for general counsel and compliance

Defend the hire. Pass the audit.

The EU AI Act categorizes hiring AI as a high-risk system. Enforcement is currently scheduled for August 2, 2026, with a potential delay to 2027 under EU Parliament debate. Either way, your General Counsel will be asked to defend every AI hiring vendor against the same checklist — transparency, record-keeping, human oversight, conformity assessment. aifluent is built for that conversation.

Start a pilot See a sample reviewer packet

sources: artificialintelligenceact.eu/annex/3 · hunton andrews kurth · 2026-05-08

the shift in plain language

What changed, and who carries the duty.

Annex III of the EU AI Act lists categories of AI systems classified as high-risk. Two of them name hiring directly. Category 4(a) covers AI used for the recruitment or selection of candidates — including job-targeted advertising, application filtering, and candidate evaluation. Category 4(b) covers AI used to make decisions affecting work relationships, promotion, or termination.

High-risk classification triggers obligations under Articles 9 through 15 — risk management, data governance, technical documentation, record-keeping, transparency, human oversight, accuracy and robustness. Providers carry one set of duties. Deployers — your hiring team — carry another. The procurement consequence: every AI hiring vendor on your shortlist must produce evidence its system meets that bar. Most cannot yet.

sources: artificialintelligenceact.eu/annex/3 (Categories 4(a), 4(b)) · Articles 9–15, 16, 26 · verified 2026-05-08

the gc checklist

What buyers will be asked to defend.

Each row is one obligation under Annex III or an adjacent regulation your hiring team will be asked about during procurement, vendor security review, or audit. For each row: what the obligation asks, and what aifluent provides.

EU AI Act Annex III hiring obligations and how aifluent provides for each.
Obligation	What it asks	What aifluent provides
01Risk management systemEU AI Act Art. 9	Documented identification of foreseeable misuse, failure modes, and adverse impact, maintained across the system lifecycle.	A per-work sample risk register at scoping. A failure-mode catalog for the rubric, the controlled stack, and the reference signal policy. Change-control on every revision.
02Data governanceEU AI Act Art. 10	Training, validation, and testing data are relevant, representative, free of statistical bias, and free of errors that could harm protected groups.	aifluent does not train on candidate data. Reference signals (when used) are model-only and isolated to the same task. The candidate's evidence is first-party and never flows back to the evaluator's training set.
03Technical documentationEU AI Act Art. 11	Vendors maintain technical documentation that demonstrates the system meets high-risk requirements.	A per-work sample methodology pack: rubric specification, evaluator version, tool stack version, retention policy, validity caveats, known limitations. Published before any candidate runs.
04Record-keeping (logs)EU AI Act Art. 12; NYC Local Law 144 audit; Quebec Law 25	Automatic logging of events that enable monitoring, auditing, and post-hoc analysis.	An append-only evidence ledger with timestamps, prompts, AI outputs, artifact hashes, consent scope, and retention policy ID per event. Exportable as part of the report.
05Transparency to deployerEU AI Act Art. 13	Vendors disclose system capabilities, limitations, intended use, and known performance characteristics.	Plain-language methodology disclosure to the hiring team during scoping. Reviewer-facing limitations stated in every report. Versioned changelog on rubric and evaluator.
06Human oversightEU AI Act Art. 14; Quebec Law 25; OPC GenAI Principles	Effective human oversight that lets a person interpret, override, or stop the system before any decision affects an individual.	aifluent never auto-rejects, auto-ranks, or auto-advances. The reviewer decides direction in the debrief. Every report is decision support, not decision.
07Accuracy & robustnessEU AI Act Art. 15	Appropriate accuracy levels and consistent operation across the lifecycle.	Locked evaluator with versioned releases. Same task, same rubric, same approved AI tool stack for every candidate in the cohort.
08Candidate notice and consentNYC Local Law 144; IL 820 ILCS 42 — AI Video Interview Act; Ontario Working for Workers Four Act s. 8.4; Quebec Law 25	Disclose AI use before the interaction. Obtain consent. Explain how the system works. Support deletion requests.	Plain-language notice before every session. Per-candidate consent record. Accommodations workflow first-class in the spec. Sandbox is torn down after report delivery.
09Adverse-impact reviewNYC Local Law 144 — AEDT bias audit; CA CCR § 11008; IL HB 3773	Annual bias audit. Demonstrate the system does not disparately affect protected classes.	An adverse-impact analysis interface ships in v0.3 of the harness. Pilot data feeds the validity program. aifluent does not certify compliance — your audit team does, on top of the records aifluent ships.
10Data minimization & retentionEU AI Act Art. 10; GDPR; Quebec Law 25; CA CCR § 11008	Collect only what's needed. Retain only as long as necessary. Support deletion.	Task-relevant evidence only. No webcam, no microphone, no keystroke biometrics, no unrelated browsing. Sandbox tear-down after delivery; durable record collapses into the audit packet.
11Conformity assessment readinessEU AI Act Art. 43–48; EU database registration Art. 49	Demonstrate the system meets high-risk requirements. Register in the EU database where applicable.	Documented work sample methodology, evaluator version, evidence schema, audit trail, and retention policy per work sample — the inputs your conformity assessor will request, in the format they will recognize.
12Right to challenge automated decisionsGDPR Art. 22; Ontario s. 8.4; OPC GenAI Principles	Candidates have the right to challenge automated decisions and request human review.	aifluent reports are not automated decisions. Human review is a contractual guardrail. Candidates receive a portable artifact tied to the same assessment they ran.

