In this exclusive UNLEASH OpEd, Gartner’s Eser Rizaoglu unpicks what HR leaders must be aware of as the EU deadlines for AI compliance loom.
The EU AI Act is here; there is a deadline to address prohibited use cases by February 2025, and high-risk AI systems (which HR uses largely sit under) must be compliant by August 2026.
There's a lot for HR leaders to take in around the act.
Gartner's Senior Director Analyst Eser Rizaoglu is here to help - here's everything HR leaders, and especially CHROs, need to know about the new EU AI legislation.
The rapid rise of artificial intelligence (AI) technologies, particularly in generative AI, has reshaped how businesses, including HR functions, operate.
AI’s increased presence in recruitment, talent management, and HR service delivery offers the potential to improve efficiency and increase insights to make better decisions.
However, AI adoption has also outpaced the regulatory landscape, with organizations now facing the growing challenge of complying with emerging AI laws.
One of the most significant pieces of legislation is the EU AI Act, which seeks to regulate the use of AI across the European Union (EU) and beyond.
Like GDPR, the EU AI act has extraterritorial reach, therefore, impacting organizations worldwide.
With compliance deadlines starting from February 2025, HR leaders must act quickly to ensure they align with the Act’s provisions.
For Chief Human Resources Officers (CHROs), this regulatory landscape presents both a challenge and an opportunity to safeguard their organizations against potential fines and reputational risks, while ensuring that AI is used responsibly within their HR workflows.
To navigate the complex regulations of the EU AI Act to ensure they are prepared for compliance and are equipped to leverage AI responsibly, CHROs must look at cataloguing and managing HR AI use cases, proactively addressing compliance timelines and upskilling their workforce for AI literacy and oversight.
One of the first critical steps for CHROs is to instruct their teams to identify and catalog the various AI systems currently in use within their HR functions.
The EU AI Act classifies AI systems into different risk tiers, and a significant majority of HR-related AI use cases – such as those used in recruitment, performance evaluations, and employee sentiment analysis – are classified as high-risk due to their potential impact on employees’ rights and freedoms.
To achieve compliance, CHROs need to work closely with their legal and compliance teams to systemically assess all AI tools in use.
This includes not only AI tools specifically built in-house for HR but also those embedded and provided by HR technology vendor solutions. An inventory of these AI systems is essential for categorizing them based on their risk categories.
The EU AI Act requires that high-risk systems be actively managed and that prohibited uses be removed or restructured to comply with the new regulations.
Proactively managing high-risk use cases will help ensure that organizations comply with the EU AI Act, avoid penalties, and safeguard the integrity of their HR practices.
The EU AI Act comes with enforcement timelines that organizations must meet to avoid potential penalties.
The deadlines for high-risk AI systems will require compliance by August 2026, while immediate actions are necessary to address prohibited use cases by February 2025.
For CHROs, adhering to these timelines will be critical in mitigating the potential financial risks of non-compliance.
To ensure that HR departments stay on track, CHROs should prioritize immediate action steps for prohibited AI use cases, e.g., those that circumvent users’ free will.
These prohibited use cases must either be restructured or completely removed to avoid the risk of facing potential penalties that can reach up to €35 million or 7% of global turnover for the most severe violations.
Given that most HR AI use cases will fall under the high-risk category, the majority of HR’s regulatory adherence will be due by the August 2026 deadline.
The EU has issued guidance to member states to appoint their existing data protection authorities (privacy regulators) as the oversight authority for the AI Act, meaning that the same entity will govern both the GDPR and the EU AI Act.
Therefore, to ensure compliance with the EU AI Act, HR teams will need to work in close collaboration with your DPO, legal counsel, IT function, and HR technology vendors.
One of the most crucial aspects of the EU AI Act is the requirement for human oversight of AI systems, particularly those categorized as high-risk.
To meet the regulatory requirements, HR teams must ensure that all employees who oversee or use high-risk AI systems possess sufficient AI literacy.
This ensures that staff can effectively manage AI tools, intervene when necessary, and make informed decisions about how these systems impact employees.
To meet this requirement, CHROs should instruct their teams to build AI literacy programs and AI policies designed to educate all employees on the concept of AI, its boundaries and risks and how to critically analyze AI uses.
In addition, HR team members, employees and managers who use AI in HR workflows or support high-risk AI systems should deliver additional targeted data and AI literacy training.
These programs should cover not only the technical aspects of AI but also the ethical considerations, such as fairness, transparency, and accountability.
Additionally, implementing AI governance frameworks is essential.
Establishing an AI governance board will help monitor and guide the ethical use of AI across the organizational values.
This ongoing oversight is crucial for maintaining compliance and adapting to any updates or changes in legislation.
As AI continues to transform HR functions, the EU AI Act introduces a critical regulatory framework that HR leaders must navigate.
The legislation not only presents compliance requirements but also offers an opportunity for organizations to adopt AI responsibly, mitigate risks, and drive innovation in their HR practices.
By cataloguing and managing AI use cases, addressing compliance timelines proactively, and upskilling their workforce for AI literacy and oversight, CHROs can ensure their organizations are prepared for the Act’s requirements.
Non-compliance could result in potential penalties, including hefty fines, making it imperative for HR leaders to act swiftly and strategically.
However, by embracing this regulatory shift, CHROs can safeguard their organizations, build trust with employees, and use AI in a way that is ethical, transparent, and aligned with both legal standards and organizational values.
As AI continues to evolve, so too must HR practices, ensuring that technology serves to enhance, rather than undermine, the rights and well-being of employees.
While Gartner research may reference related legal issues, we do not provide legal advice or services, and our research or guidance should not be construed or used as a specific guide to action. We encourage you to consult with your legal counsel in considering and applying the advice and recommendations contained in our research.
Get the Editor’s picks of the week delivered straight to your inbox!
Senior Director Analyst
Eser Rizaoglu is a Senior Analyst in the HR Technology Strategy and Management team based in London.
"*" indicates required fields
"*" indicates required fields