How did your team handle Art. 22 automated decisioning assessments for ML hiring tools?

We're deploying an ML-based resume screening tool internally and hit the Art. 22 GDPR question: does this constitute 'solely automated decision-making with legal or similarly significant effect'? Our legal counsel says yes, which triggers the right to human intervention, meaningful information about the logic involved, and a DPIA. We've started the DPIA but the 'meaningful information about logic' part is tricky with a gradient-boosted model — feature importance gives us some transparency, but it's not exactly 'explainable' in the GDPR sense. Curious how others navigated this. Specifically: (1) Did you get a DPO or supervisory authority opinion? (2) How did you document the 'logic' for non-technical stakeholders? (3) Any SOC 2 Type II implications when this feeds into an HR system?