The Second Deadline: What December 2027 Actually Requires From Workforce AI
On 2 December 2027, the high-risk regime under Annex III of the EU AI Act applies to employment AI. Any system that screens applicants, evaluates performance, allocates tasks, monitors workers, or feeds decisions on promotion or termination has to carry a risk management system, data governance, technical documentation, logging, human oversight, evidence of accuracy and robustness, and a completed conformity assessment. The date is now fixed: the Digital Omnibus was formally agreed in May, cleared its final Council vote on 29 June, and publication in the Official Journal is imminent. This is not the disclosure obligation that landed in August 2026. It is a documentation regime, and the artefact it demands is a per-decision evidence trail you can produce on request.
Start in the budget meeting where this goes wrong. Someone presents the compliance roadmap, someone else remembers a headline from May, and the room converges on a comfortable sentence: “that’s a 2028 problem now.” Three misreadings are packed into it. The date is December 2027, not 2028. The work the date demands, inventory, classification, documentation and logging, does not compress into a final quarter. And the systems that will pass in 2027 are the ones generating their evidence base in 2026, because records not created at the time cannot be created later.
This piece is for HR directors, compliance leads, and the product and legal teams inside workforce software vendors who are writing 2027 budgets now. By the end you will know which of your systems are in scope, what each obligation translates into for a conversational workforce tool specifically, and what to do across the next eighteen months so December 2027 is a filing exercise rather than a fire drill.
Why is December 2027 different from August 2026?
August 2026 was about telling a person they are talking to an AI. December 2027 is about proving the AI made a defensible decision. Article 50 is a transparency rule you satisfy with a sentence at the start of a conversation and a record that it was said. Annex III is a lifecycle obligation you satisfy with records that already exist before anyone asks for them.
The classification is what pulls listening and conversational tools into this. The Act treats AI used for recruitment, candidate selection, performance evaluation, task allocation, monitoring of workers, and decisions on promotion or termination as high-risk. If your engagement or listening programme is genuinely descriptive and never touches an individual outcome, it likely sits outside the regime. The moment its output informs who gets promoted, who gets managed out, or how work is distributed, it is in scope.
Is the deadline actually fixed, or will it move again?
It is fixed, and the fine print points earlier, not later. Here is the history in one paragraph so nobody reads the date as negotiable. The AI Act entered into force on 1 August 2024, with the high-risk regime originally due on 2 August 2026. By late 2025 the compliance ecosystem was visibly not ready, harmonised standards behind schedule and national authorities undesignated, so on 19 November 2025 the Commission proposed the Digital Omnibus, initially with a conditional mechanism tying the deadline to standards availability. The final political agreement of 7 May 2026 replaced that mechanism with fixed calendar dates: 2 December 2027 for stand-alone Annex III systems, 2 August 2028 for AI embedded in regulated products. Parliament endorsed on 16 June, the Council gave its final green light on 29 June, and publication in the Official Journal is expected within days.
Two things follow. Most standalone employment tools do not benefit from the 2028 product transition; plan for December 2027. And the adopted framework still allows the rules to apply earlier if the support tools, standards among them, arrive early, so the realistic range is “December 2027 or earlier”, never later. The political capital for a second delay has been spent; the institutions chose fixed dates precisely to end the speculation, and a plan that assumes another reprieve is not a plan.
Is a workforce listening tool high-risk?
It depends on what the deployer does with it, which is precisely why the honest answer is to build to the standard regardless. The Commission published draft guidelines on the classification question on 19 May 2026, with finals expected by the end of the year, and the logic runs on use, not on product category. A voice layer that briefs employees on a policy change and confirms comprehension is doing communication. The same layer, if its outputs feed performance evaluation, task allocation, or any decision about an individual’s employment terms, is squarely inside Annex III point 4. The system does not decide its own classification. Its deployment does.
