Candidate Screening Agent

From August 2026, every AI system that filters job applications will be a high-risk system under the EU AI Act. Organisations that cannot demonstrate a documented decision architecture by then will have to shut down the automation. Not at some point. On a fixed date.

That is the reality in which recruiting departments are planning right now. And it is uncomfortable, because candidate screening is simultaneously the process where automation delivers the greatest leverage - and carries the greatest risks.

The problem behind the problem

This agent follows the Decision Layer principle: each decision is either rule-based, AI-assisted, or explicitly assigned to a human.

The obvious challenge is familiar: 200, 400, sometimes 800 applications per role. Recruiters who, after the fiftieth CV, no longer apply the same standards as they did for the first. Hiring managers who ask after three weeks why the shortlist is not ready yet.

But the real problem runs deeper. Most organisations that use AI in screening do not know how their algorithms evaluate. They do not know the weighting. They cannot explain why Candidate A is on the shortlist and Candidate B is not. And that is precisely where risk accumulates.

The Mobley v. Workday case makes this tangible. An applicant sues not the prospective employer but the software vendor whose AI screened him out. The US federal court certifies the claim as a class action - alleging systematic discrimination by age, ethnicity, and disability. A University of Washington study shows: in AI-driven CV screenings, names associated with white ethnicity were preferred in 85% of cases. In some occupational groups, Black male applicants were disadvantaged in 100% of test cases.

These are not hypothetical scenarios. They are ongoing proceedings and published research.

Why high-risk does not have to mean high-friction

The EU deliberately classified candidate screening as high-risk - Annex III, Section 4(a). Systems that analyse and filter applications are subject to the full cascade of obligations: risk management system under Art. 9, data quality under Art. 10, technical documentation, record-keeping, transparency towards applicants, human oversight.

That sounds like bureaucracy. In fact, it describes precisely the architecture a responsible screening system needs anyway. The question is not whether but how - and here operational patchwork separates from resilient infrastructure.

The critical distinction: many organisations treat AI screening as a monolithic system. Application in, score out. But a monolithic system cannot be audited, cannot be explained, cannot be steered in a differentiated way. If the score says 72 and nobody knows whether that is because of missing language skills or a gap in the CV, the system is regulatorily worthless.

Screening as a chain of individual decisions

The Candidate Screening Agent works differently. It decomposes the screening process into individual, documented decision steps. Each step has a defined decision-maker: rules engine, AI, or human.

Application received
    |
    v
[Rules engine] Formal completeness
    |
    v
[Rules engine] Knockout criteria (qualification, experience, language)
    |
    v
[AI agent]     Semantic profile matching
    |
    v
[AI agent]     Weighted scoring + rationale per sub-score
    |
    v
[AI agent]     Bias check for statistical patterns
    |
    v
[Human]        Shortlist review and adjustment

The first two stages are rules-based. No machine learning, no black box. A candidate without the required professional experience does not fall through an algorithm - they fall through a rules engine that employee representatives have approved in advance, grounded in established selection guidelines. (UK: under the Equality Act 2010, all selection criteria must be objectively justifiable.)

Only at the profile matching stage does the AI agent come into play. The semantic analysis compares the CV and qualifications against the requirement profile. But - and this is the architectural core - every sub-assessment is individually justified. Not one score but six or eight documented individual assessments that together produce the ranking.

The architecture satisfies EU AI Act Articles 12, 13, and 14 by construction, not retrofit

Art. 14 of the EU AI Act requires human oversight. No committee can manually review 400 applications and simultaneously exercise oversight. But a committee can review a shortlist with documented individual assessments. It can trace why Candidate A scored 89 on competence fit and Candidate B scored 61. It can read the bias report and identify whether age groups are being systematically scored differently.

That is the difference between formal and substantive compliance. Formal compliance ticks off requirements. Substantive compliance builds an architecture in which human oversight actually works - because the information basis for it exists.

Art. 13 requires transparency towards users and affected persons. When every assessment is justified, a rejected applicant can also understand at which criterion their application failed. Not at an aggregate score that explains nothing - but at concrete, named requirements.

And Art. 12 requires records that enable subsequent evaluation. A decision log that captures every step with timestamp, decision-maker type, and rationale fulfils this not as a by-product. It is the core function.

The governance infrastructure as an investment

The Candidate Screening Agent is often the first high-risk agent an organisation puts into production. It thereby forces the build-out of infrastructure that no single agent would justify alone, but that every subsequent high-risk agent reuses.

The bias monitoring engine that detects statistical patterns in scoring here is reused by the Performance Review Documentation Agent, the Merit Cycle Governance Agent, and the Promotion Process Agent. The documented scoring method - every assessment with its rationale - becomes the standard for any agent that prepares decisions affecting individuals. The Equality Act-compliant rejection communications establish templates reused across all candidate-facing communications.

Screening is therefore not an isolated use case. It is the foundation on which all high-risk governance is built - documented, auditable, and defensible before employee representatives, before the deadline arrives.