Responsible AI Platform
Annex III point 4

AI Act for HR & recruitment: everything your role needs to know

The definitive resource for employers, recruiters, works council members, DPOs and executives organizing HR AI Act compliance before the current Annex III high-risk date.

12 vendor classifications, 9 use case analyses, persona route maps and the HR AI Evidence Pack โ€” all from one coherent dossier framework.

With lawyer + CAICO ยท direct answers on blind spots ยท no pitch

Directly editable templates ยท NL + EN ยท audit-ready dossier

Written by Zahed Ashkara โ€” lawyer, CAICO certified AI Compliance Officer and AI Governance specialist.

Choose your role

Each role has its own questions, risks and routes. Jump to the section written for your work.

HR Manager / People Lead

You are accountable for HR operations, but unsure which tools fall under the AI Act โ€” and what that means for your team in 2026.

To my role

Talent Acquisition / Recruiter

LinkedIn Recruiter, ATS suggestions and assessments are your daily work. The AI Act formally makes your tooling high-risk. What changes tomorrow?

To my role

Works Council / Worker Representation

AI in HR requires works council approval, but you rarely get complete information. How do you ask the right questions and what are your legal rights?

To my role

DPO / Privacy Officer

AI Act and GDPR overlap but are not the same. FRIA versus DPIA, Article 27 versus GDPR information duty. How do you position yourself?

To my role

Board / Executive

Fines up to โ‚ฌ35M or 7% of global revenue. Reputation and works council risks are often larger. Which 5 questions should you ask your HR director?

To my role
The complete dossier โ€” free

HR AI Evidence Pack: from vendor claim to Article 26 audit-ready

The template bundle HR teams use to get their Article 26 dossier in order before vendor, works council or regulator questions escalate. Use case register, classification routes, oversight playbook, candidate and worker notices, works council briefing, bias checklist, FRIA template and Article 4 training register โ€” all in one pack.

Directly editable ยท NL + EN ยท Built by lawyer + CAICO certified AI Compliance Officer

What you get

  • Complete use case register template (Excel) โ€” directly fillable per vendor
  • Classification routes for recruiting (4a) and worker management (4b)
  • Human oversight playbook with override procedures
  • Candidate and worker notice templates (NL + EN)
  • Works council briefing template for 4(b) approval tracks
  • Bias and data quality checklist with 30+ checkpoints
  • FRIA template specifically for HR context
  • Article 4 training register + role matrix

Per role: what you really need to know

No generic advice. Per persona: pain points, answers and your concrete route map.

HR Manager / People Lead

You report to leadership on HR operations and quality. Vendor choices, policy and processes sit with you.

What keeps you up at night

  • โ€ขOur ATS, performance tool and compensation system โ€” do they fall under the AI Act? Who actually knows?
  • โ€ขIf we are "high-risk", what does it cost in time, money and works council meetings to be ready for the current high-risk timeline?
  • โ€ขOur vendors say "AI Act compliant" โ€” but is that enough for our deployer obligations?

What you need to know now

As deployer you โ€” not the vendor โ€” are responsible for classification, FRIA, information duty and oversight. Vendor compliance is input, not a substitute. For most HR organizations with ATS + performance + compensation in production this means: at minimum two parallel dossiers (4(a) recruitment and 4(b) worker management), worker representation engagement for 4(b), and Article 4 AI literacy for your HR team. The good news: you do not start from zero. A feature audit per vendor, the HR AI Evidence Pack template and the Annex III Classifier bring you to a defensible baseline dossier in 30-60 days.

Your route map

  1. 1

    Week 1-2

    Build a feature inventory of your HR AI stack. Which modules in ATS, performance and compensation systems use AI?

  2. 2

    Week 3-6

    Vendor due diligence: request per vendor model, bias, oversight and information duty documentation. Fill in the HR AI Evidence Pack per tool.

  3. 3

    Month 2-3

    Works council conversation for 4(b) deployments, FRIA for high-risk tools, Article 4 AI literacy rollout for HR team. Build the baseline dossier before vendor or regulator questions escalate.

