EU AI Act: Prohibited and high-risk systems in employment

Why should I read this?

AI is increasingly embedded across everyday HR and management decision‑making — from hiring tools to performance analytics and workforce monitoring. As AI adoption accelerates, regulatory scrutiny is also increasing. The EU AI Act (Act) entered into force on 1 August 2024 and its obligations are being phased in gradually (read our briefing).

Central to the Act is its risk‑based classification model that categorises AI systems as either: unacceptable risk (prohibited); high risk; limited risk; or minimal risk. Employers must understand where their AI systems sit within this framework to determine their obligations under the Act. Non-compliance can lead to substantial fines and enforcement action

In this briefing, we outline how the Act classifies systems as “prohibited” and “high‑risk”, provide examples in the employment context, and share tips to support employers in determining the correct classifications of their AI systems

In part two of this briefing (coming shortly), we detail obligations that attach to high-risk systems under the Act.

What do I need to know?

Speed read summary:

• prohibited AI systems are already banned under the Act. The Act lists eight practices, including, AI systems that infer emotions from biometric data in the workplace. Employers must check now that none of their tools fall into the eight prohibited categories. – see Which AI systems are prohibited under the Act?
• high‑risk AI systems are permitted but are subject to strict compliance obligations. In the employment context, high risk AI systems include those used for recruitment or selection, making decisions affecting terms of work-related relationships, performance evaluation, and more. The Act confirms when systems will not be high-risk, including where they perform a narrow procedural task, amongst other exceptions. Employers must carefully assess – see Which AI systems are high-risk under the Act?
• employers remain responsible for classification of AI systems, and should not rely solely on third-party labelling. While “providers” primarily classify AI systems at the point they are placed on the market, employers acting as “deployers” remain responsible for ensuring that the use of those systems remains within its intended purpose. If use diverges, employers may (inadvertently) open themselves up to increased obligations and risks under the Act –see Whose responsibility is it for classifying systems as high-risk under the Act?
• the rules on high-risk systems are set to take effect on 2 August 2026, although this may be delayed depending on the outcome of the Digital Omnibus proposal – read When do the rules on high-risk systems take effect?
• employers should act now to prepare — see our Practical steps below for five actions all employer can take to map systems, assess risk, strengthen due diligence, guard against scope creep and put governance arrangements in place

Which AI systems are prohibited under the Act?

The Act sets out a list of eight AI practices that are considered so harmful that they are banned outright. These prohibitions are already in force since 2 February 2025 (with fines having become enforceable from 2 August 2025), meaning employers must comply now or risk fines of up to €35 million or 7% of annual turnover, whichever is higher.

In broad terms, systems which are prohibited under Article 5 of the Act include:

• deploying subliminal, manipulative, or deceptive techniques to distort behaviour and impair informed decision-making, causing significant harm
• exploiting vulnerabilities related to age, disability, or socio-economic status to distort behaviour, causing significant harm
• using social scoring to evaluate or classify individuals or groups based on their social behaviour or personal characteristics, causing detrimental or unfavourable treatment of those people
• using profiling techniques or assessment of personality traits and characteristics to predict the risk of criminal behaviour of individuals
• creating or expanding facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage
• inferring emotions of persons in the workplace or education based on a their biometric data
• biometric categorisation systems used to categorise individuals based on biometric data to deduce or infer race, political opinions, trade union membership, religious or philosophical beliefs, or sex life or sexual orientation; and
• biometric real-time identification systems used in publicly accessible spaces for law enforcement purposes.

The European Commission has issued guidance to help organisations interpret the scope of the above.

One of the most immediately relevant prohibitions for employers is the restriction on AI systems that infer the emotions of persons in the workplace based on their biometric data (i.e. their personal data from the technical processing of physical or behavioural traits used to uniquely identify them, such as fingerprints or facial patterns), unless the technology is used for medical or safety reasons. The Commission’s guidance gives practical, non-exhaustive, examples which are useful for employers to note:

• using webcams and voice recognition systems (e.g. in a call centre) to track employees’ emotions, such as anger, is prohibited
• AI systems monitoring the emotional tone in hybrid work teams by identifying and inferring emotions from voice and imagery of hybrid video calls, which would typically serve the purpose of fostering social awareness, emotional dynamics management, and conflict prevention, are prohibited

Importantly, an “emotion recognition system”, as defined by the Act, covers systems that identify or infer emotions or intentions based on a person’s biometric data. The guidance makes clear that tools which assess sentiment in written text (such as analysing tone in emails or articles) do not fall into this category because they do not process biometric data. These would therefore not be caught by the prohibition, but could fall within other categories.

