AI in Hiring Under the EU AI Act: A Practical Guide for HR Teams

Updated 19 May 2026. Post-Omnibus: hiring AI high-risk obligations apply from 2 December 2027 (not 2 August 2026). Article 4 AI Literacy applies today. Read what changed and what didn't.

If your HR team uses AI to screen CVs, rank candidates, schedule interviews, or assess video interviews, you are operating high-risk AI under the EU AI Act. From 2 December 2027, this triggers documentation, transparency, and human-oversight duties that go well beyond GDPR. Article 4 AI Literacy applies to your HR team today. Here is what you actually need to do, in plain HR language.

Why hiring AI is high-risk

Annex III of the EU AI Act lists categories of high-risk AI. Point 4 specifically covers AI used in 'employment, workers management and access to self-employment' — including recruitment, candidate selection, performance evaluation, promotion, and termination.

What duties trigger on 2 December 2027

  • Maintain an AI Register entry for each hiring AI tool, with documented risk classification.
  • Complete a DPIA + FRIA before deployment.
  • Design and document human oversight: who reviews AI output, and what authority they have.
  • Inform candidates that AI is involved (job ad, application form, communication).
  • Provide a right to explanation for any adverse decision involving AI (Article 86).
  • Monitor for bias and adverse impact across protected categories.
  • Engage works council where required (Germany, France, Belgium, Netherlands, Italy).

Practical disclosure wording

Job advertisement

'AI in our hiring process: We use AI tools to help screen applications. Every application is also reviewed by a human before any rejection or shortlist decision. You can request more information about our process or opt out of automated screening at [CONTACT EMAIL].'

Rejection notice

'We've decided not to move forward with your application. A human reviewer made this decision with input from AI screening tools. The main factors were [TOP 2-3]. You can request more information by replying to this email — we will respond within 14 days.'

Bias monitoring — the 4/5 rule

EU equality law expects proactive bias monitoring. The 'four-fifths rule': the selection rate for any protected group should be at least 80% of the rate for the highest-selected group. If your AI's gender or age-band selection rates differ by more than 20%, you have an adverse-impact problem to investigate.

Why HR teams should not wait until 2027

Enterprise customers conducting vendor due diligence ask hiring suppliers and partners for AI hiring documentation today. ISO 27001 and SOC 2 audits already cover AI usage as a control. And national equality bodies are actively investigating algorithmic discrimination cases under existing law. Documentation built in 2026 is documentation refined by 2027.

Done-for-you compliance for HR teams

The Ready AI Act Premium Compliance Programme (€899) includes the HR/Recruiting sector add-on: full Annex III dossier, vendor due-diligence pack for the top 15 HR AI vendors (HireVue, Pymetrics, Eightfold, Paradox, Beamery), works council briefing kit, adverse impact analysis spreadsheet, national DPA guidance map, and a 30-minute compliance call. Delivered within 5 business days, reviewed by qualified ICT/privacy counsel.

Back to blog