Ask us for an offer, write:

hello@nais.co

Free industry reports?

Subscribe to the newsletter

EN

Ask us for an offer, write:

hello@nais.co

Free industry reports?

Subscribe to the newsletter

EN

The AI Act and HR

The AI Act and HR: What HR departments need to know before August 2, 2026

Artificial intelligence is no longer just a technological curiosity; it has become an integral part of modern HR processes in organizations. However, as of August 2, 2026, the free testing and implementation of unverified algorithmic solutions in HR departments will come to an end. The EU AI Act is entering its deepest implementation phase, redefining the rules for recruitment, employee evaluation, and dismissal across the European Union. Since most AI systems used in HR have been classified as high-risk solutions, the previous operational freedom is giving way to strict legal requirements. For HR departments, this means an immediate need to audit and adapt processes to avoid unprecedented financial penalties.

The legal revolution is becoming a reality. What is the AI Act for HR?

The AI Act is an EU regulation governing the artificial intelligence market, which classifies most AI systems used in HR as high-risk systems, imposing strict obligations on employers regarding auditing, transparency, and human oversight.

Most HR managers treat EU regulations as a distant legal department problem. This is a mistake that could cost millions. The AI Act is based on a so-called risk-based approach. Artificial intelligence systems are divided into four categories: from acceptable risk, through limited and high risk, to completely prohibited systems.

Where does HR fit into this classification? Almost entirely in the high-risk zone. The European Union has recognized that HR decisions have too significant an impact on human life, earnings, and dignity to be left to the uncritical operation of code.

Why August 2026, specifically?

The implementation schedule leaves no room for doubt. Although the Act itself entered into force earlier, it is precisely on August 2, 2026, that the most stringent provisions concerning high-risk systems (in accordance with Article 113 of the AI Act) will become applicable. This is the moment when compliance ceases to be an empty slogan from management presentations and becomes a real audit of every implemented script.

It's worth looking at market data from recent months, which illustrates the scale of the phenomenon:

  • Gartner research indicates that nearly 78% of organizations worldwide have implemented or are testing AI solutions in recruitment and talent management processes.
  • According to a Eurostat report, the adoption of algorithm-based tools in the enterprise sector in Poland increased by 34% year-on-year.
  • Market analyses show that only 15% of HR directors in Central and Eastern Europe declare full preparedness for the legal requirements imposed by the AI Act.

If you have so far treated the implementation of recruitment systems as a simple SaaS license purchase, it's time to change your perspective. Legal responsibility rests not only with the provider but also with you as the deployer.

High-risk systems in HR – are your tools legal?

In the HR industry, high-risk systems according to the AI Act include all AI tools used for recruitment (e.g., CV screening), making decisions about promotions, task allocation, and monitoring and evaluating employee performance.

Let's get down to specifics, because the devil is in the technical details. The EU legislator has precisely indicated in Annex III of the AI Act which systems in the area of employment and human resource management require special oversight.

Recruitment and candidate selection

This is where the biggest friction occurs between humans and algorithms. Tools that automatically scan thousands of applications, reject candidates who don't meet criteria, or create rankings of top talent automatically fall into the high-risk category.

Imagine a system that rejects CVs of candidates with an employment gap longer than 6 months. For an algorithm, this is a dry statistical variable correlating with lower productivity. For the law, it's potential discrimination against women returning from maternity leave. These tools directly impact access to employment, hence the regulator's strong reaction. Learn more about how these mechanisms work in practice by reading about AI in recruitment – how it really works and what it offers your HR team.

Making decisions about promotions, layoffs, and task allocation

Do you use a platform that analyzes KPI metrics and suggests who should be laid off first during restructuring? Or perhaps an algorithm in your courier company or Uber automatically assigns tasks to employees based on their historical performance? This is the pure definition of a high-risk system. Any tool that assesses an employee's behavior, performance, or personality traits and modifies their employment conditions based on this is subject to new, stringent obligations.

HR Process
Example AI Tool
AI Act Classification
Core Legal Obligation
Sourcing & Screening
CV scanners parsing and evaluating application keywords.
High
Ensuring absolute bias-free training data and mitigation frameworks.
Job Interview
Video/voice analysis and advanced AI psychometric testing methodologies.
High /
Partially Prohibited
Absolute ban on emotion recognition systems within the workplace.
Performance Review
Predictive algorithms tracking workplace engagement and efficiency metrics.
High
Enforcing mandatory and continuous human-in-the-loop oversight frameworks.
Onboarding
Simple chatbots and virtual assistants answering basic benefit queries.
Limited / Low
Transparency duty (users must be clearly informed they are interacting with an AI).

