first day of employment with name + address + birth date + Social Security Number + citizenship/immigration status + signature. Section 2 requires employer review of physical original documents within 3 business days of hire date + employer attestation + signature + retention 3 years post-hire or 1 year post-termination whichever is later. E-Verify Federal-State partnership operated by USCIS and Social Security Administration: (a) 8 federal contractors required + (b) 24 states required for some employers + (c) confirms employment authorisation against DHS and SSA databases + (d) Tentative Nonconfirmation TNC requires employer notice and candidate dispute opportunity. Department of Homeland Security DHS audit + Immigration and Customs Enforcement ICE Form I-9 audit: (a) civil penalties USD 281-2,789 per paperwork violation + (b) USD 698-27,894 per knowing hire violation + (c) criminal penalties pattern of violations + (d) 20 USC 7912 + (e) ICE Notice of Inspection NOI typically 3 business days + (f) Section 274A enforcement priority. Office of Special Counsel OSC for Immigration-Related Unfair Employment Practices + Department of Justice DOJ Civil Rights Division Immigration and Employee Rights Section IER + Immigration and Nationality Act Section 274B prohibition discrimination on basis of citizenship status + national origin during I-9 process + civil penalties USD 478-3,825 per discrimination violation. Critical compliance considerations: (a) Section 1 timing - must be completed by first day of employment + (b) Section 2 timing - must be completed within 3 business days + (c) document review must be in person physical review of originals (limited COVID-19 flexibility ended) + (d) cannot specify which List A or List B+C combination + (e) cannot reject documents that appear genuine and relate to candidate + (f) E-Verify TNC handling per Memorandum of Understanding + (g) retention 3 years post-hire or 1 year post-termination + (h) audit logs maintained + ICE NOI response with 3-day window. The agent automates Form I-9 per USCIS guidelines + E-Verify integration + retention scheduling + ICE audit response coordination + cross-reference to Onboarding-Workflow-Agent + HR-Document-Management-Agent.

ADA Americans with Disabilities Act Title I 42 USC 12112(d) Medical Examinations and Inquiries creates strict three-stage framework controlling employer inquiries about disability across hiring lifecycle. Stage 1 Pre-Offer Stage 42 USC 12112(d)(2): (a) prohibits disability inquiries about existence nature severity of disability + (b) prohibits medical examinations + (c) prohibits inquiries about workers compensation history + (d) prohibits genetic information requests per GINA + (e) permits inquiries about ability to perform job-related functions + (f) permits requests for demonstration of ability to perform tasks. Stage 2 Conditional Offer Stage 42 USC 12112(d)(3): (a) post-offer pre-employment medical examination permitted only if required of all entering employees in same job category + (b) results may not be used to discriminate against qualified individual with disability unless job-related and consistent with business necessity + (c) interactive process for reasonable accommodation determination + (d) confidentiality 42 USC 12112(d)(4) medical records separate file + restricted access. Stage 3 Post-Employment Stage 42 USC 12112(d)(4): (a) examinations and inquiries permitted only when job-related and consistent with business necessity + (b) periodic medical examinations limited + (c) voluntary wellness programmes permitted with specific safeguards. EEOC Enforcement Guidance Preemployment Disability-Related Questions and Medical Examinations 1995 + ADA Amendments Act 2008 broadened disability definition + EEOC v. Ford Motor Company 2019 telework as reasonable accommodation. UK Equality Act 2010 Section 60 prohibits pre-employment health enquiries except narrow exceptions: (a) intrinsic-function inquiries (whether candidate is able to perform function intrinsic to work) + (b) monitoring (gathering data for diversity monitoring) + (c) positive action (taking measures to enable disabled persons) + (d) genuine occupational requirement defence + (e) reasonable adjustment determination. EU GDPR Article 9 special categories of personal data prohibits processing personal data revealing health except specific exceptions Article 9(2) including explicit consent + employment law obligations + vital interests + substantial public interest + preventive medicine. ADA Title I Reasonable Accommodation 42 USC 12112(b)(5): (a) covered entity to provide reasonable accommodation to qualified individual with disability unless undue hardship + (b) interactive process between employer and employee/applicant + (c) accommodation may include making existing facilities accessible + (d) acquisition or modification of equipment + (e) qualified readers or interpreters + (f) for interview accommodation includes sign language interpreter + Braille materials + assistive technology + accessible interview venue + alternative format + extended time + private quiet room + remote attendance option. The agent automates ADA Title I 42 USC 12112(d) compliance per pre-offer / post-offer / post-employment timing + medical examination requirements + reasonable accommodation interactive process + UK Equality Act 2010 Section 60 + EU GDPR Article 9 + cross-reference to Equipment-Provisioning-Agent + Compliance-Training-Agent.

