EU AI Act recruiting compliance: which hiring systems are now high risk
EU AI Act recruiting compliance now places most AI driven hiring systems squarely in the high risk category. Under Annex III, point 4(a)–(c) of Regulation (EU) 2024/1689 on artificial intelligence, any AI system that screens CVs, ranks candidates, supports hiring decisions, or runs automated video interview analysis is treated as a high risk system with strict obligations. That means recruitment leaders must map every AI tool in the hiring process, from résumé parsing in Workday or SAP SuccessFactors to candidate scoring in Greenhouse, SmartRecruiters, or Lever, and determine whether each tool falls under Annex III rules on employment and worker management.
Regulators focus on how these systems use data and how decisions are based on automated scoring that can affect fundamental rights such as equal access to work. Emotion recognition and similar techniques applied to a candidate during a video interview are close to prohibited practices when they claim to infer personality or mental state, and they trigger heightened risk management and data protection scrutiny. Any general purpose artificial intelligence model embedded in recruiting tools, such as large language models used for screening questions, is now covered by explicit requirements for data governance, technical documentation, and human oversight, with core obligations for high risk systems applying after the main compliance date in 2026 set out in the Regulation’s phased timetable.
For talent acquisition leaders, the practical question is whether each AI system materially shapes hiring decisions or only supports recruiters as a human in the loop. If the tool filters out candidates before a recruiter sees them, it is almost certainly treated as a high risk system under EU AI Act rules for hiring technology, and companies must be ready to evidence bias testing and bias audits. Where AI only suggests next steps and a recruiter retains clear human oversight, the compliance burden is lighter but still demands documented risk management and clear audit trails, for example a simple evidence checklist in the ATS that records which model was used, what recommendation it produced, and who reviewed or overrode that output.
Bias audits, data governance, and cross border compliance pressure
Bias audits sit at the center of AI governance for recruitment, and they are no longer optional experiments for forward looking recruiting équipes. High risk systems used in recruitment must undergo regular bias testing, with statistical parity checks, adverse impact analysis, and intersectional breakdowns across gender, ethnicity, age, disability, and other protected characteristics, all grounded in robust data governance. As a concrete example, a bias audit might compare selection rates for different groups and flag any ratio below 80% of the highest group’s rate as potential adverse impact that requires investigation and mitigation.
Regulators expect companies to maintain technical documentation that explains model logic, training data sources, risk management controls, and the precise role of human oversight in every hiring decision making step. Cross border pressure is rising fast because EU rules now align with New York City Local Law 144 (effective January 1, 2023, with enforcement from July 5, 2023), the Illinois AI Video Interview Act (in force since January 1, 2020), and California proposals that all target automated hiring tools. In practice, a single AI recruiting system used by multinational companies must satisfy EU AI Act recruiting compliance, US bias audit requirements, and local data protection rules at the same time, which pushes HR technology leaders to standardize documentation and audit cadences globally.
HRIS and TA operations teams evaluating AI in recruitment decision frameworks, such as those outlined in this AI in recruitment decision framework, now need to treat compliance, not just functionality, as a primary selection criterion. Legal accountability is also shifting, as seen in the Mobley v. Workday class action (No. 3:23-cv-00770, N.D. Cal., filed February 22, 2023) where plaintiffs argue that an AI screening system produced discriminatory hiring outcomes. Even when vendors supply the artificial intelligence tools, employers remain responsible for the final hiring decisions and must prove that their risk systems do not create unjustified bias against any candidate or group of candidates.
The emerging best practice is a shared responsibility model, where vendors provide detailed technical documentation and bias audits while employers run independent validation, maintain their own risk management logs, and ensure that human reviewers can override any automated decision based on clear, documented criteria. A simple candidate notice template illustrates this shared approach: “Our recruitment process uses automated tools to help screen applications. Human recruiters review and may override any automated recommendation. If you have questions about how your data is used, please contact us at the details below.”
Operating model for compliant AI recruiting: from inventory to human centric controls
Talent acquisition leaders now need an operating model for EU AI Act recruiting compliance that goes beyond policy statements and reaches daily recruiter workflows. The first step is a full inventory of AI systems across the hiring process, including chatbots, scheduling assistants, video interview analytics, programmatic advertising tools, and any general purpose artificial intelligence embedded in the ATS or CRM, each tagged by risk level and mapped to specific hiring decisions. From there, companies should build a risk management register that links every risk system to its data sources, bias testing schedule, human oversight checkpoints, and clear escalation paths when anomalies appear, including a named owner for each control.
Human oversight must be real, not symbolic, which means recruiters need training on when they will override automated recommendations and how to document those decisions in the ATS. For example, if a video interview scoring tool flags a candidate as low fit based on speech patterns or facial analysis, a recruiter should be required to review the raw data, ignore any emotion recognition outputs that may approach prohibited practices, and record a human rationale before rejecting the candidate. Some organisations are experimenting with structured review boards that periodically sample AI supported hiring decisions, run targeted bias audits, and compare outcomes across different tools, including AI avatar platforms used for HR training videos as described in this overview of top AI avatar platforms for HR training.
Governance also needs clear ownership, with HR technology leaders coordinating with legal, data protection officers, and works councils to align obligations, requirements, and communication to candidates. A practical move is to embed EU AI Act recruiting compliance checkpoints into existing project manager led staffing initiatives, using playbooks similar to those applied in complex RPO transitions, as outlined in this guide on how a project manager staffing agency elevates talent acquisition strategy. Over the next 90 days, organisations can make progress by completing a basic compliance checklist: (1) map all AI tools used in hiring and classify them against Annex III; (2) identify which systems materially influence candidate selection; (3) define bias testing methods and audit frequency; (4) update candidate notices and privacy information; and (5) train recruiters on when and how to override automated recommendations.
The direction of travel is unambiguous, as regulators, courts, and candidates all converge on one expectation for recruiting systems and tools that use artificial intelligence in high risk contexts: not job descriptions, but talent magnets. For primary legal sources, readers should consult the official text of Regulation (EU) 2024/1689, including Annex III, point 4 on employment and worker management systems, and the recitals that explain the implementation timeline and phased application of obligations.
Sources
European Commission – EU AI Act (Regulation (EU) 2024/1689), Annex III, point 4 on employment and worker management systems, and related recitals on implementation timetable
SHRM – surveys on HR adoption of AI in recruiting and hiring (2023–2024 member research)
New York City Local Law 144 (automated employment decision tools), Illinois AI Video Interview Act, California draft AI regulations on automated decision making