AI in recruitment is increasingly being used to screen candidates, analyze resumes, evaluate employees, and monitor work performance. However, with the AI Act coming into effect, the use of such tools is now subject to specific legal obligations. Employers must assess whether the solutions they use constitute high-risk systems and whether their HR processes have been properly adapted to the new compliance requirements.
Table of Contents
- What Is the EU AI Act?
- Why Is AI in HR a Particularly Sensitive Area?
- High-Risk AI Systems in Recruitment and HR
- Can AI Make Hiring Decisions on Its Own?
- Human Oversight — What Does It Mean in Practice?
- AI Literacy — A New Obligation for Employers
- Prohibited Uses of AI in the Workplace
- AI-Based Employee Monitoring — What Employers Must Watch Out For
- AI and the Risk of Candidate Discrimination
- EU AI Act and HR — What Obligations May Apply to Employers?
- Should Employees Know They Are Being Assessed by AI?
- The Polish AI Systems Act — Draft Legislation
- EU AI Act Implementation Schedule — Key Dates
- AI Compliance for Employers — How to Prepare Your Organisation for the EU AI Act
- AI in Recruitment and HR — What Does This Mean for Businesses?
- AI in Recruitment and HR – Summary
- Frequently Asked Questions — AI in Recruitment and HR
What Is the EU AI Act?
The EU AI Act — Regulation (EU) 2024/1689 of the European Parliament and of the Council — is the first comprehensive legal framework for artificial intelligence in the European Union. It is built on a risk-based approach: the greater the impact of an AI system on people’s rights and situation, the more obligations it places on the organisation.
For employers, the most relevant provisions cover high-risk systems, transparency, human oversight, and AI literacy. The HR domain has been identified as particularly sensitive. AI can influence access to employment, employee assessments, promotions, and working conditions.
Why Is AI in HR a Particularly Sensitive Area?
AI systems used in HR can shape decisions about hiring, promotions, pay, and employee monitoring. Employers must therefore check such tools for compliance not only with the EU AI Act, but also with the General Data Protection Regulation (GDPR), labour law, and the principle of equal treatment.
High-Risk AI Systems in Recruitment and HR
The EU AI Act explicitly covers AI systems used in employment, workforce management, and access to self-employment. If a tool is used for recruitment, candidate selection, application filtering, assessment of job applicants, or support for HR decisions, it should generally be treated as a high-risk AI system. Unless a specific exemption under the AI Act applies.
Not every HR tool automatically qualifies as high-risk. What matters is the tool’s actual function and its impact on the candidate or employee. A system that only helps draft a neutral job description is assessed differently from an Applicant Tracking System (ATS) with an AI module that ranks candidates, rejects applications, or assigns match scores.
For example, an ATS that simply sorts applications by date of receipt is treated differently from a system that automatically ranks candidates or recommends rejecting some of them. The greater the AI’s influence on the recruitment outcome, the more important transparency and human oversight obligations become.
Tools requiring especially careful review include those used for CV screening, candidate scoring, automated assessment of job interviews, work performance monitoring, and support for HR decisions.
Can AI Make Hiring Decisions on Its Own?
This is one of the most important practical questions.
The EU AI Act does not fully ban AI from supporting HR decisions. It does, however, require real human oversight of high-risk systems.
Fully automating recruitment or employee assessment carries significant legal risk.
If an AI system rejects candidates without genuine human review, this may breach the EU AI Act, the GDPR, the principle of equal treatment, and transparency requirements. Separately, employers must also consider Article 22 of the GDPR, which restricts solely automated decision-making. In practice, full automation can be especially problematic if a candidate files a complaint or a discrimination dispute arises.
Human Oversight — What Does It Mean in Practice?
Human oversight means ensuring real supervision over high-risk AI systems. A recruiter or HR professional must understand how the system works and be able to challenge its recommendations.
Formally approving an AI-generated result is not enough. The person responsible for the process must understand how the system operates and what errors it can make.
In practice, organisations should set up procedures to review AI decisions, document human interventions, and train staff who use AI systems.
AI Literacy — A New Obligation for Employers
AI literacy means the skills needed to use AI systems with awareness and understanding. HR staff must know the limitations of these systems, understand algorithmic risks, and recognise when human intervention is needed.
This is especially important in HR. Misinterpreting an AI-generated result can lead to discrimination or flawed HR decisions.
Prohibited Uses of AI in the Workplace
The EU AI Act bans certain uses of AI. Particularly risky are systems that analyse the emotions of candidates or employees based on facial expressions, voice, or biometric data.
Employers must exercise particular caution with tools that assess emotions, stress levels, or employee behaviour.
AI-Based Employee Monitoring — What Employers Must Watch Out For
More organisations are using AI to monitor employee activity and performance. Such systems can track working hours, activity in company systems, or how employees carry out their duties.
Employers must check compliance not only with the EU AI Act, but also with the GDPR and the Labour Code. Key issues are the proportionality of monitoring, the scope of data collected, and information obligations towards employees.
AI and the Risk of Candidate Discrimination
One of the biggest practical problems is the risk of algorithmic discrimination. An AI system may favour certain groups of candidates or replicate biases present in its training data.
This risk can arise even when the employer has no intent to discriminate. If historical data contained certain patterns, the system may perpetuate them.
EU AI Act and HR — What Obligations May Apply to Employers?
The scope of obligations depends on the organisation’s role. A typical employer using a ready-made HR tech tool will usually act as a deployer — an entity that uses the system within its own organisation. This does not mean the employer has no responsibility. Even if the technology provider is an external company, the employer must know what the system is used for, how it affects HR decisions, and whether its use may violate the rights of candidates or employees.
