AI for Employee Monitoring: High-Risk Rules and the Prohibited Boundary
Annex III point 4(b) makes productivity-monitoring AI high-risk. But emotion recognition in the workplace is prohibited (Art 5(1)(f)) since Feb 2025.
Not all workplace AI sits in the same legal category. The EU AI Act draws a hard line through employee monitoring: on one side, productivity and behaviour-scoring AI that informs work decisions — high-risk under Annex III point 4(b); on the other side, anything that reads workers' emotions — prohibited outright under Article 5(1)(f). Confusing the two is one of the more expensive compliance errors an employer can make. The fine ceiling for a prohibited-practice breach is €35 million or 7% of global turnover (Article 99(3)). For a high-risk breach it is €15 million or 3% (Article 99(4)).
This article explains where the boundary sits, what the high-risk path requires, and what employers must do — specifically — before deploying either kind of system.
What Annex III Point 4(b) Actually Covers
Annex III, point 4 covers AI systems in the employment and workers management area. Point 4(b) specifically reaches AI intended to be used to monitor and evaluate the performance and behaviour of workers, and AI used for task allocation based on individual behaviour or personality traits.
That scope is deliberately broad. A system does not have to make a final hiring or firing decision to fall within it. If the AI generates output — a score, a ranking, a flag, an allocation — that feeds into performance review, disciplinary process, task assignment, or promotion decisions, it sits in point 4(b). The operative test is whether the system monitors or evaluates workers in ways that connect to work decisions. A tool that tracks keystrokes and produces a weekly "productivity rating" passed to line managers is inside scope. A general workforce-analytics dashboard that aggregates headcount data without profiling individuals is not.
One rule that applies across all Annex III categories: any system that profiles natural persons is always high-risk. The Article 6(3) exemption — which allows a provider to self-assess that a system in an Annex III area does not pose significant risk — does not apply if the system profiles individuals. A productivity-scoring tool that generates individual worker profiles and feeds them to decision-makers cannot use the Article 6(3) exit.
The Prohibited Boundary: Emotion Recognition in the Workplace
Article 5(1)(f) prohibits AI systems that use emotion recognition in the workplace, except for safety or medical reasons. This prohibition has been in force since 2 February 2025. It does not require a harm assessment, a threshold, or a risk-tier classification. It is a ban.
The phrase "emotion recognition" covers any system that infers, classifies, or assigns emotional or affective states to individuals from their physiological signals, facial expressions, voice, or behavioural cues. Sentiment analysis applied to staff, affect scoring of employees during video calls, systems that flag "disengagement" from facial data, mood-monitoring embedded in productivity tools — all of these cross into the prohibition.
The only exceptions are systems used for safety purposes (e.g. detecting driver fatigue) or medical purposes (clinical monitoring). The occupational-health framing does not create a general carve-out for wellness applications. A wellness app that assigns emotional states to workers and shares those states with HR is not a medical device; it is a prohibited system.
Employers should audit their vendor stack specifically for this. Providers of collaboration, productivity, or people-analytics software sometimes embed sentiment or affect features as secondary capabilities. A procurement team that did not specifically review those features may be unknowingly deploying a prohibited system. The relevant penalty tier is Article 99(3): €35 million or 7% of global turnover.
The Practical Test: Where Does Your System Sit?
The distinction matters. Draw it concretely.
| Use | Category | Applies from |
|---|---|---|
| Productivity scoring that feeds performance review | High-risk (Annex III 4(b)) | 2 December 2027 |
| Task allocation based on individual behaviour profiles | High-risk (Annex III 4(b)) | 2 December 2027 |
| Sentiment / emotion inference from worker data | Prohibited (Art 5(1)(f)) | Already — 2 Feb 2025 |
| Workforce headcount analytics without individual profiling | Minimal risk | No mandatory obligations |
The deadline for Annex III high-risk systems is 2 December 2027 for stand-alone systems, following the Digital Omnibus agreed in May 2026, which deferred the original August 2026 date. This is not a reason to delay documentation work — the conformity assessment, technical file, and risk management system take months to assemble, and the Article 26 notification obligation to workers applies as soon as you deploy.