Before August 2026, create an internal register of all software tools used in your company that have machine learning or AI components. Ask your IT department for support and send an official inquiry to each vendor requesting a declaration of compliance with the AI Act.

Prohibited AI practices in the workplace – what you absolutely cannot do?

The AI Act strictly prohibits the use of AI systems for emotion recognition in the workplace and biometric categorization systems based on sensitive characteristics.

While high-risk systems are permitted provided they meet stringent requirements, certain practices are completely outlawed. Their use carries the highest penalties.

Emotion Recognition Systems (Emotion Recognition)

This technology was supposed to be a hit for well-being and recruitment systems. Cameras analyzing an employee's micro-expressions while working at their desk, aiming to detect frustration, fatigue, or professional burnout. Sounds beneficial and supportive? The European Union sees it differently: it's a profound violation of privacy and individual autonomy. From August 2026, the use of algorithms to detect emotions of employees or job candidates becomes completely illegal. The only exceptions are strictly defined safety issues (e.g., monitoring fatigue in professional drivers), but even there, the restrictions are enormous.

Biometric categorization and social scoring

You cannot use AI systems that categorize employees based on their biometric data to draw conclusions about their race, political opinions, trade union membership, or sexual orientation. So-called social scoring is also prohibited, which involves creating general profiles of an employee's trustworthiness and obedience based on their non-work-related online behavior.

Real-life example (Case Study):

A company in the modern business services (BPO) sector implemented a system to monitor the engagement of remote employees. A camera analyzed the employee's facial expressions every 10 minutes, assessing whether they were "focused," "bored," or "frustrated." Based on this, the manager received a weekly team satisfaction report. After the AI Act comes into force, such an action constitutes a direct violation of the prohibition on using emotion recognition systems in the workplace. The company would have to immediately disable this functionality, under penalty of a massive financial fine.

New obligations for employers (Deployers) – how to pass an audit?

As a user (deployer) of a high-risk AI system, an employer must ensure human oversight of the algorithm, monitor its operation for errors, and truthfully inform employees and candidates about the use of artificial intelligence.

Many HR professionals breathe a sigh of relief, thinking: "Since I'm buying a system from an external provider, they are responsible for legal compliance." Nothing could be further from the truth. The AI Act clearly distinguishes between the responsibilities of the provider (the entity that created the AI) and those of the deployer (the employer using it). As a deployer, you have a clear process checklist before you.

Human Oversight (Human-in-the-loop)

An algorithm cannot make a final HR decision autonomously. If a recruitment system rejects a candidate, this rejection must be approved by a recruiter who has the real ability to override the machine's decision. Human oversight also means that individuals operating an AI system must understand its limitations, tendencies for hallucinations, or potential systemic errors. You cannot use the excuse: "The computer said so."

Monitoring and Logging

An employer using a high-risk system is obliged to monitor its operation. If you notice that a recruitment system has suddenly started recommending only men for technical positions, you are obliged to suspend its operation and report this fact to the provider and the relevant supervisory authorities. Additionally, system logs generated by AI must be stored for a specified period to prove the transparency of the process in the event of an inspection by the National Labour Inspectorate (or other dedicated body).

Information Obligation Towards Employees and Candidates

Transparency is the foundation of the AI Act. A candidate participating in a recruitment process must be clearly and understandably informed that an algorithm is evaluating them. Similarly, employees must know on what principles AI systems analyze their performance. This information cannot be hidden on the thirtieth page of a privacy policy. It must be clear, concise, and accessible before the system begins operation. It is worth remembering the transformation of the entire ecosystem – read about it in the article: AI in HR: From ChatGPT to Autonomous Agents – How Technology Will Change the Work of HR Departments in Poland by 2026.

Tools supporting compliance:

To implement oversight procedures, it is advisable to use GRC (Governance, Risk, and Compliance) systems and dedicated algorithmic audit platforms (e.g., Credo AI or Monitaur), which help monitor the bias of machine learning models in real time.

5. Penalties for Non-Compliance – The Specter of Financial Disaster

Penalties for violating the AI Act are divided into three financial tiers and can range from EUR 7.5 million to as much as EUR 35 million (or 1.5% to 7% of the company's global annual turnover), depending on the severity of the infringement.

Artificial intelligence implemented without proper legal oversight can lead to losses for an organization that will jeopardize its market survival. The EU's penalty schedule for AI Act violations is structured similarly to the EU's General Data Protection Regulation (GDPR), but the upper limits of financial liability are even more stringent. Sanctions are directly linked to the degree of risk and the type of prohibitions violated, and their enforcement in the Polish market will be handled by specialized supervisory bodies, cooperating, among others, with the National Labour Inspectorate.