Two traps sit inside that flexibility. The first is optimistic self-classification: Article 6 contains a derogation for systems that pose no significant risk, and the temptation is to file everything under it. The final Omnibus text quietly closed the comfortable version of that move by reinstating the obligation for providers to register systems in the EU database even where they consider them exempt, which means self-classification is now a documented, reviewable claim rather than a private opinion. The second trap is aggregation drift: a listening tool deployed for communication in January has a way of feeding a performance dashboard by June, and the classification follows the drift whether or not anyone re-read the paperwork. So the first job is not technical. It is deciding, honestly, which of your conversations feed decisions about people, writing it down, and controlling the drift.
What does each obligation require from a conversational workforce system?
Every high-risk obligation resolves to the same question: can you reconstruct, for one named person, what your system asked, how they responded, how the machine interpreted it, who reviewed it, and how good the underlying data was? A defensible vendor should be able to produce that artefact on the spot. Here is each obligation translated into what a conversational system actually has to produce.
- Risk management system (Article 9). A documented, ongoing process that identifies where your conversations could produce unfair or inaccurate outcomes, and what you do about it. For a voice or chat tool, that means naming the failure modes specific to conversation: a respondent answering in completion mode rather than thinking, accent or language handling that varies by group, and questions that lead. The record has to show the risk was identified and mitigated, not that it never occurred.
- Data governance (Article 10). Evidence that the data feeding the system is relevant, representative, and checked for bias, including across languages and accents. This is where a quality score alongside the transcript stops being a nice-to-have. A dataset built on autopilot responses is not representative of considered employee sentiment, even at a high completion rate. Governance means being able to separate quality-checked input from filler, and documenting how you did it.
- Technical documentation (Article 11). A description of what the system does, what data it uses, how it was tested, and its known limitations, kept current. For a conversational tool this includes the question library, the scoring and interpretation logic, and the model and instruction version in use for any given session, which is why version references belong inside the conversation record itself.
- Record-keeping and logging (Article 12). Automatic logs of the system’s operation over its lifetime, sufficient to trace any output back to its inputs. This is the regime’s spine, and it is where the telemetry-versus-evidence distinction from this series becomes statute: the requirement is per-interaction records capable of reconstructing what happened to a person, which is the auditor’s question, not the operator’s. A well-built conversational system already returns every session as a structured, timestamped record, so this obligation is largely a by-product of normal operation, or a six-month remediation project, depending on what you bought.
- Transparency to deployers (Article 13). Instructions for use that state what the system does, what it does not do, and what it must not be used for. Quietly the most commercial obligation of the seven, because the must-not-be-used-for list is both a legal shield and, done honestly, the restraint position published as product documentation: the inference abstention list, shipped as a document.
- Human oversight (Article 14). Designed-in points where a named person can understand, override, and if needed disregard the system’s output, with escalation paths for the moments the machine should not handle. The record has to show who reviewed a given result and what they decided, not just that oversight existed in principle. “A reviewer approved this”, with a name and timestamp, beats a policy document every time.
- Accuracy, robustness and cybersecurity (Article 15). Evidence that the system performs consistently and holds up under real conditions. For conversation, this is where signal quality earns its place in the compliance file: a system that cannot tell a present respondent from an absent one cannot claim its outputs are accurate, because the input was never verified. Robustness means the tool behaves on a noisy line, in a second language, on a phone, not only in a demo. Security includes the integrity of the records themselves: hashing and access logs.
- Conformity assessment and registration. Before the system goes into use, the provider assesses it against these requirements and documents the result, then registers in the EU database. Be precise with language here: for most employment AI this is a self-declared internal process resting on standards still being finalised, so passing a conformity assessment is not the same as being “conformity certified”, and no honest vendor should use that phrase. One genuine relief: the Omnibus extended simplified documentation and lighter quality-management requirements to small mid-caps, under 750 employees and 150 million euros turnover, which covers most of the companies actually building this technology.
How do these obligations map onto the conversation record?
