EuroComply
Créer un compte
HRSpain

EU AI Act for HR SMEs in Spain

A practical country and industry action plan for SMEs that need AI Act evidence, not generic legal theory.

Direct answer

HR SMEs in Spain should start AI Act work by mapping AI tools, checking Annex III high-risk triggers, documenting Article 4 training, collecting vendor evidence, and preparing oversight records before the August 2, 2026 high-risk deadline.

What should HR SMEs in Spain do for the EU AI Act?

HR SMEs in Spain should start AI Act work by mapping AI tools, checking Annex III high-risk triggers, documenting Article 4 training, collecting vendor evidence, and preparing oversight records before the August 2, 2026 high-risk deadline.

  • Create an AI inventory with business owners.
  • Check each use case against Annex III high-risk categories.
  • Document Article 4 AI literacy training.
  • Collect provider instructions and vendor evidence.
  • Prepare oversight, monitoring and incident records for high-risk use.
CountrySpain
IndustryHR
High-risk deadline2026-08-02
Primary regulationRegulation (EU) 2024/1689
Source: Official Journal of the EU, Regulation (EU) 2024/1689Reviewed:
EU AI Act for SMEsRegulation (EU) 2024/1689, Articles 2, 3, 4, 6, 26 and Annex III

The EU AI Act applies to SMEs that provide or deploy AI systems affecting people in the EU. Most SMEs start as deployers: they must inventory AI use, train staff, classify risk, keep evidence, and meet high-risk obligations where Annex III applies.

2026-08-02High-risk AI obligations

Most Annex III high-risk AI obligations apply, including documentation, oversight, logs and risk management.

Source: Regulation (EU) 2024/1689, Article 113

HR AI Act evidence checklist

Action checklist
Build an AI system inventory

List every internal and customer-facing AI tool, owner, vendor, purpose, data categories, user group and deployment status.

Articles 3, 4, 26

Classify each use case by risk tier

Separate prohibited, high-risk, limited-risk and minimal-risk use. Pay special attention to Annex III areas such as employment, education, credit, health and essential services.

Articles 5, 6, 50 and Annex III

Document deployer responsibilities

Assign a human owner, define intended use, keep logs where available, follow provider instructions and record monitoring decisions.

Article 26

Train staff and keep evidence

Provide AI literacy training to staff who procure, use, supervise or govern AI tools. Retain completion records and training content.

Article 4

Request vendor documentation

Collect provider instructions, risk classification, data information, transparency notices, security controls and incident handling commitments.

Articles 13, 15, 16, 26

Prepare high-risk evidence

For Annex III systems, document human oversight, accuracy monitoring, data governance, incident escalation and fundamental-rights impact assessment triggers.

Articles 9-15, 26, 27, 73

What is unique in Spain

Spanish SMEs should keep a clear compliance file because AI supervision, data protection and labour use cases often overlap.

Priority HR AI use cases

  • CV screening
  • candidate scoring
  • performance analytics
  • workforce planning

Turn this page into a real assessment

Run AI X-Ray for your actual tools, then save the result as an action plan for your AI register and document vault.

Run AI X-Ray Build readiness roadmap

Informational only. This country and industry page is not legal advice.