What makes AI in HR and employment high-risk?
AI systems used in employment and worker management are classified as high-risk under EU AI Act Annex III, point 4. This includes AI used for recruitment and candidate screening, performance evaluation, promotion and task allocation, monitoring of worker behaviour and performance, and termination decisions.
The classification applies based on the use case — not the technology. A general-purpose tool becomes high-risk when deployed in an employment context that affects worker rights or opportunities.
Key points
- Annex III, point 4 covers: recruitment, screening, filtering, evaluation, promotion, task allocation, monitoring, and contractual relationship decisions.
- The high-risk classification triggers full high-risk obligations: risk management, data governance, technical documentation, transparency, human oversight, and conformity assessment.
- Many HR AI tools are deployed without structured governance because they are purchased as SaaS products. The deployer's obligations apply regardless of the procurement model.
- Emotion recognition in workplaces is separately restricted under Article 5 — it may be prohibited rather than merely high-risk.
- Worker information obligations under Article 26(7) require deployers to inform worker representatives and affected individuals before deployment.
Why it matters
AI in HR directly affects people's livelihoods. The regulatory scrutiny is correspondingly high. Organizations that deploy AI-based recruitment tools, performance scoring, or monitoring systems without structured governance face significant regulatory and reputational risk. The employment domain is likely to be among the first areas where enforcement action occurs.
How EAB approaches this
EAB classifies employment-related AI systems through the AI Screening process with specific attention to Annex III use-case context. The Risk Classification Engine flags employment-related use cases. The Obligation Matrix maps the full set of high-risk obligations including worker transparency requirements.