Artificial intelligence is no longer just the future of hiring, it’s the present. And the EU has decided it’s time to lay down some ground rules.
The EU Artificial Intelligence Act, also known as the AI Act, is the world’s first sweeping regulation on artificial intelligence. It’s designed to ensure that the use of artificial intelligence in the EU is safe, fair, and respects human rights. The European Commission wants to make sure that when we use AI systems, especially in hiring, we do it responsibly.
As businesses increasingly expand into new markets, many are leaning on Employer of Record (EOR) platforms to hire quickly and legally. But here’s the catch: if you’re using AI in these hiring processes, whether directly or through an EOR, you’re still on the hook for AI Act compliance.
This isn’t just about tech anymore. It’s about global accountability. And it starts on 1 August 2024.
Why the EU AI Act Puts Hiring Tech in the Hot Seat
Under the EU Artificial Intelligence Act, hiring tools that use AI systems to evaluate candidates are considered high-risk AI systems. That includes AI-based CV screening, candidate ranking, psychometric tests, and video assessments.
For globally expanding companies, especially those tapping into European talent via EOR solutions, this becomes even more critical. If the AI system is used to evaluate candidates in the EU, you fall under the scope of the AI regulation, regardless of where your HQ is based.
These rules are here to ensure that AI innovation doesn’t come at the cost of fairness, transparency, or data protection. And they apply whether you’re a startup hiring your first EU-based marketer, or a multinational onboarding entire teams.
Who Has to Do What? Roles Under the EU AI Act
The AI Act splits responsibilities between providers of high-risk AI systems (those building the tools) and deployers (those using them in hiring). And yes, if you’re expanding globally and using EOR platforms that include automated hiring processes, you may still count as a deployer.
Providers (Tool Developers)
- Must perform risk assessments and maintain documentation for AI systems.
- Are responsible for building systems that include human oversight and bias checks.
- Must comply with rules for general-purpose AI models where applicable.
Deployers (You)
- Must disclose when AI is used in candidate evaluation, especially in the EU
- Need to conduct DPIAs and ensure AI-generated decisions can be reviewed by humans.
- Must train staff and adapt internal policies to meet obligations under the EU AI.
Using an Employer of Record doesn’t exempt you. If the AI system is used under your brand or in your decision-making, the AI legislation applies.
Your AI Act Countdown: Key Deadlines You Can’t Ignore
Alright, startup fam—here’s your cheat sheet for AI Act compliance. The EU Artificial Intelligence Act may sound like a distant legal mountain, but the climb starts sooner than you think.
Here’s the timeline that matters for any startup or scaleup using AI systems in hiring or beyond:
1 August 2024: Game On
The AI Act enters into force officially. That means the regulation on artificial intelligence is now live across the EU, published in the EU Official Journal, and kicking off a phased rollout. You’re expected to get familiar with the rules on AI—especially if you’re using general-purpose AI models or deploying AI systems used in high-stakes decisions like recruitment.
This is also when the European AI Office becomes operational. Expect more updates, guidance, and probably a few “friendly” nudges.
2 February 2025: Ban on Prohibited AI Practices
Certain AI systems are just plain off-limits. Think emotion detection in hiring, social scoring, or surveillance-based recruitment profiling. These prohibited AI practices are now officially outlawed under the EU AI Act’s enforcement.
If your startup uses tools that even vaguely resemble these, it’s time to pivot. Quickly.
2 August 2025: Transparency Rules for General-Purpose AI Kick In
All those shiny general-purpose AI models (yes, even ones using generative AI) must now meet transparency and disclosure requirements. If your team is building or relying on AI-generated tools, you’ll need to explain how these models work, what data they’ve been trained on, and what outputs they’re likely to produce.
AI governance just got real.
2 August 2026: Full High-Risk Obligations Apply
This is the big one. By this date, if you’re deploying high-risk AI systems in hiring, you must fully comply with all obligations under the EU Artificial Intelligence Act. That includes audits, documentation, human oversight, and continuous monitoring.
The AI regulatory clock is ticking, and the fines aren’t friendly: up to €35 million or 7% of your global turnover.
Your Essential AI Act Compliance Checklist
1. Identify and Classify Your AI Systems
- List every AI system used across your organization—especially those involved in hiring, decision-making, or risk scoring.
