Article

AI in recruitment and HR: opportunities and what the EU AI Act requires

Recruitment software with AI scoring is legally classified as high-risk AI. What that already requires from HR teams — even if you buy the tool rather than build it.

Written by Loek Delahaye, founder, Delahaye Solutions · ex-CTO with 10+ years in software and AIPublished:
Short answer
  • AI tools that screen CVs, rank candidates or assess employment suitability fall under Annex III (category 4) of the EU AI Act — these are legally classified as high-risk AI.
  • AI literacy (Article 4) already applies to every HR team using AI tools, including those bought from a vendor rather than built in-house. This has been in force since 2 February 2025.
  • As a deployer you share responsibility for the use of high-risk AI in your recruitment process — even if the AI was built by an external supplier.
  • Three steps to take now: carry out an AI inventory of your HR tools, record it in an AI register, and provide documented AI literacy training to your HR team.

AI makes recruitment smarter — and more accountable

Many HR teams and recruitment agencies already use AI: software that scores CVs, ranks candidates or suggests interview questions. The benefits are clear — more speed, less routine work, more consistent selection. But the EU AI Act has a consequence many HR professionals are not yet aware of: AI that supports personnel decisions is legally classified under Annex III of the Act. That is the category of high-risk AI. This means stricter obligations than for ordinary AI tools — and those obligations apply to companies that buy in the AI from a vendor, not just those that build it themselves.

What the Act requires from HR teams

Three things you need to know

The EU AI Act draws a clear line: AI that influences employment and personnel management is legally high-risk AI. This applies to the software — and to the businesses that work with it.

Annex III: recruitment AI is high-risk AI

Annex III (category 4) of the EU AI Act explicitly names AI systems used for recruitment and selection, assessing employment suitability, promoting or dismissing employees, and monitoring performance. If your recruitment software scores CVs, ranks candidates or makes a recommendation about who to invite for an interview, that software falls into this category. This applies regardless of whether you built the tool yourself or purchased it from a supplier.

Deployers share responsibility

Under the EU AI Act, as a deployer you share responsibility for how high-risk AI is used in your organisation — even when the AI was built by an external supplier. That means you must, among other things, appoint a human overseer for AI-assisted decisions in the recruitment process, train employees adequately, and document your compliance with the high-risk AI obligations. This is in addition to the AI literacy obligation (Article 4) that has already applied since 2 February 2025.

When do the stricter rules take effect?

Enforcement of the Annex III obligations for high-risk AI begins on 2 August 2026, when national supervisory authorities receive their powers. The EU is working through the 'Digital Omnibus' (November 2025) on a possible shift or simplification of the high-risk obligations for smaller businesses; that proposal has not yet been definitively adopted. The AI literacy obligation (Article 4) is separate from this and already applies today. Fines for violations can reach €15 million or 3% of worldwide annual turnover, whichever is higher.

Three concrete steps

How HR teams can start now

You don't have to wait until 2026 to act. Three steps that already add value: (1) Carry out an AI inventory of your HR tools — which software do you use for recruitment, assessment or personnel management? Does it have AI features? (2) Record this in an AI register — per tool: what does the AI do, who uses it, what decisions does it support and is there human oversight? (3) Provide AI literacy training to your HR team — not a generic course, but tailored to the AI tools recruiters and HR managers use day to day. Document that you did this. These three steps give you a strong foundation for both the already-applicable Article 4 obligation and the stricter Annex III rules that will be enforced from 2026.

Frequently asked questions

Frequently asked questions about AI in recruitment and the EU AI Act

Does our applicant tracking system (ATS) fall under the EU AI Act?
It depends on the AI features in your ATS. If the system automatically scores CVs, ranks candidates, assesses employment suitability or makes recommendations about who to invite or reject, it likely falls under Annex III (category 4) of the EU AI Act. Ask your supplier explicitly whether their product is classified as a high-risk AI system and what documentation is available.
We buy the AI from a supplier — are we still liable?
Yes. As a deployer you share liability for how the high-risk AI is used in your recruitment process, even if it was built by an external party. The Act divides responsibility between the provider (the builder) and the deployer (you as the user). Your supplier must be able to provide you with the right documentation and technical measures; you are responsible for human oversight, training and use that conforms to the intended purpose.
What do HR employees need to know about AI literacy?
Article 4 requires that employees using AI tools understand how those tools work, what their limitations are and what risks come with them. For a recruiter that means at minimum: how does the AI score CVs and on what criteria? Where can the AI make a mistake or be biased? Who is the point of contact if a candidate objects to an AI-assisted decision? The training does not need to be extensive, but it must be role-specific and documented.
When do the stricter high-risk rules for recruitment AI take effect?
Enforcement of the Annex III obligations (high-risk AI) begins on 2 August 2026. The EU is working on a possible deferral or simplification for small businesses via the 'Digital Omnibus', but that proposal is not yet final. The AI literacy obligation (Article 4) already applies now — it is not dependent on the Annex III enforcement timeline.
How quickly can we become compliant?
With Delahaye Solutions' AI Act Scan you can be in order in about a week: we inventory your AI usage, map the risk classification, draw up an AI register and AI policy, and provide role-specific AI literacy training for your team. We deliver an audit-ready dossier. Fixed price: €750 for small teams and freelancers; €1,500 for businesses with 10-50 employees.
Read more

Make your recruitment AI compliant?

Book a free intake for the AI Act Scan. We look together at your HR tools, the risk classification and what is needed — no commitment.

Book a free AI Act intake →

Free and without obligation · Reply within one business day · Fixed price up front, no surprises