The Act clarifies that “emotions or intentions do not include physical states, such as pain or fatigue”. Systems used in detecting, for example, “the state of fatigue of professional pilots for the purpose of preventing accidents” would therefore not be prohibited.

Finally, the guidance confirms that the notion of the workplace should be interpreted broadly and is independent of an individual’s status of an employee, self-employed contractor, trainee, volunteer, candidate etc.

Although emotion recognition is the clearest workplace‑specific prohibited use case, employers should not assume the remaining prohibited practices do not apply to them. Several of the other Article 5 categories could still arise in an HR or employment context, depending on how AI systems are deployed. Employers should therefore review all eight prohibited practices carefully, alongside the Commission’s guidance, to ensure none of their current or planned AI systems inadvertently fall within a banned use case.

Which AI systems are high-risk under the Act?

The Act defines high-risk systems within Article 6 and includes further categories of high-risk systems at Annex III.

In the employment context, it is likely that many AI systems will be categorised as “high-risk”. Under Annex III, this category applies to those systems which are:

• used for recruitment or selection, in particular to place targeted job advertisements, to analyse and filter job applications, and to evaluate candidates
• used to make decisions affecting terms of work-related relationships, the promotion or termination of work-related contractual relationships, to allocate tasks based on individual behaviour or personal traits or characteristics or to monitor and evaluate the performance and behaviour of persons in such relationships

AI systems “making decisions affecting terms of work-related relationships” is potentially very wide and in practical terms could mean that many of the AI systems which employers may wish to utilise could therefore be considered as “high-risk”. The concept of a ‘work-related contractual relationship’ is broader than a standard employment relationship and could extend to arrangements involving self-employed contractors, platform workers, and agency workers.

Further Commission guidance on high-risk systems to support employers in assessing their systems was expected by 2 February 2026 in accordance with the deadline set out in the Act, but that timeline has been delayed and we await confirmation of when this will be published.

Non exhaustive examples of AI systems which are likely to be categorised as “high-risk” within the HR/employment context could include:

• AI-driven shift or task allocation tools. These might, for example, rank workers based on predicted reliability, responsiveness or other factors, even if marketed simply as “smart scheduling”
• applicant screening tools e.g. automatic CV-ranking or candidate scoring systems
• performance management systems which are used to analyse how an employee is performing
• compensation modelling systems which impact reward decisions

High‑risk does not mean banned: high-risk systems can still be used, but they are subject to substantial compliance obligations under the Act. In part two of this briefing (coming shortly), we detail those obligations which apply to high-risk AI systems and practical tips for compliance. You can also read our earlier briefing here which covers this at high-level.

When is an AI system not high-risk?

Importantly, the Act sets out when an ‘Annex III’ high-risk AI system will not be high-risk. This is where it “does not pose a significant risk of harm to the health, safety, or fundamental rights of natural persons, including by not materially influencing the outcome of decision making”. The Act provides specific instances of this, including where the AI system is intended to:

• perform a narrow procedural task
• improve the result of a previously completed human activity
• detect decision-making patterns or deviations from prior decision-making patterns and is not meant to replace or influence the previously completed human assessment, without proper human review
• perform a narrow preparatory task to an assessment relevant for the purposes of the use cases listed at Annex III

An AI system will always be high-risk however if it performs profiling of natural persons for an Annex III use case.

Examples of the exceptions above in the employment context might include (depending on specific circumstances) an interview scheduling assistant which performs the procedural task of matching candidates with interviewers’ availability but does not rank or filter candidates, or a tool that reviews performance reviews completed by managers and checks for inconsistent ratings without generating or adjusting those ratings.

Whose responsibility is it for classifying systems as high-risk under the Act?

The Act defines various roles (operators) within the AI value chain, including importers, distributors, product manufacturers, authorised representatives, providers and deployers. Each operator has its own responsibility to classify systems and their role.

