Is SAP SuccessFactors high-risk under the EU AI Act?

Several SAP SuccessFactors modules using AI are high-risk under Annex III Category 4: Recruiting AI (candidate scoring and ranking), Opportunity Marketplace (internal mobility recommendations affecting career progression), and Workforce Analytics (performance predictions). SAP as the provider handles certification; you as the deployer must add candidate disclosure, human oversight, and log retention.

What must SAP SuccessFactors deployers do under the EU AI Act?

As a deployer of SAP SuccessFactors AI features, you must: inform candidates and employees that AI is used to assess them (Article 26), ensure humans can override AI recommendations, retain decision logs for at least 6 months, verify SAP's EU AI Act documentation, and register your high-risk AI use in the EU database.

Does SAP SuccessFactors have EU AI Act documentation?

SAP as the AI provider is responsible for Annex IV technical documentation, conformity assessment, and CE marking of its AI systems. As a deployer, you should request SAP's EU AI Act compliance documentation and verify it covers the specific modules you use. SAP has a dedicated AI ethics and compliance programme but you remain responsible for your deployment-side obligations.

SAP SuccessFactors EU AI Act Compliance Guide 2026

Module / Feature	EU AI Act classification	Reason
Recruiting AI — candidate scoring, ranking, fit analysis	HIGH RISK	Annex III Cat.4 — AI used in employment decisions
Opportunity Marketplace — internal mobility AI, gig matching	HIGH RISK	Affects career progression of existing employees
Succession & Development AI — successor identification	HIGH RISK	AI influences promotion and succession decisions
Workforce Analytics — performance prediction, attrition risk	HIGH RISK	AI predicts individual employee performance outcomes
Learning — AI course recommendations	LOWER RISK	Training recommendations without employment consequences
Time & Attendance, Payroll	NOT HIGH RISK	Calculations, not AI-based assessment of persons

SAP SuccessFactors and the EU AI Act: full analysis

Why enterprise HR platforms face additional complexity

Enterprise platforms like SAP SuccessFactors often have dozens of modules, some using AI and some not. The EU AI Act does not apply to the whole platform — only to specific AI-powered features that make or inform consequential decisions about individuals. Your first task is to map exactly which modules you have enabled and whether they use AI.

SAP also issues frequent updates. A module that was purely rules-based when you deployed it may have received AI features in a subsequent release. This means your compliance register needs to be reviewed whenever SAP releases a major update to the modules you use.

The Opportunity Marketplace — often overlooked

Many organisations focus compliance efforts on external recruitment (Recruiting AI) and overlook the Opportunity Marketplace. This module uses AI to recommend internal gig assignments, project opportunities, and career moves to employees. Because it affects existing employees' career progression — not just external candidates — it triggers the worker notification obligation under Article 26(2), which requires you to inform workers before AI is used in decisions that significantly affect their working conditions.

Requesting documentation from SAP

As a deployer, you have the right to request technical documentation from SAP under Article 26(1)(a). Specifically, you should request:

Confirmation of CE marking status for each AI module you use
The Annex IV technical documentation summary (or the full document)
SAP's post-market monitoring reports for relevant modules
Any instructions for use documentation that specifies deployer obligations

SAP's enterprise contracts typically include compliance schedules — check your contract or contact your SAP account manager for the latest EU AI Act documentation pack.

Frequently asked questions

We use SAP SuccessFactors but have disabled all AI features. Do obligations still apply?

If AI features are fully disabled and no AI-generated scores, rankings, or recommendations reach any person making employment decisions, you are not a deployer of a high-risk AI system for those features. Document this explicitly — your compliance register should state which modules are active and confirm AI features are off. If you re-enable AI features later, obligations apply from that point.

HR sees AI scores but makes all final decisions manually. Does that satisfy human oversight?

Partially. Meaningful human oversight under the EU AI Act means more than having a human in the loop — the human must be capable of understanding and challenging the AI output, must have the authority to override it, and must not be under structural pressure (time pressure, volume, defaults) that makes overriding impractical. If recruiters see 500 AI-ranked CVs a day and almost never deviate from the ranking, a regulator may question whether oversight is truly meaningful.

Our SAP SuccessFactors contract is managed by a third-party IT partner. Who is responsible for compliance?

You are. The deployer is the organisation in whose professional context the AI system is put into service — that is your organisation, regardless of who manages the technical configuration. Your IT partner may be a processor under GDPR, but EU AI Act deployer obligations sit with you as the entity making employment decisions using the system's output.

SAP SuccessFactors EU AI Act Compliance: Deployer Guide

Which SAP SuccessFactors modules are high-risk?

Your deployer obligations (Article 26)

What SAP is responsible for (provider obligations)

Need ready-to-use SAP SuccessFactors compliance documents?

SAP SuccessFactors and the EU AI Act: full analysis

Why enterprise HR platforms face additional complexity

The Opportunity Marketplace — often overlooked

Requesting documentation from SAP

Frequently asked questions