Skip to content
K W
EU AI Act: Not High Risk

Talent Pool Management Agent

Talent pools across the UK, EU, and US where every candidate record carries a documented lawful basis and retention clock - so a GDPR erasure request, a Title VII disparate-impact charge, or an AI-matching audit each resolves on a single record, not a four-year CRM with no consent.

Candidate pool segmentation and engagement: Title VII/EEOC Uniform Guidelines, GDPR Art. 17 erasure + Art. 22 automated-decision prohibition, UK Equality Act 2010 and EU AI Act 4/13/14/26.

Analyse your process

A selection from over 5,000 projects in 25 years of software development

Airbus Volkswagen Shell Renault Evonik Vattenfall Philips KPMG

Talent pools that survive a GDPR audit, an EEOC charge, and an AI-matching review at once

The agent runs lawful-basis classification, consent capture, retention, and erasure by rule, while AI handles disparate-impact analysis, skill-based matching, segmentation, and dormant-candidate scoring as indicators. Humans own segmentation strategy, campaign design, and diverse-slate review. The rule-based core matters because a GDPR Article 17 erasure failure, an EEOC four-fifths finding, and an AI-vendor liability question can all converge on a single candidate record.

Outcome: An organisation recruiting across the UK, EU, and US typically holds 50,000 to 500,000 talent-pool records, and dormant records without a documented lawful basis are immediate enforcement exposure for the European data-protection authorities. An EEOC disparate-impact charge starts a 180-day clock toward class-action and back-pay risk. GDPR fines reach 4 percent of global turnover, and the Mobley v. Workday case extended liability to AI-matching vendors. The compounding reality: the typical multinational keeps over 100,000 dormant records with no consent and no retention monitoring.

50% Rules Engine
43% AI Agent
7% Human

The agent decomposes talent-pool management into nine rule-based decisions, five ML-augmented indicators, and one mandatory human escalation - each with a statute citation, an audit trail, and an appeal path.

100,000 dormant candidate records, zero documented consent - one GDPR audit turns a talent pool into a five-jurisdiction liability

Cross-jurisdictional talent-pool management faces five parallel statutory regimes: US anti-discrimination law (Title VII and the EEOC four-fifths rule, with the Mobley v. Workday case and NYC Local Law 144 on AI hiring tools); the UK Equality Act 2010 with its Section 60 health-enquiries restriction; GDPR on lawful basis, consent, erasure, and automated decisions; the EU AI Act on recruitment AI; and the 25-plus US state pay-transparency laws. A single candidate record at a large multinational can trigger several of these at once, and the typical organisation keeps over 100,000 dormant records with no documented consent.

Talent pool as compliance trap between EU GDPR and Title VII

This agent follows the Decision Layer principle: each decision is either rule-based, AI-assisted, or explicitly assigned to a human - and the human spots are reserved for engagement campaign approval and diverse slate review.

A Talent Acquisition Director discovers in a routine ICO audit that the LinkedIn Recruiter Talent Pipeline holds 47,000 candidate records harvested over four years from cold outreach, recruitment events, speculative applications, and silver medallists. Fewer than 12 percent carry documented consent under GDPR. The rest were imported with no lawful-basis classification, no retention boundary, and no transparency notice. The same week, the head of sourcing receives an EEOC charge alleging that an AI skill-matching tool systematically suppresses applications from candidates over 50. EEOC counsel cites Mobley v. Workday and demands a four-fifths-rule analysis of pool-to-requisition progression by protected class.

The problem is not negligence by individual recruiters. It describes the normal state of talent pool infrastructure built between 2018 and 2024: LinkedIn Recruiter saved searches, iCIMS CRM nurture campaigns, Beamery employer brand engagement, Greenhouse Talent Pool for silver medallists, Phenom Career Site captures, Gem cold outreach, Eightfold AI Skill Cloud recommendations. Each platform has its own consent capture, its own retention default, its own segmentation logic, its own audit trail (or none).

The agent classifies every talent-pool entry by source-specific lawful basis: consent (Article 6(1)(a)) for proactive sourcing and speculative applications, contract performance (Article 6(1)(b)) for active-requisition candidates, and a legitimate-interest balancing test (Article 6(1)(f)) for silver medallists, alumni, and employee referrals. Article 7 requires consent that is freely given, specific, informed, and unambiguous, with a right to withdraw as easy as giving.