Most of the 2027 evidence base is the same data a well-designed conversation system produces every day. Adopt the record now, and you inherit the documentation later rather than reconstructing it under deadline. That is the sequencing payoff, and it is the single most useful thing to understand before you spend a 2026 budget.
| Annex III obligation | What the conversation record already holds |
|---|---|
| Record-keeping and logging | The timestamped session: who, what question, when, in which language |
| Human oversight | The reviewer identity, the decision they took, and any escalation events |
| Data governance | The quality score attached to each response, separating checked input from filler |
| Accuracy and robustness | Performance of the same session across conditions: phone, noise, second language |
| Technical documentation | The question library, interpretation logic, and instruction version the session ran against |
| Transparency to deployers | The declared abstention list: what the system provably did not infer |
The gap between a system that generates this as it runs and one that does not is roughly the gap between an afternoon’s filing and a six-month remediation project. If your current platform reports a completion rate and a healthy-looking score but cannot tell you the conditions under which any single answer was given, it is generating the number a regulator will ask you to defend without generating the evidence that defends it. That is the specific exposure. High participation, no provenance.
What do deployers owe?
The regime is not outsourceable, and the deployer column is longer than most buyers expect. Under Article 26, a deploying organisation must use the system in accordance with the provider’s instructions, assign oversight to people with the competence and authority to exercise it, ensure input data is relevant to the intended purpose, monitor operation, and retain the logs it controls for at least six months. Public bodies and some private deployers owe a fundamental rights impact assessment before first use. And the obligation most relevant to this series’ audience: before putting a high-risk system into service in the workplace, the deployer must inform the affected workers and their representatives. The works council meeting is not an obstacle that emerged from culture. It is in the regulation.
The commercial consequence mirrors August’s: embedding transfers the provider obligations to the vendor, and the deployer obligations stay home. A vendor whose evidence cannot be exported has not reduced the deployer’s burden; it has made the deployer’s own obligations impossible to discharge.
The eighteen-month countdown: what to do, and when
Split the runway into three moves: fix your inventory and record-keeping in 2026, put contractual demands on vendors in the first half of 2027, and hold a dress rehearsal before December. Working backwards from the artefact keeps the plan honest.
In 2026: get your house in order
- Classify every workforce AI system you run against Annex III. Write down which touch recruitment, evaluation, task allocation, monitoring, promotion, or termination, against the draft guidelines, and revisit when the finals land at year end. This list decides everything downstream, and it is cheaper to argue about now than in front of a regulator.
- Adopt or switch to tools that produce a structured, timestamped record per session as a matter of course. If a system cannot log who was asked what and how it was interpreted, it cannot meet the record-keeping obligation, whatever else it does well. The record’s disclosure fields are already legally required from August, so this move pays twice.
- Start attaching a quality signal to your listening data. Begin separating quality-checked input from responses given in completion mode. This is your data governance evidence in embryo, and it also ends the recurring argument with leadership about whether the engagement numbers mean anything.
In 2027 H1: put the demands in writing
- Ask every vendor the artefact question directly. “Show me the complete evidence trail you would hand a regulator for one named individual’s decision, produced on demand.” Watch whether they can, or whether they promise to build it.
- Get written answers on the standards question. The harmonised standards these obligations rest on are still in flux; the first only entered public enquiry in late 2025 and the full set is not expected before late 2026 at the earliest. No vendor can honestly claim finished certification today. What they can commit to is a documented conformity assessment process and a plan to track the standards as they land. Reject “conformity certified” as a marketing line.
- Confirm model versioning, instruction versioning and human-oversight logging are in the record, not the roadmap. You need the configuration that ran a session and the reviewer who acted on it captured automatically, per session.
- Deployers: assign oversight owners and open the conversation with employee representatives early. The worker-information duty is yours, not the vendor’s, and that meeting goes better as consultation than as announcement.
By December 2027: what must be true
- You can produce, on request, the full decision trail for any in-scope individual: the questions, the responses, the interpretation, the model and instruction version, the human reviewer, and the data-quality evidence.
- Your risk management and technical documentation are current, not drafted once and shelved.
- A named person owns oversight for each high-risk system, and the record shows their decisions. Then run the dry run: pick one real deployment and audit it as a regulator would. Every gap found in October 2027 is a fix; every gap found in January 2028 is a finding.
Next steps if you own this Monday
If you own the listening or people-analytics programme, run the classification exercise first. You cannot budget for compliance on systems you have not decided are in scope. If you sit in legal or vendor management, add the artefact question to every renewal and RFP now, because the answer tells you in one conversation which suppliers have built for December 2027 and which are hoping the date moves. If you are an HR director defending engagement data to a sceptical leadership team, the quality score is the same instrument that answers both problems: it tells you whether the sentiment is real, and it is the data governance evidence the Act will ask for.