Administrative penalties are divided into three main levels of liability:

Level 1: The highest penalty for using prohibited practices

This applies to situations where an employer knowingly or due to gross negligence implements AI systems that are entirely prohibited under European Union law. In the HR domain, the most common risk at this level is the illegal use of algorithms to recognize candidates' emotions during online job interviews or the constant monitoring of employees' facial expressions and stress in the office.

  • Financial penalty: Up to 35,000,000 EUR or up to 7% of the total annual worldwide turnover of the enterprise from the preceding financial year. For companies and corporations, the higher of these amounts applies.

Level 2: Breach of obligations for high-risk systems

This threshold concerns non-compliance with compliance procedures for legal but supervised systems (e.g., algorithms for CV selection and scanning, or systems for automatic calculation of performance indicators). Penalties may be imposed on employers for, among other things, failing to ensure real human oversight of the machine (the principle of human-in-the-loop), ignoring discriminatory errors in verified models, or failing to maintain and store required system logs.

  • Financial penalty: Up to 15,000,000 EUR or up to 3% of the total annual worldwide turnover of the enterprise on a global level. As with the highest threshold, the higher amount applies.

Level 3: Providing false or misleading information

The lowest, yet still extremely severe, sanction threshold concerns formal deficiencies and lack of transparency. A penalty at this level threatens an organization that, during an inspection by a supervisory authority, presents incomplete technical documentation, conceals the use of algorithmic assessment systems, or provides falsified logs intended to hide bias in a recruitment system.

  • Financial penalty: Up to EUR 7,500,000 or up to 1.5% of the total annual turnover of the company on the global market.

Preferential conditions for SMEs and startups

The EU legislator introduced a protective clause for smaller economic entities to ensure that compliance costs do not stifle market innovation. For micro, small, and medium-sized enterprises (SMEs) and startups, a reduced penalty amount is applied when imposing fines for the aforementioned infringements. This means that if 3% of a small software house's turnover were to exceed the company's actual financial capabilities, the authority would take into account the entity's individual economic situation, protecting it from immediate bankruptcy. However, this does not exempt smaller companies from the obligation to strictly comply with the law.

The financial risk associated with the AI Act should be immediately incorporated into your corporate Risk Matrix. Together with the Legal department and the data protection officer, establish a rapid response procedure in case anomalies are detected in the operation of HR algorithms. Every contract with an external provider of an ATS system or employee evaluation platform must include recourse clauses – if the provider's system generates an error for which the National Labour Inspectorate imposes a fine on your company, you must have the legal means to recover these funds from the entity that supplied the faulty technology.

Step-by-step guide: How to prepare your HR department for August 2, 2026?

There is little time to adapt organizational structures. The following course of action will help minimize legal risk and smoothly navigate the technological transformation.

Step 1: System Inventory (AI Shadowing IT)

Identify all tools used in HR. Don't just look at large ATS or ERP platforms. Check smaller plugins, tools for automatic generation of recruitment emails, automatic scheduling systems, or simple Slack bots that analyze employee sentiment. All of these must be cataloged.

Step 2: Risk Classification and Contact with Suppliers

Categorize tools by risk according to AI Act guidelines. Request CE conformity certificates, technical system documentation, and results of anti-discrimination tests (i.e., bias testing) from high-risk system providers. If a provider avoids answering, it's time to look for a new business partner.

Step 3: Procedure Redesign (Human-in-the-loop)

Amend internal regulations. Introduce the principle that every AI-generated decision undergoes human verification. Recruiters and managers must be trained on how to critically evaluate machine recommendations. See how to safely connect these dots by analyzing the issues covered in the text about AI in HR – automation of recruitment and onboarding processes.

Step 4: Documentation and Information Clause Updates

Add clear provisions to employment contracts, work regulations, and application forms. Candidates and employees must know exactly:

  • Which AI tool is being used?
  • What input data does the algorithm process?
  • What impact does this have on hiring or evaluation decisions?
  • How can they appeal a machine's decision to a human?

Most common implementation errors – what to avoid?

Most organizations make the same mistakes when implementing technological innovations in HR departments. Pay attention to them to avoid becoming a target for regulators.