Default retention is six months for general candidate records under the ICO recruitment code, extended to twelve months for silver medallists with documented justification and twenty-four months for critical-skill pools with explicit consent renewal. US record-keeping rules set their own minimums - one year under EEOC rules, two for federal contractors under the OFCCP Internet Applicant Rule.

Erasure under Article 17 fires on consent withdrawal, retention expiry, a sustained objection, or unlawful processing, and cascades across the ATS, CRM, and sourcing tools with chain-of-deletion verification. The Article 17(3)(e) legal-claims exception keeps the minimum needed for anti-discrimination defence. Every deletion is logged and confirmed to the data subject within 30 days under Article 12.

US Title VII, the EEOC, and the UK Equality Act

The agent runs ML-augmented disparate-impact analysis on pool composition, sourcing-channel performance, and candidate progression against Title VII protected classes, ADEA age protection, and the disability rules, applying the EEOC four-fifths (80 percent) threshold. The flagging is an indicator, not a final decision - flagged patterns route to the Talent Acquisition Director, DPO, and Compliance Officer for human review.

UK Equality Act 2010 protected characteristics are checked alongside the Section 60 pre-offer health-enquiry restriction and the positive-action provisions, drawing on the EHRC and ACAS codes. The agent flags illegitimate filtering criteria, indirect discrimination, missing accommodation, and missing diverse-slate documentation for OFCCP good-faith effort.

On retention, the agent holds records to the EEOC one-year and OFCCP two-year minimums and maintains chain-of-custody for charge defence and EEO-1 and Affirmative Action reporting.

AI talent matching and Mobley v. Workday

The EU AI Act classifies recruitment AI used for screening, ranking, or matching as high-risk (Annex III(4)(a)). The agent assesses each AI matching deployment, and where AI is the primary screening basis the deployment triggers provider and deployer obligations, a Fundamental Rights Impact Assessment, and fines up to EUR 15M or 3 percent of global turnover.

The Mobley v. Workday case set a vendor-liability precedent: the AI vendor was named as an agent of the employer-customer for Title VII purposes, so the vendor can be held liable when its product affects protected classes. NYC Local Law 144 adds an independent bias audit, candidate notification at least 10 business days before use, and publication of the audit summary. The EEOC has named AI hiring tools an enforcement priority and confirmed that algorithmic decision-making is subject to anti-discrimination law.

Engagement workflows and re-activation sequences

The agent designs an engagement cadence per persona, role priority, and last interaction - newsletters, role-specific job alerts, thought-leadership, event invitations, targeted InMail, email nurture, and consented SMS, all UTM-tracked and engagement-scored. Every channel respects the Article 7(3) right to withdraw and the relevant marketing-communication rules, and every message carries an unsubscribe link, sender identification, a physical address, and a privacy-policy link.

A re-activation sequence triggers when the engagement score drops below threshold, the last interaction passes 90 or 180 days, and a current vacancy refreshes role relevance. Consent is re-confirmed before the sequence starts, and candidates nearing the six-month retention boundary are flagged for a renewal-or-deletion decision. The agent also maps entries to current vacancy pay bands under the 25-plus state pay-transparency laws, flagging missing pay ranges and prohibited salary-history collection.

Cross-reference to Candidate-Screening, Pre-Hire-Due-Diligence, and Interview-Scheduling

The Talent Pool Management Agent feeds the Candidate Screening Agent (silver-medallist and alumni auto-suggest), the Pre-Hire Due Diligence Agent (background-check consent verified at pool entry), the Interview Scheduling Agent (slot prep on shortlist), and the Executive Recruiting Agent (executive talent map for succession). When a requisition opens, it cross-references the pool, applies skill, experience, location, and visa matching with diverse-slate balance, suggests the top 10-25 candidates, and keeps an audit trail of suggestions and recruiter selections.

Two of the three core components - the lawful-basis classification engine and retention orchestration - are generic infrastructure that every candidate-data agent in the Decision Layer needs. The Audit Compliance Agent draws its proof from the resulting audit trail, and the Employee Data Management Agent reuses the chain-of-deletion verification.

