The EU AI Act classifies AI systems used in employment as high-risk under Annex III category 4. This covers recruitment, candidate screening, HR decisions, task allocation, performance monitoring, and contract termination. Deployers must inform workers under Art.26(7) and comply with both AI Act and existing employment law obligations.
EU AI Act High-Risk AI in Employment: Hiring and Worker Management Rules
Why Employment AI Is Classified as High-Risk
Annex III, category 4 of the EU AI Act (Regulation (EU) 2024/1689) designates AI systems used in employment, workers management, and access to self-employment as high-risk. The Regulation recognises that AI systems in this domain can significantly affect the livelihood, career prospects, and fundamental rights of workers and job candidates.
The specific systems covered include those intended to be used for the recruitment or selection of natural persons, in particular to place targeted job advertisements, to analyse and filter job applications, and to evaluate candidates. Also covered are AI systems intended to be used to make decisions affecting terms of work-related relationships, the promotion or termination of work-related contractual relationships, to allocate tasks based on individual behaviour or personal traits or characteristics, or to monitor and evaluate the performance and behaviour of persons in such relationships.
The classification reflects a proportionate regulatory response. Not all AI in workplace settings is high-risk. AI systems that merely automate scheduling without evaluating individual performance, or translation tools used for internal communication, would generally fall outside the high-risk classification. The determining factor is whether the system makes or materially influences decisions about individuals in employment contexts.
Recruitment and Candidate Screening Requirements
AI systems used in recruitment and candidate screening present particular risks of discrimination. Automated screening tools may perpetuate or amplify biases present in historical hiring data, disadvantaging candidates based on protected characteristics such as gender, ethnicity, age, or disability.
Providers of recruitment AI must implement a risk management system under Article 9 that specifically addresses discrimination risks. This includes testing the system for bias across relevant demographic groups and documenting the results. The data governance requirements of Article 10 mandate that training datasets be relevant, representative, and as free from errors as possible. For recruitment systems, this means scrutinising historical hiring data for patterns that reflect past discriminatory practices rather than genuine job-relevant criteria.
Technical documentation under Article 11 must describe the system's intended purpose with sufficient specificity. A system designed to screen applications for software engineering roles cannot simply be repurposed for screening healthcare worker applications without reassessing compliance. Each intended use must be documented and assessed against the requirements.
Transparency requirements under Article 13 require that deployers receive clear information about how the system reaches its conclusions. This is particularly important in recruitment, where candidates have a legitimate interest in understanding why they were selected or rejected. While the AI Act does not grant individual candidates a right to explanation, the transparency obligations ensure that deployers have sufficient information to provide meaningful responses to inquiries.
Task Allocation, Performance Monitoring, and Termination Decisions
The high-risk classification extends beyond recruitment to cover the full employment lifecycle. AI systems that allocate tasks based on individual behaviour or personal traits are captured by Annex III category 4. This includes algorithmic management tools used in gig economy platforms, warehouse management systems that assign tasks based on worker performance metrics, and any system that uses individual-level data to determine work assignments.
Performance monitoring systems present distinct compliance challenges. Continuous monitoring of worker behaviour raises questions about proportionality, particularly in relation to the right to private life and the right to data protection. The risk management system required under Article 9 must assess whether the monitoring is proportionate to its stated purpose and whether less intrusive alternatives exist.
AI systems that inform termination decisions or decisions about contract renewal are subject to the same high-risk requirements. Even where a human manager makes the final termination decision, if that decision is materially informed by an AI system's output, the system falls within the scope of Annex III category 4. The human oversight requirements of Article 14 are particularly relevant here, requiring that human overseers understand the system's capabilities and limitations and are able to override its recommendations.
Worker Information and Trade Union Consultation
Article 26(7) imposes a specific obligation on deployers that are employers. Before putting a high-risk AI system into service or using it in the workplace, the employer must inform workers' representatives and the affected workers that they will be subject to the use of the high-risk AI system. This information must be provided in accordance with the rules and procedures laid down in Union and national law on the information of workers and their representatives.
This obligation is a floor, not a ceiling. Many EU Member States have stronger worker information and consultation rights under national law. In Germany, for example, the Works Constitution Act (Betriebsverfassungsgesetz) grants works councils co-determination rights regarding the introduction of technical devices designed to monitor the behaviour or performance of employees. In France, the employer must inform and consult the social and economic committee (CSE) before introducing AI systems that affect working conditions.
Trade union and works council consultation may go beyond information provision. In some jurisdictions, the introduction of AI systems in the workplace may require negotiation and agreement with worker representatives. Deployers must assess their obligations under both the AI Act and applicable national employment law to determine the full scope of engagement required.
The AI Act does not create a right for individual workers to refuse to be subject to AI-based decisions. However, where the AI system processes personal data, the GDPR's provisions on automated individual decision-making under Article 22 may provide additional protections, including the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects the individual.
Interaction with GDPR and Employment Law
The AI Act operates alongside, not instead of, the General Data Protection Regulation. Article 2(7) of the AI Act confirms that Union law on the protection of personal data, privacy, and confidentiality of communications continues to apply. For employment AI systems, this means that both the AI Act's high-risk requirements and the GDPR's data protection obligations must be satisfied simultaneously.
Article 22 of the GDPR is particularly relevant. It provides that data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. Employment decisions, including hiring, promotion, task allocation, and termination, clearly fall within this scope. Where an AI system makes or materially influences such decisions, a Data Protection Impact Assessment under GDPR Article 35 is likely required.
The AI Act's fundamental rights impact assessment requirement under Article 27 applies to deployers that are public bodies or private entities providing public services. For private-sector employers, the DPIA under the GDPR serves a similar function but is limited to data protection rights. Employers deploying high-risk AI should consider conducting a combined assessment that addresses both data protection and broader fundamental rights implications.
National employment law adds further layers of compliance. Anti-discrimination legislation in EU Member States may impose specific requirements on the use of AI in employment decisions. Equal treatment directives at the EU level prohibit discrimination based on protected characteristics, and an AI system that produces discriminatory outcomes may expose the deployer to liability under these instruments regardless of AI Act compliance.
Practical Compliance Steps for HR Tech Providers and Deployers
Providers of employment-related AI systems should begin by mapping each system against the specific sub-categories in Annex III category 4. A system that filters CVs occupies a different risk profile from one that monitors employee keystroke rates, even though both are classified as high-risk.
Bias testing should be embedded in the development lifecycle, not treated as a one-time exercise. Article 9(6) requires that testing be performed at appropriate intervals throughout the system's lifecycle. For recruitment systems, this means regular audits of selection outcomes across demographic groups, with documented corrective actions where disparities are identified.
Deployers should establish clear governance structures for AI-assisted employment decisions. This includes designating individuals responsible for human oversight, defining escalation procedures for cases where the AI system's recommendation is overridden, and maintaining records of both AI-assisted and human-overridden decisions to enable audit and review.
Worker engagement should be treated as an ongoing obligation rather than a one-time notification. As AI systems are updated, retrained, or applied to new use cases, affected workers and their representatives should be informed of material changes. Building a culture of transparency around AI use in the workplace can reduce friction and build trust, which in turn supports higher-quality human oversight.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.