EU AI Act compliance for HR-tech companies in Ireland
The EU AI Act (Regulation (EU) 2024/1689) is directly applicable law across every EU member state — including Ireland. There is no Irish-specific version, no national transposition required, and no variance in scope or penalty thresholds. If your organisation operates in Ireland and uses AI in hiring, performance evaluation, or workforce management, the same obligations apply as in Germany, France, or Denmark.
This page explains what the regulation requires, when it applies, and what PowerQuant delivers to help you meet it.
HR and recruitment AI is high-risk by law
Annex III point 4 of the EU AI Act explicitly classifies AI systems used in employment, workers management, and access to self-employment as high-risk. This covers:
- AI that places targeted job advertisements or screens CVs for suitability
- Systems that rank, score, or shortlist candidates during recruitment or selection
- Tools used to monitor, evaluate, or make decisions about employee performance
- AI that influences decisions on promotion, task allocation, or termination
If your HR-tech vendor supplies any of these capabilities and your organisation deploys them, you are a deployer under the regulation — not merely a customer — and you carry direct legal obligations.
The timeline that applies uniformly across the EU
The EU AI Act entered into force on 1 August 2024. Implementation is phased:
| Date | What applies |
|---|---|
| 2 February 2025 | Prohibited AI practices (Article 5) banned — already in force |
| 2 August 2025 | General-purpose AI (GPAI) model obligations apply |
| 2 August 2026 | High-risk obligations under Annex III apply to deployers |
A proposed revision — the Digital Omnibus package — is under discussion at EU level and may defer some Annex III deployer obligations to 2 December 2027 for certain categories. This is a legislative proposal, not enacted law. Until it passes and is published in the Official Journal, the 2 August 2026 date remains the binding deadline.
What deployers must do: Article 26 obligations
Once the high-risk regime applies, deployers — organisations that put a high-risk AI system into use — must comply with Article 26:
Use per provider instructions. You may only use a high-risk AI system in accordance with the instructions of use provided by the provider. Deploying the system outside its intended purpose or in ways the provider has not validated is non-compliant.
Implement competent human oversight. Article 26(5) requires deployers to assign human oversight to natural persons who have the competence, authority, and resources to understand the system's outputs and intervene when necessary. Human oversight cannot be nominal — the designated person must be capable of meaningful review.
Maintain automatic logs for at least six months. Where the high-risk AI system generates logs automatically, deployers must retain those logs for a minimum of six months, subject to applicable Union or national law on data retention.
Inform workers and their representatives. Before deploying a high-risk AI system that affects employees, deployers must inform workers and, where applicable, their representatives. This notification obligation applies regardless of whether the system is used in recruitment, evaluation, or ongoing workforce management.
Fundamental Rights Impact Assessment (Article 27)
Where a deployer is a body governed by public law, or is a private entity providing public services, Article 27 may require a Fundamental Rights Impact Assessment (FRIA) before deployment. The FRIA must document the reasonably foreseeable impact of the system on fundamental rights, including equality, non-discrimination, privacy, and data protection. Even where a formal FRIA is not mandatory, the structured analysis it requires is best practice for any organisation operating in a regulated HR context.
Penalties — uniform across the EU
The EU AI Act sets penalty ceilings that apply identically in every member state. National supervisory authorities may calibrate fines within these limits, but the ceilings are set by EU law:
- Up to EUR 35,000,000 or 7% of global annual turnover (whichever is higher) — violations involving prohibited AI practices
- Up to EUR 15,000,000 or 3% of global annual turnover — violations of obligations for providers and deployers of high-risk AI
- Up to EUR 7,500,000 or 1% of global annual turnover — provision of incorrect, incomplete, or misleading information to authorities
These are per-violation ceilings, not aggregate caps.
NIS2: a parallel cybersecurity obligation
NIS2 (Directive (EU) 2022/2555) raises minimum cybersecurity requirements across the EU and must be transposed into national law by each member state, including Ireland. Unlike the AI Act, NIS2 operates through national transposition — the substantive obligations and enforcement are governed by each country's implementing legislation.
HR-tech SaaS vendors operating above the applicable size thresholds typically fall under NIS2 as important entities in the digital infrastructure or digital provider categories. Their customers — employers using those platforms — may independently be in scope under their own sector classification.
Organisations in Ireland should confirm their NIS2 classification and identify the relevant national competent authority. PowerQuant can help you assess NIS2 exposure as part of a combined compliance engagement, but cannot provide jurisdiction-specific legal advice on national transposition law.
What PowerQuant delivers
PowerQuant provides fixed-price compliance documentation packages for HR-tech deployers. Every claim in our deliverables is cross-checked against the regulation text.
Module 1 — AI Inventory & Article 4 Literacy Register — EUR 1,499 A structured inventory of AI systems in scope under Annex III, with a workforce AI-literacy register satisfying the Article 4 obligation that providers and deployers ensure sufficient AI literacy among their staff.
Module 2 — Procurement Evidence Pack (Article 26) — EUR 3,499 A complete deployer evidence pack: supplier conformity documentation review, Article 26 compliance checklist, human oversight assignment record, worker notification template, and log-retention policy — ready for regulatory inspection.
Ongoing Compliance Monitoring — from EUR 699/month Continuous monitoring of your AI system portfolio against regulatory developments, including tracking of the Digital Omnibus proposal and any timeline changes, with quarterly evidence updates.
All modules are delivered at a fixed price, on a fixed timeline. No hourly billing, no scope creep.
Get a fixed quote
To discuss your organisation's position and receive a fixed quote, email kontakt@powerquant.dk.
This page is technical compliance documentation, not legal advice. PowerQuant ApS, CVR 46274067.