At a glance

  • Nine rule-based decisions, five ML-augmented indicators, and one mandatory human escalation
  • GDPR lawful-basis classification per source, with consent capture and Article 17 erasure orchestration
  • Disparate-impact analysis under US Title VII, the EEOC four-fifths rule, and the UK Equality Act 2010
  • EU AI Act recruitment classification with Mobley v. Workday vendor-liability mitigation
  • Pay-band mapping under the 25-plus state pay-transparency laws and salary-history bans
  • Six-month default retention, longer for silver medallists, with chain-of-deletion verification

Decision-Maker Distribution Talent-Pool-Management

Decision TypeCountExampleChallengeable
R Rule-based9Intake classification, lawful-basis assignment, retention orchestration, engagement-workflow design, Article 17 erasure, EU AI Act classification, pay-transparency mapping, audit loggingnot applicable
A AI-augmented5Disparate-impact analysis, UK Equality Act check, segmentation persona build, dormant-candidate scoring, requisition matchingauditor, candidate
H Human escalation1Manager review, engagement-campaign approval, diverse-slate reviewnot applicable

Micro-Decision Table

Who decides in this agent?

14 decision steps, split by decider

50%(7/14)
Rules Engine
deterministic
43%(6/14)
AI Agent
model-based with confidence
7%(1/14)
Human
explicitly assigned
Human
Rules Engine
AI Agent
Each row is a decision. Expand to see the decision record and whether it can be challenged.
Receive a talent-pool entry and route it by source and jurisdiction Is each entry classified by source (active applicant, silver medallist, employee referral, sourced lead, career-site submission, event lead, alumni, boomerang, agency, or campaign capture), by jurisdiction (UK, EU, US, with state and local ordinance), and by pool category (general, critical-skill, leadership, diversity, or alumni)? Rules Engine

Intake classification is rule-based, routing each entry by jurisdiction because the lawful basis differs by candidate source. It is anchored in US anti-discrimination law and GDPR transparency duties (Articles 13 and 14), and it cross-references the Candidate-Screening and Interview-Scheduling agents.

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Assign a GDPR Article 6 lawful basis, capture consent, and set the retention clock Is the lawful basis assigned per source under GDPR Article 6 - consent for proactive sourcing, contract performance for active requisitions, and a legitimate-interest balancing test for silver medallists, alumni, and referrals - with explicit Article 7 consent captured and a retention timeframe set (six months default, twelve for silver medallists, twenty-four for critical-skill pools, subject to the OFCCP and EEOC minimums) plus expiry monitoring? Rules Engine

Lawful basis is assigned by rule under GDPR Articles 6 and 7: consent for proactive sourcing, contract performance for active requisitions, and a legitimate-interest balancing test for silver medallists and alumni. Retention follows fixed defaults - six months by the ICO recruitment code, longer where US record-keeping rules require it.

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Run a disparate-impact check against the EEOC four-fifths rule Is an automated disparate-impact check run on pool composition, sourcing-channel performance, and progression rates against the Title VII protected classes (including sexual orientation and gender identity per Bostock), ADEA age-40+ protection, and ADA pre-employment accommodation, applying the four-fifths rule (80 percent threshold) and flagging adverse impact, age-based filtering, and disability-screening risk? AI Agent Auditor

Disparate-impact analysis is ML-augmented against the EEOC four-fifths rule, but the output is an indicator, not a final decision. It reflects current EEOC guidance on AI hiring tools and the Mobley v. Workday case, and cross-references the Candidate-Screening and Audit-Compliance agents.

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Challengeable by: Auditor

Run the UK compliance check against the Equality Act 2010 Is an automated UK check run on segmentation criteria, sourcing approach, and engagement messaging against the Equality Act 2010 protected characteristics and the Section 60 restriction on pre-offer health enquiries - with harassment, victimisation, and positive-action limits and the ACAS Code applied - flagging indirect-discrimination risk and illegitimate filtering criteria? AI Agent Auditor

The UK compliance check is ML-augmented against Equality Act 2010 protected characteristics and the Section 60 health-enquiries restriction, drawing on EHRC and ACAS guidance. The output is an indicator, not a final decision.

