Sovergate
Annex III, Category 4 — Employment AI

EU AI Act compliance for
HR and recruitment AI

CV screening, candidate ranking, interview scoring, and performance evaluation are all classified as high-risk AI under Annex III Category 4. Sovergate logs every AI hiring decision with PII scrubbing and generates Article 12 reports your legal team can use.

87%

of companies already use AI somewhere in their recruitment process

24%

have started formal EU AI Act compliance preparation

76%

gap between adoption and readiness — this is the compliance risk

Which HR AI systems are high-risk

The EU AI Act explicitly lists employment AI under Annex III, Category 4 — one of the broadest high-risk categories in the regulation.

CV screening and candidate ranking

Any AI system that analyses CVs, filters applications, or ranks candidates for human review is classified as high-risk. This includes ATS AI features, resume parsers with scoring, and any LLM used to shortlist applicants.

Interview analysis

AI that analyses video interviews, assesses verbal or non-verbal communication, or scores interview performance is explicitly high-risk.

Performance evaluation

AI used to assess employee performance, predict promotion readiness, or support termination decisions falls under Category 4.

Task allocation and workforce management

AI that allocates tasks, determines shift patterns, or monitors productivity in ways that affect employment conditions is in scope.

Banned outright — no grace period

The AI Act imposes an absolute prohibition on emotion tracking in the workplace. Monitoring a worker's mood or stress levels is now strictly forbidden. This prohibition has been in effect since February 2025. There is no grace period.

⚠️ What Article 12 requires for HR AI

For every LLM call your hiring or HR system makes, you must maintain:

  • Automatic logs of every AI-assisted hiring decision
  • Records showing which decisions were reviewed by a human and what factors were considered beyond the AI output
  • Tamper-evident audit trail — cryptographic verification
  • PII scrubbed in compliance with GDPR
  • Minimum 6 months log retention
  • Logs available to national labour authorities on request

Employers also have a separate duty to inform affected workers before using high-risk AI at the workplace. Your logs should record that this disclosure was made.

The candidate data problem

Every CV your AI screens contains densely packed personal data: full name, address, email, phone number, employment history, education, and often age, nationality, and disability information. Logging this raw to a US-based service creates immediate GDPR exposure. Sovergate scrubs PII locally before any data leaves your infrastructure.

Data typeReplaced with
Candidate names[NAME_REDACTED]
Email addresses[EMAIL_REDACTED]
Phone numbers[PHONE_REDACTED]
Addresses[ADDRESS_REDACTED]
National ID numbers[ID_REDACTED]

The log preserves the structure of the AI decision — what signals were assessed, what score was produced — without containing the candidate's raw personal data.

How Sovergate works for HR AI

SDK Integration + Human Review Logging
import sovergate sovergate.init( api_key="svg_prod_xxxx", system="cv-screening-v3" ) sovergate.instrument(openai) # Log human review events sovergate.log_oversight_event( decision_id="app_456", reviewer_id="recruiter_abc", # pseudonymised action="approved", ai_recommendation="shortlist", final_decision="shortlist" )
Candidate Notification Logging (Art. 26)
# Article 26 requires informing candidates # when AI is used in decisions affecting them. # Sovergate logs the notification event. sovergate.log_notification_event( candidate_id="cand_789", # pseudonymised notification_type="ai_used_in_assessment", channel="email", timestamp="2026-05-23T10:30:00Z" )

Bias documentation

Article 10 requires data governance practices that address bias in training data. For HR AI, this means documenting that your AI does not systematically disadvantage protected groups. Sovergate's logs provide the raw material for bias audits:

  • Decision distribution across time periods
  • Score distributions (without PII)
  • Human override rates
  • Rejection reasons (where recorded)

What your HR and legal team gets

A monthly PDF per AI system containing:

  • Total AI hiring decisions logged
  • Human review rate — percentage of AI decisions reviewed by a recruiter before action
  • Override rate — where human reviewers disagreed with AI
  • Candidate notification events
  • PII scrubbing summary
  • Bias monitoring data export (CSV)
  • Audit trail integrity: PASSED
  • Data residency: Hetzner, Nuremberg, Germany

Pricing

Starter
€49/month
  • 1 AI system (e.g. CV screening)
  • 100,000 requests/month
  • Annual Article 12 report
Growth
€199/month
  • 5 AI systems
  • 1,000,000 requests/month
  • Monthly Article 12 reports
  • Bias monitoring data export
Enterprise
€799/month
  • Unlimited AI systems
  • Unlimited candidates
  • Custom log retention
  • DPA signing included
  • SLA guarantee

The December 2027 enforcement deadline is closer than it looks.

Initializing the Sovergate SDK takes less than 10 minutes. Securing explicit governance sign-off from your corporate internal audit team takes weeks. Deploy the staging proxy today, export your first verification ledger, and clear compliance blockers early.

Deploy Free Trial ProxyRequest System Demo
100% German Bare-Metal Infrastructure (Hetzner)Article 12 Ledger VerifiedStandard DPA Architecture