Recruitment AI and CV Screening Under the EU AI Act: High-Risk Classification and What It Means for You

AI systems that screen job applicants, rank CVs, or filter candidates sit squarely in Annex III, point 4(a) of Regulation (EU) 2024/1689 — the EU AI Act. That classification is not discretionary. It carries the full high-risk obligation stack, and the compliance deadline is 2 December 2027 under the Digital Omnibus agreed in May 2026.

This article explains why recruitment AI is high-risk, how the provider/deployer split works in practice, which obligations attach to each role, and where the edge cases are.

---

Why Recruitment AI Is High-Risk Under Annex III

Annex III groups high-risk AI systems under eight headings. Point 4 covers employment, workers management, and access to self-employment. Subpoint (a) is explicit: AI systems intended to be used for the recruitment or selection of natural persons, in particular to place targeted job advertisements, analyse and filter job applications, and evaluate candidates.

The legislative rationale is not hard to follow. A CV-screening model that filters out 80% of applicants before any human sees them determines who gets considered for a role. Errors or embedded biases compound at scale — a single model deployed across hundreds of hiring decisions can systematically disadvantage candidates on grounds of gender, age, or national origin without any single recruiter making a discriminatory choice. That combination of scale, opacity, and direct impact on access to employment is precisely what the high-risk tier is designed to address.

What the Article 6(3) Filter Does (and Doesn't) Cover

Article 6(3) offers a narrow escape hatch. A system listed in Annex III is not high-risk if it does not pose a significant risk of harm to health, safety, or fundamental rights — for instance, because it performs only a narrow procedural task, or because it merely improves the output of a previously completed human activity without influencing assessments.

Applied to recruitment: a tool that reformats CVs into a standardised layout, strips duplicate entries, or checks that mandatory application fields are complete may fall outside the high-risk tier if it has no role in ranking or profiling candidates. The moment a system scores, ranks, or filters applicants — even as a first-pass shortlist — the Article 6(3) exemption no longer holds. Any system that profiles natural persons is always high-risk, full stop. Providers that claim the exemption must document the assessment and still register the system under Article 49.

In practice, most commercial HR-tech tools that market themselves as AI-assisted screening do profile and rank. The exemption is genuinely narrow.

---

Provider vs Deployer: Who Is Who in Recruitment AI

The Act distinguishes sharply between the party that builds and places an AI system on the market and the party that uses it.

The provider (Article 16) is the HR-tech vendor: the company that developed the CV-screening model, trains it on data, and supplies it to employers under its own name or trademark. Providers carry the heaviest obligations and are responsible for conformity assessment before the system goes to market.

The deployer (Article 26) is the hiring employer. An in-house team at a 200-person logistics company that has subscribed to a third-party applicant-tracking system with AI ranking is the deployer. So is a recruitment agency that uses a vendor's matching tool to shortlist candidates for clients.

The boundary can shift. Under Article 25, a deployer becomes a provider if it puts its own name on a third-party system, substantially modifies it (Article 3(23) defines substantial modification), or changes its intended purpose in a way that brings it under a different Annex III category. An HR team that fine-tunes a vendor's base model on its own proprietary data and then uses the resulting system for hiring should seek legal advice on whether that constitutes substantial modification — if it does, the deployer inherits full provider obligations.

---

Obligations for Providers of Recruitment AI

Providers must complete the following before placing a high-risk recruitment AI system on the EU market or putting it into service.

Risk Management System — Article 9

Article 9 requires a continuous risk management process across the system's entire lifecycle. For a recruitment AI, that means identifying foreseeable risks of discriminatory output (disparate rejection rates by gender, age, or national origin), designing technical and organisational measures to address them, estimating residual risks, and keeping the risk management record current as the system changes or as post-market data accumulates.

Risk management under Article 9 is not a one-time audit. It is an ongoing obligation that runs from development through decommissioning.

Data and Data Governance — Article 10

Article 10 governs the training, validation, and test datasets used to develop the system. For recruitment AI, this is where bias risk originates. If historical hiring records reflect a workforce where senior roles were overwhelmingly filled by men in a certain age band, a model trained on that data will encode those patterns as signals of success.

Article 10 requires that datasets be relevant, sufficiently representative, and — as far as possible — free from errors and complete. It also requires providers to address data gaps and adopt measures to detect, prevent, and mitigate possible biases, particularly those that can affect fundamental rights. Demographic testing across protected characteristics is part of this obligation, not a voluntary best practice.

Technical Documentation — Article 11 and Annex IV

Article 11 requires providers to draw up technical documentation before placing a high-risk system on the market and to keep it updated throughout the system's lifecycle. The content is specified in Annex IV: a general description of the system and its intended purpose, design specifications, training methodologies, performance metrics across relevant demographic groups, known limitations, and risk mitigation measures.

This document forms the evidentiary backbone of compliance. Competent authorities may request it; notified bodies will inspect it.

