16.07.2026

AI Act: New Obligations for Employers as of 2 August 2026

AI Act: New Obligations for Employers as of 2 August 2026

In this article, Allison BENICHOU CORCHIA analyses the new obligations imposed on employers by Regulation (EU) 2024/1689 of 13 June 2024 on Artificial Intelligence (the “AI Act”). Although the deadline of 2 August 2026, initially set for the compliance of high-risk AI systems, has been postponed to 2 December 2027 under the “Digital Omnibus” package — the formal adoption of which by the Council is still pending — the date of 2 August 2026 nevertheless remains decisive.

Keywords. Artificial Intelligence, AI Act, AI systems, penalties.

Introduction

In this article, Allison BENICHOU CORCHIA, Partner in the Employment Law department of the law firm d&a partners, highlights some of the new obligations placed on companies following the adoption of the first European legal framework dedicated to AI.

AI is now embedded in many tools used in the workplace: automated recruitment, performance evaluation, data analysis and monitoring of employees’ activity. While these technologies can greatly increase productivity and deliver considerable time savings, they also raise major legal issues, particularly with regard to the protection of fundamental rights.

To address these new challenges, on 13 March 2024 the Members of the European Parliament adopted Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonized rules on artificial intelligence (hereinafter the “AI Act”), thereby establishing the first harmonized legal framework on AI within the EUROPEAN UNION.

The AI Act, which entered into force on 1 August 2024, pursues a central objective: to improve “the functioning of the internal market and promote the uptake of human-centric and trustworthy artificial intelligence”. Its application is gradual: phased in since 2025, it will continue until 2027, and even 2028 for certain high-risk systems.

This text marks an important milestone: it now imposes new — and sometimes little-known — obligations on companies whenever they use AI systems within their organization.

Pursuant to Article 3 of the Regulation, its rules apply to “any natural or legal person, public authority, agency or other body using an AI system under its authority”. The European Regulation on AI imposes several specific obligations on employers in their capacity as deployers of AI systems.

Employers, as deployers of AI systems, are thus subject to several specific obligations, in particular where they use these technologies in the context of recruitment, performance evaluation, decision-making concerning employees or the monitoring of employees’ activity.

This article will successively address the classification of AI systems adopted by the Regulation (I) and the obligations it imposes on employers (II), before considering the risks in the event of non-compliance (III).

I/ A Risk-Based Approach: Classification of AI Systems

The European Regulation is based on a graduated approach: the more the use of an AI system is likely to affect fundamental rights, the more demanding the resulting obligations.

The AI Act thus distinguishes four levels of risk, each entailing specific requirements for employers, which should not be overlooked and should be anticipated as of now.

1/ Prohibited AI Systems

Since 2 February 2025, practices deemed unacceptable by the AI Act have been prohibited. Eight practices are thus banned, including social scoring systems and emotion recognition in the workplace (except for medical or safety reasons).

2/ High-Risk AI Systems

These include, in particular, employee evaluation tools, automated recruitment systems, algorithmic work management systems, and systems likely to affect an employee’s career or employment contract.

3/ Limited-Risk AI Systems

These are subject to transparency obligations, owing to the risks of manipulation or deception they present. They include chatbots, AI-generated content and deepfakes: users must be informed that they are interacting with an AI or that content has been artificially generated.

4/ Minimal-Risk AI Systems

Most AI systems fall into this category, such as recommendation systems, spam filters or video games. They are not subject to any specific obligation under the Regulation.

II/ Enhanced Obligations for Employers

Beyond the classification of systems, the AI Act imposes on employers a set of cross-cutting obligations, some of which are already applicable.

The first obligation, in force since 2 February 2025, consists of ensuring a sufficient level of AI literacy. Article 4 of the Regulation on Artificial Intelligence, entitled “AI literacy”, thus establishes a general training obligation for providers and deployers of AI systems. As a result, companies are required to train users in the AI tools deployed within their organization.

The text provides that “Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used”.

The objective is to ensure that everyone involved with AI systems within the company has the skills and knowledge required to make informed decisions and use these systems responsibly.

The AI Act lays down new obligations for employers, depending on the risk level of the AI system.

Limited-risk systems must comply with a principle of transparency and a principle of information, which consists in particular of notifying users that they are interacting with an AI and providing users with clear information about AI-generated content.

The following have been classified as high-risk systems under the AI Act: automated recruitment tools, employee evaluation or scoring systems, algorithmic work management tools, and decision-making tools affecting an employee’s career or employment contract. Consequently, these systems will have to meet strict requirements. Initially set for 2 August 2026, the entry into application of these obligations is in the process of being postponed to 2 December 2027 under the “Digital Omnibus” package, the formal adoption of which by the Council is still pending to date.

These systems will have to be subject to effective human oversight: designed by the provider to enable human control (Article 14 of the Regulation), they will have to be overseen, on the employer’s side, by people who have the necessary competence, training and authority (Article 26 of the Regulation). This requirement operates alongside Article 22 of the GDPR, which already governs fully automated decisions producing legal effects with regard to employees.

Article 26 of the Regulation further requires the employer-deployer to inform workers and their representatives before putting a high-risk AI system into service in the workplace (paragraph 7), as well as the persons subject to a decision involving such a system (paragraph 11).

These requirements are accompanied by obligations relating to the traceability of the system’s operation and of the data used, documentation, and the provision of information to employees and their representatives.

III/ Risks in the Event of Non-Compliance with the AI Act

The AI Act does not merely establish a theoretical framework. It also provides for particularly significant financial penalties in the event of non-compliance with the obligations it lays under.

Companies and other economic operators that develop, market or use prohibited AI systems are exposed to particularly severe financial penalties.

The AI Act provides for administrative fines of up to EUR 35 million or where the offender is a company, up to 7% of its total worldwide annual turnover, whichever is higher.

Non-compliance with the other obligations established by the Regulation is also subject to substantial financial penalties: Article 99 of the Regulation provides for a fine of up to EUR 15 million or, for a company, up to 3% of total worldwide annual turnover, whichever is again higher.

For SMEs and start-ups, however — and this is good news — it is the lower of the two amounts that applies.

In light of these new requirements introduced by the AI Act, companies must therefore adopt a resolutely proactive approach in order to secure their practices.

The first step is to carry out a precise audit of the tools in use, in order to identify the AI systems, present within the company and to assess the scope of the resulting obligations.

It is then up to employers to assess the risks associated with their use, in light of the classification adopted by the Regulation and the potential impact on employees’ rights.