PowerQuantEUSend your AI questionnaire

EU AI Act compliance for HR-tech in Belgium

Regulation (EU) 2024/1689 — the EU AI Act — is directly applicable law across every EU member state, including Belgium. There is no national transposition; the obligations described below apply uniformly to any organisation deploying AI tools for HR, recruitment or workforce management in Belgium.

Why HR and recruitment AI is high-risk

Annex III point 4 of the EU AI Act designates AI used for employment, workers management and access to self-employment as high-risk. This covers:

  • Point 4(a): AI systems used for the recruitment or selection of natural persons — including targeted job advertising, application filtering, and candidate evaluation.
  • Point 4(b): AI used to make or materially influence decisions on promotion, termination, task allocation, performance monitoring or evaluation.

If your organisation in Belgium uses a tool that screens CVs, ranks applicants, scores interviews, or monitors employee performance via AI, it almost certainly falls within this category. The narrow self-assessment exception under Article 6(3) does not apply to systems that profile natural persons or that materially influence hiring decisions.

Compliance timeline — uniform across the EU

The EU AI Act entered into force on 1 August 2024. The obligations phase in as follows:

  • 2 February 2025 (already in force): Prohibited AI practices are banned (Article 5). AI literacy obligations under Article 4 apply — deployers must ensure staff who operate AI systems have a sufficient level of AI literacy.
  • 2 August 2025: Rules for general-purpose AI (GPAI) models apply.
  • 2 August 2026: Full high-risk obligations under Chapter III apply to deployers, including all Annex III point 4 use cases.

Note on the proposed Digital Omnibus: A legislative proposal currently under EU consideration would defer certain Annex III deployer obligations to 2 December 2027. This is a proposed amendment only — it has not been enacted. Compliance planning should proceed to the 2 August 2026 deadline until a final legal text is published in the Official Journal.

Deployer obligations under Article 26

As a deployer — the organisation that puts a high-risk AI system into use — your obligations from 2 August 2026 include:

  • Use per provider instructions (Art 26(1)): Operate the system only within the scope defined by the provider's instructions for use.
  • Competent human oversight (Art 26(2)): Assign oversight to persons with the necessary competence, training and authority to understand, monitor and intervene in the system's operation.
  • Automatic log retention (Art 26(6)): Keep logs automatically generated by the high-risk AI system for at least six months.
  • Inform workers and their representatives (Art 26(7)): Before deploying a high-risk AI system in the workplace, inform affected workers and, where applicable, their representatives.

Fundamental Rights Impact Assessment (Article 27)

Public bodies and private operators providing services covered by Annex III — which includes most employment-related AI deployments — must carry out a Fundamental Rights Impact Assessment (FRIA) before first deployment. Even where the FRIA obligation does not apply strictly, completing an equivalent assessment is strong evidence of due diligence and feeds the GDPR Article 35 Data Protection Impact Assessment that automated candidate profiling almost always requires.

Penalties — uniform across the EU

Non-compliance with the EU AI Act carries administrative fines set at the EU level and enforced by national market surveillance authorities:

ViolationMaximum fine
Prohibited practices (Art 5)EUR 35 million or 7% of global annual turnover
Other high-risk obligationsEUR 15 million or 3% of global annual turnover
Supplying incorrect informationEUR 7.5 million or 1% of global annual turnover

These ceilings apply to undertakings of any size. For SMEs the fine must be proportionate under Article 99(6), but the obligation itself is not reduced.

NIS2 cybersecurity obligations

NIS2 — Directive (EU) 2022/2555 — raises cybersecurity requirements for operators of essential and important services and has been transposed into national law in each EU member state, including Belgium. HR-tech SaaS vendors are typically classified as important entities (digital providers) once they exceed the relevant size thresholds. Their customers — such as large employers or public sector bodies — may also be in scope under their own sector classification.

Belgium-based organisations should verify their sector classification and identify their national competent authority for NIS2 purposes. Because NIS2 obligations flow from national transposition law, which may have been amended since this page was last reviewed, confirm current requirements directly with your legal counsel or the relevant national authority.

What PowerQuant delivers for Belgian HR-tech deployers

PowerQuant ApS provides fixed-price compliance documentation packages — every deliverable is cross-referenced against the regulation text:

  • Module 1 — AI Inventory & Article 4 Literacy Register (EUR 1,499): A complete AI system inventory with Annex III classification for each tool, plus a documented AI literacy programme and training register satisfying Article 4.
  • Module 2 — Procurement Evidence Pack under Article 26 (EUR 3,499): Structured deployer due-diligence documentation, human-oversight SOP, log-retention policy, worker information notices, and FRIA template — ready for regulatory review.
  • Ongoing compliance monitoring from EUR 699/month: Continuous review against regulatory developments, including Digital Omnibus updates and enforcement guidance, with quarterly documentation refresh.

Fixed price. Fixed delivery scope. No ambiguity about what you receive.

Get a fixed quote

Contact PowerQuant at kontakt@powerquant.dk to receive a fixed-price proposal for your organisation.

This page is technical documentation produced by PowerQuant ApS (CVR 46274067) to support internal compliance processes. It is not legal advice. Regulatory requirements should be verified against the current text of Regulation (EU) 2024/1689 and applicable national law.