Get direct sparring on your HR AI stack

30 min with lawyer + CAICO. Concrete priorities for your ATS, performance and compensation tools โ€” no pitch, no presentation.

Talent Acquisition / Recruiter

You work every day in LinkedIn Recruiter, ATS, sourcing tools and assessments. You feel the workload and have no time for abstract policy.

What keeps you up at night

  • โ€ขLinkedIn Recommended Matches and my ATS suggestions are essential to my work. Can I still use them tomorrow?
  • โ€ขWhat do I tell candidates about AI in our process โ€” and how do I avoid scaring them or complaints?
  • โ€ขWill I be blamed if a regulator questions a rejection?

What you need to know now

You can keep using all your tools โ€” provided your employer has the dossier in order and you know how to read AI output critically. The AI Act does not demand a recruiter stop on AI, but does demand oversight, information duty and Article 4 AI literacy. Concretely for you: per tool know what AI does (LinkedIn Recommended Matches, Workday Match Insights, HireVue scoring), give candidates a short notice that AI is used in sourcing/screening, and document when and why you deviate from AI suggestions. Recruiters who master this become more commercially valuable in 2026-2027, not less.

Your route map

  1. 1

    This week

    Read the AI Act analysis for the tools you use daily โ€” start with LinkedIn Recruiter, ATS and your assessment vendor.

  2. 2

    Coming month

    Ask your HR manager for a standardized candidate notice. Build a simple log for when you deviate from AI suggestions.

  3. 3

    Coming quarter

    Follow Article 4 AI literacy training. This will soon be asked in every audit, and it makes you a better recruiter โ€” not less.

Get the vendor checks for the tools you use daily

Per HR vendor (LinkedIn, Workday, HireVue, Recruitee and 8 others): what the tool does, how to classify, which questions to ask the vendor, and what you as recruiter need to know tomorrow. Bundled as template.

Works Council / Worker Representation

You protect worker interests. AI systems are often new territory, but your legal position is stronger than many works council members think.

What keeps you up at night

  • โ€ขLeadership wants to implement an AI tool. We get a short presentation and must say yes or no. How do you ask good questions?
  • โ€ขWe have works council rights, but don't know which rights apply to which AI use.
  • โ€ขIf we approve and it goes wrong, are we co-responsible toward workers?

What you need to know now

In NL: WOR article 27 gives you approval rights for personnel monitoring and assessment systems, and article 25 advisory rights for major organizational decisions (including restructuring based on AI scenarios). The AI Act stacks Article 26 information duty on top for 4(b) deployments. Practically: you have rights to vendor documentation, bias evaluations, instructions for use, and explanation of how AI feeds manager decisions. If leadership gives incomplete information, that itself is an argument to delay approval. You are not co-responsible if you have asked in writing for information that was not delivered.

Your route map

  1. 1

    For each new AI tool

    Ask in writing: classification (4(a) or 4(b)?), bias evaluation, oversight procedure, information duty to workers, and what the system does when it goes wrong.

  2. 2

    On approval request

    Demand vendor documentation, FRIA report and demonstrable Article 4 AI literacy at users. Without that: no approval.

  3. 3

    Continuous

    Follow AI developments in your sector. Request annual AI status update from leadership โ€” this falls under regular information duty.

Get the works council question set that wins every AI approval discussion

Structured question list that surfaces the right information in every approval or advisory meeting. Grounded in works council statute. Part of the HR AI Evidence Pack.

DPO / Privacy Officer

You know GDPR inside out, but the AI Act overlaps and differs at the same time. HR context makes it more complex through special category data and power imbalance.

What keeps you up at night

  • โ€ขFRIA versus DPIA โ€” do they overlap, can you combine, or do I need both for HR AI?
  • โ€ขGDPR article 22 for automated decision-making versus AI Act Article 26 โ€” which prevails when?
  • โ€ขMy organization expands HR AI fast, my capacity is limited. Where do I prioritize?

