The EU AI Act is set to reshape how businesses develop and deploy artificial intelligence, with full enforcement expected by 2026. To help companies prepare, Deel hosted a webinar featuring insights from its in-house experts on AI compliance and risk mitigation.

Emily Johnson, Senior Privacy and AI Compliance Manager at Deel, and Tima Anwana-Gangl, Privacy and AI Manager, shared their firsthand experience working across teams to ensure Deel’s compliance with the upcoming regulations. They discussed key provisions of the EU AI Act, practical steps businesses can take now, and strategies for navigating compliance challenges.

This recap highlights the most important insights from the discussion, equipping you with the knowledge to stay ahead of regulatory requirements and mitigate AI-related risks.

Alternatively, watch the full webinar on-demand here: Navigating the EU AI Act: Ensuring Compliance and Mitigating Risks

What Is the EU AI Act?

The EU AI Act is the first comprehensive law regulating artificial intelligence. Introduced in response to the rapid expansion of AI tools, the Act aims to ensure that AI development and usage are safe and transparent and that fundamental rights are respected.

Scope and timeline

The AI Act applies to EU-based entities and non-EU companies offering AI systems in the EU market. Initial requirements, such as AI literacy obligations, began rolling out in February 2024, with full enforcement set for August 2025.

Compliance and overlapping regulations

Companies must align their AI systems with existing regulations, including the GDPR, as AI applications often involve processing personal data. For example, AI-driven candidate tracking and interview analysis tools may trigger additional privacy obligations.

Why compliance matters

Non-compliance carries significant risks, with penalties reaching up to €35 million or 7% of global annual turnover—surpassing even GDPR fines. Beyond financial consequences, companies face potential operational suspensions and reputational damage. Ensuring compliance is essential for maintaining trust and business continuity.

See also: Get Global HR Compliance Consulting with the AI Assistant

Organizations’ biggest AI compliance concerns

One of the biggest challenges for companies implementing AI is gaining a full understanding of their AI ecosystem. Compliance starts with mapping all AI systems in use—both those developed internally and those provided by third-party vendors. At Deel, this required collaboration across teams to identify every AI tool in use before determining the necessary compliance measures.

Beyond visibility, securing company-wide buy-in is another common hurdle. Ensuring teams understand the importance of AI compliance and follow the necessary protocols is critical. Building trust—both internally and with clients—requires clear policies on AI tool use, strict data privacy measures, and thorough vetting of AI systems to align with regulatory requirements.

Everyday use of AI and what the act applies to

AI is increasingly integrated into everyday business operations, and the EU AI Act applies to many of these uses. Here are some key examples:

• Language and conversational AI: Tools like ChatGPT and Deel AI are examples of general-purpose AI, capable of tasks such as text and image generation, idea structuring, and more. These tools serve multiple functions across various industries
• Employment and worker management: AI is commonly used in recruitment and HR for tasks like CV screening, candidate ranking, and interview analysis. These tools help automate and streamline the hiring process
• Monitoring and validation: AI is also used in transaction monitoring to detect suspicious behavior or fraud, and in document validation to ensure employees receive the correct documents on time, adding an extra layer of security
• Assessments and automation: AI tools are becoming more common in performance reviews, analyzing employee data and comparing performance across time to assist in evaluating and guiding reviews

See also: How Automation and AI in Payroll Can Elevate Your Productivity and Compliance

The AI Act’s risk classification system

The EU AI Act categorizes AI systems based on their potential risk and assigns regulatory requirements accordingly. This approach ensures higher-risk applications face stricter compliance measures.

Unacceptable risk (prohibited AI systems)

AI systems that pose severe risks to individuals or society are outright banned. These include AI-driven deception, manipulation, or exploitation of vulnerabilities, and predictive policing or crime risk assessments.

High-risk (strictly regulated AI systems)

High-risk AI systems are allowed but must meet stringent compliance requirements due to their potential for significant harm. Examples include AI in medical devices, children’s toys, education, and—crucially—HR and employment. AI tools used for hiring, promotions, terminations, and worker management fall into this category.

Limited risk (transparency requirements)

AI systems that generate content, such as chatbots and image-generation tools, are classified as limited risk. These must include transparency measures, such as informing users that they are interacting with AI and labeling AI-generated content.

Minimal risk (no additional regulations)

Minimal-risk AI systems, such as grammar checks, translation tools, and spam filters, can be used freely without additional restrictions, as they present little to no risk.

The AI Act ensures that regulations are proportionate to potential harm by structuring AI compliance around these risk levels.

See also: AI in HR Management: How Does It Mesh with European AI Regulation?

Role classification under the AI Act

The AI Act also assigns compliance responsibilities based on an entity’s role in developing, distributing, or using AI. This ensures that all parties involved in AI systems are accountable under the law.