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Challengeable by: Auditor

Segment the pool, build personas, and prioritise by role demand Is the pool segmented by skill, experience, seniority, location, visa status, diversity dimension, engagement level, role-readiness, and critical-skill scarcity, then turned into candidate personas, prioritised against current and forecast role demand, and mapped to the workforce-planning forecast using market-intelligence and skill-cloud signals? AI Agent Auditor

Segmentation is ML-augmented - skill-based matching, demand forecasting, persona generation - but the output is an indicator, not a final decision. Used as a sole screening basis it would trigger the EU AI Act recruitment high-risk rules (Annex III(4)(a)), so it stays advisory; it cross-references the Workforce-Planning and Skills-Inventory agents.

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Challengeable by: Auditor

Design the engagement workflow and nurture cadence across channels Is an engagement workflow designed per persona, role priority, and last interaction - newsletters, role-specific alerts, thought-leadership, employer-brand campaigns, event invitations, webinars, alumni outreach, targeted InMail, email nurture, and consented SMS, all UTM-tracked and engagement-scored - while honouring the GDPR Article 7(3) right to withdraw and putting an unsubscribe link in every message? Rules Engine

Engagement workflows are orchestrated by rule, with cadence management across channels and a GDPR Article 7(3) right-to-withdraw and an unsubscribe link in every message. Marketing-communication rules (ePrivacy/PECR, CAN-SPAM, TCPA for SMS) apply per channel.

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Score dormant candidates and trigger a re-activation sequence Are dormant candidates identified by engagement score below threshold, last interaction beyond 90 or 180 days, and a vacancy that refreshes their relevance, then sent a re-activation sequence (personalised role match, skills or salary update, employer-brand refresh, company news) - with consent re-confirmed before the sequence starts and anyone nearing the six-month retention boundary flagged for renewal or deletion? AI Agent

Dormant-candidate scoring is ML-augmented, but the output is an indicator, not a final decision. Consent is re-confirmed under GDPR Article 7 before any re-activation, and the six-month default retention extends only with documented justification and a balancing test.

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Challengeable by:

Process a GDPR Article 17 erasure across all connected systems On an Article 17 erasure request, an Article 7(3) consent withdrawal, or a retention-expiry trigger, is erasure cascaded across the talent pool, ATS, CRM, and sourcing tools with chain-of-deletion verification - retaining only the legal minimum for anti-discrimination defence under the EEOC, OFCCP, and ICO schedules and the Article 17(3)(e) legal-claims exception - then logged and confirmed to the data subject within 30 days? Rules Engine

Erasure is orchestrated by rule under GDPR Article 17, with the 30-day response window of Article 12 and the legal-claims exception of Article 17(3)(e). A minimum record is retained for anti-discrimination defence, and the deletion cascades across the connected systems.

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Assess EU AI Act obligations for AI talent-matching deployments Are AI talent-matching deployments identified and assessed for EU AI Act Annex III(4)(a) recruitment high-risk classification when used for screening, ranking, or matching - triggering Article 14 human oversight, Article 13 transparency to the deployer, an Article 27 FRIA, Article 4 AI-literacy training, and Article 50 disclosure of AI-generated content - while flagging any prohibited Article 5 practices? Rules Engine

EU AI Act classification is rule-based: when AI matching is used for screening or ranking, the recruitment high-risk rules (Annex III(4)(a)) trigger deployer obligations under Articles 26 and 27, with fines up to EUR 15M or 3 percent of turnover. NYC Local Law 144 adds an independent bias-audit requirement.

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Map entries to pay bands under the US state pay-transparency laws Are talent-pool entries mapped to current-vacancy compensation bands per the 25-plus US state pay-transparency laws (California SB 1162, Colorado EPEWA, Washington EPOA, and the New York, Illinois, Massachusetts, and Connecticut statutes among them), flagging missing pay-range disclosure in candidate communications and any salary-history collection where it is banned? Rules Engine

The pay-transparency check is rule-based against the 25-plus US state disclosure laws and salary-history bans, flagging missing pay ranges and prohibited salary-history collection. It cross-references the Compensation-Benchmarking and Candidate-Screening agents.

