For HR & Recruiting
Govern AI in hiring — under the EU AI Act
Recruiting AI — screening, sourcing, candidate data — is high-risk under the EU AI Act (Annex III). Get visibility, control, and an audit trail across every AI tool your team uses, without slowing hiring down.
The problem
AI is already in your hiring — and you can't see it
Your team screens CVs, ranks candidates, and sources talent with AI tools today. Evaluating or filtering a person with AI is high-risk under the EU AI Act, and shadow AI means you often can't see which tool touched which candidate, or prove how a decision was made.
What you get
Governance built for how HR actually uses AI
See every AI tool
Discover the AI services your HR and recruiting teams actually use — not what a survey guesses — across the browser where the work happens.
Redact candidate PII
Personal data in prompts, pastes, and uploads is detected and redacted on the device before it can reach a consumer AI tool.
Keep unapproved tools out
An allow-list for the HR group means only the tools you sanction are usable; everything else is visible or blocked — without touching the rest of the org.
Audit-ready evidence
A tamper-resistant, exportable log of AI use in hiring — the evidence base the Article 26 deployer duties assume.
How it works
Three steps, scoped to the HR group
Discover
Shield surfaces every AI tool in real use across your HR and recruiting teams, so your inventory is real, not assumed.
Set the HR-group policy
Apply the EU AI Act HR & recruiting preset bundle to the HR group only — never org-wide — so controls match how your team works.
Enforce and log
Redaction, allow-listing, and monitoring run on the device; every governed action is written to the audit log automatically.
The recruiting workflow, governed
Where the controls apply — and where they deliberately don't
The uses that decide something about a person — sourcing that targets candidates, screening and ranking, automated candidate assessment — are where the EU AI Act's high-risk duties land, and where Qadar's visibility, redaction, allow-listing, and logging apply.
Preparatory and procedural tasks that make no decision about a candidate — drafting a job description, scheduling, translation — stay allowed under the Article 6(3) carve-out. Qadar observes them without getting in the way, so your team keeps its everyday AI helpers.
EU AI Act Article 6 — high-risk classification · EU AI Act Article 26 — deployer duties · Does the EU AI Act apply to your hiring?
Trust & compliance
Which control maps to which duty
Qadar delivers the deployer's runtime controls and the evidence base — mapped to the obligations that apply to recruiting AI.
Log all AI use in hiring
Supports the record-keeping expected of deployers under Article 26; retention configurable to your policy.
Redact candidate PII before it reaches consumer AI
Data minimisation on the device — supports GDPR Article 32 security of processing; values never leave the device.
Allow-list the tools the HR group may use
Use-as-intended control under Article 26; unapproved tools — including “AI interview” tools that infer emotions — are simply not on the allow-list, so they are not used. This is an allow-list exclusion, not an emotion-recognition detector.
Observe-only for preparatory tasks
Respects the Article 6(3) carve-out — scheduling, drafting, translation stay allowed and are not treated as high-risk.
Qadar provides runtime controls and an audit trail; it does not replace the conformity assessment, the fundamental-rights impact assessment (Article 27), or a bias audit, and it is not a substitute for the human-oversight and information duties under Article 26 or your obligations under Article 22 GDPR. The high-risk deployer duties for Annex III systems apply from 2 December 2027. This page is general information, not legal advice.
FAQ
EU AI Act & recruiting AI — common questions
EU AI Act & recruiting AI — common questions
FAQ
AI used to evaluate, filter, rank, or target candidates — CV screening, automated ranking, sourcing that assesses people — falls under Annex III high-risk. Purely preparatory tasks that make no decision about a candidate (scheduling, drafting, translation) are carved out under Article 6(3), unless the system profiles people.
The Article 26 duties for deployers include using the system as intended, keeping a human in the loop, retaining logs, informing affected employees or candidates, and monitoring operation. In practice that starts with knowing which AI tools are in use and being able to produce the record.
Qadar is not an emotion-recognition detector and does not claim to identify such tools automatically. What it does is enforce an allow-list: if an “AI interview” tool that infers a candidate's emotions is not on your sanctioned list, it is not usable in the HR group. Inferring emotions in a recruitment context is, with narrow exceptions, prohibited under Article 5 — so keeping such tools off the allow-list is the safe default.
The Article 5 prohibitions and the Article 4 AI-literacy duty have applied since 2 February 2025. The high-risk deployer duties for Annex III systems — which cover recruiting AI — apply from 2 December 2027, deferred by the 2026 Digital Omnibus. GDPR already governs automated decisions about candidates today.
Shield Web installs from the browser store and applies the HR preset bundle to the HR group in minutes — no per-user setup, scoped to HR rather than the whole organization.
Govern AI in hiring before someone asks you to prove it
Book a demo — see visibility, redaction, and the audit trail on your own HR tools.