How does the EU AI Act classify employment AI?

Employment AI is classified as high-risk under Annex III, Category 4, covering AI for recruitment, work relationship decisions, and task allocation. This triggers comprehensive requirements for risk management, data governance, transparency, and human oversight.

What bias testing is required for hiring AI?

Requirements vary by jurisdiction. NYC LL144 mandates annual independent bias audits. Federal law requires non-discriminatory outcomes under Title VII. Best practice includes testing across all protected categories using metrics like the four-fifths rule.

Must employers notify candidates about AI use?

Yes in many jurisdictions. NYC LL144 requires advance notice. Illinois requires consent for AI video interviews. The EU AI Act requires informing individuals about high-risk AI. Transparency is broadly recommended regardless of specific legal mandates.

Who is responsible when a vendor's AI tool discriminates?

The employer remains responsible for employment discrimination regardless of whether the discriminatory tool was developed internally or purchased from a vendor. Due diligence, contractual protections, and ongoing monitoring are essential.

Does GDPR Article 22 apply to HR AI?

GDPR Article 22 applies when AI makes automated decisions with legal or similarly significant effects on individuals, which includes many HR decisions. It provides rights to human intervention, explanation, and the ability to contest the decision.

Quick answer

Updated June 2026 · MmowW AI Compliance

EU AI Act Employment Provisions: Annex III High-Risk Classification for HR AI (2026)

EU AI Act Employment Provisions

The EU AI Act classifies AI systems used in employment, worker management, and access to self-employment as high-risk under Annex III, Category 4, requiring full compliance with Chapter 2 requirements. This guide examines the regulatory requirements and provides practical compliance strategies for organizations using AI in human resources and employment decisions.

Regulatory Framework

AI in employment is among the most scrutinized applications of artificial intelligence. The potential for algorithmic discrimination in hiring, performance evaluation, and workforce management has prompted regulators worldwide to establish specific requirements for employment AI. Organizations must navigate a complex web of anti-discrimination law, data protection regulation, and emerging AI-specific rules.

Jurisdiction	Key Law	AI-Specific Provision	Scope
United States (Federal)	Title VII, ADA, ADEA	EEOC guidance on AI	All employment decisions
New York City	Local Law 144	Bias audit mandate	Automated employment decision tools
Illinois	AI Video Interview Act	Consent and disclosure	Video interview analysis
European Union	AI Act (Annex III, Cat. 4)	High-risk classification	Recruitment, management, access to employment
Canada	AIDA (proposed)	Impact assessments	Automated decision systems

EU AI Act: Employment as High-Risk

The EU AI Act classifies AI systems used in employment as high-risk under Annex III, Category 4. This covers AI for recruitment and selection, for making decisions affecting terms of work relationships, and for task allocation based on individual behavior or personal traits. High-risk classification triggers requirements for risk management systems, training data governance, technical documentation, transparency, human oversight, and accuracy standards.

Key Obligations Under Annex III, Category 4

Establish and maintain a risk management system throughout the AI system lifecycle
Ensure training, validation, and testing data meets quality criteria including representativeness
Maintain technical documentation per Annex IV specifications
Implement logging capabilities for traceability
Provide transparency information to deployers
Design for effective human oversight
Achieve appropriate levels of accuracy, robustness, and cybersecurity

Anti-Discrimination Requirements

Regardless of jurisdiction, AI employment tools must produce non-discriminatory outcomes. In the US, Title VII prohibits both disparate treatment (intentional discrimination) and disparate impact (neutral practices with disproportionate effect on protected groups). The EEOC has affirmed that existing anti-discrimination law applies fully to AI-assisted employment decisions.

Bias testing should evaluate outcomes across all protected categories including race, sex, age, disability status, and national origin. The four-fifths rule provides one benchmark: if the selection rate for a protected group is less than four-fifths of the rate for the highest-scoring group, the practice may be challenged as having adverse impact.

Data Protection Considerations

HR AI systems process sensitive personal data, triggering data protection obligations. Under GDPR, automated decision-making with legal or similarly significant effects on individuals triggers Article 22 protections, including the right to human intervention, the right to express one's point of view, and the right to contest the decision. Employers must also comply with data minimization, purpose limitation, and storage limitation principles.

Transparency and Notice

Multiple jurisdictions require transparency about AI use in employment. NYC LL144 mandates advance notice to candidates. The EU AI Act requires deployers to inform individuals that they are subject to high-risk AI systems. Several US states have enacted or proposed notice requirements for AI in hiring. Best practice is to inform candidates and employees about AI use, its purpose, and their rights regardless of specific legal requirements.

Compliance Implementation

Inventory all AI tools used in employment decisions
Classify each tool under applicable regulations (especially EU AI Act Annex III, Category 4)
Conduct bias audits covering all protected categories
Implement transparency notices for candidates and employees
Ensure human oversight of consequential decisions
Establish data protection measures including DPIA where required
Document governance, validation, and monitoring procedures
Train HR staff on responsible AI use and escalation procedures

Vendor Management

Organizations using third-party AI employment tools remain responsible for compliance. Due diligence should include reviewing vendor bias audit results, understanding the tool's training data and methodology, assessing the vendor's regulatory compliance posture, and contractually ensuring access to documentation needed for regulatory compliance.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.