Skip to content

Compliance

The EU AI Act and hiring, made simple.

Under the EU AI Act (Regulation (EU) 2024/1689), AI systems used in recruitment are classified as "high-risk" — which brings specific obligations for the employers that deploy them. Here is what changes, when it applies, and how Celper is built to support you as the deployer.

General information, not legal advice.

  • High-risk classification
  • Applies 2 Aug 2026
  • Art. 14 oversight

Key milestones

2 Aug 2026 Deployer obligations apply Art. 14 Human oversight In force

Recruitment AI is high-risk under the EU AI Act. Deployer duties land on 2 August 2026, with meaningful human oversight required by Article 14.

The clock

One date to be ready for.

The EU AI Act phases in over several years. For employers running hiring AI, the milestone that matters is when deployer obligations become applicable.

A proposed "Digital Omnibus" could adjust the timing of these obligations — but it is a proposal, not law. Treat 2 August 2026 as the date to plan for, and see how Celper handles the GDPR side of AI hiring.

The references

The articles that shape AI hiring.

Three provisions do most of the work. In plain English — with the precise citation kept on the left.

Meaningful human oversight

High-risk AI must be designed so a person can understand its output, judge it and intervene — not simply defer to it. This maps directly onto Celper’s human-in-the-loop rule.

No solely-automated decisions

A candidate cannot be subject to a decision based solely on automated processing where it has a significant effect. Because a person makes the final call in Celper, the decision is not solely automated.

Lower-of cap for SMEs & start-ups

For SMEs and start-ups, fines are capped at the lower of the fixed amount or the percentage of turnover. General information, not legal advice.

See human oversight in practice across our AI phone interviews and explainable candidate reports.

In your corner

How Celper helps you deploy responsibly.

You are the deployer and data controller; Celper is the processor. We cannot make you compliant on our own — but the tooling is built to support the obligations you carry.

  • Human-in-the-loop by default

    The final hire/reject decision always sits with a person — supporting the Article 14 oversight you owe as the deployer.

  • Explainable reports

    Every competency score carries the AI’s reasoning, so a reviewer can see why — and overrule it when needed.

  • EU data residency

    Candidate data is hosted in the EU (Google Cloud / Firebase, Belgium and the Netherlands), encrypted in transit and at rest.

  • A DPA with every customer

    You are the controller and Celper is the processor; a Data Processing Agreement is executed with every customer.

For SMEs and start-ups, Article 99(6) caps fines at the lower of the fixed amount or the percentage of turnover. This page is general information, not legal advice — the employer is the deployer responsible for compliance.

Read about GDPR-compliant AI hiring

Related: FAQ · Contact us

FAQ

The EU AI Act, answered.

Is AI in recruitment "high-risk" under the EU AI Act?

Yes. Under the EU AI Act (Regulation (EU) 2024/1689), AI systems used in recruitment are classified as "high-risk", which brings specific obligations for the employers that deploy them.

When do the rules apply?

Deployer (employer) obligations for high-risk recruitment AI become applicable on 2 August 2026. A proposed "Digital Omnibus" could adjust this timing, but it is a proposal, not law, so plan around the current date.

What is the human-oversight requirement (Article 14)?

Article 14 requires meaningful human oversight of high-risk AI systems. In practice a person must be able to understand and act on the output rather than rubber-stamp it — which maps directly onto Celper’s human-in-the-loop rule and GDPR Article 22.

Does Celper make me compliant automatically?

No. As the employer you are the deployer and data controller responsible for compliance; Celper is the processor that provides tooling to support it — human-in-the-loop by default, explainable reports, EU data residency and a signed DPA.

What about fines for a small company?

Article 99(6) provides that for SMEs and start-ups, fines are capped at the lower of the fixed amount or the percentage of turnover. This is general information, not legal advice.

Try it before you trust it.

Type your number. Let Celper do the talking.

+370Lithuania number

We’ll call you for a 60-second demo interview. No spam, ever.