EU AI Act for HR and Recruiting Teams

Why HR and recruiting AI is high-risk

Under the EU AI Act, Regulation (EU) 2024/1689, AI systems used in employment and worker management are classified as high-risk, which triggers the strictest set of obligations short of an outright ban. The trigger is Annex III point 4, which covers AI intended to be used for the recruitment or selection of people (in particular to place targeted job ads, filter applications and evaluate candidates) and AI used for decisions on promotion and termination, task allocation based on behaviour or personal traits, and monitoring or evaluating performance.

This is risk by use case, not by how advanced the tool is. A CV-screening filter, an automated ranking of applicants, a video-interview scoring tool, a chatbot that shortlists candidates, or an algorithm that flags employees for promotion or layoff all fall in scope. The reasoning in the Act is that these systems materially affect a person's livelihood and can entrench bias or discrimination if left unchecked.

The narrow exception in Article 6(3) lets a system escape high-risk status only if it performs a purely narrow procedural task or does not materially influence the outcome of a decision. Most HR screening and ranking tools do influence the outcome, so HR teams should assume high-risk applies unless a documented assessment shows otherwise.

Provider vs deployer: which role is yours

The Act splits duties between the provider (who develops the system or has it developed and puts it on the market) and the deployer (who uses it under their own authority). Most HR teams buy a recruiting tool from a vendor, which makes the company a deployer. If you build an in-house screening model, or substantially modify a bought tool or put your own name on it, you can become a provider and inherit the heavier provider obligations.

Obligations that follow for HR

Once a system is high-risk, the provider must meet the requirements in Articles 8 to 15 and HR teams as deployers carry their own duties under Article 26. In practice the obligations break down as follows.

• Use the system in line with the provider's instructions and keep it within its intended purpose.
• Assign competent human oversight so a person can review, override or disregard an AI recommendation before it affects a candidate or employee (Article 14).
• Monitor the system in operation and notify the provider and authorities if you spot a serious incident or a risk to health, safety or fundamental rights.
• Keep the automatically generated logs the system produces for the period set out in the Act.
• Inform workers and their representatives before putting a high-risk system into use in the workplace.
• Tell candidates and employees when they are subject to a high-risk AI decision, and respect the right to a meaningful human explanation of decisions that affect them (Article 86).
• Carry out a fundamental rights impact assessment where Article 27 applies, before first use.
• Make sure your AI providers and ad hoc users have a sufficient level of AI literacy under Article 4.

The deadlines that matter

The EU AI Act applies in phases, so HR teams have a window to prepare rather than a single switch-on date. The AI-literacy duty in Article 4 and the bans on prohibited practices have applied since 2 February 2025. Governance rules and obligations for general-purpose AI models have applied since 2 August 2025.

1. 2 February 2025: prohibited AI practices banned and the Article 4 AI-literacy obligation in force - note that emotion-recognition AI in the workplace is a prohibited practice except for narrow safety or medical reasons.
2. 2 August 2025: governance provisions and general-purpose AI model obligations apply.
3. 2 August 2026: most high-risk obligations apply, including the Annex III point 4 duties that cover recruitment and HR systems - this is the key date for HR teams.
4. 2 August 2027: high-risk AI embedded in products already regulated under EU product-safety law must comply.

What HR teams must do now: a checklist

ComplyAgent lets you classify each HR system once and then generate the documentation, oversight records and impact assessment you need to satisfy all three frameworks.

1. Inventory every AI tool touching recruitment, screening, performance, promotion, task allocation, monitoring or termination.
2. Classify each tool: confirm whether it is high-risk under Annex III point 4, and document any Article 6(3) exception you rely on.
3. Identify your role per tool - deployer for bought tools, provider if you build or materially modify one.
4. Ask vendors for evidence: the declaration of conformity, CE marking, instructions for use and a bias and data-governance summary.
5. Stand up human oversight: name who reviews and can override AI decisions, and train them on the tool's limits.
6. Run a fundamental rights impact assessment under Article 27 where it applies, before first use.
7. Set up worker and candidate notification, and a process for the human explanation of decisions under Article 86.
8. Roll out AI-literacy training so HR staff meet the Article 4 obligation.
9. Keep logs and records, and define how long you retain them.
10. Re-use the same classification and evidence across the EU AI Act, NIST AI RMF and ISO/IEC 42001 instead of starting each framework from scratch.

Penalties for getting it wrong

Enforcement has real teeth. Using a prohibited practice, such as workplace emotion recognition outside the narrow exceptions, can draw fines of up to EUR 35 million or 7 percent of total worldwide annual turnover, whichever is higher. Breaching other obligations, including the high-risk requirements that govern recruitment and HR systems, can draw fines of up to EUR 15 million or 3 percent of turnover. Supplying incorrect or misleading information to authorities carries its own lower tier.

A note on timing: a proposed Digital Omnibus package has floated deferring some high-risk deadlines, but it is PROPOSED and has NOT been adopted. Until it becomes law, plan against the enacted dates above, with 2 August 2026 as the operative deadline for HR and recruiting AI.