Transparency Information for Deployers — Article 13

Article 13 requires providers to supply deployers with information that is clear and unambiguous. For a recruitment tool, the instructions for use must specify the system's intended purpose and the categories of candidates it is designed to assess; the data it processes; the logic used to generate rankings or recommendations; performance metrics, known limitations, and foreseeable misuse scenarios; and the measures required to ensure meaningful human oversight.

A deployer cannot operate a high-risk recruitment system lawfully if the provider has not supplied this information. Providers cannot fulfil Article 13 by pointing to a marketing brochure.

Human Oversight by Design — Article 14

Article 14 requires that high-risk systems be designed and built — not merely used — in ways that enable effective human oversight. The provider must build in interfaces that allow the natural person overseeing the system to understand its capabilities and limitations, to monitor its operation, and to decide not to use or to override its output.

For recruitment AI, this means the system must make its scoring logic inspectable to the recruiter, not merely deliver a ranked list. Building a "black box score and rank" product and leaving oversight to the employer's operational procedures does not satisfy the provider's Article 14 obligation.

Accuracy, Robustness, and Cybersecurity — Article 15

Article 15 requires that high-risk systems achieve appropriate levels of accuracy for their intended purpose and be resilient against attempts by third parties to alter outputs. For a CV-screening system, accuracy means not only overall precision but consistency of performance across demographic groups. A system that achieves 90% accuracy overall but 70% accuracy on female applicants in technical roles has an Article 15 problem, not just an Article 10 one.

Conformity Assessment — Article 43

Article 43 is the conformity assessment — the EU's term for formally verifying, before market placement, that a system meets the Act's requirements. For recruitment AI, this is an internal conformity assessment (Annex VI procedure), not one requiring a notified body, unless the provider chooses to use one. The provider draws up the EU declaration of conformity under Article 47, affixes the CE mark under Article 48, and registers the system in the EU database under Article 49.

The conformity assessment must be completed before the system is placed on the market or put into service. There is no grace period for retroactive conformity assessment on live systems after 2 December 2027.

Registration — Article 49

Before or at the time of market placement, providers must register high-risk recruitment AI systems in the EU's public database. The registration covers the provider's details, the system's intended purpose, the risk classification basis, and a summary of the conformity assessment outcome.

Providers claiming the Article 6(3) exemption (see above) must also register that assessment in the database, even though they are claiming the system is not high-risk.

---

Obligations for Deployers of Recruitment AI

Deployers — the hiring employers — carry a distinct but substantial set of obligations under Article 26.

Follow the provider's instructions. A deployer who uses a CV-ranking system to filter for roles the system was not designed to assess (deploying a tech-role screener for manual-labour positions, say) creates a compliance gap that is the deployer's responsibility, not the provider's.

Assign human oversight. Article 26 requires deployers to assign oversight to natural persons who have the necessary competence, authority, and resources to exercise genuine oversight — and to actually exercise it. Oversight must be more than formal.

Inform workers and candidates. Where recruitment AI is used in the context of employment or labour relations, Article 26 requires the deployer to inform the workers' representatives and the affected workers (or candidates) that the system is being used. Candidates must be told before or at the point of application, not after a rejection decision has been made.

Monitor the system in use. Deployers must monitor for situations in which use of the system deviates from the intended purpose or produces outputs that raise a serious risk (Article 26). If a deployer detects such a risk, it must notify the provider and, where relevant, market surveillance authorities.

Keep logs. High-risk systems generate logs under Article 12. Deployers must keep those logs for at least six months (Article 26), insofar as the logs are under their control.

Fundamental Rights Impact Assessment — Article 27

Article 27 requires certain deployers to conduct a Fundamental Rights Impact Assessment (FRIA) before deploying a high-risk AI system. The FRIA obligation applies specifically to deployers that are public bodies, deployers providing public services such as healthcare or social care, and private deployers operating in the credit or insurance sectors.

Most private employers do not trigger the Article 27 FRIA obligation. A logistics company, a retailer, or a technology firm using a third-party ATS with AI ranking is a private deployer outside the Article 27 scope. The company should conduct due diligence on the provider's conformity assessment and implement its Article 26 monitoring and oversight obligations — but a formal FRIA is not required.

Where the FRIA does apply (a public-sector body hiring via AI screening, or an insurance company using AI to shortlist candidates for underwriter roles), the assessment must be notified to market surveillance authorities and must address the categories of persons and groups likely to be affected, the risks to fundamental rights, and the measures taken to address them.

---

The GDPR Article 22 Overlap

Article 22 of the General Data Protection Regulation prohibits automated decisions that produce legal or similarly significant effects concerning individuals, unless the individual has consented, the decision is necessary for a contract, or it is authorised by EU or member-state law.

Recruitment decisions sit directly in Article 22's scope: being screened out of a job application process is a decision that significantly affects the individual. An employer who relies entirely on an AI's rejection recommendation without meaningful human review is likely in breach of GDPR Article 22 independently of anything in the EU AI Act.

