The EU AI Act and Recruiting: What HR Leaders Need to Know in 2026

The EU AI Act became fully applicable to high-risk AI systems in August 2026. Under that regulation, AI tools used in employment decisions — including AI screening interviews, resume scoring algorithms, and candidate ranking tools — are classified as high-risk by default, placing them in the same category as AI used in medical devices and critical infrastructure.

For HR leaders at companies with European operations, this is not a future concern. It is a current compliance requirement that affects which AI recruiting tools you can legally deploy, what documentation you must maintain, and what rights candidates in EU member states have regarding AI-driven hiring decisions.

Quick Answer: The EU AI Act requires that AI recruiting tools classified as high-risk undergo conformity assessment, maintain technical documentation, implement human oversight, and provide transparency to affected individuals before deployment for EU-based hiring. Employers — not vendors — bear primary responsibility for ensuring compliance. Tenzo AI, HireVue, and Harver have published EU AI Act readiness statements — verify current compliance posture directly with any vendor you are evaluating for EU deployment. Smaller vendors with limited compliance teams are unlikely to have completed the required documentation.

The EU AI Act text (Regulation 2024/1689) identifies employment and workers management as one of eight high-risk use case categories. The regulation's Recital 57 specifically calls out AI systems used for "recruitment or selection of natural persons, in particular for advertising vacancies, screening or filtering applications, evaluating candidates in the course of interviews or tests" as subject to high-risk requirements.

SHRM's 2025 global HR compliance analysis found that fewer than 25% of non-EU multinational companies had begun EU AI Act compliance planning for their HR technology stacks as of early 2026 — despite the enforcement deadline. The gap is particularly acute for mid-market companies that lack dedicated legal and compliance resources.

Conformity Assessment

High-risk AI systems must undergo conformity assessment before deployment. For most AI recruiting tools, this is a self-assessment process — vendors complete an internal assessment against the Act's requirements and issue an EU Declaration of Conformity. However, the assessment must be documented, thorough, and available for inspection by national market surveillance authorities.

Ask vendors: "Have you completed a conformity assessment under the EU AI Act? Can you provide the Declaration of Conformity?"

Technical Documentation

Vendors must maintain technical documentation covering: the system's purpose, intended use, and known limitations; the data used to train the system and data governance practices; testing and validation methodology; performance metrics including accuracy and bias assessment results; and cybersecurity measures.

As the deploying employer, you must also maintain documentation of your deployment — including how you configured the system, what criteria you applied, and how you implemented human oversight.

Human Oversight

The EU AI Act requires that high-risk AI systems be designed to enable human oversight. In the recruiting context, this means AI screening outputs must be reviewable and overridable by human decision-makers. An AI screening tool that produces a hiring decision without human review would not satisfy this requirement.

In practice, this is consistent with how most AI recruiting tools are positioned — as supporting human decisions, not replacing them. The compliance consideration is ensuring that the workflow genuinely allows human review rather than treating AI scores as de facto determinative.

Transparency to Individuals

Candidates subject to AI hiring tools have the right to be informed that they are interacting with an AI system. They must also be informed about what data the system collects and how it is used. This is consistent with GDPR requirements that many EU-operating companies have already implemented, but the EU AI Act's transparency requirements are more specific about AI disclosure.

Combined with GDPR's Article 22 (right not to be subject to solely automated decisions with legal or similarly significant effects), candidates can request human review of any AI-driven hiring decision. Your process must accommodate this right.

For companies already GDPR-compliant, the EU AI Act adds a layer rather than replacing existing requirements. The key GDPR considerations for AI recruiting:

Lawful basis for processing: Candidate data processed by AI screening tools requires a lawful basis under GDPR Article 6. Legitimate interest or consent are the most commonly used bases. Consent is cleaner from an audit perspective but creates withdrawal complications — if a candidate withdraws consent, you may need to delete their evaluation data, which affects your hiring record.

Data minimization: AI tools should collect only the data necessary for the stated evaluation purpose. Tools that collect and analyze behavioral signals beyond stated evaluation criteria may have difficulty justifying data minimization compliance.

Data retention: Specify how long AI evaluation data is retained and ensure your vendor's data retention practices align with your GDPR data retention policy. The Illinois AIVIA requires 30-day deletion on candidate request — this is stricter than most GDPR-based retention policies.

Cross-border data transfers: If candidate data is processed on servers outside the EEA, standard contractual clauses (SCCs) or other transfer mechanisms must be in place. Verify your vendor's data processing locations and transfer safeguards.

When evaluating AI recruiting vendors for EU deployment, the key questions are:

1. "Have you completed a conformity assessment under the EU AI Act?" A yes answer should be followed by a request to review the Declaration of Conformity.

2. "Do you have technical documentation available for review by our legal team?" Vendors with completed documentation can provide this within a week. Vendors without it will stall.

3. "How do you support our GDPR Article 22 obligations?" The vendor's process should accommodate candidate requests for human review of AI-generated assessments.

4. "Where is candidate data processed and stored?" EEA-based processing is simplest. Non-EEA processing requires SCCs or other transfer mechanisms.

5. "What is your candidate disclosure template for EU candidates?" This should be a specific document, not a general statement about transparency.

See our bias audit guide for the additional fairness evaluation questions that complement EU AI Act compliance review.

Does the EU AI Act apply if we are a US company hiring European remote workers? The EU AI Act applies based on where the effects of the AI system are felt, not where the company is headquartered. If you are using AI recruiting tools to evaluate candidates who are EU residents — regardless of whether the role is remote or on-site — the regulation is likely applicable. Consult with EU legal counsel for jurisdiction-specific guidance.

When did the EU AI Act start applying to AI recruiting tools? The high-risk AI provisions, which include employment decision tools, began applying in August 2026. However, obligations on providers of high-risk AI systems (vendors) began earlier, in February 2025. If you are evaluating vendors now, you should expect compliance to already be in place.

What are the penalties for EU AI Act non-compliance? Penalties for violations involving high-risk AI systems are up to €15 million or 3% of global annual turnover, whichever is higher. For companies operating at scale, this represents material financial exposure.

How does the EU AI Act interact with national AI regulations in EU member states? The EU AI Act is a regulation (not a directive), meaning it applies directly in all member states without national implementing legislation. However, member states may add additional requirements in specific areas. Germany's Works Constitution Act, for example, gives works councils co-determination rights over technology affecting employees — including AI tools used in hiring.

Are all AI recruiting tools covered, or only those that use video or audio analysis? The EU AI Act's employment use case category covers AI systems used in recruitment and selection broadly — including resume screening algorithms, candidate ranking tools, and interview analysis tools. It is not limited to video or audio modalities.

Need help assessing EU AI Act readiness for your AI recruiting stack? Book a consultation with our editorial team.

• AI hiring compliance 2026: EEOC, NYC Local Law 144, and AIVIA
• How to audit AI recruiting tools for bias before you buy
• AI Recruiting Software RFP questionnaire
• Questions to ask AI recruiting vendors about ATS integration
• Best voice AI interviewers for 2026