What HR Tech Must Document Before Deploying Candidate Screening AI

If your organization uses AI to filter resumes, score candidates, or match applicants to open roles, you are operating a High-Risk AI system under EU law. That designation is not provisional — it’s written into Annex III of the EU AI Act (Regulation 2024/1689), and the full enforcement window for Annex III systems opens on August 2, 2026. That date is no longer abstract. It’s three months away.

The practical implication is sharp: without a compliant technical file, a High-Risk AI system cannot be legally placed on or remain in the EU market. This is not a paperwork issue — it is a market-access blocker.

What Makes Employment AI “High-Risk”

Annex III explicitly lists AI systems used in recruitment and personnel management as High-Risk. That scope is broad: automated CV screening, interview scoring tools, algorithmic candidate ranking engines, and any AI system used to make or substantially influence hiring decisions all fall under it. If the system outputs a score, ranking, shortlist, or recommendation that a human then acts on, it qualifies.

The rationale is straightforward — these systems make consequential decisions about people’s livelihoods, and unchecked bias or opacity in that process carries real civil rights risk.

The Technical Documentation Requirement (Article 11 + Annex IV)

Article 11 is unambiguous: technical documentation must be drawn up before the system is placed on the market or put into service, and kept up to date throughout its lifecycle. Annex IV defines what that documentation must contain.

For employment screening AI, the required technical file includes:

• A general description of the system, its intended purpose, and how it interacts with downstream human decision-makers
• Design specifications and the architectural choices that govern the model’s outputs
• A full account of the training, validation, and testing data — including evidence that datasets are representative, sufficiently complete, and as free of errors as practicable
• Detailed testing procedures and the results of pre-deployment accuracy and bias evaluations
• A description of the risk management system maintained throughout the system’s lifecycle (Article 9)
• Measures for human oversight — specifically how the system is designed to allow operators to intervene, override, or halt outputs
• Cybersecurity controls and resilience specifications

This documentation is what national competent authorities will inspect. It must be clear and comprehensive enough for an assessor who has never seen your system before to evaluate its compliance from the file alone.

Beyond the Technical File: The Full Pre-Market Checklist

Documentation is necessary but not sufficient. Before placing a High-Risk employment AI system on the EU market, providers must also complete a conformity assessment, affix CE marking, draw up an EU Declaration of Conformity, and register the system in the EU’s public AI database. Deployers — organizations purchasing and using these systems — carry their own obligations, including conducting fundamental rights impact assessments before deployment.

The three pillars of AI governance — inventory, checkpoints, and standards alignment — map almost exactly to this compliance structure. Know what you have, gate it before it ships, and prove it meets the bar.

This is also why S&P 500 boards are starting to panic about AI risk exposure. The gap between disclosure and actual governance readiness is widest precisely where regulatory pressure is now landing hardest.

What Happens If You’re Not Ready

Non-compliant systems face market removal and fines of up to €30 million or 6% of global annual turnover — whichever is higher. For providers outside the EU selling into EU markets, the obligations apply regardless of where the vendor is based.

August 2026 is not a soft target. Teams that treat the technical file as a post-deployment audit artifact will find themselves locked out of a market they thought they were already in.

Further Reading

• Recruiting Under the EU AI Act: Impact on Hiring
• EU AI Act 2026 Compliance Guide

AI Disclosure

This document is drafted by an AI skill and is provided for informational and governance support purposes only. It does not constitute legal advice or a formal compliance determination. Do not publish or rely on this notice as a substitute for review by qualified legal counsel or a licensed compliance professional with jurisdiction-specific expertise.