  • Unquestioning trust in vendor assurances: The slogan "100% GDPR & AI Act Ready" placed on a software vendor's sales page does not relieve you of legal responsibility as the implementer. Always verify the source documentation.
  • Lack of training for managerial staff: Purchasing an expensive, secure high-risk system will achieve nothing if a line manager decides to dismiss an employee, justifying it solely with: "Because the system calculated it that way in the table." This is a straightforward path to losing a case in labor court.
  • Ignoring EU AI definitions: Many companies believe that simple algorithms based on rigid rules (if X, then Y) are not artificial intelligence. The definition adopted in the AI Act is intentionally very broad and includes systems that, based on input data, generate outputs in the form of predictions, recommendations, or decisions affecting the environment. If the system learns on the fly or optimizes its operation – it falls under the Act.

FAQ – Most important questions about the AI Act in HR departments

Is using ChatGPT to write job advertisements safe and compliant with the AI Act?

Yes, provided caution is exercised. Classic, general-purpose language models (General Purpose AI) used for creating marketing texts or job advertisements are not classified as high-risk systems. However, you must be careful not to paste candidates' personal data or confidential company information into prompts. Also, remember to fact-check the text generated by AI to avoid hidden linguistic biases.

What consequences does a company face if after August 2, 2026, it continues to use an AI recruitment system without a proper audit?

The company risks severe financial penalties imposed by supervisory authorities – in case of a breach of obligations concerning high-risk systems, the fine can be up to 15 million euros or up to 3% of the total annual turnover from the previous financial year (the higher amount applies to large entities). Additionally, a rejected candidate can easily challenge the recruitment process in labor court.

Are traditional ATS (Application Tracking Systems) high-risk systems?

That depends on their functionality. If an ATS merely serves as a digital document archive and facilitates communication (sending templated emails), it is not a high-risk system. However, if it includes a module for automatic candidate scoring, AI-powered profile matching, or automatic rejection of applications that do not meet semantic criteria – it becomes a high-risk system.

Who in the company is responsible for HR systems' compliance with the AI Act?

Responsibility is joint and rests with the entire organization. The management board is responsible for strategic legal and financial risks. The HR department (as a deployer) is responsible for the operational implementation of procedures, human oversight, and transparency towards employees. The IT and Compliance/Legal departments support HR in technical assessment and verification of contractual terms with technology providers.

Can an employee demand an explanation for why an AI system assessed them negatively?

Yes. The AI Act places enormous emphasis on the right to an explanation. Employees and candidates affected by high-risk systems have the right to receive a clear, understandable, and precise explanation of the role the AI system played in the decision-making process and the criteria it used.

Summary

  • August 2026 is the deadline: As of August 2, 2026, most artificial intelligence systems used in recruitment, employee assessment, and monitoring will be subject to strict legal restrictions.
  • HR is high risk: Automated CV screening, AI-powered performance appraisal systems, and algorithmic employee management have been officially recognized as high-risk areas.
  • Emotion recognition prohibited: The use of systems analyzing employees' facial expressions or voice tone to detect their emotional states becomes entirely illegal.
  • Employer responsibility: Using software from external providers (SaaS) does not relieve the HR department of the obligation to ensure human oversight and conduct compliance audits.
  • Time for a technical audit: By August 2026, every organization must create a register of AI systems, train managerial staff, and update information obligations towards candidates and employees.

Categories

All blogs
Comparisons
AI in HR
ESG
Tips and guides
Reports
Inspirations
About us
News

Table of contents

See also

Nais: Real Solutions and a Proven Partner

Take a moment to work with us on solving your company's challenges.

e-mail: 

hello@nais.co
Let's talk liveWrite to us

Your business data is safe in Nais.
Check out our certifications.

For companies

Strengthen engagementGain time and additional resourcesGrow your talent pool with AIStreamline communicationOutsourcing of HR tasks

Legal

Legal DocumentsPrivacy PolicyUser Terms and ConditionsSecurity

About Nais

Appreciation & Engagement

Cafeteria, Benefits and AwardsKudosChallengesWish BoxVirtual Prepaid Cards

Communication

News and Knowledge BaseWynagrodzenia i Korzyści (TRS)Feedback AssistantOpinion Research

Digitalization and optimization

Digital applicationsDigital documentsRecruitment with AIHR OutsourcingSignalistsSocial Fund automation

Nais Group

PricingAbout NaisQuestions and AnswersCompare usClientsOur WarrantiesGreen Heart Loyalty ProgramRecommend and help animalsJoin us

Knowledgebase

Reports and eBooksNais WebinarsNais WebcastsBlog

Let's keep in touch

Customer ServiceRequest an offerSubscribe to the newsletter

Download our app

Copyright © Grupa Nais 2025. All rights reserved.

Facebook logoLinkedin logoInstagram logo