Four parallel data protection and AI governance frameworks create cumulative impact assessment obligations for pre-employment due diligence. GDPR Article 22 prohibition fully automated decision-making with legal or similarly significant effects: paragraph 1 prohibits decisions based solely on automated processing including profiling which produces legal or similarly significant effects + paragraph 2 exceptions (necessary for entering into or performance of contract + authorised by Member State law + based on explicit consent) + paragraph 3 suitable safeguards including right to obtain human intervention + right to express point of view + right to contest decision + paragraph 4 prohibition special category data unless explicit consent or substantial public interest. CJEU C-634/21 SCHUFA judgment 7 December 2023 confirmed interpretation that automated decision-making includes scoring + profiling + recommendation outputs that substantially influence subsequent decisions even when nominal human review occurs - this directly impacts pre-employment due-diligence AI where verification results influence which candidates progress to final offer. GDPR Article 9 special categories of personal data prohibits processing data revealing racial or ethnic origin + political opinions + religious or philosophical beliefs + trade union membership + genetic data + biometric data + data concerning health + sex life or sexual orientation except Article 9(2) exceptions including explicit consent + employment law obligations + vital interests + substantial public interest. GDPR Article 10 personal data relating to criminal convictions and offences only under official authority or specific authorisation - Member State law must provide appropriate safeguards. UK GDPR Article 10 + DPA 2018 Schedule 1 Part 2 employment-related conditions + DPA 2018 Schedule 1 Part 3 substantial public interest conditions. GDPR Article 35 mandatory Data Protection Impact Assessment DPIA before processing likely to result in high risk to rights and freedoms of natural persons + systematic and extensive evaluation of personal aspects through automated processing including profiling + processing of special categories of personal data on large scale + EDPB Guidelines on DPIA WP 248 listing high-risk processing operations including evaluation or scoring + AI applications + cross-border processing + employee monitoring + processing of criminal records; ICO DPIA guidance 2018 + AEPD DPIA guidance + Italian Garante DPIA guidance. DPIA must contain: (a) description of processing operations + (b) assessment of necessity and proportionality + (c) assessment of risks to rights and freedoms + (d) measures envisaged to address risks. Failure to conduct mandatory DPIA + GDPR Article 83(4)(a) administrative fine up to EUR 10M or 2 percent global turnover. EU AI Act 2024/1689 Article 27 fundamental rights impact assessment FRIA mandatory for deployers of high-risk AI systems Annex III before first use + complementary to Article 35 GDPR DPIA + covers fundamental rights dimensions beyond data protection: discrimination + accessibility + worker protection + freedom of association + processing data of categories of natural persons and groups likely to be affected + specific risks of harm to persons + measures to mitigate risks + human oversight measures + governance arrangements when foreseeable harms materialise + integration with Article 9 risk management system + Article 13 transparency + Article 14 human oversight + Article 26 deployer obligations. The agent executes integrated DPIA per GDPR Article 35 + UK ICO DPIA guidance + AEPD + AESIA + FRIA per EU AI Act Article 27 covering systematic monitoring + special category data + criminal records + automated decision-making + cross-border transfer + bias risk + discrimination risk + necessity proportionality + mitigation measures + residual risk + Article 22 safeguards + cross-reference to Audit-Compliance-Agent + Compliance-Monitoring-Agent.

The four agents work in HR recruitment ecosystem with different focuses. The Pre-Hire Due Diligence Agent (this one) focuses on Title VII compliant pre-employment background-check pipeline with FCRA Section 604(b) consent + Pre-Adverse Action Notice + 5-business-day waiting period + Adverse Action Notice + 38-state Ban-the-Box + ICRAA California + reference verification + credential validation + criminal record screening + sanctions list screening + Form I-9 Employment Eligibility Verification + USCIS E-Verify + ICE audit exposure + UK DBS basic + standard + enhanced + ROA 1974 spent conviction filtering + Modern Slavery Act 2015 + EU GDPR Article 9 + Article 10 + EU AI Act 2024/1689 Annex III(4)(a) HR-Recruitment High-Risk Bias Audit + Mobley v. Workday Precedent + DPIA Article 35 + ADA Title I 42 USC 12112(d) medical inquiry restrictions + Sterling Background Checks + HireRight + Checkr + GoodHire + Accurate Background + First Advantage + LexisNexis Risk Solutions + DocuSign + Adobe Sign + eIDAS QSig + ESIGN Act + UETA + ISO 27001 + AICPA SOC 2 Type II. The Candidate Screening Agent focuses specifically on CV-parsing plus resume-screening plus AI-bias-audit pipeline + Four-Fifths Rule selection rate + impact ratio analysis + structured competency-based screening + skills-matching + diversity sourcing + earlier in funnel before background check. The Interview Scheduling Agent focuses on multi-calendar conflict resolution + Microsoft Outlook + Google Calendar + Calendly + Cronofy + GoodTime Hire integration + EEOC Forbidden Questions Filter + EU Pay Transparency Directive 2023/970 + ADA Title I reasonable accommodation interview equipment. The Contract Offer Generation Agent focuses on offer letter generation + employment terms + non-compete agreements + restrictive covenants + executive compensation + qualified electronic signature + onboarding triggering. Cross-reference: Pre-Hire Due Diligence Agent triggers from Candidate Screening Agent shortlist + Interview Scheduling Agent post-final-interview + feeds into Contract Offer Generation Agent for cleared candidates + uses HR Document Management Agent retention + access control + audit trail + triggers Audit Compliance Agent for bias audit + DPIA + FRIA + EU AI Act Article 26 deployer obligations. Consistency check: all four agents reference EU AI Act 2024/1689 Annex III(4)(a) high-risk recruitment + GDPR Article 22 + Article 35 + UK GDPR + DPA 2018 + ICO Employment Practices Code + Title VII + ADEA + ADA + EEOC + UK Equality Act 2010 + ISO 27001:2022.