OVI is the AI-native ATS where you chat to hire. Two AI agents — Sora for sourcing and Milo for screening — find candidates, score every CV, and run AI interviews, all controlled from a single chat.

What does "chat to hire" mean?

Chat to hire is OVI's AI-native hiring workflow: instead of clicking through a traditional ATS, you describe what you need in chat and OVI's AI agents source candidates, screen applicants, run AI interviews, and send outreach for you.

What is an AI-native ATS?

An AI-native ATS is an applicant tracking system built around AI agents rather than forms and pipelines. OVI's AI chat ATS lets recruiters source, screen, interview, and follow up through conversation — the agents do the work and surface only the candidates worth meeting.

Who are Sora and Milo?

Sora is OVI's AI sourcing agent — she scans LinkedIn, the open web, and your ATS history to find best-fit candidates and reach out in your name. Milo is OVI's AI screening agent — he scores every applicant against your rubric and surfaces a ranked shortlist.

How do OVI's AI interviews work?

OVI runs async AI interviews for every shortlisted candidate and returns scores, transcripts, and recordings — so your team only meets the people worth meeting.

Most UK Employers Are Making Illegal Hiring Decisions Without Knowing It: The ICO's New ADM Rules Explain Why

2026-06-19

The UK Information Commissioner's Office just told employers something uncomfortable: most of you are breaking the law and don't even know it.

On March 31, 2026, the ICO published its draft guidance on automated decision-making in recruitment, based on audits of more than 30 employers. The finding was stark: the majority did not recognize that their hiring processes involved solely automated decisions — the kind that require explicit legal safeguards under UK data protection law.

The consultation closes on May 29, 2026 — just 15 days from today (May 14, 2026). But the compliance deadline bearing down on every employer using AI in hiring is August 2, 2026, when three overlapping legal frameworks take effect simultaneously.

What the ICO Found — and Why It Matters

The ICO's audit revealed a systemic blind spot. Employers using AI-powered CV screening, applicant ranking, and automated shortlisting tools genuinely believed a human was making the final call. In most cases, that human involvement was superficial — what the ICO calls "rubber-stamp" review.

The ICO's position is clear: for human review to provide legal protection, the reviewer must have genuine authority, actual discretion, and access to the relevant information needed to change the outcome. Clicking "approve" on an AI-generated shortlist without independent evaluation does not qualify.

This distinction matters because solely automated decisions that produce legal or similarly significant effects on individuals trigger specific legal obligations — including the right for candidates to obtain human intervention and to contest the decision.

Three Frameworks, One Deadline: August 2, 2026

What makes August 2026 particularly consequential is that three regulatory frameworks converge on the same date:

1. UK Articles 22A–22D (Data Use and Access Act 2025). These provisions replace GDPR Article 22 in UK law, creating a domestic framework for automated decision-making. Employers must identify when they are making solely automated decisions and implement appropriate safeguards, including meaningful human involvement.

2. EU GDPR Article 22. For any employer processing data of EU-based candidates, the existing GDPR protections against solely automated decision-making continue to apply. Enforcement is accelerating — GDPR fines reached EUR 1.2 billion in 2024, with cumulative penalties totaling EUR 5.88 billion since the regulation took effect.

3. EU AI Act high-risk obligations. The EU AI Act explicitly classifies recruitment AI as high-risk — including CV screening, applicant ranking, scoring tools, and interview evaluation systems. Obligations for deployers include risk assessments, technical documentation, bias testing, human oversight mechanisms, six-month log retention, and consultation with employee representative bodies before deployment. Fines reach up to EUR 35 million or 7% of global annual turnover for prohibited practices, and EUR 15 million or 3% for deployer non-compliance.

One potential reprieve: the Digital Omnibus proposal could defer certain EU AI Act high-risk obligations to December 2027. But this deferral would need formal adoption before August 2, 2026, and regulatory uncertainty remains significant. Employers cannot plan around an unfinished legislative process.

What "Meaningful Human Involvement" Actually Requires

Across all three frameworks, the core requirement is the same: if AI is involved in hiring decisions, a human must exercise genuine oversight — not performative review.

