Starting August 2, 2026, any company using AI to evaluate job candidates in Europe must undergo annual third-party bias audits. The penalty for non-compliance: €15 million or 3% of global annual turnover, whichever is higher.

The EU AI Act classifies AI hiring tools as high-risk systems requiring full technical documentation, human oversight mechanisms, and transparency disclosures to candidates. Companies have 105 days to prepare.

What Counts as AI Hiring

The scope is broader than most HR leaders realize. Any AI tool that evaluates EU-based candidates qualifies regardless of where your company is headquartered. This includes resume-ranking algorithms, AI interview scoring tools, and job ad targeting systems.

A U.S. startup that posts remote jobs open to EU applicants falls under these rules if their AI makes decisions affecting European candidates. Location of the company does not matter. Location of the candidate does.

The Audit Requirements

An AI hiring bias audit is not a one-page checkbox. Auditors need your model's training data composition, outcome data disaggregated by protected characteristics like gender, age, and ethnicity, plus evidence of continuous monitoring.

Most companies have not built the data pipelines for this. And "we use a vendor's tool" is not a defense. The obligation falls on the deployer, not the developer. If you use AI resume screening, you own the audit.

Companies targeting August 2 compliance need a signed audit engagement letter now, not in July. Certified third-party auditors qualified under the EU's conformity assessment framework are limited and booking up fast.

What Companies Need

Before the August deadline, companies need a written risk assessment, documentation of training data sources, a human review process for rejected candidates, and a signed audit engagement.

Under Article 12 of the EU AI Act, high-risk AI systems must also automatically log every action they take with enough detail to trace their decision-making. Logs must be retained for at least six months and be structured and searchable.

This means real-time, always-on records of what your AI did and why. Not batch exports. Not audit trails compiled on request. Automatic logging generated without operator intervention.

The Reality Check

Most AI hiring vendors do not yet produce Article 12-compliant logs. There is no finalized technical standard yet. Companies need to define their own logging architecture in the interim.

The first question every HR leader should ask their AI vendor this week: Are you classified as a high-risk system under Annex III of the EU AI Act? If they do not know, that is a red flag.

Europe is forcing accountability into AI hiring at exactly the moment when AI tools are becoming standard. Companies that get this right will have a competitive advantage. Companies that get caught unprepared will face €15 million fines and a compliance crisis.

The clock is ticking. 105 days and counting.