In some cases, an organisation may have a broader role — for example, if it independently modifies the system or integrates it with its own processes.
Key Compliance Obligations
| Obligation | Practical Meaning |
| Risk assessment | Identify how AI affects employee rights |
| Human oversight | Human supervision of AI decisions |
| Documentation | Record how the AI system is used |
| AI literacy | Training for HR staff and management |
| Transparency | Inform people that AI is being used |
| Cybersecurity | Secure AI systems against threats |
| Governance | AI procedures and internal policies |
In practice, organisations will increasingly need to create internal AI governance procedures covering HR policies, GDPR documentation, and rules for using AI tools.
Should Employees Know They Are Being Assessed by AI?
In many cases, yes. The EU AI Act is built on the principle of transparency. Candidates and employees should know that AI systems are being used in HR processes. Obligations under the GDPR and labour law are also relevant here.
The Polish AI Systems Act — Draft Legislation
Poland has prepared a government draft of the AI Systems Act to apply the EU AI Act at the national level. The draft was submitted to the Polish Parliament on 9 April 2026 as Print No. 2443 and has been referred for further parliamentary proceedings.
The draft provides for the creation of the Commission for the Development and Safety of Artificial Intelligence (in Polish: Komisja Rozwoju i Bezpieczeństwa Sztucznej Inteligencji, KRiBSI). It will act as the national supervisory authority for AI systems.
EU AI Act Implementation Schedule — Key Dates
The EU AI Act applies in stages. The key dates for employers are set out below.
| Date | Significance |
| February 2025 | Prohibitions on unacceptable AI practices |
| August 2025 | Some obligations for General-Purpose AI Models (GPAI) apply |
| August 2026 | Most obligations for high-risk AI systems |
| August 2027 | Obligations for selected high-risk systems linked to products or sector-specific regulations |
For HR departments, this means the period from 2025 to 2026 should be used to prepare the organisation for the new requirements.
AI Compliance for Employers — How to Prepare Your Organisation for the EU AI Act
Employers should review the AI systems they use, assess their impact on candidates and employees, and apply basic compliance procedures. It is also worth checking contracts with HR tech vendors and training HR teams and managers.
AI in Recruitment and HR — What Does This Mean for Businesses?
AI can support HR processes, but it also creates significant legal and compliance risks. The most important issues are transparency, human control, preventing discrimination, and data security.
AI in Recruitment and HR – Summary
AI in recruitment and HR is becoming one of the most important regulatory areas in artificial intelligence. Systems used to screen candidates, monitor employees, or make HR decisions may qualify as high-risk AI systems under the EU AI Act.
For employers, this means introducing new compliance mechanisms. These include human oversight, AI literacy, transparency procedures, and risk controls.
Monitoring the Polish implementing legislation is also essential. Organisations that prepare their procedures and AI governance frameworks early will reduce legal and operational risk.
Is Your Organisation Ready for the EU AI Act in HR?
If your company uses AI in recruitment, candidate assessment, or employee monitoring, now is the time to check whether your tools meet EU AI Act requirements.
Our experts advise employers on AI-related risks in employment, compliance procedures, and aligning HR processes with the EU AI Act and the GDPR. Contact us to find out more.
Frequently Asked Questions — AI in Recruitment and HR
1. Is AI used in recruitment always a high-risk system?
Not always. What matters is the system’s function and its impact on the rights of candidates or employees. Tools used for candidate selection, CV scoring, application filtering, or employee assessment should generally be treated as potential high-risk AI systems. Supporting tools that do not affect the hiring decision — such as a system that helps write a job advert — may be assessed differently.
2. Can an employer use AI to automatically reject candidates?
Fully automating HR decisions carries significant legal risk. The EU AI Act requires real human oversight of high-risk systems. The GDPR provisions on automated decision-making are also relevant. The safer approach is to treat AI as a tool that supports the recruiter, not one that decides the outcome of an application on its own.
3. Does the EU AI Act apply only to large tech companies?
No. Obligations may also apply to ordinary businesses that use ready-made AI systems in their HR processes. An employer that deploys an AI tool for recruitment, employee monitoring, or performance assessment should check what role it plays under the EU AI Act and what obligations follow from that.
4. Does an ATS with an AI module fall under the EU AI Act?
It may. If an ATS only organises applications or helps with administrative tasks, the risk is lower. If the system automatically assesses candidates, creates rankings, assigns match scores, or recommends rejecting applications, it should be analysed as a potential high-risk AI system in the employment area.
5. Does a small company also need to prepare AI procedures?
Yes, if it uses AI tools in HR processes. The EU AI Act does not limit obligations to large employers. The scope of required actions depends on the organisation’s role, the type of system, and the level of risk. Even a smaller company should know which AI tools it uses, who is responsible for them, and whether candidates and employees are properly informed.
6. Does an employer have to tell candidates that AI is being used?
In many cases, yes. The EU AI Act includes transparency obligations, and the GDPR and labour law are also relevant. A candidate should know that an AI tool is being used in the recruitment process — especially if it affects the assessment of their application, the ranking of candidates, or any recommendation about their continued participation in the process.
7. Can AI be used to monitor employees?
Yes, but this requires a compliance review against the EU AI Act, the GDPR, and labour law. AI-based employee monitoring must be proportionate, justified, and transparent. Particularly problematic are systems that analyse emotions, biometric data, psychological behaviour, or employee activity in ways that excessively intrude on privacy.
8. When do the EU AI Act provisions on HR take effect?
Some prohibitions have applied since February 2025. Most obligations for high-risk systems take effect from August 2026. Some rules will apply on a rolling basis after that. Employers should start now to prepare their HR processes, documentation, and AI system controls.