Providers (i.e. developers) will have a key role in the classification of high-risk systems, including for example preparing technical documentation, carrying out conformity assessments and, where required, registering the system in the EU database.

Employers are most likely to act as ‘deployers’ in the value chain – i.e. a person or entity that uses an AI system under its authority in the course of a professional activity. For example, an employer procuring a recruitment system from a third-party provider and using/deploying this within its organisation to source candidates.

However, employers as deployers should never solely rely on a provider’s classification – if a provider has misclassified a system, the deployer cannot use that misclassification as a defence. In addition, the Act places distinct and independent duties on deployers. Deployers must ensure that they establish appropriate technical and organisational measures to ensure they use the AI system in accordance with the provider’s intended purpose and instructions for use, that appropriate human oversight is in place, and that the system’s operation is monitored in practice (and more). Where a system presents risks to health, safety or fundamental rights when used as intended, deployers must suspend use and notify the provider and relevant authorities.

This distinction between provider and deployer is particularly important in the employment context because of the risk of scope creep. For example, if a deployer makes substantial modifications to an AI system such that it remains high-risk, or modifies the intended purpose of an AI system such that it becomes high-risk, the employer may be treated as a provider under the Act — bringing with it more onerous provider‑level obligations.

In practical terms, this means that while providers primarily classify AI systems at the point they are placed on the market, employers remain responsible for the classification and for ensuring that their own use of those systems remains within its intended purpose. If use diverges, employers may (inadvertently) open themselves up to increased obligations and risks under the Act – hence the importance of putting in place strict governance arrangements (read our tips below).

When do the rules on high-risk systems take effect?

The rules on high-risk systems were due to apply from 2 August 2026 (for Annex III systems). However, the Digital Omnibus proposal, published on 19 November 2025, proposes a revised timeline. Under this proposal, the deadline for Annex III systems would be extended from 2 August 2026 to 2 December 2027.

The proposal also includes a flexibility mechanism however, allowing the Commission to decide at any time that sufficient guidance and harmonised standards are ready sooner. Once such a decision is adopted, the obligations would apply within six months. Given this short window, employers must continue to focus on risk-categorisation of their AI systems and should not suspend their efforts.

The Digital Omnibus proposal must be approved by the Council and European Parliament and we await this outcome.

What should I do?

Five practical steps

Employers will need to ensure they are already complying with the ban on prohibited AI systems, while at the same time preparing for the upcoming high‑risk obligations. In terms of risk classification, all employers should take the following five practical steps now:

1. Create a comprehensive register of AI systems
   
   Map and record every AI tool used across the organisation and their functionality. This allows employers to understand the full picture and is an essential first step.

2. Assess current AI systems against the Act’s criteria
   
   Undertake an assessment of current AI systems and use cases to determine whether they could fall into the prohibited or high‑risk categories under the Act.

3. Carry out thorough and early due diligence
   
   When procuring any new AI system from third party providers, employers as deployers should carry out thorough due diligence, including obtaining the information that providers are required to supply about high-risk AI systems under the Act. Early engagement allows employers to consider any issues relating to classification, evaluate whether the provider’s intended purpose aligns with how the system will be used in practice, identify any functionality that could tip the system into a high‑risk category, and ensure that the system can be deployed safely and within its intended purpose.

4. Be alert to scope creep
   
   A key risk is where AI systems are adapted/used for wider purposes than originally intended. For example, an AI system might contain functionality that HR teams can switch on, or HR teams might prompt the AI system to carry out new tasks that were not originally in scope. As explained above, if an AI system is used beyond its intended purpose/substantially modified this may change its risk classification and/or the employer’s obligations under the Act (i.e. as a provider vs deployer).

Employers should therefore keep systems under strict and regular review and provide employees with clear rules about permitted use (more on this below).

5. Put governance arrangements in place
   
   Employers should establish a multi-disciplinary taskforce and governance framework to ensure compliance with the Act’s requirements.

It will be important to set clear guardrails and policies for the workforce in terms of how AI systems and functions should be used by employees, to ensure that employees do not inadvertently stray into prohibited or high-risk use cases or functionality which could place their employer in breach of the Act. Employers should also provide risk-training to their HR teams and wider workforce to ensure that they understand how and why AI systems should be used.