AI Regulations in HR: What Employers Must Know

Need for Action When Using AI Systems in HR

The use of artificial intelligence (AI) systems in human resources (HR) is increasingly regulated under the newly implemented Artificial Intelligence Act (AI Act), which came into effect on February 2, 2025. This legislation aims to protect fundamental rights while promoting innovation and providing legal certainty within the EU market.

Overview of the AI Act

The AI Act categorizes AI systems into four risk classifications: Prohibited AI Practice, High-risk AI, General Purpose AI, and Limited AI Systems. Employers must understand these classifications to ensure compliance and avoid significant penalties.

Prohibited AI Practices

Under Article 5 of the AI Act, certain AI systems are deemed to have an unacceptable risk to individuals’ safety, rights, or livelihoods, leading to their prohibition from the market. These practices are divided into eight categories:

1. Use of subliminal, manipulative, or deceptive techniques that could distort a person’s behavior;
2. Harmful exploitation of vulnerabilities;
3. Social scoring based on social behavior or personality characteristics;
4. Predicting criminal offenses through individual risk assessment;
5. Creation of facial recognition databases through untargeted evaluations;
6. Emotion recognition systems;
7. Biometric categorization;
8. Biometric remote identification in real-time.

Non-compliance with these prohibitions can result in administrative fines reaching up to €35,000,000 or 7% of the total worldwide annual turnover for companies.

AI Literacy Regulations

Article 4 of the AI Act mandates that providers and deployers of AI systems ensure their staff has a sufficient level of AI literacy. This requirement applies to all companies developing or using AI systems. Employers must train their employees in the operational use of these systems, fostering an understanding of both the opportunities and risks associated with AI technologies.

Challenges of Defining AI

The AI Act’s definition of AI systems as “a machine-based system that operates with varying levels of autonomy” presents practical difficulties for compliance. The EU has published guidelines to clarify the definition and assist deployers in classifying their systems correctly.

Future Outlook

While the classification of high-risk AI systems will not take effect until August 2, 2027, other provisions will become applicable on August 2, 2026. These regulations will impose additional obligations on employers using high-risk AI systems, including:

• Ensuring systems are used according to the provider’s instructions;
• Supervising the systems with adequately trained personnel;
• Maintaining representative and relevant input data;
• Continuously monitoring the systems;
• Storing automatically generated logs for at least six months;
• Informing affected employees and their representatives in advance.

Employers must fulfill these obligations to ensure compliance, especially when using general-purpose AI systems like ChatGPT or Microsoft Copilot, which can be classified as high-risk based on their applications.

Conclusion

The AI Act places significant responsibilities on employers regarding AI systems in the workplace. Management and HR staff must act promptly to ensure their teams have the necessary expertise to operate AI systems while adhering to legal requirements. The shift towards regulated AI usage highlights the importance of informed and responsible implementation of technology in the HR domain.

This document serves informational purposes only and does not constitute legal advice. It is advisable to seek professional legal counsel before making decisions based on its content.