Risk management system

EU AI Act Art. 9

What it asks: Documented identification of foreseeable misuse, failure modes, and adverse impact, maintained across the system lifecycle.
What aifluent provides: A per-work sample risk register at scoping. A failure-mode catalog for the rubric, the controlled stack, and the reference signal policy. Change-control on every revision.

Data governance

EU AI Act Art. 10

What it asks: Training, validation, and testing data are relevant, representative, free of statistical bias, and free of errors that could harm protected groups.
What aifluent provides: aifluent does not train on candidate data. Reference signals (when used) are model-only and isolated to the same task. The candidate's evidence is first-party and never flows back to the evaluator's training set.

Technical documentation

EU AI Act Art. 11

What it asks: Vendors maintain technical documentation that demonstrates the system meets high-risk requirements.
What aifluent provides: A per-work sample methodology pack: rubric specification, evaluator version, tool stack version, retention policy, validity caveats, known limitations. Published before any candidate runs.

Record-keeping (logs)

EU AI Act Art. 12; NYC Local Law 144 audit; Quebec Law 25

What it asks: Automatic logging of events that enable monitoring, auditing, and post-hoc analysis.
What aifluent provides: An append-only evidence ledger with timestamps, prompts, AI outputs, artifact hashes, consent scope, and retention policy ID per event. Exportable as part of the report.

Transparency to deployer

EU AI Act Art. 13

What it asks: Vendors disclose system capabilities, limitations, intended use, and known performance characteristics.
What aifluent provides: Plain-language methodology disclosure to the hiring team during scoping. Reviewer-facing limitations stated in every report. Versioned changelog on rubric and evaluator.

Human oversight

EU AI Act Art. 14; Quebec Law 25; OPC GenAI Principles

What it asks: Effective human oversight that lets a person interpret, override, or stop the system before any decision affects an individual.
What aifluent provides: aifluent never auto-rejects, auto-ranks, or auto-advances. The reviewer decides direction in the debrief. Every report is decision support, not decision.

Accuracy & robustness

EU AI Act Art. 15

What it asks: Appropriate accuracy levels and consistent operation across the lifecycle.
What aifluent provides: Locked evaluator with versioned releases. Same task, same rubric, same approved AI tool stack for every candidate in the cohort.

Candidate notice and consent

NYC Local Law 144; IL 820 ILCS 42 — AI Video Interview Act; Ontario Working for Workers Four Act s. 8.4; Quebec Law 25

What it asks: Disclose AI use before the interaction. Obtain consent. Explain how the system works. Support deletion requests.
What aifluent provides: Plain-language notice before every session. Per-candidate consent record. Accommodations workflow first-class in the spec. Sandbox is torn down after report delivery.

Adverse-impact review

NYC Local Law 144 — AEDT bias audit; CA CCR § 11008; IL HB 3773

What it asks: Annual bias audit. Demonstrate the system does not disparately affect protected classes.
What aifluent provides: An adverse-impact analysis interface ships in v0.3 of the harness. Pilot data feeds the validity program. aifluent does not certify compliance — your audit team does, on top of the records aifluent ships.

Data minimization & retention

EU AI Act Art. 10; GDPR; Quebec Law 25; CA CCR § 11008

What it asks: Collect only what's needed. Retain only as long as necessary. Support deletion.
What aifluent provides: Task-relevant evidence only. No webcam, no microphone, no keystroke biometrics, no unrelated browsing. Sandbox tear-down after delivery; durable record collapses into the audit packet.

Conformity assessment readiness

EU AI Act Art. 43–48; EU database registration Art. 49

What it asks: Demonstrate the system meets high-risk requirements. Register in the EU database where applicable.
What aifluent provides: Documented work sample methodology, evaluator version, evidence schema, audit trail, and retention policy per work sample — the inputs your conformity assessor will request, in the format they will recognize.

Right to challenge automated decisions

GDPR Art. 22; Ontario s. 8.4; OPC GenAI Principles

What it asks: Candidates have the right to challenge automated decisions and request human review.
What aifluent provides: aifluent reports are not automated decisions. Human review is a contractual guardrail. Candidates receive a portable artifact tied to the same assessment they ran.

sources cited inline · most-recent verification 2026-05-08 · aifluent does not provide legal advice; this checklist is a procurement aid, not a compliance opinion

how aifluent maps to the checklist

Five pillars. Each ladders to a row.

Controlled AI workbench.