- Determine whether each is a general-purpose AI model, high-risk AI system, or otherwise subject to the EU AI Act.
Remember: even if an AI system is used indirectly, it may still be covered.
2. Conduct Risk and Impact Assessments
- Perform a Data Protection Impact Assessment (DPIA) where relevant.
- Evaluate the potential for systemic risk, especially with AI models with systemic risk or applications in critical decisions.
- Ensure you meet AI governance standards set by the European Commission and enforced by the EU AI Office.
3. Review Provider Documentation
- Ensure your AI system providers supply clear technical documentation and usage guides.
- Verify whether the AI system is intended for use in high-risk contexts and whether it complies with AI legislation.
- Look for alignment with the rules for AI systems outlined in the EU Official Journal.
4. Ensure Human Oversight
- Build checks into your processes so humans retain meaningful control over output produced by the AI.
- This applies to both high-risk systems and general-purpose AI models where decisions impact individuals.
5. Strengthen Your AI Policy
- Update internal policies to reflect obligations under the AI regulation.
- Include a clear code of practice for ethical and lawful use of artificial intelligence in business operations.
6. Train Relevant Teams
- Make sure HR, legal, compliance, and IT teams understand their roles under the AI Act.
- Training should cover both the legal framework and how to evaluate the output produced by the AI system.
7. Monitor and Prepare for Enforcement
- Stay current on guidance from the AI Board and the European AI Office.
- Monitor how the implementation of the EU AI Act evolves across EU member states.
- Be aware that full enforcement begins in phases, starting 1 August 2024, with major compliance requirements landing by 2026.
Why AI Compliance Isn’t Optional
The EU AI Act is setting the tone for artificial intelligence in the EU, and the world. Whether you’re building AI tools or expanding your team globally via an Employer of Record, compliance is now a strategic business necessity.
The AI Act sets the foundation for responsible development of AI across sectors and borders. By aligning your hiring systems with this comprehensive AI framework, you’re not just following the rules, you’re building trust and preparing your business for long-term, ethical AI innovation.
The future of AI across the EU is regulated, and ready. Are you?
FAQs – EU Artificial Intelligence Act
1. Does the EU AI Act apply if we’re not based in the EU?
Yes. The EU AI Act applies to any company that markets or deploys an AI system in the EU, regardless of where that company is headquartered. If you’re using an AI system that impacts users, customers, or job candidates in the EU, you are subject to this regulation on artificial intelligence. This includes global companies expanding into the EU market or using AI applications through third parties like Employer of Record services.
2. What qualifies as a “high-risk AI system” under the AI Act?
A high-risk AI system is one that has significant potential to impact individuals’ rights, safety, or livelihoods. This includes AI tools used in hiring, education, finance, and healthcare. The European Commission has categorized these under strict rules due to their possible social consequences. The AI legislation requires both providers of high-risk AI systems and their users to meet transparency, risk management, and oversight obligations.
3. What are “general-purpose AI models,” and do they fall under the AI Act?
General-purpose AI models, like large language models, are systems that can perform a wide range of tasks, such as generating text or analyzing data. If these models are used within other systems that serve high-risk functions (like hiring or credit scoring), they may also fall under the EU AI Act. The Act includes rules on general-purpose AI and targets providers of general-purpose AI models, especially those considered to have systemic risk. The goal: ensure AI safety and trustworthy AI throughout the AI value chain.
4. When does the AI Act go into effect, and what’s the timeline?
The AI Act entered into force on 1 August 2024, launching a phased rollout:
February 2025: Ban on prohibited AI practices (e.g., emotion recognition in hiring).
August 2025: Transparency requirements for general-purpose AI models.
August 2026: Full compliance required for all high-risk AI systems.
This timeline gives businesses time to align with the legal framework for the regulation of AI systems across the EU.
5. How does the AI Act relate to GDPR and other EU regulations?
The AI Act complements but does not replace EU’s General Data Protection Regulation (GDPR). While GDPR focuses on personal data protection, the artificial intelligence act is about governing the safe and ethical use of AI. Businesses must comply with both, ensuring that any AI system or general-purpose AI model deployed is legally compliant with data privacy and AI-specific requirements.
