In August 2026, the EU AI Act enters enforcement phase, and companies using artificial intelligence in recruitment face penalties up to €15 million or 3% of global revenue - whichever is higher. If your recruiting process touches European candidates, this affects you.
With 10+ years of closing complex IT vacancies, IT recruiting agency EvoTalents has already updated our privacy policy and aligned our team with the law's core principles. Here is what every recruiting agency and hiring company needs to know.
Why Recruiting is Classified as High-Risk AI
The EU AI Act places recruiting systems in the "high-risk" category because AI decisions directly affect people's livelihoods, career opportunities, and fundamental rights. When an algorithm screens resumes, ranks candidates, or predicts job performance, it makes decisions that shape employment outcomes.
The law recognizes a critical reality: biased AI in recruiting can perpetuate discrimination at scale. An AI model trained on historical hiring data may replicate gender, age, or other biases. A candidate from an underrepresented background might be filtered out before a human ever sees their CV. These are not hypothetical risks - they have been documented in real-world recruiting systems.
Important: the law applies regardless of where your company is based. If you use AI to screen any candidate located in Europe, you are subject to the EU AI Act. This applies to agencies, in-house teams, and their technology vendors.
What the EU AI Act Requires
1. Maintain an AI Tools Registry
Create and maintain a comprehensive list of every AI tool your team uses in recruiting: Claude, BlueDot, Clay, Lemlist, Airtable, browser extensions, and any ATS features with AI components. Document what each tool does, which stages it affects, and where candidate data flows. This registry is your first line of defense in an audit.
2. Establish an Internal AI Usage Policy
Write clear guidelines for how your team uses AI. Specify which recruiting stages involve AI, what decisions AI can recommend versus make, and when human review is mandatory. Share this policy with your legal team and update it when tools change. If a dispute arises, this document proves decisions were made by people, not algorithms.
3. Implement Human-in-the-Loop for Every Decision
The core principle of the law is human-in-the-loop. AI may prepare, filter, transcribe, or structure. But every decision about a candidate - reject, advance, present to client - must be made by a recruiter or hiring manager. Not automatically, not "AI decided and sent." A human reviewed and confirmed.
4. Notify Candidates That AI is Being Used
Candidates must know that AI tools are involved in their evaluation. No consent is required - but notification is. This is done at several levels:
1. In email signatures or first LinkedIn messages - a brief note about AI tool usage in the process.
2. At the start of each interview - the recruiter states that the call may be transcribed by an AI tool, but all decisions are made by a human.
3. In job descriptions - a short note at the bottom about AI use in candidate selection.
5. Maintain Audit Logs for a Minimum of 6 Months
All AI interactions in the recruiting process must be stored for at least 6 months. Your AI chat tool stores conversation history. Your transcription tool stores call summaries. Your outreach tool stores sent messages. In your ATS, document at each key stage: what AI tool was used and what decision the human made. This log is your compliance evidence.
What Compliant Recruiting Looks Like in Practice
Sourcing
A sourcing tool builds a candidate database and prepares profiles. The sourcer or recruiter reviews the shortlist and adds candidates manually. An outreach tool prepares message templates - the recruiter reviews and confirms each send. No end-to-end automation from search to message without human involvement.
Screening
A transcription tool records and structures an interview. The recruiter reads the summary, reviews it, and forms their own assessment. Rejection or advancement is the recruiter's decision, logged in the ATS with a reason.
Reports to Client
AI helped structure or prepare a report - the recruiter re-read it, verified the data, approved and sent it. Not "AI sent the report to the client automatically."
Logging in Your ATS
At each key stage - after screening, after presenting to client, after rejection - a comment is added: which AI tools were used and what decision the recruiter made as the human in the loop. Most modern ATS platforms support custom notes fields for exactly this purpose.
What EvoTalents Has Already Done
We did not wait for August. Our team has already adopted the principles of the EU AI Act:
1. Updated privacy policy on our website - listing all the conditions under which we use AI tools..
2. Internal AI policy - a document defining which tools we use, at which stages, and how we ensure human-in-the-loop at every step.
3. Candidate notifications - added to every email signature and the start of every interview: a clear statement that AI tools are used but all decisions are made by humans.
4. ATS logging - at every stage we record which AI tools were used and who made the final decision.
5. Team trained - our recruiters and sourcers know how to document AI usage correctly and what to say to candidates in interviews.
We believe AI-compliance is not just a legal requirement. It is a quality standard that builds trust between an agency, its clients, and the candidates it works with.
Why This Matters Globally
You might be asking: does this apply to us if we are not based in Europe? The answer: if any candidates you process with AI are located in EU countries - yes, it applies to you. The law follows the candidate, not the company headquarters.
There is also a competitive reason. Clients hiring in Europe will increasingly require AI-compliance confirmation from their agency partners. A fine of up to €15 million is not a risk any company should accept because their recruiter was unprepared. Early compliance becomes a differentiator - proof that your process is transparent, auditable, and trustworthy.
Frequently Asked Questions
1. Does the EU AI Act mean we cannot use AI in recruiting?
No. The law does not ban AI - it requires that AI be used under human oversight. You can transcribe calls, prepare outreach, analyze the market with AI. The key is that every decision about a candidate must be made by a human.
2. Who does the law apply to - the company or the agency?
Both. The client company is responsible for hiring decisions. The agency as a service provider must also be AI-compliant. If an agency cannot prove human decision-making - the fine can fall on both the client and the agency.
3. Do we need candidate consent to use AI?
Consent is not required. Notification is - candidates must know AI is being used. They cannot "opt out" of the process because of it, but they have a right to know.
4. What is the first step to compliance?
Build a registry of AI tools you currently use. Map every recruiting stage and identify where AI is involved. Confirm that at each of those stages there is a human who makes the decision and can document it.
5. Do we need to update our client contracts?
Yes. Client contracts should be updated with a clause stating the agency is AI-compliant and operates within EU AI Act requirements when working with candidates.
6. What should we document when rejecting a candidate who went through AI screening?
In your ATS or rejection communication, note that AI tools were used in the process, that the decision was made by a human, and state the specific reason for rejection.
7. Do freelance recruiters also need to comply?
If the freelancer works with candidates in Europe - yes. The agency engaging the freelancer must share its AI policy with them and get confirmation they have read and accepted it.
8. Where can we read the full law?
The official EU AI Act text is available at EUR-Lex. It is 144 pages in English. For a structured practical guide for recruiting teams - see below.
Practical Guide: How to Become an AI-Compliant Recruiting Agency
EvoTalents has prepared a detailed guide with all processes, checklists, and candidate notification examples - based on EU AI Act requirements and our own implementation experience.
