Provider (Art. 16)
ATS or HR-software vendors with AI: CE marking mandatory to sell in the EU.
AI Assurance — Human Resources
AI in employment and recruitment: high-risk by default (Annex III §4)
Decisions about people in employment, recruitment, evaluation or promotion are high-risk under the EU AI Act and trigger GDPR Art. 22 obligations. AI Assurance with traceability per candidate and per decision.
What we see in this sector
ATS and scoring engines making automated decisions without per-candidate explainability.
Bias unmonitored across protected cohorts — legal risk under EU AI Act + GDPR.
The EU AI Act explicitly prohibits some use cases (Art. 5(1)(f)) — product cancellation risk.
Typical use cases
- Applicant Tracking System (ATS) with automated scoring
- AI-assisted performance evaluation
- Internal promotion recommendation
- Predictive turnover detection
Applicable regulatory frameworks
Primary frameworks
Reglamento (UE) 2024/1689 — Reglamento de Inteligencia Artificial
Reg. (UE) 2024/1689 · Official source →
EU AI Act. Applies whenever the system operates in the EU.
GDPR Art. 22 — Decisiones automatizadas
Reg. (UE) 2016/679 Art. 22 · Official source →
Automated individual decisions with legal effects on people.
Cross-cutting frameworks
ISO/IEC 42001:2023 — Sistema de Gestión de IA
ISO/IEC 42001:2023 · Official source →
Voluntary AI management framework, alignable with the EU AI Act.
AI supply chain — your role determines your obligations
The EU AI Act distributes obligations by role (Arts. 16, 24, 26). In this sector each role contributes a different piece to assurance.
Integrator (Art. 24)
HR consultancies that customise models for end clients take on provider obligations if they modify the intended purpose.
Deployer (Art. 26)
Employing company operates under Art. 26: fundamental-rights impact assessment and human oversight on every decision about people.