78% of Companies Are Not Ready for the EU AI Act's HR Deadline — And the Clock Has Already Started
78% of Companies Are Not Ready for the EU AI Act's HR Deadline — And the Clock Has Already Started
Here is a number that should alarm every HR leader in Europe — and every global company that hires there: 78% of enterprises have not taken meaningful steps toward EU AI Act compliance, according to Vision Compliance's 2026 Readiness Report. Meanwhile, 87% of companies already use AI in their recruitment processes, with only 24% having begun formal compliance preparation. That is a 63-point gap between adoption and readiness — and the EU AI Act's August 2026 deadline for high-risk AI systems is now four months away.
Worse, one critical obligation is not waiting for August. It is already in force.
What Makes HR AI “High-Risk” Under the EU AI Act
The EU AI Act classifies AI systems used in employment as explicitly high-risk under Annex III, Category 4. In plain terms, if your organisation uses AI for any of the following, it falls under the Act's strictest tier:
- Recruitment and screening — CV parsing, candidate ranking, automated shortlisting
- Hiring decisions — interview analysis, offer recommendations
- Promotion and task allocation — performance-based routing, internal mobility scoring
- Performance monitoring — productivity tracking, engagement scoring
- Termination decisions — attrition risk models that feed exit decisions
This is not a grey area. The regulation names employment AI alongside critical infrastructure, law enforcement, and border control. The message from Brussels is clear: AI that shapes people's livelihoods demands the highest oversight.
Article 26(7): The Obligation That Already Applies
Most HR teams are planning around the August 2026 deadline. But Article 26(7) is already in force: employers must notify and consult employee representative bodies — works councils, trade unions, staff delegates — before deploying any high-risk AI system in the workplace.
This is not a future requirement. It is a live legal obligation today. If your organisation deployed an AI-powered hiring tool, performance tracker, or workforce planning system without consulting employee representatives, you may already be non-compliant.
For multinational companies operating across the EU, the consultation requirement varies by member state, but the principle is universal under the Act. HR teams should confirm with local counsel that representative notification has been completed for every AI tool currently in production.
The Six Mandatory Compliance Requirements
When August 2026 arrives, organisations deploying high-risk HR AI must demonstrate compliance across six mandatory areas:
- Risk management system — A documented, ongoing process to identify, evaluate, and mitigate risks from the AI system throughout its lifecycle.
- Data governance — Training and validation datasets must be relevant, representative, and free from errors. Bias testing is required before deployment.
- Technical documentation — Complete records of how the system works, its intended purpose, accuracy metrics, and known limitations — available to regulators on request.
- Worker transparency — Employees and candidates must be informed, in clear language, that an AI system is being used and how it affects decisions about them.
- Human oversight — Qualified personnel must be able to understand, monitor, and override the AI system's outputs. Fully autonomous decision-making is not permitted.
- Accuracy and robustness testing — The system must perform consistently and reliably, with documented testing against errors, adversarial inputs, and edge cases.
These are not aspirational guidelines. They are enforceable requirements with teeth.
Penalties That Exceed GDPR
The enforcement framework is substantial. Non-compliance with high-risk AI obligations carries fines of up to EUR 35 million or 7% of global annual turnover — whichever is higher. For context, GDPR's maximum penalty is EUR 20 million or 4% of turnover. The EU AI Act raises the ceiling by 75%.
For a multinational employer with EUR 10 billion in annual revenue, the maximum exposure under the AI Act is EUR 700 million — compared to EUR 400 million under GDPR. These are not theoretical figures; the EU has shown through GDPR enforcement that it is willing to impose headline penalties on major employers.
The Digital Omnibus Wildcard — and Why It Changes Nothing
Some enterprises are betting on delay. The European Commission's proposed Digital Omnibus Act could extend certain AI Act deadlines to December 2027 or August 2028, contingent on whether harmonised standards are finalised in time.
But this is not an invitation to wait. Article 26(7) already applies regardless of any extension. The consultation and notification obligation for employee representatives is active now. And even if the broader deadline shifts, organisations that begin compliance work in 2027 will face a compressed timeline, higher costs, and greater operational disruption than those that start today.
The prudent approach: plan for August 2026 and treat any extension as a bonus, not a strategy.
Your 5-Step Q2 2026 Action Plan
For HR leaders who need to move from awareness to action this quarter, here is an immediate compliance roadmap:
Step 1: Audit your AI inventory. Catalogue every AI tool used across hiring, performance management, workforce planning, and employee relations. Identify which systems fall under Annex III, Category 4. If you do not know what AI your organisation uses, you cannot comply with the Act.
Step 2: Confirm Article 26(7) compliance now. Verify that employee representative bodies have been notified and consulted on every high-risk AI system currently deployed. If this has not happened, initiate the process immediately — this obligation is already enforceable.
Step 3: Assess vendor readiness. Contact every AI vendor in your HR stack and request their EU AI Act compliance documentation. Ask specifically for risk management frameworks, bias testing results, and technical documentation. Vendors who cannot provide these materials may need to be replaced.
Step 4: Establish human oversight protocols. For each high-risk AI system, designate qualified personnel with the authority and training to review, override, and explain the system's outputs. Document the oversight process and ensure it is operational — not theoretical.
Step 5: Begin documentation for regulators. Compile your risk assessments, data governance records, transparency notices, and oversight protocols into a single compliance package. Regulators will expect this to be audit-ready by August 2026.
Who This Applies To
This is not limited to EU-headquartered companies. If your organisation employs people in the EU, hires EU-based candidates, or processes employment data of EU residents, the AI Act's high-risk provisions apply to you. Global companies with EU operations should treat this as a cross-jurisdictional compliance priority, alongside GDPR and local labour law.
The 78% of enterprises that have not started preparing are running out of time. The 24% that have begun formal compliance work have a meaningful head start — but even they have significant ground to cover in the next four months.
The clock is not approaching. It has already started.
Sources: Vision Compliance 2026 EU AI Act Readiness Report; InterviewBox / PwC AI hiring adoption analysis; Crowell & Moring, "AI and HR in the EU: A 2026 Legal Overview"; EU AI Act Annex III & Article 26(7); SHRM, "New Year Brings New AI Regulations for HR"