Deployer Obligations Under Article 26
Most employers sit in the deployer role — they use a third-party tool, not one they built and placed on the market under their own name. The deployer's obligations for high-risk Annex III point 4(b) systems are set out in Article 26.
Article 26 includes a specific obligation that many employers overlook: before deploying a high-risk AI system that monitors or evaluates workers, you must inform workers' representatives and the affected workers. This is not optional and it is not limited to a general privacy notice. The notification must be meaningful — workers need to understand that an AI system is being used, what it assesses, and how its outputs are used in work decisions.
Other Article 26 duties for deployers:
- Follow the provider's instructions for use and not deploy the system outside its intended purpose.
- Ensure effective human oversight is in place (Article 14 requires that human decision-makers have the competence and authority to understand and override system outputs — not merely a theoretical right to intervene, but an operational one backed by training and process).
- Retain logs of the system's operation for at least six months. The exact paragraph numbering of Article 26 on this point is disputed in secondary sources; cite the article, not a sub-paragraph.
- Monitor system performance in the deployed context and flag risks or serious incidents to the provider.
The employer as deployer does not run the Article 43 conformity assessment — that is the provider's obligation. But the deployer cannot hide behind the provider's documentation. If an employer substantially modifies the system, repurposes it beyond its intended scope, or puts its own name on it, Article 25 converts the employer into a provider, with the full provider stack (Articles 9–15, 16–17, 43, 47, 49, 72–73) following.
The Conformity Assessment Route
For Annex III point 4(b) systems, the conformity assessment path is Annex VI: internal self-assessment by the provider, without a notified body. This contrasts with biometric identification systems (Annex III point 1), which generally require the Annex VII notified-body route. A productivity-monitoring or behaviour-scoring system does not need a notified body — but it does need a complete technical file under Article 11 and Annex IV, a risk management system under Article 9, and an EU Declaration of Conformity under Article 47, before it goes to market or is put into service.
GDPR and Works-Council Law
The EU AI Act obligations for workplace monitoring systems stack on top of, not instead of, existing data-protection and labour law. GDPR Article 88 gives Member States latitude to adopt more specific rules for processing personal data in the employment context. Several Member States (Germany with Betriebsverfassungsgesetz, France, the Netherlands) have works-council rights that give employee representative bodies co-determination or consultation rights over monitoring tools, independent of the AI Act's notification obligation.
Employers in multi-jurisdiction EU workforces cannot treat the Article 26 worker-notification obligation as a complete compliance step for employment law purposes. The works-council consultation in Germany may require separate engagement, with a different timeline and scope. These obligations run in parallel; satisfy both.
GDPR Article 88 also means that national data-protection law may impose stricter limits on the categories of data a monitoring system can process, regardless of what the AI Act's technical documentation framework requires. A monitoring system that meets Article 11 documentation standards but processes data categories that a Member State's employment law restricts is still non-compliant.
FRIA: When It Applies and When It Does Not
Article 27 requires a Fundamental Rights Impact Assessment for certain deployers of high-risk AI. Private employers are not automatically in scope. Article 27 applies to deployers that are public bodies and, for private deployers, where the system falls under Annex III point 5(b) (creditworthiness) or 5(c) (life and health insurance) — not point 4(b) (employment).
This means that a private employer deploying a performance-monitoring tool does not automatically owe a FRIA under Article 27. The FRIA is not required for most employment-monitoring deployments by private companies. Do not conflate this with the Article 26 notification obligation, which does apply. And do not confuse a FRIA with a DPIA: the GDPR Article 35 Data Protection Impact Assessment is a separate obligation, triggered by high-risk data processing under GDPR, and may well be required for employee monitoring regardless of whether a FRIA is.
What Providers of These Systems Must Deliver
If you are the vendor building and selling an employee monitoring or productivity-scoring AI under your own name, you are the provider. Your obligations before the system reaches any EU employer:
Risk management system (Article 9). An ongoing process — not a one-time audit — that identifies foreseeable risks throughout the system's lifecycle. For monitoring AI, this must address discrimination risks (does the system score differently across gender, age, disability status?), accuracy risks (what happens when scores are wrong?), and the risk of misuse by deployers.