Do the classification exercise now
The first move in this piece (classify every workforce AI system you run against Annex III) is a memo-writing exercise, so we’ve templated it. The EU AI Act classification framework for workforce AI walks the Article 6 / Annex III point 4 decision path section by section and comes with a free, ungated classification memo template (Markdown or Word): one memo per system, drift triggers included, “take this reasoning to your counsel” printed inside. It’s versioned against the Commission’s draft guidelines of 19 May 2026, and you can subscribe on the page to be notified when we re-check it against the finals.
Frequently asked questions
Does the EU AI Act’s high-risk regime apply to employee engagement surveys?
It depends on what the survey feeds. A purely descriptive listening programme that never informs an individual outcome likely sits outside Annex III. If the results influence promotion, performance management, task allocation, or termination for named people, the system can be classified as high-risk and the December 2027 obligations apply. Re-read your own data flows before assuming you are exempt, and note that self-classifying as exempt now carries its own registration duty in the EU database.
Can a vendor be “AI Act certified” today?
No, and treat the phrase as a warning sign. The harmonised standards underpinning conformity assessment are still being finalised, so no employment AI can claim completed certification against them yet. What a serious vendor can offer is a documented conformity assessment process, per-session logging, and a commitment to track the standards as they are published.
Could the December 2027 deadline be postponed again?
It is very unlikely to move later. The date was deferred once, from August 2026, and the final Omnibus text set fixed calendar dates rather than the originally proposed conditional trigger, precisely to end the speculation. The remaining flexibility runs the other way: the rules can apply earlier if the supporting standards arrive early. Plan for December 2027 or earlier, never later.
Can our vendor handle all of this for us?
The provider obligations, yes: risk management, documentation, logging, oversight design, conformity assessment travel with the vendor. The deployer obligations do not: using the system per instructions, assigning competent oversight, monitoring, retaining logs for at least six months, and informing workers and their representatives before deployment. A good vendor makes those dischargeable by making everything exportable. No vendor makes them disappear.
What is the single most useful thing to do in 2026?
Adopt tools that generate a structured, timestamped record with a quality score for every session, and classify which of your systems are high-risk. Doing both now means most of the 2027 evidence base is produced as a by-product of normal operation rather than reconstructed under deadline, and the record’s disclosure fields discharge the August 2026 duty at the same time.
What are the penalties for getting the high-risk regime wrong?
Non-compliance with the high-risk obligations carries fines of up to 15 million euros or 3% of worldwide annual turnover, whichever is higher, with the Act’s highest tier, 35 million or 7%, reserved for prohibited practices. The practical exposure arrives earlier than any fine: a works council, a tribunal, or a data protection authority asking for records that were never created.
Sources
- Regulation (EU) 2024/1689, the EU AI Act: Articles 6, 9 to 15, 26, 27 and Annex III point 4, Official Journal of the European Union.
- Council of the EU, Artificial Intelligence: Council and Parliament agree to simplify and streamline rules, 7 May 2026, on the fixed dates, the reinstated registration duty for self-exempted systems, and the agreement’s contents.
- European Commission, AI Act policy page, on the 2 December 2027 application date for employment systems and the adopted Omnibus.
- European Commission, Standardisation of the AI Act, on the CEN-CENELEC programme, the first harmonised standard entering public enquiry, and earlier application if support tools arrive sooner.
- DLA Piper, The Digital AI Omnibus: deferral of high-risk AI obligations under the AI Act, 2026, on the employment activities classified as high-risk and the legislative timeline.
- The Compliance Conversation Record: A Proposed Specification (v0.1), earlier in this series, on the per-conversation evidence class that front-loads the Article 12 logging obligation.
Researched with AI. Argued, verified, and signed off by humans. That’s also how we think AI should work everywhere.
Give every employee a voice
Tadeus holds real voice conversations with your whole workforce at once and returns structured records to the systems you already use.
Start for free