What you need to know now

FRIA and DPIA overlap substantially but are legally different instruments. For HR AI the practical line: one combined assessment track with explicit coverage of both requirements โ€” not one over the other. GDPR art. 22 covers fully automated decisions without human intervention (rare in HR); AI Act Article 26 covers much more broadly any high-risk deployment, regardless of human involvement. For you as DPO: position yourself as the natural lead of the AI Act trajectory in HR. The combination of special category data (ethnicity, health), power imbalance employer-worker, and historical bias in HR data makes your expertise central. Priority on recruiting (4(a)) + performance/compensation (4(b)) โ€” these have the highest impact and highest audit likelihood.

Your route map

  1. 1

    Month 1

    Inventory which HR AI deployments touch both GDPR art. 22 and AI Act 4(a)/4(b). Build a combined FRIA-DPIA template.

  2. 2

    Month 2-3

    Work with HR management on vendor due diligence framework. Specify what you need in model documentation, bias evaluations and oversight.

  3. 3

    Month 4-6

    Build your AI Act position within the broader GDPR team. Train AI literacy with fellow lawyers and compliance officers.

Get the combined FRIA + DPIA for HR AI

One assessment trajectory covering both AI Act Art. 27 (FRIA) and GDPR Art. 35 (DPIA). Including decision matrix per HR deployment and special-category-data checklist. Part of the HR AI Evidence Pack.

Board / Executive

You have ultimate responsibility for compliance, reputation and operational continuity. You don't need to be a lawyer, but you do need to ask the right questions.

What keeps you up at night

  • โ€ขWhat is my real exposure? Fines, works council conflict, reputation, claims from rejected candidates?
  • โ€ขOur HR director says "we are working on it". Do I believe that โ€” and how do I know?
  • โ€ขCompetitors are either ahead or behind. Where do we stand relatively, and what is the scenario if I do nothing now?

What you need to know now

AI Act fines for high-risk violations run up to โ‚ฌ15M or 3% of global revenue, for prohibited practices โ‚ฌ35M or 7%. But the larger direct risks often lie elsewhere: works council conflicts that block HR projects, media sensitivity around rejected candidates who suspect discrimination, and possible documentation requests from the AI supervisor. Under the current Commission timeline, many Annex III high-risk obligations apply from 2 December 2027. For most organizations HR recruiting and HR performance are the two largest deployment clusters that get audited first. The five questions to ask your HR director and DPO: (1) Do we have a feature inventory of our HR AI? (2) Per high-risk deployment: FRIA status? (3) Is works council approval arranged for 4(b)? (4) Article 4 AI literacy rolled out? (5) Vendor due diligence track in progress?

Your route map

  1. 1

    Coming week

    Ask the five questions to your HR director and DPO. Request written status, no verbal commitments.

  2. 2

    Coming month

    Budget compliance track for HR AI. Estimate: โ‚ฌ15K-50K for SME, โ‚ฌ100K-500K for large organizations โ€” depending on vendor stack and internal capacity.

  3. 3

    Coming quarter

    Request risk reporting in board pack. Treat HR AI compliance as governance KPI, not as HR detail.

Get 30-min clarity on your HR AI exposure

Boardroom-level conversation with lawyer + CAICO. Concrete answers to the five questions you should ask, and honest assessment where you stand versus competitors. No deck, no pitch.

Interactive self-assessment

Classify your HR AI against Annex III in 5-8 minutes

The Annex III Classifier walks you through 9 questions, returns a personal report with legal reasoning, the right vendor questions per case, and concrete next steps. Article 6(3) filter built in. No download, runs in your browser.

5-8 minutes ยท Art. 6(3) filter built in ยท PDF report by email

1-on-1 sparring

30 min HR AI sparring with lawyer + CAICO

Direct sparring about your HR AI stack, blind spots, and what the first 90 days require. With Zahed Ashkara โ€” lawyer, CAICO, and hundreds of vendor analyses deep.

