The EU AI Act is not pending—it’s enforced. August 2026 marked full applicability of the high-risk AI system requirements that cover employment AI. Organizations that have not completed the compliance actions listed here face fines of up to €15 million or 3% of global annual turnover.

This is an HR compliance action list, not a conceptual overview. Each item is a specific deliverable.

1. Classify Your HR AI Systems

Determine which AI systems fall under the Act’s high-risk employment category. Employment AI includes: systems used in recruitment (screening, ranking, shortlisting), promotion decisions, performance evaluation, task allocation, and work monitoring. Classification determines which compliance requirements apply.

2. Register High-Risk Systems in the EU AI Database

All high-risk AI systems must be registered in the EU AI public database before deployment. Registration requires system description, intended purpose, risk management documentation, and designated responsible person. Non-registration is itself a violation regardless of the system’s actual compliance status.

3. Complete Annex IV Technical Documentation

Produce the technical documentation required by Annex IV of the Act: general description, intended purpose, version history, system interaction documentation, training data description, validation and testing methodology, accuracy metrics by demographic group, and known risk documentation.

4. Implement a Risk Management System

Document a continuous risk management process: risk identification and analysis, risk evaluation, mitigation measures, and residual risk assessment. This must be revisited when the system is updated and at minimum annually.

5. Document Data Governance Practices

For each HR AI system, document: training data sources and collection methodology, validation and testing data, bias examination results, data retention and deletion practices, and cross-border data transfer mechanisms.

6. Establish Human Oversight Procedures

Designate trained oversight personnel for each high-risk HR AI system. Document their training, their authority to override system outputs, and the escalation procedures when overrides occur. Maintain logs of all override events.

7. Implement Candidate Transparency Mechanisms

Build the operational workflows that honor candidate rights: disclosure that AI is being used, explanation of the AI’s role in the decision, right to request human review, and ability to contest automated decisions. These must be operationally functional, not just stated in a privacy policy.

8. Conduct Fundamental Rights Impact Assessment

Before deploying or continuing to operate high-risk HR AI, complete a documented assessment of potential impacts on candidates’ and employees’ fundamental rights—including equality and non-discrimination, data protection, and access to employment.

9. Establish Incident Reporting Procedures

Implement a procedure for reporting serious incidents involving high-risk HR AI to the relevant national authority within 15 business days of discovery. A “serious incident” includes any malfunction causing or risking harm to fundamental rights.

10. Begin Post-Market Monitoring

Deploy continuous monitoring of deployed HR AI performance: accuracy by demographic group, incident rate, human override frequency, and model drift indicators. Document monitoring results and corrective actions. OpsCare™ maintenance protocols provide the monitoring framework that satisfies this requirement.

Frequently Asked Questions

What is the EU AI Act’s enforcement timeline for HR AI?

The EU AI Act entered into force August 2024. Prohibited AI practices applied from February 2025. Requirements for high-risk AI systems—including employment and HR AI—became fully applicable in August 2026. Organizations operating high-risk HR AI without compliance architecture face penalties from August 2026 onward.

Who is responsible for EU AI Act compliance for HR AI?

Both AI system providers (vendors) and deployers (the HR organizations using the AI) have compliance obligations. Providers must deliver technical documentation, conformity assessment, and transparency information. Deployers must implement human oversight, maintain records of use, report incidents, and conduct fundamental rights impact assessments. Compliance is a shared responsibility—you cannot outsource your deployer obligations to the vendor.

Does the EU AI Act apply to US-based companies hiring EU candidates?

Yes. The EU AI Act applies to organizations deploying AI systems that affect people in the EU, regardless of where the deploying organization is based. A US company using AI to screen applications from EU residents is subject to the Act’s deployer requirements for those screening activities.