A machine decided.Did you tell them?
A credit denial. An insurance tier. A tenant score. A benefits cut. A converging set of laws now demands the same four things every time: tell the person, explain it, let them appeal, honor an opt-out. Grade every automated decision system before a regulator or a person asks.
Not legal advice. This is a readiness aid that grades your transparency process from your own marks. It is date-agnostic and people-blind: it encodes no statute’s deadline, grades a decision system rather than any person, files nothing, and renders no compliance ruling. Automated-decision duties (the CCPA ADMT rules, Colorado SB 26-189, GDPR Article 22, ECOA/FCRA adverse-action) vary by jurisdiction and change often — confirm which apply to you and every deadline with qualified counsel.
“The system decided” is not an answer a regulator accepts.
The person was never told
Across California’s ADMT rules, Colorado’s SB 26-189, and GDPR Article 22, the first duty is the same: tell the person an automated system made the decision. Silent automation is the failure every regime shares.
There’s no one to appeal to
A denial with no human who can reconsider it, and no way to opt out, is the configuration even the narrowed laws refuse to allow. Recourse isn’t optional.
The rules keep moving
Colorado rewrote its AI law twice in a year. A checklist pinned to one statute’s text is wrong the moment it changes. The duties, though, have converged — so grade those.
Grade a decision system. Read whether you could defend it.
This is the live scoring logic from the engine. The tenant-screening preset is fully disclosed and explained, scores 66, and still reads UNDISCLOSED — because it offers the person no recourse at all. Give them one path and it clears.
Clear, conspicuous notice at or before the decision
Meaningful logic/inputs/outputs + a specific reason
No appeal — the automated outcome is final
No opt-out and no correction where required
Mapped to domain, jurisdictions, and the duties owed
Logged per person and retained to produce later
Told-and-recourse gate fired: there is no recourse of any kind — no human appeal and no opt-out. The score alone would read GAPS, but a decision the person didn’t know was automated — or can’t challenge — isn’t defensible.
Fix first: Human review / appeal with authority to overturn
Weighted to 100. The gate forces UNDISCLOSED when the person was never told it was automated (⚡ disclosure) or there’s no recourse at all — no human appeal AND no opt-out (⚡ the recourse pair). Either a human appeal or an opt-out satisfies recourse. Date-agnostic and people-blind — it grades your process, never a person. Not legal advice.
The same verdicts, from the runnable engine.
Verbatim output from the included Python engine on the six-system sample. The workbook reproduces these byte-for-byte.
========================================================================== AUTOMATED-DECISION TRANSPARENCY & DISCLOSURE SCORECARD ========================================================================== Credit-line approval model verdict: DISCLOSED (score 100/100) Tenant-screening score verdict: UNDISCLOSED (score 66/100) gate: UNDISCLOSED — there is no recourse of any kind — no human appeal and no opt-out fix first: Human review / appeal with authority to overturn Same screening after adding a human appeal verdict: DISCLOSED (score 84/100) Insurance premium-tier model verdict: UNDISCLOSED (score 74/100) gate: UNDISCLOSED — the person was never told an automated system made the decision fix first: Use of automation disclosed to the person Dynamic pricing eligibility engine verdict: GAPS (score 60/100) fix first: Meaningful-logic & adverse-reason explanation Benefits-eligibility auto-decision verdict: UNDISCLOSED (score 23/100) gate: UNDISCLOSED — there is no recourse of any kind — no human appeal and no opt-out fix first: Human review / appeal with authority to overturn -------------------------------------------------------------------------- PORTFOLIO: PULL FROM USE (3 of 6 undisclosed · exposure 50.0%) -------------------------------------------------------------------------- Grades the convergent transparency DUTIES every automated-decision regime shares, never a specific statute or deadline — so it does not break when a state rewrites its law. It grades a deployer’s process, never a person, and renders no compliance ruling. A readiness aid, not legal advice. Confirm which regimes apply, and every deadline, with counsel.
Six controls, weighted to 100. Told-and-recourse is non-tradeable.
⚡ Use of automation disclosed to the person
Were they told an automated system made or substantially drove the decision — clearly, at or before the decision?
Meaningful-logic & adverse-reason explanation
Can the person get meaningful information about the logic and a specific reason for an adverse outcome — not “the system decided”?
⚡ Human review / appeal with authority to overturn
A trained reviewer who can actually overturn the outcome and weighs what the person submits.
⚡ Opt-out / data-correction path where required
A real way to opt out of the automated processing, or to correct the data that drove it, where the regime requires one.
Scope & “significant decision” mapping
Is this an in-scope significant/consequential decision, in which domains and jurisdictions, firing which duties?
Notice retention & decision recordkeeping
Notices, explanations, and decisions logged per person and retained, so you can produce them later.
⚡ = a gate control. The gate forces UNDISCLOSED if the person was never told it was automated, OR if there is no recourse at all — no human appeal AND no opt-out. Either a human appeal or an opt-out satisfies recourse. The gate worsens only — it never promotes a verdict.
A readiness aid, not a compliance ruling.
It is
- A grade of your transparency process, from your own marks.
- Date-agnostic — it encodes the convergent duties, not a deadline.
- People-blind — it grades a decision system, never a person.
It isn’t
- Legal advice, a certification, or a safe harbor.
- A ruling on whether a specific law applies to a decision.
- A score or ranking of any person or group.