Directly in calendar ยท Video call ยท No obligations

Why Take Action Now?

The AI Act has major impact on HR processes

August 2025

First obligations for high-risk AI systems come into effect

HR AI = High-risk

AI for recruitment and selection automatically falls under strictest rules

Discrimination Risk

Bias in HR-AI can lead to systematic discrimination and reputation damage

Employee Rights

Applicants and employees have right to transparency and explanation

High-risk AI in HR & Employment

These AI applications fall under strict AI Act requirements (Annex III)

Recruitment & Selection

AI systems that screen CVs, rank candidates or analyze interview results.

CV screening toolsCandidate matchingVideo interview analysisAssessment scoring

Performance Management

Systems that assess employee performance or provide development advice.

Performance scoringProductivity monitoringPromotion candidate selection360ยฐ feedback analysis

Compensation & Benefits

AI determining salaries, calculating bonuses or personalizing benefits.

Salary optimizationBonus calculationEquity allocationBenefits personalization

Workforce Planning

Predictive models for workforce needs, turnover or capacity planning.

Turnover predictionCapacity planningSkills gap analysisSuccession planning

Specific Challenges for HR Organizations

The AI Act brings unique compliance questions for the HR sector

Bias Detection & Testing

How to test AI systems for direct and indirect discrimination? Which protected groups to monitor?

Transparency to Applicants

Applicants must know AI is being used. What to tell, and when?

GDPR & AI Act Integration

HR data is particularly sensitive. How to combine privacy compliance with AI Act?

External Tool Vendors

Much HR-AI comes from vendors like Workday, SAP SuccessFactors and HireVue. As deployer, you remain responsible.

Human Oversight in Decisions

Recruiters must remain involved. How to prevent rubber-stamping?

Works Council & Co-determination

AI implementation often requires works council consent (Art. 27 WOR). How to involve them effectively?

AI Act Compliance Roadmap

Practical steps for HR organizations

1

HR-AI Inventory

1-2 weeks

Map all AI systems in HR processes. From ATS to performance tools.

2

Impact Assessment

2-3 weeks

Determine per system the risk of discrimination and impact on employee rights.

3

Bias Audit

4-8 weeks

Test AI systems for unwanted bias in outcomes for protected groups.

4

Process Redesign

2-4 months

Implement human oversight and transparency measures in HR processes.

5

Monitoring & Reporting

Ongoing

Set up ongoing monitoring for bias and fairness metrics.

15-month trajectory

Implementation Roadmap

Detailed 6-phase timeline with concrete deliverables for HR

1

AI Inventory

Month 1-2
Complete register of HR AI systemsMap ATS and vendor AIAssign owners per system
2

Classification & Bias Scan

Month 2-3
Risk classification per systemInitial bias scan on recruitment toolsIdentify and stop emotion recognition
3

Gap Analysis & Works Council

Month 3-5
Gap between current state and AI Act requirementsStart works council consent processVerify vendor compliance
4

Governance & Policy

Month 5-7
AI governance structure for HRTransparency policy for applicantsHuman oversight procedures
5

Implementation & Training

Month 7-12
Implement technical adjustmentsConduct FRIAs per high-risk systemTrain HR team in AI literacy
6

Audit-ready & Monitoring

Month 12-15
Set up ongoing bias monitoringConduct internal auditContinuous fairness reporting

AI System Inventory for HR

Typical AI systems in HR and their likely classification

Important: Many HR departments don't realize their ATS (Applicant Tracking System) uses AI ranking. Also inventory vendor systems like Workday, SAP SuccessFactors and HireVue.