The two frameworks complement each other. The EU AI Act's Article 14 human oversight obligation and Article 26 deployer obligations align with GDPR Article 22's requirement for human review, but they are separate legal requirements. Compliance with the AI Act does not substitute for GDPR compliance, and vice versa.

Candidates also have the right under GDPR to request information about the logic involved in automated processing, to object to solely automated decisions, and to have the decision reviewed by a human.

---

What a Compliant Recruitment AI Workflow Looks Like

A mid-sized HR-tech firm — say, 60 employees — builds a CV-screening tool for the DACH market. It trains the model on anonymised historical application data from five large clients, ranks candidates by match score, and sells access to employer clients via a SaaS subscription.

The firm is the provider. Before going to market, it must:

1. Build and document a risk management system under Article 9, covering discriminatory-output risk across gender, age, and national origin.
2. Audit its training data under Article 10 for representativeness and bias; document the dataset composition, the demographic-group performance metrics, and the measures taken to address gaps.
3. Produce Annex IV technical documentation under Article 11: system description, model architecture, training methodology, performance benchmarks disaggregated by demographic group, known limitations.
4. Design Article 14-compliant oversight interfaces so that employer clients can inspect the scoring rationale for individual candidates and override rankings.
5. Prepare Article 13 instructions for deployers covering intended use, data processed, required oversight measures, and candidate disclosure templates.
6. Complete the Article 43 internal conformity assessment, draw up the Article 47 declaration of conformity, and register the system under Article 49.

The deployer — each employer client — must:

1. Use the system only for its stated intended purpose and within the demographic contexts the provider has tested.
2. Implement the oversight procedures the provider specifies; train recruiters on reading the system's scoring logic rather than treating rankings as final decisions.
3. Notify candidates before or at application that AI is used in screening and explain the purpose and appeal process.
4. Keep the Article 12 logs the system generates for at least six months.
5. Monitor for anomalies in rejection rates and report concerns to the provider under Article 26.

Neither party needs a notified body for the conformity assessment. Both parties need to be ready for this before 2 December 2027.

---

Penalties Under Article 99

Non-compliance with high-risk obligations — Article 9, 10, 11, 13, 14, 15, 43, 49 for providers; Article 26 for deployers — attracts fines under Article 99(4): up to €15,000,000 or 3% of total worldwide annual turnover, whichever is higher.

For SMEs and start-ups, Article 99(6) provides a cap: the fine is the lower of the fixed amount or the percentage. A 60-person HR-tech firm with €4 million annual turnover faces a maximum fine of €120,000 under the percentage ceiling, not €15 million — the cap applies. The protection is real, but it does not eliminate the obligation.

Suppliers of incorrect or incomplete information to notified bodies or authorities face a separate, lower tier: €7,500,000 or 1% under Article 99(5).

The deadline for stand-alone high-risk AI systems (the Annex III list, including recruitment AI) is 2 December 2027. Under the Digital Omnibus agreed in May 2026, this pushed back from the original 2 August 2026 date. The additional year and a half is time for documentation, testing, and conformity assessment — not time to defer starting.

---

How Confir Helps

Confir's rule-based classification engine walks providers and deployers through the Annex III point 4(a) criteria in plain English, derives the correct risk tier and role, and then runs the structured compliance assessment across all four areas: risk classification (Articles 5, 6, 43), data and technical robustness (Articles 10, 11, 15), transparency and human oversight (Articles 13, 14, 27), and governance (Articles 9, 72, 73).

For a recruitment AI provider, the output is a print-ready Article 11 / Annex IV technical documentation pack and an Article 47 declaration of conformity — both generated from the assessment intake, with no consultants and no six-month implementation. For a deployer, Confir surfaces the Article 26 obligations, flags whether the Article 27 FRIA applies to your specific context, and maintains the audit log. Pricing starts at €600/year.

The classification logic is deterministic. Same intake, same finding. Same rule fires every time — which matters when you need to show an auditor exactly why a system was classified as high-risk and which obligations were triggered.

---

What to Watch

The Digital Omnibus political agreement of May 2026 covers the high-risk deadline. But the Act is already applying in parts: the prohibition on certain AI practices (Article 5) has been in force since 2 February 2025, and penalties under Article 99 apply from 2 August 2025. There is no enforcement moratorium on the high-risk tier pending the December 2027 deadline — the conformity assessment must be complete by that date, meaning the underlying documentation and testing work must begin well in advance.

For HR-tech vendors active in the EU, the practical planning horizon is now. The Article 10 data governance work and the Article 9 risk management framework both require access to training data and deployment history that becomes harder to reconstruct retroactively. The time to start building the Annex IV documentation is before the data and the people who built the model have moved on.

---

Related guides

• Article 6 high-risk classification
• risk classification levels guide
• EU AI Act explained
• Article 9 risk management system
• Annex IV technical documentation
• EU AI Act key points