Our Take
The EU AI Act is not solving a problem unique to AI; it is forcing companies to document and defend hiring practices they should have been scrutinizing all along.
Why it matters
HR teams at global enterprises already face 60+ US federal and 100+ state laws touching AI deployment. The EU rule offers a single, clearer standard that major employers are more likely to adopt than treat as another compliance checkbox. Lawsuits against HR tech vendors are already live.
Do this week
HR operations: audit your current AI hiring vendor's architecture this quarter—specifically, can you inspect how decisions are made end-to-end, adjust parameters, and intervene when results fail—before the EU AI Act compliance deadline forces the conversation.
Lawsuits arrive before regulation clarifies the rules
Two active class action suits against HR tech vendors are proceeding under existing labor and discrimination laws, not AI-specific statutes. The EU Artificial Intelligence Act, now rolling into enforcement, establishes the first major regulatory framework for hiring systems in the bloc and applies to any employer using AI tools on EU-based employees or job candidates.
The law mandates human oversight on all hiring decisions and requires transparency into how systems are built, tested, and governed. Dimitri Boylan, CEO of Avature (a recruiting platform serving Deloitte, Home Depot, IBM, and Walmart), told HR Executive that the regulation clarifies accountability when AI hiring fails. "The EU AI Act does get ahead of part of the problem, but it is not solving a brand-new issue by itself," Boylan said. "You do not need an AI-specific regulation to break the law with AI."
His firm tracks compliance obligations across more than 60 US federal laws and at least 100 state-level regulations that touch AI and create risk for large employers. The EU rule, he argues, offers a clearer baseline than this fragmented patchwork.
Meaningful oversight is not a rubber stamp
The law's human oversight requirement sounds simple in policy but fails in practice at most companies. "Meaningful human oversight cannot mean a person rubber-stamping an output they don't understand," Boylan said. It requires HR teams to understand how a system is designed, what data it uses, how it is tested, and whether they can inspect decisions end-to-end.
Vendors that combine multiple AI tools without giving enterprise customers visibility into the full decision chain create particular risk. "If a vendor combines multiple AI tools and the enterprise customer can't inspect how decisions are being made end to end, oversight breaks down," Boylan said. "The policy may look good, but the actual control is missing."
For HR specifically, the stakes are material. Tools influence access to jobs and opportunity; missteps deliver serious consequences. Teams need three capabilities to comply: transparency into system design and data, configurability to adjust parameters and set guardrails, and the ability to intervene when results are wrong.
Audit your vendor's transparency now
Large enterprises with heavy brand scrutiny and regulatory exposure are more likely to treat the EU AI Act as a genuine operational requirement than as another checkbox. Boylan expects the rule to change how AI hiring is deployed at major organizations, not merely how it is reported.
The analogy is data privacy. "The goal is to protect citizens without freezing innovation," Boylan said. "With AI, the stakes are much higher. Jobs will change, some jobs will disappear, and there will be social backlash."
HR teams should start by asking vendors three questions: Can we inspect how your system makes decisions? Can we adjust parameters and set rules? Can we pull back or override outputs when we see problems? If the answer to any is no or unclear, that vendor does not yet meet the clarity threshold the regulation enforces.