Recruitment & Selection

Usually high-risk
ATS with AI rankingCV screening toolsVideo interview analysisAssessment scoring

Annex III โ€” automatically high-risk for recruitment, selection and termination

Performance Management

Often high-risk
360ยฐ feedback analysisProductivity monitoringPromotion candidate selectionTask allocation

High-risk when it evaluates performance or influences promotion/termination

Workforce Planning

Context-dependent
Turnover predictionCapacity planningSuccession planningSkills gap analysis

High-risk if it affects individual employees, limited if purely aggregate

Learning & Development

Usually limited risk
Training recommendationsSkills matchingLearning path personalizationCompetency analysis

Limited risk as long as it is supportive and does not determine career decisions

Employee Monitoring

Banned / High-risk
Keystroke loggingScreen monitoringEmotion recognitionLocation tracking

Emotion recognition in the workplace is BANNED under Art. 5. Other monitoring is often high-risk.

HR Analytics

Usually minimal risk
Absence patternsEngagement surveysReporting dashboardsWorkforce demographics

Minimal risk for aggregated reporting without individual impact

Classification Decision Tree for HR

Quickly determine the risk classification of your HR AI system

Does the system affect recruitment, selection or termination decisions?

Yes

Automatically high-risk (Annex III)

No

Go to next question

Does it monitor or evaluate employee performance?

Yes

Likely high-risk

No

Go to next question

Does it use emotion recognition on employees?

Yes

BANNED under Art. 5 AI Act

No

Go to next question

Is it purely administrative (payroll, scheduling)?

Yes

Minimal risk

No

Consult an expert for classification

This is a simplified decision tree. Consult your legal team for the definitive classification.

Governance Structure for HR

Recommended organizational structure for AI governance in HR organizations

Executive Board / Management Team
AI & Employment Law Committee (HR, Legal, IT, Works Council)
HR AI Compliance Lead
Works Council (OR) Liaison
IT / Vendor Management
Legal & Privacy (DPO)

HR often doesn't think of itself as an "AI deployer" โ€” but you are if you use Workday, SAP SuccessFactors or HireVue.

Key Roles

HR AI Compliance Lead

Coordinates AI Act compliance for all HR AI systems and vendor contracts

Works Council Liaison

Ensures co-determination and consent rights for personnel monitoring systems

Human Oversight Officer

Oversight for high-risk HR decisions โ€” recruiters must not blindly follow AI

Data & Privacy Lead

Ensures data quality, special category data and GDPR Art. 22 compliance

Compliance Checklist for High-risk HR AI

Concrete checkpoints for each high-risk AI system in HR

AI system registered in EU databaseArt. 49
Risk management system establishedArt. 9
Data governance & data quality ensured (no historical bias)Art. 10
Technical documentation completeArt. 11
Logging & traceability in placeArt. 12
Transparency to applicants and employeesArt. 13
Human oversight established (recruiters, HR managers)Art. 14
Accuracy, robustness & bias testedArt. 15
Employees informed about AI use (deployer obligation)Art. 26
FRIA conducted as deployerArt. 27
Works council consent obtainedWOR Art. 27
No emotion recognition in workplaceArt. 5

This checklist applies per high-risk system. Consult your legal team for organization-specific requirements.

Common Mistakes in HR AI Compliance

Avoid these pitfalls in AI Act implementation

Treating ATS as "just a database"

Many ATS systems use AI ranking without HR realizing it. Verify whether your ATS filters or ranks candidates.

Assuming vendor compliance

As deployer you are responsible yourself, even if Workday or SAP claims to be "AI Act compliant". Verify and document.

Not informing applicants about AI use

Art. 13 and Art. 26 require transparency. Applicants must know AI is used in the selection process.

Forgetting works council consent for monitoring tools

Personnel monitoring systems require works council consent. Without consent, use is unlawful.

Testing for bias only once

Bias changes over time due to shifting data. Ongoing monitoring is required, not a one-time check.

Using emotion recognition in interviews

This is BANNED under Art. 5 AI Act! Some video interview tools use this โ€” verify with your vendor.

What Makes HR-AI Different?

