EU AI Act HR Compliance Matrix & Checklist - Interactive Tool

Adjust the sliders to see where your AI stands and if you are currently meeting the requirements of the law.

EU AI Act HR Compliance Matrix

How to Use This Tool

Intended Use Indicates the potential regulatory classification. Actual classification is determined by legal criteria under the EU AI Act, not this slider value.

Implementation Status Indicates how many required controls are implemented. Full compliance requires all applicable obligations to be met.

Intended Use 5.0

Implementation Status 5.0

Intended Use →

Non-Compliant
High-Risk

High-Risk
(Status Check)

Limited / No
Obligations

Governance
Beyond Req.

Implementation →

Assessing...

Compliance Outlook

Adjust the sliders to define your AI governance standing.

How the Score is Calculated

The Intended Use axis measures the Risk Level of your AI based on its role. When your AI makes decisions about people including hiring, pay, or promotions, it enters the High Risk zone.
The Implementation axis measures your Readiness. This tracks how many mandatory legal controls, such as human oversight and data logging, you have actually put into practice.
The matrix calculates the intersection of these two points to determine your AI's current compliance tier under the EU AI Act.

How to Read the Results: The Four Zones

Non-Compliant High Risk: This is the most dangerous area. You are using high stakes AI but have not yet met the legal requirement for safeguards. Under the EU AI Act, this is where you are most vulnerable to heavy fines.
High Risk (Status Check): Your controls are in place but formal compliance requires completing all conformity assessments, human oversight obligations, and ongoing monitoring under the EU AI Act. Note that this status will not activate in the compliance outlook until you have reached the far end of this area on the readiness scale.
Limited / No Obligations: This is for administrative or non critical tools. Since these do not impact a person’s career path, the legal burden is much lighter and requires only basic transparency.
Governance Beyond Requirements: You are over performing here. You have applied high level safety standards to low risk tools, which is a great way to build brand trust and prepare for future regulation.

Moving Out of Non-Compliant High-Risk (Scenarios A & B)

Scenario A: Increase Your Readiness

You keep the AI tool in its current role but increase your human oversight.
To move from Non-Compliant High-Risk to High-Risk (Status Check), you must push your Readiness to the maximum level by implementing all mandatory rules like Human in the Loop and automatic logging.
The goal here is to keep the power of the AI but match it with the safety measures that satisfy EU regulators.

Scenario B: Lower the Risk Level

If you do not have the resources for constant human auditing, you can change how you use the tool.
Instead of letting the AI rank or reject candidates, you use it only for scheduling or drafting.
By dropping your Risk Level into the Limited / No Obligations zone, you move to a position where full implementation of technical controls is no longer a legal requirement.

EU AI Act HR Compliance Checklist

Category	Action Item	HR Specifics & Examples
1. Strategy	Annex III Classification	Inventory all HR tech. Systems for recruitment, promotion, and termination are strictly "High-Risk." You must verify if your vendors are compliant with Articles 8-15.
2. Governance	AI Literacy Training	Under Article 4, training is mandatory. Recruiters must understand "automation bias"—the tendency to trust AI scores over human judgment—and how to spot biased outputs.
3. Transparency	Candidate Rights Notice	Inform candidates if AI is evaluating them. Article 86 gives affected persons a legal right to a clear and meaningful explanation of the AI system's role in any decision that produces legal effects or significantly impacts their health, safety, or fundamental rights.
4. Impact	Fundamental Rights Assessment	Article 27 requires a FRIA before deployment. You must document how the tool impacts non-discrimination, worker privacy, and data protection (often paired with a DPIA).
5. Oversight	Human-in-the-Loop (HITL)	Per Article 14, high-risk HR systems must not "Auto-Reject." A human must have the final say and the clear authority to override the AI's recommendation without fear of reprisal.
6. Records	Logging & Retention	Article 12 requires automatic logging capability to be built into high-risk systems. Article 19 requires deployers to keep those logs for at least 6 months. Technical documentation for the system must be kept for 10 years under Article 18.
7. Incidents	15-Day Reporting	If a system malfunctions or shows systemic bias, you must report the serious incident to your national authority within 15 days of discovery, as per Article 73.

Key HR-Specific Focus Areas:

Prohibited Practices: AI for Emotion Recognition in workplaces (analyzing cameras/mics for employee mood) is banned under Article 5 as of February 2025.
Employee Consultation: Under the AI Act and local labor laws, you must consult Works Councils or worker representatives before deploying High-Risk performance tracking tools.
Instructions for Use: Article 13 requires vendors to provide you with concise instructions. You cannot be compliant without reading and filing these documents.

Disclaimer: This interactive tool & checklist are for informational purposes only and do not constitute legal advice or a formal compliance audit under the European Union AI Act.

Recommended Resources

Found yourself in the Liability Trap? Don't panic. You can build your Force today with our complete HR AI Governance Toolkit. It includes the policies, risk assessments, and training templates you need to reach the Safe Harbor.

For a broader look at how your AI governance stacks up in the USA, Canada, UK, Switzerland, China, or Brazil, use our Global HR AI Compliance Matrix to benchmark your risk across other major regions.