HR tech AI compliance under the EU AI Act
HR tech AI compliance under the EU AI Act
HR technology platforms that use AI to screen CVs, rank candidates, assess employee performance, monitor productivity, or predict attrition are among the most scrutinised categories in the EU AI Act. Annex III Category 4 explicitly covers AI systems used for recruitment and selection of natural persons, for evaluating performance and behaviour, for promotion or termination, and for task allocation. If your HR tech product operates in the EU and makes or influences these decisions, you are building a high-risk AI system and must comply with the Act's most demanding requirements by December 2, 2027.
What the EU AI Act requires
High-risk HR AI systems face the full set of obligations under Articles 9 through 17. Article 9 requires a risk management system that identifies and mitigates potential harms to workers and candidates throughout the system's lifecycle. Article 10 is particularly significant for HR AI: training datasets must be checked for biases that could lead to discriminatory outcomes on the basis of gender, age, ethnicity, disability, or other protected characteristics. Article 11 requires complete technical documentation. Article 13 requires that recruiters and HR managers can understand and interpret system outputs, not simply act on a score without explanation. Article 14 requires that human oversight is genuinely effective, meaning a recruiter must be able to meaningfully review and override AI recommendations rather than rubber-stamping them. Article 25 clarifies obligations for deployers, which matters if your customers are the HR departments using your tool rather than the end candidates.
What this means for your business
An AI CV screener that filters 500 applications down to 20 for human review is making a consequential decision about people's employment prospects. Under the EU AI Act, you cannot simply claim that a human makes the final decision if in practice the AI's shortlist is accepted without scrutiny. Your customers (the employers using your platform) are deployers with their own obligations under Article 25, which means they will increasingly ask you for documentation, bias test results, and audit logs before deploying your tool. HR AI vendors who cannot produce this evidence will lose enterprise sales to compliant competitors.
Steps to get compliant
1. Classify each AI feature. Determine which modules in your platform fall under Annex III Category 4 and whether any exemptions apply. Some analytics features may be limited-risk or minimal-risk.
2. Commission a bias audit. Before December 2027, conduct statistical testing of your model's outputs across protected demographic groups and document the methodology, findings, and any remediation steps taken, as required by Article 10.
3. Build explainability into the UI. Ensure that every AI-generated recommendation shown to a recruiter or HR manager includes a plain-language explanation of the factors that drove it, meeting Article 13 transparency requirements.
4. Publish compliance documentation for customers. Your deployer customers need documentation to meet their own Article 25 obligations. Prepare a compliance pack they can use, which also serves as a sales differentiator.
Free EU AI Act risk assessment
Not sure where your AI system stands? The free ActComply risk screener classifies your system in under 5 minutes. No sign-up required.