Sector-specific considerations

Direct Impact on Life Course

HR decisions determine careers, income and quality of life

Historical Bias in Data

Training data often reflects existing inequalities in the labor market

Weak Position of Applicants

Applicants often do not dare to complain about AI use in recruitment

Works Council Rights

Personnel monitoring systems require works council co-determination

Employment regulation

Regulatory Overlap

How the AI Act connects with existing employment law and regulation

GDPR

Overlap: Art. 22 automated decision-making, DPIA, special category data

Practical tip: FRIA can partially overlap with DPIA โ€” combine where possible. Pay extra attention to special category data (ethnicity, health).

Working Conditions Act (Arbowet)

Overlap: Work pressure monitoring, psychosocial workload

Practical tip: AI monitoring can increase work pressure. Assess impact on psychosocial workload as part of risk assessment.

Works Councils Act (WOR)

Overlap: Art. 27 consent rights for personnel monitoring systems

Practical tip: Involve the works council early. Consent is required before implementation, not after the fact.

CSRD

Overlap: Reporting on AI in workforce management, S1 standard

Practical tip: Use AI Act documentation as input for CSRD reporting on fair working conditions.

Equal Treatment Legislation

Overlap: Non-discrimination in recruitment and selection, indirect discrimination

Practical tip: AI Act bias testing aligns with existing discrimination testing. Combine with equality body guidance.

Knowledge base

Deep dive per topic

Full analyses per HR vendor and per use case. All with the same 7-checks framework, FAQ, and HR AI Evidence Pack link.

HR vendor classifications (12)

Per vendor: which AI features, how to classify, which vendor questions to ask.

SAP SuccessFactors

Joule, Talent Intelligence Hub โ€” 4(a) + 4(b)

Read analysis

LinkedIn Recruiter & Talent Insights

Universal blind spot โ€” Recommended Matches

Read analysis

HireVue video interviews

Video interview AI โ€” always 4(a)

Read analysis

Recruitee (Tellent)

NL scale-up ATS โ€” Hire AI features

Read analysis

Personio

DACH/NL SME platform

Read analysis

AFAS HR

NL conservative โ€” baseline outside 4(a)

Read analysis

Visma HR

NL/Nordic โ€” baseline outside 4(a)

Read analysis

HiBob

Scale-up favorite โ€” Talent Insights + Sentiment

Read analysis

Bullhorn

Recruitment agencies โ€” dual deployer angle

Read analysis

Greenhouse

Structured Hiring + match scores

Read analysis

Lever (LeverTRM)

CRM-style recruitment

Read analysis

BambooHR

SME HRIS โ€” Ask BambooHR + ATS AI

Read analysis

Use case analyses (9)

Per HR use case: where AI sits, when 4(a) or 4(b), how to document.

Candidate sourcing

Before application โ€” 4(a) territory

Read use case

CV screening

Parsing vs inference vs ranking ladder

Read use case

Pre-employment assessments

Game-based, video, personality โ€” 4(a) by design

Read use case

Onboarding

The Article 27 โ†’ 4(b) transition

Read use case

Performance reviews

Calibration, feedback AI โ€” 4(b)

Read use case

Compensation and pay decisions

Heaviest 4(b) area + Pay Transparency

Read use case

Worker monitoring

Legitimate oversight vs surveillance

Read use case

Skills inference / talent intelligence

Horizontal AI layer beneath many platforms

Read use case

Workforce planning & restructuring

Heaviest legal stacking

Read use case

Frequently asked questions per role

The questions HR managers, recruiters, works council members, DPOs and executives ask us โ€” answered per persona.

