Skip to content
High-Risk under Annex III

Recruitment AI is high-risk
under the EU AI Act

CV screening, candidate ranking, and AI-assisted hiring decisions are explicitly listed in Annex III, point 4 (employment, workers management). If your AI influences who gets hired, promoted, or terminated, you have until December 2, 2027 — 561 days — to comply.

Which recruitment AI is high-risk?

Annex III, point 4 covers AI intended for recruitment, candidate selection, and decisions affecting employment relationships.

CV screening & candidate ranking

AI that reads, scores, or filters job applications — including keyword matching, skills extraction, and automated shortlisting

Candidate assessment & scoring

Psychometric tools, personality assessments, or competency tests that use AI to evaluate candidates and influence hiring decisions

AI video interview analysis

Systems that analyse facial expressions, tone of voice, or body language during video interviews to assess candidates

Promotion & termination decisions

AI used to recommend promotions, flag performance issues, or influence decisions about employee retention or termination

What's not high-risk in recruitment?

Operational and administrative tools that don't directly influence individual hiring outcomes are generally lower risk.

Job posting distribution and ad optimisation tools
Scheduling assistants for interview coordination
Chatbots for candidate FAQs (transparency obligations only)
Internal analytics on hiring pipeline metrics (no individual decisions)

Even if your system is not high-risk, transparency obligations under Article 50 may still apply. Run the free classifier to find out.

10 mandatory obligations for high-risk recruitment AI

Each must be in place before December 2, 2027. Non-compliance risks fines up to €15 million or 3% of global turnover.

1
Risk management system (Article 9)
2
Data governance & bias documentation (Article 10)
3
Full Annex IV technical documentation
4
Automatic event logging (Article 12)
5
Transparency & instructions for deployers (Article 13)
6
Human oversight measures (Article 14)
7
Accuracy, robustness & cybersecurity (Article 15)
8
Conformity assessment (Article 43)
9
EU database registration (Article 49)
10
Post-market monitoring (Article 72)

Bias documentation is critical

Regulators will scrutinise hiring AI first

Employment AI is widely expected to be among the first systems scrutinised by EU regulators. Article 10 requires detailed documentation of training data, bias testing across protected characteristics (gender, age, ethnicity, disability), and mitigation measures. If your AI scores candidates, you need to demonstrate it doesn't discriminate — and document how you tested for it.

Read: EU AI Act for HR Tools →

Already GDPR compliant?

Some work carries over

GDPR Article 22 already restricts automated decision-making in employment. If you have DPIAs and lawful basis documentation for your AI hiring tools, that partially covers AI Act Articles 9 and 10. But the AI Act adds requirements GDPR doesn't cover: model accuracy records, conformity assessment, bias testing documentation, and continuous post-market monitoring.

See the full GDPR overlap mapping →

Further reading

EU AI Act for HR Tools: What Employment AI Providers Need to Know

6 min read

EU AI Act for HR Software Deployers

5 min read

EU AI Act: Deployer vs Provider — Which Are You?

6 min read

561 days until enforcement

Recruitment AI will be among the first systems regulators examine. Classify your system now and start generating the compliance documentation you need.