Why HR Leaders Need These Answers Now

The EU AI Act is not a future compliance project. It is a current legal obligation for any organization using AI hiring tools that affect EU candidates or workers. Our OpsMap™ compliance audits find the same gaps consistently: companies that believed their AI vendors handled compliance, companies that assumed their existing GDPR program covered AI obligations, and companies that had not mapped which of their tools qualified as high-risk systems.

These 10 questions address the exact misunderstandings that create compliance exposure.

10 Critical EU AI Act Questions for HR

When does the EU AI Act apply to my HR tools?

High-risk AI systems in employment — including resume screening, interview scoring, and performance monitoring — face enforcement obligations from August 2, 2026. If you are using these tools now and process EU candidates, you are already in scope.

Does the EU AI Act apply to US-based employers?

Yes. The Act applies based on where the affected individuals are located, not where the company is headquartered. US companies with EU remote workers or EU candidate pools must comply.

What HR AI systems are classified as high-risk?

Under Annex III, high-risk employment AI includes: systems for recruitment and candidate selection (resume screening, scoring), systems for evaluating performance or behavior, systems for monitoring employee task allocation, and systems for workforce management and promotion decisions.

What is required before deploying a high-risk HR AI system?

Deployers must conduct a conformity assessment (or use a vendor-certified system), implement human oversight mechanisms, register the system in the EU AI Act database, provide transparency notices to affected candidates/employees, and maintain technical documentation for 10 years.

What transparency notice must I give to candidates?

Candidates must be informed that AI systems are used in their evaluation before the evaluation begins. The notice must be clear, accessible, and explain what type of AI assessment is used. Generic privacy policy references do not satisfy this requirement.

What does ‘meaningful human oversight’ mean under the EU AI Act?

A qualified human must be able to understand, monitor, and intervene in the AI system’s operations. For hiring AI, this means a trained HR professional reviews AI-flagged decisions before they become final, with documented evidence of that review.

Can I be fined for using a third-party AI tool that is non-compliant?

Yes. The EU AI Act places obligations on both AI developers (providers) and deployers (users). If you deploy a non-compliant AI hiring tool, you share liability even if you did not build it. Vet your vendors’ EU AI Act compliance status explicitly.

What records must HR maintain for EU AI Act compliance?

Technical documentation of the AI system, logs of human oversight decisions, records of conformity assessments, candidate transparency notice delivery records, and any candidate requests for review or explanation with your responses. Minimum retention: 10 years for high-risk system records.

How do I handle a candidate who requests review of an AI hiring decision?

Acknowledge the request within 30 days (EU standard response timeline). Provide a meaningful explanation of the factors that influenced the decision. Give them the opportunity for human review. Document the entire interaction. You cannot cite proprietary model confidentiality to deny all explanation.

What is the difference between the EU AI Act and GDPR for HR?

GDPR governs data collection, storage, use, and consent for personal data. The EU AI Act governs AI systems that make or influence decisions. They are complementary: GDPR controls the data fed into your HR AI; the EU AI Act controls how the AI uses that data to make decisions. Both apply simultaneously.

For the complete HR compliance framework, see our pillar resource: HR Compliance & Legal Framework for AI-Driven Recruiting.