Is all AI in recruiting high risk?

AI that searches, assesses or ranks candidates is high risk. Purely administrative AI that does not affect selection may fall outside, but the boundary should be documented.

Can AI make hiring decisions?

No. AI may support decisions, but decisions affecting a person must be made by a human with a real opportunity to override the AI's suggestion.

The EU AI Act and recruiting: what applies?

Why recruiting is classified as high risk

The EU AI Act sorts AI systems by risk. Systems used for recruiting and selecting people fall into the high-risk category, because they can affect people's opportunities and risk discrimination. This covers AI that sources candidates, screens applications, ranks or assesses suitability.

What the requirements mean in practice

Traceability: every processing activity must be documentable and auditable.
Duty to explain: a decision that affects a candidate must be explainable.
Human oversight: AI may provide input, but a human makes the decision.
Transparency: candidates should be able to learn that and how AI is used.
Data protection: the processing must also comply with GDPR.

How GDPR and the AI Act fit together

The AI Act does not replace GDPR, they apply in parallel. A data protection impact assessment (DPIA) is often a natural starting point for the risk assessment the AI Act requires. For candidate data the employer is the controller and a recruiting-AI vendor is usually a processor.

Timeline

High-risk requirements for recruiting AI take full effect in August 2026. Teams adopting AI now should choose tools built for the requirements from the ground up, not retrofitted.

How Week 29 meets the requirements

Week 29 is built on the principle that humans make the decisions. Every match comes with a rationale, processing is logged per step, and candidate data is pseudonymised before AI and stored within the EU. The duty to explain is built in, not retrofitted.