Providers (AI system developers)

Providers develop AI systems or market them under their brand. They are primarily responsible for ensuring compliance with the AI Act. For example, OpenAI is the provider of ChatGPT.

Downstream providers (integrators & white-label users)

Downstream providers integrate or white-label an AI model developed by another entity. They must ensure compliance for their specific implementation.

Deployers (AI system users & implementers)

Deployers use AI systems within their organizations and are responsible for applying compliance measures, such as defining AI usage policies.

Organizations must determine their role under the AI Act to understand their obligations and ensure compliance.

See also: Bridging the Talent Gap in AI Industry: Hiring and Managing Global Contractors

How to prepare for the AI Act

Deel has implemented a three-step approach to comply with the EU AI Act. Organizations can follow a similar process to ensure readiness.

Step 1: AI systems mapping

Begin by identifying all AI systems your organization develops and uses. Work with different teams to get a complete inventory.

• Check for tools that may have added AI functionality over time. Example: Google Workspace now includes Gemini AI, even if it didn’t when first adopted

Step 2: Role identification & stakeholder mapping

• Determine your organization’s role in the AI supply chain: Are you a provider, downstream provider, or deployer?
• Identify internal stakeholders responsible for AI systems. Different teams manage different AI applications

Example: Engineering oversees AI development, while Talent Acquisition manages AI-powered recruitment tools.

See also: 8 Tips to Find and Hire AI Talent

Step 3: Risk classification

Assess each AI system based on the EU AI Act’s risk categories shared above. Here you’re going to assess the AI system in connection with the risk classification that the act has specified.

By following these steps, organizations can proactively comply with the AI Act and manage AI-related risks effectively.

Create an AI Action Plan

Once you have mapped AI systems, identified roles, and classified risks, the next step is to develop a comprehensive AI action plan. This plan serves as a roadmap for achieving compliance with the EU AI Act by outlining compliance gaps, risks, mitigation measures, and implementation priorities.

Outline your risks

A key component of your AI action plan is identifying and documenting risks associated with AI systems. This involves:

• Classifying AI systems according to their risk levels (e.g., minimal, limited, high, or unacceptable risk)
• Evaluating potential risks, including bias, discrimination, data privacy violations, cybersecurity threats, and legal non-compliance
• Developing risk mitigation measures, such as human oversight, bias detection, and regular system audits
• Identifying gaps in governance, including missing policies, accountability structures, or insufficient technical documentation

By addressing these risks early, organizations can prevent compliance failures and ensure ethical AI deployment.

Implementation in accordance with Act requirements

Human oversight

The EU AI Act mandates that high-risk AI systems must have human oversight to prevent harmful decisions and ensure accountability. Organizations must:

• Establish supervisory controls to monitor AI systems and intervene when necessary
• Ensure human approval of AI-generated decisions, especially in critical areas like recruitment, credit scoring, and law enforcement
• Implement a “human-in-the-loop” approach, ensuring AI outputs are reviewed and validated by trained personnel before final action is taken

Transparency and explainability

To comply with the EU AI Act, organizations must ensure that AI systems are transparent and explainable. This means:

• Providing clear documentation on how AI systems work, including training data sources and decision-making logic
• Ensuring users understand AI-driven decisions, particularly when these decisions affect individuals’ rights or opportunities
• Publishing transparency policies, incorporating AI-specific terms in privacy policies, and maintaining AI usage FAQs

Conformity assessments

High-risk AI systems must undergo conformity assessments to verify compliance with EU regulations. These assessments:

• Evaluate AI models for technical, ethical, and legal compliance
• Differentiate between human rights impact assessments (focused on social risks) and conformity assessments (focused on product compliance)
• Document compliance efforts, ensuring regulators and stakeholders can verify adherence to legal standards

Organizations deploying AI must maintain detailed records of conformity assessments and be prepared for external audits.

Technical measures assessments

Technical compliance involves implementing safeguards to ensure AI systems operate safely and ethically. This includes:

• Data governance frameworks ensuring training data is unbiased and representative
• Cybersecurity protections preventing AI system manipulation or hacking
• Regular testing and validation to confirm system accuracy and fairness
• Maintaining up-to-date technical documentation for internal and external compliance reviews

By proactively addressing these technical requirements, organizations can avoid penalties and ensure AI systems function as intended.

Registration requirement

High-risk AI system providers must register their models in an EU-wide database. This involves:

• Submitting detailed system documentation outlining functionality, intended use, and risk mitigation strategies
• Regularly updating records to reflect changes in system capabilities and compliance efforts
• Ensuring transparency in AI deployment, allowing regulators to monitor AI applications across industries

Organizations that fail to register applicable AI systems risk regulatory fines and restrictions on system use.

