AI Explainability & Transparency Checklist

Assess explainability requirements for your AI system

Answer questions about your AI system's decisions and the people it affects to get a prioritised checklist of explainability and transparency requirements under the EU AI Act, GDPR Article 22, and UK ICO guidance. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What triggers a legal right to an explanation?

Under GDPR Article 22, decisions based solely on automated processing that produce legal or similarly significant effects give people the right to meaningful information about the logic, plus human intervention. Higher-impact, fully automated decisions raise the bar.

AI explainability & transparency checklist

If your AI system makes or supports decisions about people, you almost certainly owe them some level of explanation — and the amount depends on how impactful and how automated the decision is. This tool turns three questions about your system into a prioritised checklist of explainability and transparency requirements, mapped to the EU AI Act, GDPR Article 22, and UK ICO guidance, so you can see what is legally required versus good practice.

How it works

You select the decision type (informational, eligibility/access, financial/credit, employment, safety/health, or law-enforcement), the impact on the affected person, and how automated the decision is — from human-led with AI assistance through to fully automated with no human in the loop. The tool then assembles requirements: notice that AI is involved, the right to a meaningful explanation, local (individual) explanations, human-review and contest rights, documentation and model cards, and ongoing monitoring. Higher impact and fuller automation surface more, higher-priority items, especially the GDPR Article 22 safeguards.

The difference between global and local explanations

Both matter, but they serve different audiences and obligations.

A global explanation describes how the model behaves overall — which features matter most, what training data it used, its known limitations and failure modes. This goes in a model card, a system transparency report, or your Privacy Notice. Regulators and DPOs typically want this.

A local explanation tells a specific person why their decision came out the way it did. GDPR Article 22 requires “meaningful information about the logic involved” for decisions that are solely automated and produce legal or significant effects. “Meaningful” in ICO guidance means something more than “the system used your data” — it should describe the key factors and their direction. For example, for a credit decision: “Your score was primarily affected by three missed payments in the last six months and a high utilisation rate on your credit card.”

When does Article 22 actually bite?

Three conditions must all be met:

  1. The decision is based solely on automated processing (meaningful human review — not a rubber stamp — breaks the chain).
  2. The processing includes profiling.
  3. The decision produces legal or similarly significant effects on the person.

If all three apply, you must: tell people the decision was automated, give meaningful logic information, offer a way to request human intervention, let them express their view, and provide a route to contest the outcome. Credit, insurance underwriting, hiring screening, and some tenancy decisions are the typical high-risk cases.

Notes and priorities

Tackle the legally required items first: telling people AI is involved, providing meaningful information about the logic, and offering human intervention where Article 22 applies. A “human in the loop” only counts if that human can genuinely override the system — a rubber-stamp does not discharge the obligation. Document your reasoning either way: maintaining a model card, decision logs, and a record of the explainability measures you implemented is both an EU AI Act expectation and your best evidence of compliance.

Under the EU AI Act, high-risk AI systems also need a different kind of transparency: deployers must have access to instructions that allow them to interpret outputs correctly, and where the Act mandates it, users interacting with AI must be told they are doing so. These obligations stack on top of GDPR — so a high-risk employment screening tool carries both sets of requirements simultaneously.

Common mistakes to avoid

  • Treating “explainable AI” as an XAI tool problem. Most Article 22 obligations are procedural and contractual, not technical. You can meet them with good documentation and a human-review pathway without deploying SHAP or LIME.
  • Confusing notice with explanation. Telling someone “an automated system was involved” satisfies the notice requirement; it does not satisfy the meaningful-logic requirement.
  • Assuming a low-impact use case is exempt. Informational decisions (e.g., content recommendations) carry weaker obligations, but EU AI Act transparency duties still apply where AI-generated content is involved — particularly deepfakes and AI-generated text in high-reach contexts.