HR Manager / People Lead

We have Workday/SAP/HiBob/etc as HCM โ€” do all parts fall under the AI Act?
No, classification is per feature, not per vendor. Pure administrative workflow stays outside Annex III. Recruiting AI (Match Insights, Skills Cloud), Performance AI and Compensation AI within those platforms usually fall under it. Start with a feature inventory of your tenant.
Is there an SME exception for smaller employers?
No. The AI Act makes no distinction on company size for high-risk deployments. Documentation may be proportional โ€” an SME FRIA does not need 80 pages, but the core questions must be answered.
Our vendor says "AI Act compliant" โ€” is that enough?
No. AI Act compliance is not a vendor status: you as deployer remain responsible for classification, FRIA, oversight and information duty in your specific deployment. Vendor documentation is input for your dossier, not a substitute.
What does an HR AI compliance trajectory typically cost?
For SMEs with 1-2 vendors and limited AI features: โ‚ฌ15,000-โ‚ฌ50,000 including vendor due diligence, FRIA, works council track and Article 4 training. For enterprise with enterprise vendors (Workday/SAP) + multiple modules: โ‚ฌ100,000-โ‚ฌ500,000 over 12-18 months.
What is the absolute deadline?
Under the current Commission timeline, many Annex III high-risk systems point to 2 December 2027. Product-related high-risk AI follows on 2 August 2028. Start at least 6 months before the relevant date; for HR, earlier is prudent because of works council, GDPR and vendor due diligence.

Talent Acquisition / Recruiter

Can I keep using LinkedIn Recruiter Recommended Matches?
Yes, provided your employer has LinkedIn Recruiter in their AI register with classification 4(a), and you know how to read matches critically. What to document: when and why you deviate from AI suggestions. What candidates should know: that AI is used in sourcing/screening (Article 27 notice).
What do I tell candidates about AI?
Build a short notice in job ad or in early-stage candidate communication: "We use AI in sourcing and initial screening; final decisions remain with our recruiters and hiring managers. Ask us if you want to know more about the process or want an alternative route." Under Article 27 this is sufficient for most deployments.
HireVue/video interview AI โ€” must I offer candidates an alternative?
Strictly speaking an alternative process is not a hard AI Act requirement, but accessibility (medical, cultural, linguistic reasons) makes it practically required. Build this alternative route into your process so you don't have to improvise ad hoc.
What if I think AI produces bias?
Document it, escalate to your HR manager or DPO, and deviate from the AI suggestion. Article 26 requires that oversight is meaningful. A recruiter who does not document deviations weakens the system legally.
Will I be blamed if a regulator contests a rejection?
No, not you as individual. The employer (your organization) is deployer and has legal responsibility. But your documentation of choices (why you deviated or did not deviate from AI suggestions) is input for the defense. That is why Article 4 AI literacy is relevant.

Works Council / Worker Representation

Which AI systems in HR require approval?
In NL: WOR article 27(1)(k): regulations in the field of personnel assessment. Sub (l): personnel monitoring systems. For most 4(b) AI deployments (performance, compensation, monitoring) that is approval rights. For 4(a) recruiting AI: often advisory rights under article 25, not always approval.
What if leadership provides incomplete information about an AI tool?
Request in writing what is missing. Under WOR article 31 works council has broad information rights. If leadership doesn't provide complete answers within reasonable time (classification, bias evaluation, oversight, vendor documentation), you can delay approval. That is not blocking โ€” it is a lawful question.
Which vendor documents can we demand?
AI Fact Sheet or equivalent (model purpose, data, evaluation), bias evaluation results, instructions for use, candidate/employee notice templates, oversight procedures, and audit log capabilities. For enterprise vendors (Workday, SAP, Microsoft) this is publicly available or via Customer Engagement.
Are we co-responsible if we approve and things go wrong?
Practically limited. If works council asked in writing for information and leadership delivered, your approval is based on the provided information. Responsibility for accuracy lies with leadership. Document what you asked, what you received, and what was the basis for approval.
Can we demand that workers are informed about AI monitoring?
Yes. AI Act Article 26 + GDPR art. 13/14 + occupational health law + works council information rights โ€” all four request worker information about monitoring with AI. Demand a worker notice template as part of the approval track.

