High-Risk AI

Recruitment and workforce-management AI falls within Annex III. This paper maps what is in scope, how the Act meets GDPR and equal-treatment law, and the data-governance duties that follow.

Most EU AI Act guidance targets providers. Article 26 places eight complex obligations, plus the Fundamental Rights Impact Assessment, on deployers of high-risk AI. Here is where to begin.

Article 72 requires a post-market monitoring plan for high-risk AI. Done well, it reuses the infrastructure you already run rather than spawning a second compliance programme.

Annex IV is not a one-off deliverable. It is a living technical file across fourteen elements, and the standard notified bodies expect is higher than the text suggests.

Article 14 requires effective human oversight of high-risk AI. The hard part is designing oversight that is genuine rather than nominal, without making the system useless.

Classification is the first legal obligation and the costliest to get wrong. This guide maps the four tiers, the Article 6(3) exception, and the modern edge cases that break old frameworks.