AI in HR: Are We Moving Faster Than the Law Allows?

Artificial Intelligence is rapidly transforming HR. From candidate screening and employee support to performance insights and workforce planning, AI promises greater efficiency and better decision-making. Yet while many organisations are racing to adopt AI-powered HR tools, a surprising number remain unaware that regulators are paying close attention.

The European Union has now classified many HR-related AI applications as “high-risk” under the EU AI Act, placing them among the most heavily regulated uses of AI. For HR leaders, the question is no longer whether to use AI, but how to use it responsibly.

AI in HR: Genuine Progress or Another Technology Bandwagon?

There is no doubt that AI can bring significant value to HR. Used appropriately, it can reduce administrative workload, improve access to information, support workforce planning and help employees find relevant resources more quickly.

However, AI also introduces risks that are particularly sensitive in the employment context. Decisions involving recruitment, promotion, performance management, compensation and termination can have a direct impact on people’s careers and livelihoods.

This is why many experts argue that AI should support human decision-making rather than replace it. The most effective HR technology is likely to be technology that augments human judgement, not technology that attempts to automate it entirely.

The Regulatory Landscape May Surprise You

Many HR professionals are familiar with GDPR. Far fewer are aware of the EU AI Act.

The EU AI Act is a European regulation on artificial intelligence that entered into force on 1st August 2024. It is the first comprehensive regulation on AI by a major regulator anywhere and introduces a risk-based framework for AI systems. Importantly for HR, AI used in areas such as recruitment, candidate evaluation, employee assessment, promotion decisions and workforce management is generally considered “high-risk”. This means organisations and software providers face additional obligations around transparency, governance, documentation, human oversight and bias mitigation.

While a recent political agreement at EU level suggests that certain compliance deadlines for high-risk AI systems may be extended to December 2027, this extension is not yet formally adopted and still requires approval by the European Parliament and the Council, as well as publication in the Official Journal. Until then, the current legal framework under the EU AI Act applies, including key milestones such as:

• February 2025: Ban on prohibited AI practices and AI literacy obligations
• August 2025: Rules for general-purpose AI (GPAI) models
• August 2026: Core obligations for high-risk AI systems, including many HR use cases

Any extension to 2027 therefore remains provisional and not yet legally binding.

Switzerland is taking a slightly different approach. Rather than introducing a Swiss equivalent of the EU AI Act, the Federal Council has chosen a principles-based framework built around existing laws and international standards. Nevertheless, the focus remains the same: protecting fundamental rights, building trust and ensuring responsible use of AI.

Non-compliance carries significant financial and reputational risk. Under the EU AI Act, violations of prohibited AI practices can result in fines of up to €35 million or 7% of global annual turnover (whichever is higher), while breaches of high-risk obligations may lead to fines of up to €15 million or 3% of global turnover. Beyond financial penalties, organisations also face increased regulatory scrutiny and potential restrictions on the use of non-compliant systems

Some AI Uses in HR Are Already Raising Regulatory Concerns

Perhaps the most surprising aspect of the EU AI Act is that some AI applications that have been actively promoted in recent years are now considered problematic or, in certain cases, prohibited. Examples include:

• AI systems that attempt to analyse a candidate’s emotions during a video interview.
• Tools that infer personality traits, emotional state or behavioural characteristics from facial expressions, voice patterns or biometric data.
• Automated recruitment systems that reject or rank candidates without meaningful human oversight.
• AI-driven employee monitoring tools that continuously assess productivity, behaviour or performance and directly influence employment decisions.

While not all of these applications are outright prohibited, many fall into the EU’s “high-risk” category and are subject to strict requirements around transparency, bias mitigation, documentation and human oversight.

The direction from regulators is becoming increasingly clear: AI may assist decision-making, but organisations remain responsible for ensuring decisions affecting employees and candidates are fair, explainable and ultimately made under human accountability.

What Organisations and Software Vendors Should Be Doing

Forward-thinking organisations are already taking practical steps:

• Understanding where AI influences decisions affecting employees or candidates.
• Ensuring humans remain accountable for employment decisions.
• Requesting transparency from software vendors regarding how AI models operate.
• Training HR teams on the appropriate use of AI.
• Reviewing AI governance alongside existing GDPR and data protection practices.

Similarly, software vendors should be implementing AI governance frameworks, documenting their AI use cases, monitoring potential bias, maintaining audit trails and ensuring that customers understand how AI-generated outputs are produced.

What Is Happening in Reality?

The reality is mixed.

Some vendors have invested heavily in responsible AI practices, governance frameworks and human oversight mechanisms. Others appear focused primarily on adding AI features as quickly as possible to keep pace with market expectations.

In some cases, AI capabilities are marketed as fully automated decision-making tools, despite growing regulatory expectations that human judgement should remain central. As with many technology trends, innovation is moving faster than governance.

This creates a challenge for HR leaders. When evaluating HR technology, the most important question may no longer be “What can the AI do?” but rather “How is the AI governed, and is its use lawful?”

The Bottom Line

AI has enormous potential to improve HR processes and employee experiences. But HR is fundamentally about people, and decisions affecting people’s careers deserve transparency, fairness and accountability.

The organisations that will benefit most from AI are unlikely to be those that automate the fastest. They will be those that combine innovation with responsible governance, ensuring that AI remains a tool that supports human decision-making rather than replacing it. As regulations continue to evolve across Europe, responsible AI is quickly becoming not only an ethical consideration, but a business imperative.