The controlled AI workbench keeps the conditions identical for every candidate. Same approved AI tool stack, same model versions, same constraints, same task. Variance in tools means variance in evidence — and variance in evidence is a hiring outcome you cannot defend in debrief, audit, or court. The workbench locks the conditions before any candidate runs, so the only variable in the session is the candidate's judgment. Annex III maps this to Article 14 (human oversight) and Article 15 (accuracy and robustness).

Evidence ledger and integrity layer.

Every event in a candidate session is captured in an append-only ledger: prompts, AI outputs, candidate notes, artifact hashes, timer events, source citations, consent scope, retention policy ID. The ledger is timestamped, hash-anchored, and exportable. Annex III Article 12 asks for automatic logging that enables auditing and post-hoc analysis — this is that. NYC Local Law 144 asks for an annual bias audit — this is the data feeding it. Equally important is what the ledger does not capture: webcam, microphone, keystroke biometrics, unrelated browsing.

Optional reference signals.

For work samples where it adds calibration value, aifluent can attach a same-task AI-only reference run as one comparison variable. Reference signals are not the answer key. They give reviewers context — what model-only output looked like on the same task, with the same approved tools, at the same point in time — when that context improves calibration. Reference signals are optional, governed under a versioned policy, and disclosed in the report. They never replace the candidate's first-party evidence as the primary measure.

Human review packet.

The output is a packet a hiring manager, recruiter, and General Counsel can all use. Five-dimension observations grounded in evidence citations from the ledger. Follow-up prompts the reviewer can ask in the debrief. Limitations stated in plain language. An audit export ready for the assessment file. There is no score, no rank, no pass-fail line, and no hire recommendation. The reviewer decides direction. Every aifluent commitment under Article 14 human oversight ladders up to this packet.

Candidate artifact.

The candidate keeps a portable, credential-ready artifact tied to the same assessment the employer received. It carries the candidate's final output, a method summary, the model and tool configuration, an integrity hash, and a timestamp. Confidential assessment internals stay with the employer. The artifact gives the candidate a record they can reuse — and gives your hiring brand the candidate-experience commitment that survives a Greenhouse-style candidate-walkaway report (38% of U.S. candidates withdrew from hiring processes over AI interviews, May 2026).

sources: artificialintelligenceact.eu/annex/3 · HRDive (May 2026) · Greenhouse candidate-experience report (May 2026)

what aifluent does not do

The boundaries are contractual.

aifluent will refuse to do — and will refuse the deal of any buyer who asks for — the following:

aifluent will never

Auto-reject candidates.The reviewer decides. Every time.
Auto-rank or rank-order candidates.The report is observations, not a leaderboard. There is no cohort percentile, no top-candidates list, no calibrated cutoff.
Auto-advance candidates.No path in aifluent's architecture moves a candidate forward without a human decision.
Issue hire recommendations.aifluent does not say “hire this person.” That sentence belongs to a human reviewer with full context.
Biometric inference.No facial expression analysis. No emotion detection. No voice-stress measurement. No gaze tracking. No physiological inference of any kind.
Surveillance.No webcam capture. No microphone capture. No keystroke biometrics. No ambient session recording. No unrelated browsing telemetry.
Certify your compliance.aifluent makes compliant decisions easier — by producing the records, methodology, and process discipline an audit will ask for. We do not issue compliance certificates. Your General Counsel runs the audit on top of the artifacts aifluent ships.

These boundaries also explain why aifluent is structurally different from “AI agents that decide and act” hiring vendors. The difference is the human-decision boundary. The reviewer always decides direction. The artifact informs that decision. The two never collapse into one.

sample reviewer packet

See what a reviewer receives.

A real packet, rendered in public. The brief, the five-dimension signal, the audit trail, the candidate's AI-use reflection. Decision support, not auto-rank.

Open the sample report

on the enforcement date debate

The August 2, 2026 enforcement date is currently scheduled. The EU Parliament is debating a one-year delay to August 2, 2027. Either decision will be binding for the EU side. NYC Local Law 144, Illinois HB 3773 and the Illinois AI Video Interview Act, Colorado SB 24-205, California CCR § 11008, Ontario Working for Workers Four Act s. 8.4, and Quebec Law 25 remain in force on their own clocks regardless.

aifluent's architecture is independent of the enforcement date. The audit-grade evidence layer ships either way.

sources: artificialintelligenceact.eu · hklaw.com (April 2026) · Hunton Andrews Kurth · DLA Piper · Osler · Fisher Phillips

paid pilot

Land one role. Expand when the signal earns it.

Pilot one role with aifluent. Free through the end of 2026. Paid contracts begin January 2027 at a working anchor of $500 per role per month.

The pilot includes a role calibration workshop, a custom task pack, candidate sessions in the controlled approved AI stack, reviewer-ready packets, candidate-safe artifacts, and a pilot debrief. Your General Counsel can request the methodology pack and audit trail before any candidate runs.

Start a pilot

we reply by email within 2 business days · no newsletter · no autoresponder

human-decision boundary

The reviewer decides. aifluent never auto-rejects, auto-ranks, or auto-advances. Every work sample is reviewed by a person. Decision support, not decision.

sources: EU AI Act Art. 14 (human oversight) · artificialintelligenceact.eu/annex/3