DPO / Privacy Officer

Do I need to do both a DPIA and a FRIA for HR AI?
In most cases yes, but combine them in one assessment trajectory. FRIA covers fundamental rights impact (AI Act Art. 27); DPIA covers privacy impact (GDPR art. 35). For HR AI they overlap substantially โ€” same facts, different legal lens. Write one base document with explicit coverage for both requirements.
When is GDPR article 22 relevant next to the AI Act?
GDPR art. 22 covers fully automated decisions without human intervention with legal consequences. In modern HR AI that is rare โ€” there is almost always a recruiter or manager in between. AI Act Article 26 covers much more broadly any high-risk deployment, regardless of human involvement. For most HR cases: AI Act is your primary framework, GDPR art. 22 as supplement where full automation exists.
How do I look at special category data in HR AI?
Ethnicity, health, religion etc. may not be processed without legal basis. But AI systems can infer special data from non-special input (proxies). Pay equity audits, attrition prediction and sentiment analysis require extra attention. Document which inferences your tool makes and with which basis.
What is my position within the broader AI Act trajectory?
Natural lead. You have GDPR experience, instruments and organizational position. AI Act builds on GDPR foundation. For HR AI your expertise (special data, power imbalance, historical bias) is extra valuable. Request your role in the trajectory explicitly from leadership โ€” you position yourself from controller to enabler.
Where do I prioritize with limited capacity?
Recruiting (4(a)) + performance/compensation (4(b)). Highest impact, highest audit chance. Onboarding and sourcing can wait. Sentiment tools and wellness AI: only if active individual attribution takes place.

Board / Executive

What is my real financial exposure?
AI Act fines: up to โ‚ฌ15M or 3% of global revenue for high-risk violations, โ‚ฌ35M or 7% for prohibited practices. But larger direct risks: works council conflicts that block HR projects (costs time + reputation), media attention for rejected candidates suspecting discrimination, and requests from regulators for documentation.
From when is active enforcement?
The current Commission timeline points to 2 December 2027 for many Annex III high-risk obligations. Regulators are building capacity through 2026-2027. First audits will likely focus on large employers and public organizations. Complaint-driven cases around discrimination or privacy can arise earlier through existing GDPR and employment-law routes.
Which five questions do I ask my HR director and DPO?
(1) Do we have a feature inventory of our HR AI tools? (2) Per high-risk deployment: FRIA status? (3) Is works council approval arranged for 4(b)? (4) Article 4 AI literacy rolled out for HR + recruiters? (5) Ongoing vendor due diligence trajectory with written output?
Where do we stand relative to competitors?
From our experience with employers: 20% has an active trajectory, 60% knows about it but has not started, 20% is unaware that HR AI falls under the AI Act. If you start now, you are in the vanguard; if you wait until Q3 2026, you are late.
Who should be at the table for board discussion?
CHRO or HR director (ultimately responsible), CFO (compliance budget), CIO or CTO (vendor stack), Legal or DPO (legal). For public organizations additionally: municipal secretary or equivalent. Treat HR AI compliance as governance topic, not as HR detail.
Related

Related Articles

Deepen your knowledge of AI Act compliance in HR & employment

HR-AI

Theme hub: AI in HR and work

Annex III point 4 routes for recruitment, selection, worker management and performance evaluation.

Read more
FRIA

FRIA: Complete Guide to Article 27 AI Act

Everything about the mandatory fundamental rights impact assessment for high-risk AI systems.

Read more
AI Literacy

AI Literacy: The Invisible Muscle of Modern Recruitment

Why AI literacy is essential for HR professionals deploying AI.

Read more
Recruitment

AI Act & HR Recruitment: The Silent Revolution

How the AI Act fundamentally changes the use of AI in recruitment.

Read more

Ready to Start AI Act Compliance?

Practical tools and guidance for HR organizations

Use the FRIA Generator

Generate a Fundamental Rights Impact Assessment for HR

Calculate your fine risk

Discover what non-compliance could cost

Classify your AI systems

Use our decision tree tool

Targeted route for your sector

or

Practical updates on AI governance for HR & recruitment

Or roll it out across your HR & recruiting team: team training AI Act for HR with LearnWize.