Literacy and training

From February 2025, organizations must ensure that employees receive AI literacy and compliance training. Training should cover:

• Legal and ethical obligations under the EU AI Act
• AI risk assessment and mitigation strategies
• Incident response protocols for AI-related failures or violations
• Tailored training for different teams (e.g., engineers receive technical training, while HR focuses on ethical AI use)

Deel has implemented AI-specific training programs to ensure employees across departments understand responsible AI practices.

See also: AI in HR: How Employers Can Close the Readiness Gap

Supplier assessments

Companies using third-party AI systems must conduct supplier assessments to ensure compliance. This involves:

• Reviewing contracts to verify that AI vendors meet EU regulations
• Conducting independent audits of supplier AI models, focusing on bias, transparency, and security
• Requiring AI providers to complete compliance questionnaires, ensuring their systems align with regulatory standards

Deploying AI without proper supplier assessments can expose organizations to legal and financial risks, making due diligence a critical compliance step.

By following these structured steps, organizations can ensure AI compliance, mitigate risks, and align with the EU AI Act’s regulatory requirements.

How Deel mitigates ethical risks

At Deel, mitigating ethical risks in AI tools, particularly in recruitment, is a top priority. Tima Anwana-Gangl shared that Deel ensures a strong “human-in-the-loop” policy to prevent potential biases in automated processes, such as racial or gender-based bias.

In addition, Deel carefully reviews third-party AI tools to ensure ethical standards are met. This includes scrutinizing the training data used and understanding how personal data is processed. The focus is on using AI as a supportive tool, not a decision-maker, to preserve human judgment in the recruitment process.

Deel also handles ethical risk assessments in-house, leveraging the expertise of professionals like Emily Johnson and Tima, who bring years of experience and advanced qualifications in the field.

See also: Human in the Loop: Leverage Crowdsourcing for AI Data Labeling

Will the AI Act go global?

The EU AI Act is groundbreaking, but it’s not an isolated development. Tima Anwana-Gangl highlighted that similar initiatives are emerging worldwide.

Emily Johnson pointed out that while the EU AI Act is the first of its kind, countries like South Korea and Singapore are following suit with their own AI regulations, often aligning with the EU’s framework.

Though no longer bound by EU law, the UK is also developing principles around fairness, transparency, and human rights in AI use, reflecting many of the same concerns.

AI and job loss

Concerns about AI replacing jobs are common, especially in HR. Tima Anwana-Gangl noted that many clients worry about AI taking over their roles. However, Emily Johnson pointed out that technological advancements historically shift job markets, often creating new opportunities rather than eliminating jobs.

Tima agreed, adding that new positions like AI Ethics officers are emerging. These roles focus on ensuring AI development aligns with ethical standards. Both Tima and Emily see AI as an opportunity for professionals to adapt and thrive with new career paths in AI management and ethics.

See also: Is the AI Hype Translating to AI Jobs?

Will the AI Act impact innovation?

A common concern about the EU AI Act is how it might affect innovation. Emily Johnson noted that some customers worry it could slow the uptake of AI systems.

Tima addressed this concern by explaining that while new laws regulating emerging technologies can be seen as stifling, the AI Act provides a structured framework for the responsible development of AI tools.

Tima highlighted that the Act imposes requirements that overlap with existing laws and guidelines, particularly concerning data management, quality standards, data governance, and the need for human oversight.

Additionally, Tima noted that the AI Act incorporates measures such as regulatory sandboxes, which enable companies to trial their AI tools in controlled environments.

Getting support

As businesses navigate the complexities of AI regulation, several key support options are available to help ensure compliance.

Deel’s AI Consulting Services

Deel offers AI consulting services led by Tima Anwana-Gangl, Emily Johnson, and their team. They provide in-house developed templates, like human rights impact assessments, to help clients meet AI compliance. For businesses lacking expertise, Deel also offers hands-on consulting to guide clients through the assessment process and share valuable knowledge.

The European Commission’s guidance and resources

Businesses can also rely on resources from the European Commission, the European AI Office, and data protection authorities. These organizations offer guidelines on AI Act compliance and the intersection of the law with AI. Staying updated with these resources is key for businesses navigating AI regulations.

Deel’s Compliance Monitor

Deel’s Compliance Monitor provides organizations with real-time updates on legal changes and new guidelines globally. It helps companies stay informed about AI regulations and ensures compliance, especially when determining if an AI system is high-risk or falls under unacceptable use categories.

Get AI compliant with Deel

To dive deeper into the insights shared during the webinar, watch the full session here. Or, to learn how Deel can help you achieve AI Act compliance while embracing Deel AI for seamless global hiring, payroll, HR, and compliance solutions for your international teams, book a call with the team.