Skip to main content
L
Lexara Advisory
Service

HR AI Compliance

AI in hiring and workforce management carries dual regulatory exposure: the EU AI Act treats employment AI as high-risk by default, while GDPR Article 22 and NYC Local Law 144 add parallel obligations that many HR teams have not yet mapped.

HR AI Workflow

From Scattered HR AI Tools to a Defensible Compliance Position

Lexara maps HR AI systems across overlapping regimes, identifies which obligations apply to your organization, and builds evidence records that satisfy both EU regulators and internal audit.

1. Inventory — Catalog every AI tool used in recruiting, screening, promotion, and workforce management. 2. Classify — Annex III high-risk classification for employment AI affecting EU individuals. 3. Assess — GDPR Article 22 overlap, transparency duties, and rights-handling procedures. 4. Local — NYC LL144 bias audit readiness, notice requirements, and documentation. 5. Govern — AI literacy programs, human oversight records, vendor due diligence, and monitoring.

Coverage

What HR AI Compliance Covers

AI used in employment contexts is subject to a unique concentration of regulatory attention. The EU AI Act lists employment AI in Annex III as high-risk by default. GDPR Article 22 creates parallel obligations for automated decision-making. NYC Local Law 144 adds local bias-audit requirements. Lexara Advisory helps HR and legal teams understand which obligations apply and how to build evidence.

EU AI Act Annex III employment classification: AI systems used for recruitment, candidate screening, promotion decisions, termination assistance, and performance monitoring are classified as high-risk under Annex III when they affect EU-based individuals. This applies regardless of where the employer is headquartered. Classification must be documented, defensible, and communicated to the workforce where transparency obligations apply. Lexara conducts systematic Annex III classification for HR AI portfolios.

GDPR Article 22 in HR contexts: GDPR Article 22 grants individuals the right not to be subject to solely automated decisions with legal or significant effects. In hiring and promotion, this creates obligations for human review, meaningful information about the logic involved, and the right to contest decisions. Lexara maps where Article 22 intersects with EU AI Act obligations to avoid duplicative or conflicting compliance efforts.

NYC Local Law 144 for employment AI: NYC Local Law 144 requires employers using automated employment decision tools (AEDTs) to conduct annual bias audits, publish summary results, and notify candidates before automated screening. Lexara advises on LL144 readiness as part of a broader HR AI governance framework, not as a standalone exercise. The bias audit results and notice procedures should be integrated into overall AI risk documentation.

AI literacy for HR teams (Article 4): Article 4 of the EU AI Act requires providers and deployers to ensure sufficient AI literacy among staff operating or overseeing AI systems. For HR teams, this means understanding how screening tools operate, their limitations, and the legal obligations that apply to their use. Lexara designs role-based literacy programs with completion records that satisfy evidence requirements.

Documentation and evidence requirements: Regulators expect HR AI documentation to include system inventories, risk classification records, vendor due diligence files, bias audit results, training completion records, and evidence of human oversight. Lexara builds documentation frameworks that align with both EU AI Act technical documentation requirements and internal governance expectations.

Vendor due diligence for HR AI tools: Most HR AI is purchased from vendors, not built in-house. Buyers should verify that providers can deliver risk classification documentation, conformity evidence, update protocols, and transparency materials. Lexara provides vendor due diligence frameworks for HR AI procurement, including contract terms and ongoing monitoring obligations.

Entry-Level

HR AI Rapid Exposure Assessment

Inventory up to 5 HR AI systems, preliminary Annex III classification, GDPR Article 22 overlap scan, and LL144 readiness check. Delivered in one week. Fee credited toward any full engagement. Contact us to schedule.

Common Questions

Frequently Asked Questions

Does the EU AI Act classify HR AI as high-risk?

Yes. AI systems used in employment contexts—including recruitment, candidate screening, promotion decisions, and performance monitoring—are listed in Annex III of the EU AI Act as high-risk. This classification applies when the system affects EU-based employees or applicants, regardless of where the employer is headquartered.

What does NYC Local Law 144 require for employment AI?

NYC Local Law 144 requires employers using automated employment decision tools (AEDTs) to conduct annual bias audits, publish summary results, and provide candidates with advance notice of automated screening. Lexara advises on LL144 readiness as part of a broader HR AI governance framework.

How does GDPR Article 22 apply to AI hiring tools?

GDPR Article 22 grants individuals the right not to be subject to solely automated decisions with legal or significant effects. In HR contexts, this means candidates and employees may have rights to human review, contest decisions, and receive meaningful information about the logic involved.

What is the EU AI Act Article 4 AI literacy requirement for HR?

Article 4 of the EU AI Act requires providers and deployers to ensure a sufficient level of AI literacy among staff. For HR teams, this means understanding how AI tools operate, their limitations, and the legal obligations that apply to their use. Lexara designs role-based literacy programs with defensible evidence records.

What documentation should HR teams maintain for AI tools?

HR teams should maintain system inventories, risk classification records, vendor due diligence files, bias audit results, training completion records, and evidence of human oversight. These records support both internal governance and external regulatory scrutiny.

Last Legally Reviewed: June 27, 2026. Lexara Advisory LLC provides AI governance consulting and is not a law firm. This page does not constitute legal advice.

Last Legally Reviewed: 2026-06-27. Lexara Advisory LLC provides AI governance consulting and is not a law firm.