High-Risk under Annex III

Your HR AI tool is high-risk
under the EU AI Act

Any AI system used in employment decisions is automatically classified as high-risk under Annex III, point 4. That includes CV screening, candidate ranking, interview analysis, performance scoring, and redundancy selection. You have 93 days to comply.

Which HR AI tools are high-risk?

If your product does any of the following, it falls under Annex III, point 4 (employment, workers management) of the EU AI Act.

CV screening & candidate ranking

Any AI that filters, scores, or ranks job applicants based on CVs, cover letters, or application data

Video interview analysis

Tools like HireVue that analyse facial expressions, tone of voice, or word choice during interviews

Performance scoring & reviews

AI systems that evaluate employee performance, recommend promotions, or flag underperformance

Redundancy & termination decisions

Any AI involvement in selecting employees for redundancy, layoffs, or contract non-renewal

Building it or using it? Both have obligations.

The EU AI Act creates separate obligations for providers (who build AI) and deployers (who use it). If you buy HR AI software, you still have compliance work to do.

You build HR AI

Provider obligations

  • Full Annex IV technical documentation
  • Risk management system
  • Conformity assessment before market
  • EU database registration
  • Post-market monitoring

You use HR AI software

Deployer obligations

  • Implement human oversight as instructed
  • Monitor system for anomalies
  • Keep logs for 6 months minimum
  • Inform employees about AI use
  • Run DPIA (data protection impact assessment)

10 mandatory obligations for high-risk HR AI

Every one of these must be in place before August 2, 2026. Non-compliance risks fines up to €15 million or 3% of global turnover.

1
Risk management system (Article 9)
2
Data governance & bias documentation (Article 10)
3
Full Annex IV technical documentation
4
Automatic event logging (Article 12)
5
Transparency & instructions for deployers (Article 13)
6
Human oversight measures (Article 14)
7
Accuracy, robustness & cybersecurity (Article 15)
8
Conformity assessment (Article 43)
9
EU database registration (Article 49)
10
Post-market monitoring (Article 72)

Further reading

EU AI Act and HR Tools: What Employment AI Must Comply With

7 min read

EU AI Act for HR Software Buyers: What Deploying Workday, HireVue, or Any AI Hiring Tool Actually Requires

7 min read

Deployer vs Provider: What's the Difference and Why It Matters

6 min read

93 days until enforcement

HR AI systems are some of the highest-scrutiny use cases under the EU AI Act. Classify your system now and start generating the documentation you need.