Bottom line: The EU AI Act regulates AI systems in personnel decisions from August 2026 onwards as high-risk. Companies must perform risk assessments, bias tests, and human oversight – regardless of whether they developed the technology themselves. Compliance responsibility lies with the system user.
The EU now regulates AI tools for candidate selection as high-risk systems. Personnel recruitment companies must rethink their business models: risk assessments, bias tests, and human monitoring become mandatory from August 2026 – regardless of whether the company itself developed the technology.
The EU AI Act (Regulation 2024/1689) classifies artificial intelligence systems used in employment decisions as high-risk systems. This covers recruitment, selection, targeted job postings, candidate evaluation, performance monitoring, and certain decisions regarding compliance, contractual terms, and termination.
From 2 August 2026 onwards, all these tools must comply with mandatory risk assessments, technical documentation, bias testing, human oversight, transparency disclosures, and continuous monitoring.
For staffing companies, employer of record (EOR) services, and workforce platforms, the requirements are substantially more demanding than for individual corporate HR departments. Particularly important: compliance is your responsibility when you deploy the technology – regardless of whether you developed it yourself or what assurances the platform provider gives.
The typical staffing supply chain illustrates the complexity: a Vendor Management System (VMS) uses algorithmic matching for candidate search, an RPO provider conducts AI-driven screening processes, staffing companies deploy chatbots for pre-qualification, and EORs use AI for onboarding, compliance, and performance management. At each step, AI influences employment decisions. Under Article 3 of the Act, any company that deploys AI systems under its authority is a “user” – with corresponding compliance obligations.
Both providers and users of AI systems are subject to the Act’s obligations. National authorities have enforcement powers, including fines and the ability to withdraw AI systems from the market. It is possible that certain AI systems in the employment context may be exempt from the obligations.
Just as the GDPR forced you to rethink your data processing practices, the EU AI Act forces you to reconsider the tools you deploy.
Source: artificialintelligenceact.eu