High Risk — Annex III, Point 4Penalty: up to €15M or 3% of turnover

EU AI Act: HR & Recruitment AI Compliance

Name: Regumatrix
Author: Regumatrix

AI systems used in employment decisions — including CV screening, candidate ranking, performance evaluation, and promotion decisions — are explicitly listed as high-risk in Annex III, point 4. Compliance is mandatory from August 2026.

Article 99 penalty for high-risk HR AI non-compliance

HR and recruitment AI that does not meet Articles 9–17 obligations by the deadline carries a penalty of up to €15,000,000 or 3% of global annual turnover, whichever is higher. Compliance is mandatory from 2 August 2026. GDPR Article 22 obligations (automated employment decisions) apply independently and in parallel.

Not sure if your hiring or evaluation tool is high-risk?

Describe what your system does and Regumatrix checks it against Annex III, Article 6, and the full regulation — in about 30 seconds. Your first 3 analyses are free.

Check my HR AI system — 3 free analyses included

Covered systems under Annex III(4)

CV screening and applicant ranking tools
Automated video interview assessment (tone, facial expression analysis)
Psychometric AI testing platforms
Performance monitoring and scoring systems
AI tools for promotion, demotion, or termination decisions
Task allocation systems with material impact on working conditions

Key obligations for HR AI providers and deployers

Art. 9Documented risk management covering bias, fairness and discrimination risks

Art. 10Training data must not encode historical discrimination or proxy variables

Art. 12Log all decisions and retain records for at least 6 months

Art. 13Instructions for use must clearly state limitations and data requirements

Art. 14Human oversight: hiring decisions must not be fully automated

Art. 26Deployers (employers) must conduct a fundamental rights impact assessment

Art. 50AI-generated content used in hiring must be marked as AI-generated

GDPR interaction

Article 22 of GDPR already restricts fully automated decisions in employment. The EU AI Act adds a separate layer: the AI system itself must meet high-risk requirements regardless of whether the final decision is automated or human-reviewed. Both regimes apply simultaneously.

Is your HR tool in an obligations grey area?

Employment AI is one of the most-scrutinised Annex III categories. The line between a “matching tool” and a high-risk ranking system is where most teams underestimate their exposure. Check if any of these apply:

Your tool ranks or scores candidates even if a human makes the final hire decision
You use a third-party ATS or video interview platform with AI scoring built in
Your performance management system flags employees for review or bonus changes
You monitor employee productivity using AI with no published oversight policy
Your AI was built before 2024 and has not been reassessed for AI Act compliance

Check my HR AI system →

Frequently asked questions

Is CV screening software high-risk under the EU AI Act?▾

Yes. AI used for recruitment, CV screening, candidate ranking, or employee performance evaluation falls under Annex III point 4 of the EU AI Act and is classified as high-risk. Providers must comply with full high-risk obligations including risk management, human oversight, and registration by 2 August 2026.

Who is responsible — the HR software vendor or the employer?▾

Both. The software vendor (provider) must ensure the AI system meets high-risk requirements before placing it on the market — including technical documentation, conformity assessment, and CE marking. The employer (deployer) must implement human oversight, ensure the system is used appropriately, and cannot make solely automated employment decisions without disclosure obligations under Article 26.

Does GDPR overlap with the EU AI Act for HR AI?▾

Yes. Automated decision-making in hiring also triggers GDPR Article 22, which restricts purely automated decisions that produce legal or similarly significant effects — individuals have the right to explanation and human review. The EU AI Act's human oversight requirements (Article 14) and GDPR Article 22 operate in parallel and both apply to HR AI.

Related compliance guides

Is my AI high-risk? (Checklist)Healthcare AI obligations Financial services AI guide Fines & penalties (Article 99)Provider obligations checklist All enforcement deadlines

Know your exact obligations before August 2026

Employment AI is one of the most-scrutinised Annex III categories — regulators pay particular attention to bias, fairness, and automated decision-making in the workplace. Understand your exact exposure before August 2026.

Describe your AI system in plain language. Regumatrix checks it against every article of the EU AI Act and returns your risk tier, Annex classification, the exact obligations that apply, and your fine exposure under Article 99. Eight sections. About 30 seconds.

Analyse my HR AI free →All compliance guides

8-section report · Article citations · ~30 seconds · No credit card

Covered systems under Annex III(4)

CV screening and applicant ranking tools

Automated video interview assessment (tone, facial expression analysis)

Psychometric AI testing platforms

Performance monitoring and scoring systems

AI tools for promotion, demotion, or termination decisions

Task allocation systems with material impact on working conditions