Este artigo está disponível apenas em inglês no momento.
AI in Hiring and Employment Decisions: What UK Employers Must Do to Stay Compliant
Using AI in hiring, performance management, or redundancy selection creates specific UK GDPR, Equality Act, and employment law obligations. Here is the compliance framework for UK employers.
Key Takeaways
AI-assisted hiring is subject to UK GDPR Article 22 (automated decision-making rights), the Equality Act 2010 (indirect discrimination if AI outcomes disproportionately disadvantage protected groups), and ICO employment practices guidance.
Before deploying AI in hiring, you need: a documented lawful basis for processing applicant data; a DPIA; a transparent privacy notice specifically mentioning AI use; and a genuine human review process for AI-generated assessments.
Indirect discrimination under the Equality Act does not require proof of intent. If your AI hiring tool produces outcomes that disadvantage applicants with a protected characteristic, this creates legal exposure regardless of how the tool was designed.
Redundancy selection using AI scores is particularly high-risk. Tribunals have found AI-assisted redundancy criteria unlawful where scoring was opaque, criteria were not objective, or protected characteristics correlated with AI assessments.
ACAS guidance on AI at work (2023) establishes best practice that Employment Tribunals will reference — including consulting employees before introducing AI that affects employment decisions.
Third-party AI hiring tools do not discharge your compliance obligations. You are the data controller responsible for how the tool processes applicant data. Conduct due diligence including reviewing vendor bias audit results before deployment.
"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."
The legal framework UK employers must navigate
UK employers using AI in hiring, performance management, or workforce decisions face obligations under multiple overlapping frameworks. Unlike EU employers, UK employers are no longer subject to EU law post-Brexit, but the UK GDPR and Equality Act create an equally demanding compliance environment.
UK GDPR: automated decision-making and data processing
Article 22 of the UK GDPR restricts automated decision-making with legal or similarly significant effects. In an employment context, this covers automated rejection of job applications, AI-generated performance scores that automatically trigger disciplinary action, and algorithmic redundancy selection without meaningful human review.
Where Article 22 applies, employees and candidates have the right to: request human review of the AI-driven decision; express their point of view to a human reviewer; and receive an explanation of the decision. "Human review" must be genuine — rubber-stamping an AI recommendation is not sufficient. The ICO has been explicit on this point.
For all AI processing of employee data, you need a lawful basis under Article 6 (typically legitimate interests or contractual necessity) and, for special category data, a basis under Article 9 (typically explicit consent or employment law necessity under Schedule 1 of the Data Protection Act 2018). Run a legitimate interests assessment or Data Protection Impact Assessment before deploying AI tools that process employee data.
You must also inform employees about AI use in their privacy notice — Articles 13 and 14 require transparency about automated decision-making including meaningful information about the logic involved. A generic statement that "we use technology in employment processes" does not satisfy this obligation.
The Equality Act 2010
The Equality Act 2010 applies fully to AI-driven employment decisions. The most common AI risk is indirect discrimination — a practice that appears neutral but puts a group sharing a protected characteristic at a particular disadvantage. You must show the practice is a proportionate means of achieving a legitimate aim or it is unlawful.
Common indirect discrimination risks in AI hiring tools include: tools trained on historical data that reflect past discriminatory hiring patterns; skills-based filters that proxy for protected characteristics; geographical filtering that correlates with ethnicity; and communication style assessment tools that may disadvantage neurodivergent candidates. Require your AI vendors to provide bias testing data covering all nine Equality Act protected characteristics, not just sex and race.
The Equality and Human Rights Commission (EHRC) has issued AI and Employment guidance and has enforcement powers including the ability to conduct formal investigations and issue unlawful act notices. Employers found to have discriminated face unlimited compensation in Employment Tribunal proceedings.
ICO Employment Practices guidance
The ICO's Employment Practices Code sets out expectations for monitoring at work, data retention, and worker privacy. For AI specifically, the ICO expects employers to: carry out a DPIA before deploying AI tools that process employee personal data at scale; inform workers in clear terms what monitoring AI is used and why; and ensure monitoring is proportionate to a legitimate purpose.
Covert AI monitoring of employees is only lawful in very limited circumstances — where there is a specific, serious suspected criminal act and informing the employee would prejudice the investigation. Routine covert monitoring by AI is not lawful.
Trade union obligations
If you recognise a trade union, AI in the workplace may become a subject of collective bargaining, particularly where AI is used in performance management, scheduling, or workforce planning. Major UK unions including GMB, Unite, and Prospect have developed model AI clauses for collective agreements. Be prepared for union requests for information about AI tools used in employment decisions — the Information and Consultation of Employees Regulations 2004 creates a right to information and consultation on significant changes in work organisation.
The Employment Rights Bill
The Employment Rights Bill, introduced October 2024, proposes significant employment law reforms including stronger protections against unfair dismissal from day one of employment (currently, a two-year qualifying period applies). While not AI-specific, it will affect AI-driven performance management and dismissal processes. Employers should monitor its progress — it is expected to receive Royal Assent in 2025.
Practical steps for UK employers
Before deploying any AI tool in employment: complete a DPIA; update your employee privacy notice to describe the AI tool and its purpose; conduct bias testing across all nine Equality Act characteristics and document the results; implement a genuine human review process for consequential AI decisions; and train managers on how the AI tool works and its limitations. In recruitment specifically: check whether your AI hiring vendor has carried out UK GDPR-compliant processing impact assessments; review your privacy notice to candidates; and ensure your process allows candidates to request human review of automated rejection. Document all of this — if an Employment Tribunal or ICO investigation arises, your documentation is your primary defence.