Hiring & AI in the EU: What HR Leaders Must Do Now

Andras Rusznyak

artificial intelligence expert

Ha magyarul szeretnéd olvasni a cikket, kattints ide

AI is rapidly transforming recruitment, candidate screening, performance evaluation, and HR decision workflows. But with opportunity comes risk: in the European Union, the EU Artificial Intelligence Act (AI Act) introduces legal obligations and liabilities for AI use in hiring and employment. HR leaders who wait risk fines, reputational damage, and loss of trust. The time to prepare is now—before full enforcement.

According to legal analyses by Hunton, systems used for candidate filtering, evaluation, performance monitoring, promotions or terminations fall under the AI Act’s high-risk AI systems category. From August 2, 2026, most rules for high-risk systems will take effect (although changes are always expected in the future). Starting February 2, 2025, certain prohibited practices—e.g. emotion recognition, social scoring—are already banned outright.

In short: AI in hiring is no longer a “nice to have”—it's a regulated activity. HR must lead compliance, not assume vendors or IT will cover it.

IMPORTANT NOTE:

We utilized generative AI in the making of this article.

Key pillars of the AI Act

The AI Act adopts a risk-based framework dividing AI systems into:

1. Unacceptable risk: banned systems (e.g. social scoring, covert manipulation)

2. High risk: systems subject to strict obligations (many recruitment/employee evaluation systems land here)

3. Limited risk / transparency obligations: e.g. chatbots must disclose that “you are interacting with an AI”

4. Minimal risk: default category with minimal regulation.

As deployers (i.e. employers) using AI systems for hiring or evaluation, HR teams have obligations even if they did not build the AI.

Core obligations for high-risk AI in HR

Here are the primary HR-relevant obligations:

• Transparency & disclosure: Inform candidates/employees that decisions or steps involve AI, explain how, and disclose main decision elements.

• Data quality & bias mitigation: Input data must be relevant, representative, error-free, and checked for bias.

• Human oversight: Ensure a human can review, correct, or override AI outputs, to ensure fairness & avoid harm.

• Monitoring & risk management: Continuously monitor performance, drift, error rates, adverse outcomes.

• DPIA (Data Protection Impact Assessment): Because high-risk AI processes personal data, a DPIA under GDPR is required.

• AI literacy & training: Personnel using or interacting with these systems must be educated about their risks and correct usage.

• Vendor & procurement due diligence: Ensure AI vendors comply with AI Act; obtain required documentation, risk assessments, instructions, and conformity evidence.

• Penalties & liability: Non-compliance may incur fines up to €35 million or 7% of global turnover (whichever is higher) for serious infringements.

Timeline to enforce

• February 2, 2025: Prohibitions on certain practices begin (emotion detection, social scoring, biometric classification, manipulative AI)

• August 2, 2025: Key rules for General Purpose AI models (essentially the foundational models that are good for a wide range of tasks)

• August 2, 2026: The bulk of compliance obligations (monitoring, assurance, oversight) kick in for high-risk systems.

Regulatory background & essentials

What HR must do: compliance + value

1. Inventory & risk classification of your AI systems

• Map all HR-related AI systems (resume screening, ranking, automated scheduling, evaluation tools, chatbot for HR queries).

• Classify each: high-risk? limited? safe?

• Document use case, vendor, data inlet/outlet, decision logic, fallback, override path.

2. Governance & oversight framework

• Establish an AI governance committee (HR, legal, ethics, data, IT)

• Define decision charters for each AI use: user, decision, KPI, action, fallback

• Require vendor conformity evidence, service-level assurances, periodic audits

3. Transparency & communication to stakeholders

• Update candidate and employee documentation: include clear notice that AI is used in selection/assessment, what aspects are automated, how they can request explanation.

• Create explainability summaries (non-technical) for decisions involving AI.

• Engage worker representatives or works councils early, especially in jurisdictions that require consultation.

4. Human-in-the-loop & override logic

• Identify which decisions require human review (e.g. final rejection, promotion, termination)

• Provide tools to inspect and override AI outputs

• Ensure reviewers have context: candidate profile, reasoning, confidence score

5. Bias control & performance monitoring

• Track performance over demographic groups (error rates, false positives, false negatives)

• Monitor drift over time (input distributions changing)

• Establish thresholds for re-training or disabling the model

6. DPIA + legal and privacy alignment

• Conduct or update DPIA for each AI system processing personal data

• Ensure alignment with GDPR, as AI obligations often layer on top of data protection law

• Retain documentation, logs, audit trails

7. Training, literacy & stakeholder enablement

• Build or deliver AI literacy training for HR, TA, managers: what AI can/cannot do, bias, model limitations

• Create playbooks & checklists to guide everyday use

• Encourage a culture of question and oversight, not blind trust

8. Pilot vs scaling: start small, iterate

• Pilot critical AI use cases (e.g. candidate ranking) with narrow scope, audit heavily

• Gradually scale once trust and metrics are proven

• Use A/B or control group experiments to validate impact

Why it’s urgent

Up next: Thank you for reading this article. We will be posting short snippets on HR Analytics while we are working on season 2 of the larger series. Stay tuned.

Have you read our other articles? Go to Motioo Insights

Do you have any questions or comments? Contact us