Not legal advice. This is a readiness aid that grades your transparency process from your own marks. It is date-agnostic and people-blind: it encodes no statute’s deadline, grades a decision system rather than any person, files nothing, and renders no compliance ruling. Automated-decision duties (the CCPA ADMT rules, Colorado SB 26-189, GDPR Article 22, ECOA/FCRA adverse-action) vary by jurisdiction and change often — confirm which apply to you and every deadline with qualified counsel.
Whoever deploys AI that decides things about people.
- Privacy, compliance, and risk leads governing automated decisions.
- Lenders, insurers, landlords, and platforms making consequential calls with AI.
- Product and data teams who need to show disclosure, explanation, and recourse.
- Not for hiring tools — use the AEDT Deployer Dossier for those.
- Not a ruling on what’s in scope — confirm that with counsel.
- Not a content-labeling tool — that’s the Disclosure & Labeling Kit.
The rest of your automated-decision and disclosure coverage.
AEDT Deployer Compliance Dossier
The hiring-decision sibling: bias audit, candidate notice, employment rules.
ViewAI Disclosure & Synthetic-Content Labeling Kit
Disclosure for synthetic content — is this a bot, is this a deepfake — not decisions.
ViewNIST AI RMF / US AI Governance Readiness Kit
The governance program this transparency scorecard lives inside.
ViewAnswers before you buy.
It grades whether each of your automated decision systems meets the transparency duties that every major automated-decision regime now converges on — system by system. For each one you mark six controls 0/1/2: whether the use of automation is disclosed to the person, whether there’s a meaningful-logic and adverse-reason explanation, whether there’s a human review/appeal with authority to overturn, whether there’s an opt-out or data-correction path where required, whether the decision’s scope and jurisdictions are mapped, and whether notices and decisions are retained. The six are weighted to a 0–100 score banded DISCLOSED, GAPS, or UNDISCLOSED, and the portfolio rolls up to ALL TRANSPARENT, CONDITIONS OUTSTANDING, or PULL FROM USE. It grades the deployer’s process, never a person.
Because of the told-and-recourse gate, which is the heart of the scorecard. A system is forced to UNDISCLOSED regardless of score when either non-tradeable failure is present: the person was never told an automated system made the decision, or there is no recourse of any kind — no human appeal AND no opt-out/correction. In the worked example, a tenant-screening score is fully disclosed and fully explained, with scope mapped and records kept, and still reads UNDISCLOSED because it offers the person no way to be heard at all; the next row adds a human appeal and it clears at 84. A decision the person didn’t know was automated, or can’t challenge in any way, isn’t defensible no matter how good the rest of the file is. The gate worsens only — it never promotes a verdict.
No — they’re siblings covering different lanes. The AEDT Deployer Compliance Dossier is locked to automated employment decisions and the specific duties there (an independent bias audit, candidate notice, NYC/Illinois/California employment rules). This scorecard covers automated decisions everywhere else — credit, insurance, housing, pricing, benefits, education, health care — and grades the transparency duties those decisions share: disclose, explain, allow recourse, honor opt-out. Run the AEDT dossier for hiring tools and this scorecard for the rest; together they cover your automated decisions about people.
A converging set of rules now demands the same four things whenever an automated system makes a significant decision about a person: the CCPA’s ADMT rules in California (pre-use notice, access to the logic, opt-out, appeal), Colorado’s SB 26-189 (consumer notice, adverse-outcome explanation, meaningful human review), the GDPR’s Article 22 right around solely-automated decisions, and US adverse-action duties under ECOA/FCRA. Those laws move constantly — Colorado rewrote its AI law twice within a year. So the engine encodes the convergent duties, not any single statute’s effective date or checklist, which keeps the verdict durable. The specific regimes and dates are named in the playbooks as planning references. Confirm which apply to you, and every deadline, with counsel.
No. It is a readiness aid that grades your transparency process from your own marks. It connects to nothing, files nothing, makes no decision, renders no compliance ruling, and cannot tell you whether a specific law applies to a specific decision. It is deliberately people-blind — it grades a decision system, never the person the decision is about, and ranks no one. It is not legal advice, a certification, an opinion of counsel, or a safe harbor. Use it to find and close the transparency gaps in your automated decisions, then confirm scope and obligations with qualified counsel.
A runnable zero-dependency Python engine, a workbook that reproduces it exactly (Start Here, Dashboard, and a Disclosure Scorecard with the mark definitions built into each column), a six-system worked example, and two playbooks: a Disclosure Mapping Playbook for inventorying your decision systems and marking honestly, and a Transparency-Remediation Runbook that maps the controls to the major regimes and walks the disclose / explain / recourse / opt-out steps. Pick the automated decisions that affect people — credit, insurance, housing, pricing, benefits — grade each one, and close the control the tool names first. Deterministic and offline; one-time purchase, lifetime access, 12 months of updates.
Find the decision you
couldn’t defend — first.
One purchase, lifetime access, 12 months of updates. $79, once.
Not legal advice. This is a readiness aid that grades your transparency process from your own marks. It is date-agnostic and people-blind: it encodes no statute’s deadline, grades a decision system rather than any person, files nothing, and renders no compliance ruling. Automated-decision duties (the CCPA ADMT rules, Colorado SB 26-189, GDPR Article 22, ECOA/FCRA adverse-action) vary by jurisdiction and change often — confirm which apply to you and every deadline with qualified counsel.
Sold by RedHub AI LLC · Secured by Stripe · redhub.ai