The ICO's guidance sets out specific criteria the reviewer must meet:

Authority: The reviewer must have the power to override the automated output.
Discretion: They must actively evaluate the decision, not simply ratify it.
Access to information: They must receive the data and context necessary to form an independent judgment.
Routine practice: Meaningful review must be a standard part of the process, not an exception triggered only by candidate complaints.

An HR coordinator glancing at a ranked list and approving it unchanged does not meet this standard. Neither does a manager who only reviews flagged cases while all others pass through automatically.

How OVI Meets the Standard

OVI is built around the principle that AI should support hiring decisions, not make them. Its human-in-the-loop audio screening model is designed to satisfy the "meaningful human involvement" requirement across all three frameworks.

Here is how it works: OVI conducts structured audio-only screening chats with candidates — no video, no biometric analysis, no emotion detection. The AI processes transcript content only. Every interaction is then reviewed by a human recruiter who has full authority to accept, modify, or reject the AI's assessment before any hiring decision is made.

This architecture matters for compliance:

No solely automated decisions. Because a human reviews every screening before a decision is taken, OVI's process falls outside the "solely automated" definitions that trigger the most restrictive obligations.
No biometric processing. OVI does not analyze voice characteristics, facial features, or emotional states — reducing exposure under both the EU AI Act's prohibited-practices provisions and GDPR special-category data rules.
Audit-ready posture. OVI's practices align with SOC 2 Type II and ISO 27001 standards. A Data Processing Agreement and Standard Contractual Clauses are available for EU/UK candidates, and the platform's posture follows EU AI Act readiness requirements ahead of the August 2026 deadline. Full details are available at the OVI Trust & Compliance Center.

OVI pricing starts with a Free plan at $0, with paid tiers beginning at $29/month (Launch) and $99/month (Starter), scaling to $450/month (Growth) and custom Business plans — making compliance-ready screening accessible to organizations of any size.

The Clock Is Running

The ICO consultation on automated decision-making guidance closes May 29, 2026. If your organization uses any form of AI in recruitment, now is the time to:

Audit your current process. Determine whether any stage involves solely automated decisions — even if you believe a human is involved.
Test your human review. Does your reviewer have genuine authority, discretion, and the information needed to change outcomes?
Map your regulatory exposure. If you process EU candidate data, all three frameworks apply from August 2, 2026.
Respond to the ICO consultation. Your input shapes the final guidance.

The ICO's message is not that AI in hiring is wrong. It is that most employers are doing it without the safeguards the law requires — and that ignorance is not a defense.

Sources: ICO ADM Consultation (March 2026), ICO Blog (March 2026), Ropes & Gray, Inside Privacy / Covington, Crowell & Moring, Bird & Bird, EU AI Act Annex III, DLA Piper Digital AI Omnibus analysis.

What did the ICO find in its automated decision-making audit of employers?

The ICO audited more than 30 employers and found that the majority did not recognise their hiring processes involved solely automated decisions. Many employers believed a human was making the final call, but in most cases the human review was superficial — clicking approve on an AI-generated shortlist without independent evaluation. The ICO calls this rubber-stamp review, and it does not satisfy legal requirements under UK data protection law.

What does meaningful human involvement require under UK data protection law?

Under the ICO guidance and UK Articles 22A–22D (Data Use and Access Act 2025), a human reviewer must meet four criteria: they must have genuine authority to override the automated output; they must actively evaluate the decision rather than simply ratifying it; they must have access to the data and context needed to form an independent judgment; and meaningful review must be a routine part of the process, not an exception. An HR coordinator who approves an AI-ranked shortlist without independent assessment does not meet this standard.

What should employers do before August 2, 2026?

Employers should take four immediate steps. First, audit every stage of your hiring process to determine whether any step involves solely automated decisions. Second, test your human review against the ICO four criteria: authority, discretion, access to information, and routine practice. Third, map your regulatory exposure: if you process EU candidate data, all three frameworks (UK Articles 22A–22D, GDPR Article 22, and EU AI Act high-risk obligations) apply simultaneously from August 2, 2026. Fourth, consider responding to the ICO consultation before it closes on May 29, 2026.