As companies increasingly seek to harness artificial intelligence, the human resources sector is emerging as a key area for innovation. From recruitment to performance management and employee analytics, organizations are eager to leverage AI to enhance efficiency and streamline processes.
However, the implementation of AI in HR raises important concerns about data governance and regulatory compliance. Stakeholders are rightly cautious about the additional compliance challenges that may arise. Even with the promising prospects that AI tools offer, there is a pressing need for organizations to reassess their internal safeguards, vendor management, and governance strategies as regulatory bodies begin to scrutinize the implications for employees and job candidates.
During a breakout session at the IAPP AI Governance Global North America 2025, Veena Calambur, Principal Program Manager of Responsible AI at Workday, emphasized, “HR is a very people-driven system, so responsible AI can’t just be about the technology. It must involve both the people implementing it and those affected by it.”
The Regulatory Environment
Key concerns surrounding AI in HR revolve around the potential consequences of automated decision-making without adequate human oversight. The EU AI Act seeks to enforce transparency and human oversight requirements to mitigate risks associated with employee monitoring and bias. Similarly, the EU General Data Protection Regulation grants individuals the right to request human intervention regarding automated decisions, as well as the opportunity to express their viewpoints and contest these outcomes.
At the IAPP AI Governance Global Europe 2025 in May, Cian O’Brien, Deputy Commissioner of the Irish Data Protection Commission, pointed out that experiences with GDPR compliance can guide organizations in developing AI-powered HR tools that meet legal standards. He noted that conducting data protection impact assessments in line with GDPR can be beneficial in the AI context.
“After seven years of GDPR enforcement, the value of timely documentation that evaluates risk and addresses it has become evident, regardless of its formal classification under Article 35,” he remarked.
In the U.S., states like California, Colorado, and Illinois are also taking steps to ensure decisions about individuals are not made solely based on AI outputs.
According to Hintze co-Managing Partner Jennifer Ruehr, CIPP/US, organizations in the U.S. face heightened compliance risks as regulatory frameworks evolve and litigation escalates. She acknowledged that while there are many beneficial applications for AI in HR, establishing “nuanced guardrails” could facilitate innovation in a regulated environment.
“The risks are substantially greater than ever before,” Ruehr continued, highlighting that companies unfamiliar with global standards are often required to “retrofit U.S. programs and train HR and IT teams accordingly.”
Organizational Considerations and Vendor Concerns
Workday’s Calambur stresses the importance of fully adopting an AI framework as a key compliance consideration.
“While theoretical principles are valuable, they must be put into practice,” she explained. “We need to establish AI review processes that systematically identify and mitigate risks during AI development.”
Additionally, organizations face challenges in governance when legal departments are involved too late in the process of AI procurement. Zoe Argento, Shareholder at Littler Mendelson, remarked that late engagement can lead to missed opportunities for key protections and assurances in contracts.
Compliance extends beyond in-house HR practices; vendor oversight is especially critical for companies that outsource recruitment, screening, and workforce analytics.
“It’s vital for organizations to understand that while HR often outsources various functions, they still bear responsibility for many decisions made by these vendors,” Argento noted. “Employers could be liable for how AI is utilized.”
She also pointed out the lack of understanding of algorithms and their outputs as a significant concern. This deficit of knowledge applies to both internal HR functions and outsourced services.
“It’s important to grasp the limitations of the technology—what data it can and cannot access—and the other factors influencing its decision-making capabilities, so effective oversight can be maintained,” Argento advised.
In conclusion, while the integration of AI in HR holds significant promise for enhancing operational efficiency, organizations must navigate the complexities of compliance and governance carefully. By prioritizing responsible implementation and thorough vendor oversight, companies can harness the benefits of AI while safeguarding the interests of their workforce.
