What the EU AI Act means for how you hire
If you're using AI to screen candidates or working with vendors who do, the EU AI Act isn't a future concern. It's a present one. The Act started entering into force in August 2024. And for hiring tools specifically, at the time of publishing this article, the enforcement deadline is coming soon.
The EU AI Act accelerates something that was already inevitable: hiring teams being held accountable for how they use technology to evaluate people.
That accountability shouldn't be a burden — rather a forcing function that pushes the industry toward AI tools that are explainable, auditable, and genuinely fair. It creates pressure to move away from opaque systems and toward assessments that can defend their methodology.
If you're using AI-assisted hiring tools, Article 26 of the Act sets out your obligations as a deployer directly. In plain terms: you must ensure candidates are informed when AI is being used in decisions that affect them, maintain meaningful human oversight over outcomes, ensure a genuine review, and monitor how AI tools perform in practice, including for bias or unexpected results. We recommend working with your legal team to understand how these obligations apply to your specific use of AI hiring tools.
The good news is that the right vendor will make these obligations easier to meet. That means providing clear information about how their AI works, giving you the controls to review and override it, and equipping you with the documentation your legal team needs to demonstrate due diligence.
Skills-based hiring has always been a better answer to the question of how to find good people. The EU AI Act just made it a more urgent one.
The resume problem didn't wait for regulation
European founders have known for a while what the data confirms: resume-based hiring isn't just inefficient — it's actively working against them. It filters for presentation over potential, rewards pedigree over capability, and buries the talent that doesn't come pre-packaged.
The EU AI Act doesn't change that problem. But it does change the stakes of ignoring it.
Any AI system used to make or influence employment decisions — shortlisting candidates, scoring applications, ranking talent pools — is classified under Annex III of the Act as a high-risk AI system. That classification comes with real obligations: transparency, human oversight, data governance standards, and accountability documentation. For hiring managers and their legal teams, this is no longer a nice-to-have. It's a compliance requirement.
What "high-risk" actually means for your hiring stack
High-risk doesn't mean banned. It means governed.
Under the Act, high-risk systems must meet standards around:
Transparency:
Candidates must be informed when AI is used in decisions affecting them.
Deployers of AI systems, or companies using the TestGorilla platform, must give the information needed on how the system works.
Human oversight: Humans must be able to review, correct, and override AI outputs.
Data governance: Training data used in AI models must meet quality standards that examine and mitigate potential biases.
Documentation: Providers and deployers both carry responsibilities and must be able to demonstrate compliance.
The key enforcement date for Annex III high-risk obligations is August 2026 — however, there is still ongoing regulatory discussion which could result in an extension. Either way, organizations that wait until enforcement begins to ask questions about their hiring AI vendors will be behind.
The best insights on HR and recruitment, delivered to your inbox.
Biweekly updates. No spam. Unsubscribe any time.
Top 5 questions to ask your AI hiring vendors
Procurement and legal teams are already asking these questions in vendor conversations. You should be asking them too.
Are you a provider, a deployer, or both? The Act splits responsibilities between the parties that build AI systems and the parties that use them. You need to know where your vendor sits — and where your own obligations begin.
How do you enable human oversight? It's not enough to say "humans make the final call." The Act requires that AI features are designed to support oversight — meaning your vendor should give you the information and controls you need to exercise it, not just hand you a score and move on.
What does candidate-facing transparency look like? Can candidates understand when AI is involved in their assessment? Can they meaningfully contest an outcome? This is an area of active development across the industry.
What are your data governance practices? For Annex III systems, training data standards are a specific requirement. How your vendor sources, validates, and monitors its assessment data is a legitimate due diligence question.
What documentation can you provide? You'll need to satisfy your own legal and procurement teams. Ask whether your vendor has a structured AI governance program, and when formal compliance documentation will be available.
Where TestGorilla stands
Hiring decisions have real consequences for real people. That warrants a structured program that hiring teams and their legal teams can actually rely on.
Our role under the Act is a provider. TestGorilla builds and supplies the system and your team deploys it. In practice, this means compliance isn't a single party's responsibility — it's shared. As a provider, we're accountable for how our AI systems are built, tested, and documented. As and when you act as a deployer, you carry obligations around how those systems are used in practice, including maintaining human oversight and ensuring candidates are treated fairly.
Related posts
Here's what's in place:
High-risk obligations under Annex III don't begin enforcement until August 2026. We're not claiming full compliance yet. We'd rather give you an honest picture of where we are and where we're headed.
A structured AI Management System (AIMS) is in full operation and aligned with ISO 42001 and EU AI Act requirements. TestGorilla's Customer Terms and DPA cover specific AI/LLM provisions and data governance requirements of the EU AI Act. The AIMS program governs how AI is developed, audited, and deployed across our platform. The program is live, with the team finalizing legal documentation updates, deployer-facing compliance instruments, and a formal auditing process for both existing and new AI features before they reach customers.
Our AI features are designed to support human oversight. We equip customers with the information and controls needed to make final hiring decisions themselves because that's both a regulatory requirement and the right approach to hiring.
We've defined our approach to candidate-facing transparency. Under Article 26, this obligation sits with deployers and we're producing candidate-facing guidance to make it straightforward for customers to meet their obligations. Candidates who interact with AI-assisted assessments deserve to understand what's being measured and why.
You can learn more about how we use AI at TestGorilla's AI overview page.
Want to understand how TestGorilla approaches AI governance? Explore our AI page or book a demo to talk through your compliance questions with our team.
Frequently asked questions about the EU AI Act and hiring
Does the EU AI Act apply to hiring software?
Yes. AI tools used to screen, score, or rank candidates are classified as high-risk systems under Annex III of the EU AI Act. This means they are subject to obligations around transparency, human oversight, data governance, and documentation — regardless of where the vendor is based, if the tool is used on EU job applicants.
When does the EU AI Act come into force for hiring tools?
The Act entered into force in August 2024. Enforcement of Annex III high-risk system obligations — which covers AI used in employment decisions — is scheduled to begin in August 2026, with discussion of a potential delay to 2027. Keep up to date here.
What is a high-risk AI system under the EU AI Act?
High-risk AI systems are those that pose significant risk to people's health, safety, or fundamental rights. Under Annex III, this includes AI systems used in employment — including tools that shortlist candidates, score applications, or rank talent pools. High-risk does not mean banned — it means subject to stricter governance requirements.
What should hiring teams ask their AI vendors about EU AI Act compliance?
Key questions include: What role do you play under the Act — provider, deployer, or both? How do your features enable human oversight? What candidate-facing transparency do you provide? What are your data governance and training data practices? And when will formal compliance documentation be available?
Is TestGorilla EU AI Act compliant?
TestGorilla is actively preparing for EU AI Act compliance through a structured AI Management System (AIMS) aligned with ISO 42001 and the Act's requirements. Enforcement of high-risk obligations doesn't begin until August 2026. We're building toward it transparently — including legal documentation, deployer-facing instruments, and AI feature audits. You can learn more at TestGorilla's AI overview page.
You've scrolled this far
Why not try TestGorilla for free, and see what happens when you put skills first.