Technical documentation (Article 11 / Annex IV). A complete technical file covering intended purpose, data specifications, model architecture and training methodology, performance metrics by demographic subgroup, human oversight design, and the risk management documentation. Annex IV sets the required contents.
Human oversight by design (Article 14). The system must be designed so that deployers can actually exercise oversight — explainability features that show which inputs drove a score, override mechanisms managers can use, audit logs of override events.
Transparency to deployers (Article 13). Clear instructions for deployers covering appropriate use, known limitations, required oversight measures, and worker notification obligations.
EU Declaration of Conformity (Article 47). Signed before the system is placed on the market. This confirms the system has passed the Article 43 / Annex VI self-assessment and meets the requirements.
Registration in the EU database (Article 49). High-risk AI systems must be registered before being placed on the market. The database is established under Article 71.
Post-market monitoring (Article 72). Providers must monitor system performance in deployed contexts and, for serious incidents, follow the reporting timelines in Article 73: 15 days from awareness in the standard case, 10 days where a person has died, 2 days for widespread or critical-infrastructure-disrupting incidents.
How Confir Helps
Confir's classification engine asks whether a system falls under Annex III point 4(b) and flags the prohibited Article 5(1)(f) boundary — the distinction between performance monitoring (high-risk) and emotion recognition (prohibited) appears explicitly in the classification output, with the applicable penalty tier.
For deployers, Confir generates a worker-notification record: a structured, dated document recording that workers and their representatives were informed before deployment, which satisfies the Article 26 obligation and provides an audit-ready evidence trail. The classification output and notification record together cover the two compliance steps most employers miss first.
Frequently Asked Questions
Is productivity-scoring AI always high-risk under the EU AI Act?
If the system monitors individual workers and its output feeds into performance review, task allocation, or disciplinary decisions, it falls under Annex III point 4(b) and is high-risk under Article 6. The Article 6(3) exemption does not apply where the system profiles natural persons. The obligation deadline for stand-alone high-risk systems is 2 December 2027, under the Digital Omnibus agreed in May 2026.
Is sentiment analysis of employees banned?
Yes, if it reads emotional or affective states from worker data. Article 5(1)(f) prohibits emotion-recognition AI in the workplace unless the purpose is safety or medical. This prohibition has applied since 2 February 2025. The fine ceiling is €35 million or 7% of global turnover (Article 99(3)) — the top tier under the Act.
Does a private employer need to run a Fundamental Rights Impact Assessment before deploying monitoring AI?
No. Article 27 requires a FRIA from public-body deployers and from private deployers of creditworthiness (Annex III 5(b)) and life/health insurance systems (Annex III 5(c)) — not employment monitoring (point 4(b)). However, the employer may owe a GDPR Data Protection Impact Assessment under GDPR Article 35, which is a separate obligation with different scope.
What must an employer tell workers before deploying a monitoring system?
Article 26 requires the employer to inform workers' representatives and the affected workers before deploying a high-risk AI system in the workplace. Workers need to know that an AI system is in use, what it assesses, and how its outputs are used in work decisions. This obligation applies regardless of the December 2027 deadline for full provider compliance — deployers must satisfy it before each workplace deployment.
Who runs the conformity assessment for an employee monitoring system?
The provider — the vendor who built and placed the system on the market. For Annex III point 4(b) systems, the route is Annex VI internal self-assessment, not a notified body. The employer as deployer does not run the conformity assessment but must verify that the provider has completed it and retain the provider's documentation for regulatory inspection.
What are the penalties for non-compliance?
For high-risk obligation breaches (provider or deployer duties): up to €15 million or 3% of worldwide annual turnover, whichever is higher (Article 99(4)). For deploying a prohibited system — including workplace emotion recognition — the ceiling rises to €35 million or 7% (Article 99(3)). For companies that qualify as SMEs or start-ups, Article 99(6) caps the fine at the lower of the percentage or the fixed amount.
Related guides
- Article 6 high-risk classification
- EU AI Act risk classification levels
- Annex III high-risk use cases
- Article 3 definitions
- EU AI Act compliance framework
- compliance checklist for all articles
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →