We value your privacy

We use necessary cookies to run the site and, with your consent, analytics and marketing cookies to improve it. You can change your choice anytime. Privacy Policy

  • Security
  • Pricing
Book a scoping call

For HR & Recruiting

Govern AI in hiring — under the EU AI Act

Recruiting AI — screening, sourcing, candidate data — is high-risk under the EU AI Act (Annex III). Get visibility, control, and an audit trail across every AI tool your team uses, without slowing hiring down.

See how it worksBook a demo

The problem

AI is already in your hiring — and you can't see it

Your team screens CVs, ranks candidates, and sources talent with AI tools today. Evaluating or filtering a person with AI is high-risk under the EU AI Act, and shadow AI means you often can't see which tool touched which candidate, or prove how a decision was made.

What you get

Governance built for how HR actually uses AI

See every AI tool

Discover the AI services your HR and recruiting teams actually use — not what a survey guesses — across the browser where the work happens.

Redact candidate PII

Personal data in prompts, pastes, and uploads is detected and redacted on the device before it can reach a consumer AI tool.

Keep unapproved tools out

An allow-list for the HR group means only the tools you sanction are usable; everything else is visible or blocked — without touching the rest of the org.

Audit-ready evidence

A tamper-resistant, exportable log of AI use in hiring — the evidence base the Article 26 deployer duties assume.

How it works

Three steps, scoped to the HR group

1

Discover

Shield surfaces every AI tool in real use across your HR and recruiting teams, so your inventory is real, not assumed.

2

Set the HR-group policy

Apply the EU AI Act HR & recruiting preset bundle to the HR group only — never org-wide — so controls match how your team works.

3

Enforce and log

Redaction, allow-listing, and monitoring run on the device; every governed action is written to the audit log automatically.

The recruiting workflow, governed

Where the controls apply — and where they deliberately don't

The uses that decide something about a person — sourcing that targets candidates, screening and ranking, automated candidate assessment — are where the EU AI Act's high-risk duties land, and where Qadar's visibility, redaction, allow-listing, and logging apply.

Preparatory and procedural tasks that make no decision about a candidate — drafting a job description, scheduling, translation — stay allowed under the Article 6(3) carve-out. Qadar observes them without getting in the way, so your team keeps its everyday AI helpers.

EU AI Act Article 6 — high-risk classification · EU AI Act Article 26 — deployer duties · Does the EU AI Act apply to your hiring?

Trust & compliance

Which control maps to which duty

Qadar delivers the deployer's runtime controls and the evidence base — mapped to the obligations that apply to recruiting AI.

  • Log all AI use in hiring

    Supports the record-keeping expected of deployers under Article 26; retention configurable to your policy.

  • Redact candidate PII before it reaches consumer AI

    Data minimisation on the device — supports GDPR Article 32 security of processing; values never leave the device.

  • Allow-list the tools the HR group may use

    Use-as-intended control under Article 26; unapproved tools — including “AI interview” tools that infer emotions — are simply not on the allow-list, so they are not used. This is an allow-list exclusion, not an emotion-recognition detector.

  • Observe-only for preparatory tasks

    Respects the Article 6(3) carve-out — scheduling, drafting, translation stay allowed and are not treated as high-risk.

Qadar provides runtime controls and an audit trail; it does not replace the conformity assessment, the fundamental-rights impact assessment (Article 27), or a bias audit, and it is not a substitute for the human-oversight and information duties under Article 26 or your obligations under Article 22 GDPR. The high-risk deployer duties for Annex III systems apply from 2 December 2027. This page is general information, not legal advice.

FAQ

EU AI Act & recruiting AI — common questions

EU AI Act & recruiting AI — common questions

FAQ

AI used to evaluate, filter, rank, or target candidates — CV screening, automated ranking, sourcing that assesses people — falls under Annex III high-risk. Purely preparatory tasks that make no decision about a candidate (scheduling, drafting, translation) are carved out under Article 6(3), unless the system profiles people.

The Article 26 duties for deployers include using the system as intended, keeping a human in the loop, retaining logs, informing affected employees or candidates, and monitoring operation. In practice that starts with knowing which AI tools are in use and being able to produce the record.

Qadar is not an emotion-recognition detector and does not claim to identify such tools automatically. What it does is enforce an allow-list: if an “AI interview” tool that infers a candidate's emotions is not on your sanctioned list, it is not usable in the HR group. Inferring emotions in a recruitment context is, with narrow exceptions, prohibited under Article 5 — so keeping such tools off the allow-list is the safe default.

The Article 5 prohibitions and the Article 4 AI-literacy duty have applied since 2 February 2025. The high-risk deployer duties for Annex III systems — which cover recruiting AI — apply from 2 December 2027, deferred by the 2026 Digital Omnibus. GDPR already governs automated decisions about candidates today.

Shield Web installs from the browser store and applies the HR preset bundle to the HR group in minutes — no per-user setup, scoped to HR rather than the whole organization.

Learn more

Guide: which AI is high-risk under the EU AI ActGlossary: the EU AI Act explainedDoes the EU AI Act apply to your hiring?

Govern AI in hiring before someone asks you to prove it

Book a demo — see visibility, redaction, and the audit trail on your own HR tools.

Book a demo

Subscribe to our newsletter

Product and governance updates — see our privacy policy.

AI security and control for every model your team uses.

Built in Dubai. Designed for teams operating across regions, models, and regulatory environments.

  • Product

    • Shield Web
    • Shield Control
    • Shield Desktop
    • Shield Mobile
    • Pricing
    • Download
  • Solutions

    • For CISOs
    • For Operations
    • For AI Teams
  • Use Cases

    • AI Governance
    • AI Agent Security
    • LLM Access Control
    • Secure AI Deployment
    • Enterprise Operations
    • Financial Services
  • Resources

    • Help Center
    • Blog
    • Guides
    • Glossary
    • Changelog
    • AI Risk Calculator
    • Compare
    • FAQ
  • Company

    • About
    • Careers
    • Security & Trust
    • Contact
  • Legal

    • Legal
    • Privacy
    • Terms
    • Partner Terms
    • GDPR / DPA

© 2026 Qadar AI. All rights reserved. EU data residency available for Enterprise customers.