The European Union’s Artificial Intelligence Act, which took effect on August 1, 2024, adopts a risk-based, extraterritorial framework that can apply to U.S. employers when Artificial Intelligence outputs are intended to be used in the EU. The law explicitly lists many employment-related uses as potentially high risk, and it exposes both providers and deployers to duties and significant penalties, modeled in part on the EU General Data Protection Regulation. Some obligations and enforcement infrastructure are already in place, and the Act phases in the most prescriptive high-risk requirements through August 2026 with a narrow subset delayed until August 2, 2027.
Key implementation milestones and obligations set out in the article include the February 2, 2025 start of prohibited practices and Artificial Intelligence literacy obligations, publication of voluntary guidance such as the Commission’s General-Purpose Artificial Intelligence Code of Practice, and expected guidance on high-risk compliance by February 2, 2026. In the workplace context, recruiting, screening, selection, performance evaluation, and other automated decision-making are flagged as likely high risk. Employers should therefore expect to meet duties that include worker notice, meaningful human oversight by trained personnel, ongoing monitoring for discriminatory or adverse impacts, automatic logging with at least a six month baseline retention, and alignment with applicable EU privacy rules. The piece emphasizes that vendor assurances alone may not suffice and that regulatory bodies are building governance and supervision capacity now.
Practical planning steps recommended for employers are to map Artificial Intelligence uses across HR and the broader enterprise, designate internal roles and accountability for deployer obligations, operationalize worker notices and oversight procedures, and strengthen vendor diligence and contract terms to secure model documentation, logging, remediation, and audit support. Employers should implement logging and recordkeeping able to support investigations, establish metrics and cadence for fairness reviews, and harmonize privacy and data governance across jurisdictions to avoid fragmented controls. Integrating Artificial Intelligence Act compliance into existing privacy, ethics, and vendor risk workflows is presented as an efficient path forward while monitoring additional European Commission and member state guidance.
