Teaching guide by risks, roles and practical steps.
Many companies already use AI to screen CVs, sort applications, or support interviews. The AI Act (European standard) sets clear rules to ensure this is safe and fair. At Mainder, we explain it without jargon: first, understand the risk, then your role, and finally, what evidence you should keep. Key dates to plan for: bans from February 2, 2025, rules for "high-risk" systems in recruitment from August 2, 2026.
Classifying risk is straightforward. If an AI system helps decide who gets in, who advances, or how a candidate is evaluated, it's usually high risk and requires extra controls. There are things prohibited from now on: for example, trying to deduce emotions in work or education (analyzing microexpressions in video or voice). Other functions can be limited risk (e.g., assistants who only summarize without influencing the decision), but it is still useful to document why they are not high risk and how they are used.
Then there is your role. If you are supplier (you create or sell the software), you must deliver a system with documented quality, adequate data, accuracy and fairness testing, clear instructions, and a conformity assessment procedure before placing it on the market. If you are deployer (a company using AI), you must use it as directed, inform candidates when appropriate, ensure real human oversight (someone with the authority to accept or reject the recommendation), ensure the quality of the data you provide, and keep records of its use. Importers and distributors must verify that all of the above is in place before marketing.
The conformity assessment for high risk, it sounds complex, but it's understood like this: the provider works with a quality management system (written procedures), identifies and reduces risks, documents how the model was trained and tested, defines metrics and thresholds, verifies that there is human oversight, records results, and declares compliance before going to market. The deployer, on the other hand, verifies that the system they use is "in compliance," operates it according to instructions, and monitors results over time.
“Compliance by default" means designing and using AI with compliance in mind from day one. In recruitment, this translates into five common-sense practices:
1. Govern the data (knowing which variables we use and why, minimizing unnecessary things)
2. Measure and mitigate bias (compare results between relevant groups and correct where necessary),
3. Provide useful explanations for HR (why A was recommended over B, in clear language),
4. Set limits and override human (rules for when the AI decides, when a person reviews, and when it doesn't decide),
5. Strengthen cybersecurity and change control. All of this coexists with the GDPR: if the impact on individuals is significant, prepare a data protection impact assessment and coordinate it with the requirements of the AI Act.
What can you do today, even if you're not a technician?
In 30 minutes, audit where you use AI in your funnel (screening, interviews, matching, verification), decide whether each use is prohibited, high, or limited, and put that decision in writing. Ask your vendor for their key evidence (quality, testing, user manuals, technical contact). Appoint the human reviewer and define simple thresholds (when it's accepted, when it's reviewed, when it's discarded). Activate minimum usage logs for at least six months and prepare a clear notice for candidates when applicable. In 90 days, add accuracy and fairness metrics, a tracking dashboard, a bias test with an improvement plan, and a simulated incident so you know who to notify and how to respond.
If you're interested in moving forward smoothly and without unnecessary bureaucracy, Mainder can help you. Subscribe to Mainder's newsletter to receive clear updates, download our Compliance Checklist to get started today, and, if needed, request a 30-minute express audit to review your use of AI in recruitment.
+250 clients
Automate tasks, find top talent faster, and scale your recruiting processes with Mainder.
