PowerQuantEUSend your AI questionnaire

France and the EU AI Act: a uniform framework

The EU AI Act (Regulation (EU) 2024/1689) is an EU regulation, directly applicable in all member states — including France — without requiring national transposition. The obligations, deadlines, and penalties are identical across the bloc. French HR-tech companies that deploy AI systems therefore face exactly the same compliance framework as counterparts in Germany, Denmark, or Spain. There is no separate French AI Act and no local implementing measure that alters the core obligations.

HR and recruitment AI is high-risk under Annex III

Annex III point 4 of Regulation (EU) 2024/1689 designates AI systems used in employment, workers management and access to self-employment as high-risk. This covers two sub-categories relevant to HR-tech:

  • Point 4(a): AI intended for recruitment or selection of natural persons, including targeted job advertising, CV screening, application filtering, and candidate evaluation or ranking.
  • Point 4(b): AI used to make or materially influence decisions on promotion, termination, task allocation, performance monitoring and comparable HR decisions.

If your organisation deploys any system that ranks applicants, scores candidates, filters CVs, or generates hiring recommendations, it almost certainly falls within Annex III point 4. The narrow exception in Article 6(3) — for systems that do not pose a significant risk to fundamental rights and do not materially influence outcomes — does not apply to candidate profiling or ranking.

Key compliance dates (uniform across all EU member states)

The EU AI Act applies in stages, with identical deadlines throughout the EU:

  • 2 February 2025 — Prohibited AI practices (Article 5) take effect. Systems using social scoring, real-time remote biometric identification in public spaces, or subliminal manipulation are prohibited.
  • 2 August 2025 — Obligations for providers of general-purpose AI (GPAI) models apply.
  • 2 August 2026 — High-risk system obligations under Chapter III, Section 3 (including all Annex III systems) apply in full. This is the primary deadline for HR deployers.
  • Proposed deferral — not yet enacted: A Digital Omnibus proposal currently under legislative review would defer certain Annex III deployer obligations to 2 December 2027. This has not been enacted as of the date of publication. Organisations should plan for 2 August 2026 unless and until a confirmed deferral is published in the Official Journal of the EU.

Article 26 deployer obligations

The deployer is the organisation that puts an AI system into use in its own name. Article 26 places specific duties on deployers, regardless of where the AI vendor is headquartered:

  • Use the system strictly in accordance with the provider's instructions for use.
  • Assign human oversight to individuals who have the competence, training and authority to intervene.
  • Monitor operation and report serious incidents to the provider.
  • Retain automatically generated logs for at least six months.
  • Inform workers and their representatives before a high-risk AI system is put into use in the workplace.
  • Inform individuals subject to AI-assisted decisions that they are subject to such a system.

Article 4 AI literacy has been in force since 2 February 2025. Deployers must ensure that staff who operate or use AI systems have a sufficient level of AI literacy, documented in a training register.

Article 27 Fundamental Rights Impact Assessment

Before deploying a high-risk AI system in employment contexts, most deployers are required to carry out a Fundamental Rights Impact Assessment (FRIA) under Article 27. The FRIA documents the potential impact on workers, candidates, and other natural persons affected by the system. It complements — and should be coordinated with — the GDPR Article 35 Data Protection Impact Assessment (DPIA), which is typically required for any automated processing that involves candidate profiling.

Penalties (uniform across the EU)

The EU AI Act establishes three enforcement tiers, applying uniformly in every member state:

  • Up to EUR 35 million or 7 % of global annual turnover for violations of prohibited practices under Article 5.
  • Up to EUR 15 million or 3 % for violations of obligations applicable to providers and deployers of high-risk AI systems.
  • Up to EUR 7.5 million or 1 % for providing incorrect or misleading information to supervisory authorities.

NIS2 cybersecurity obligations

NIS2 (Directive (EU) 2022/2555) raises minimum cybersecurity requirements across the EU and is transposed into the national law of each member state. HR-tech SaaS vendors that meet the applicable size thresholds are typically classified as important entities under the digital providers category, and their enterprise customers may independently be in scope under their own sector classification. Entities based in France should confirm their sector classification and identify the relevant national competent authority to determine their specific obligations. PowerQuant does not advise on NIS2 national transposition details; consult national guidance and qualified legal counsel for that assessment.

What PowerQuant delivers

PowerQuant provides fixed-price compliance documentation packages for EU AI Act deployers. Every deliverable is cross-checked against the regulation text — no extrapolation, no invented requirements.

ModuleScopePrice
Module 1AI system inventory + Article 4 AI literacy register, including Annex III classification and risk mappingEUR 1,499
Module 2Procurement Evidence Pack under Article 26: deployer due diligence documentation, human oversight SOP, log-retention policy, worker and candidate information noticesEUR 3,499
Ongoing monitoringRegulatory change tracking and quarterly evidence updatesfrom EUR 699 / month

Delivery is fixed-price and fixed-timeline. No hourly billing, no scope creep.

Get a fixed quote

Email kontakt@powerquant.dk with a brief description of the AI systems you deploy in HR or recruitment contexts and the number of employees affected. We will respond with a scoped, fixed quote within one working day.

This page is technical documentation, not legal advice. PowerQuant ApS, CVR 46274067.