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Build a talent map and assess critical-role coverage Is a talent map built for critical roles, leadership succession, scarce skills, and high-attrition roles - sourcing external candidates from market intelligence and the skill cloud, flagging coverage gaps per role, and assessing diverse-slate readiness within the OFCCP good-faith-effort and UK positive-action limits? AI Agent Auditor

Talent mapping is ML-augmented - skill-based matching, scarcity scoring, diverse-slate analysis - but the output is an indicator, not a final decision. It supports OFCCP good-faith-effort documentation while staying within Title VII and UK Equality Act positive-action limits.

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Challengeable by: Auditor

Match the pool to a new requisition and auto-suggest candidates When a new requisition opens, are talent-pool entries cross-referenced by skill, experience, location, and visa eligibility with a diversity-slate balance, the top 10-25 candidates auto-suggested to the recruiter with market context, silver-medallist, alumni, and referral connections flagged, and an audit trail kept of suggestions, selections, and non-selections? AI Agent

Requisition matching is ML-augmented, surfacing suggested candidates as an indicator, not a final decision. Used as a primary screening basis it falls under the EU AI Act recruitment rules with their human-oversight duty (Article 14), and it is monitored against the EEOC four-fifths rule.

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Challengeable by:

Designated approver signs off the campaign and reviews flagged items Does a designated approver (Talent Acquisition Director, Head of Sourcing, DPO, General Counsel, Hiring Manager, or Compliance Officer) confirm the engagement-campaign content, segmentation criteria, lawful basis, and accommodation provisions, and review every flagged item - disparate impact, indirect discrimination, a Section 60 health enquiry, a lawful-basis gap, automated-decision risk, or a pay-transparency disclosure? Human

A designated approver signs off the engagement campaign and segmentation for accountability and legal review. GDPR Article 22 bars fully automated decisions with legal effect, so a human stays in the loop, satisfying the EU AI Act human-oversight duty (Article 14).

Decision Record

Decider ID and role
Decision rationale
Timestamp and context

Challengeable: Yes - via manager, works council, or formal objection process.

Write the audit trail and apply the retention schedule Are decision records logged with reasoning, timestamps, signatures, and access events - covering lawful basis, consent, segmentation, engagement, matching suggestions, and recruiter selections and non-selections - and retained on the applicable schedule (six-month default, longer for silver-medallist and critical-skill pools, the EEOC and OFCCP minimums, and the EU AI Act Article 12 system-log lifetime plus ten years)? Rules Engine

The audit trail is written by rule, logging each lifecycle event with reasoning, timestamps, signatures, and access events to satisfy GDPR accountability (Articles 30, 5(2), 32) and the EU AI Act record-keeping duty (Article 12). Retention follows the EEOC, OFCCP, and ICO schedules.

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Decision Record and Right to Challenge

Every decision this agent makes or prepares is documented in a complete decision record. Affected employees can review, understand, and challenge every individual decision.

Which rule in which version was applied?
What data was the decision based on?
Who (human, rules engine, or AI) decided - and why?
How can the affected person file an objection?
How the Decision Layer enforces this architecturally →

Does this agent fit your process?

We analyse your specific HR process and show how this agent fits into your system landscape. 30 minutes, no preparation needed.

Analyse your process

Governance Notes

EU AI Act: Not High Risk
Used purely for talent-pool maintenance, segmentation, engagement, and consent and retention orchestration, this agent makes no employment-affecting decision on its own, so it is not high-risk under the EU AI Act - its classification reason is data-management. That changes if an AI matching component is used as the primary screening basis: then the recruitment high-risk rules (Annex III(4)(a)) apply, bringing provider and deployer obligations, a Fundamental Rights Impact Assessment, and fines up to EUR 15M or 3 percent of global turnover. The agent therefore keeps the rule-based core - lawful basis, consent, retention, erasure - separate from the AI indicators. On the US side, Title VII and the related anti-discrimination statutes, the EEOC four-fifths rule, and the Mobley v. Workday vendor-liability precedent govern; NYC Local Law 144 adds an independent bias audit; and the 25-plus state pay-transparency laws and salary-history bans apply to candidate communications. In the UK, the Equality Act 2010 (including the Section 60 health-enquiries restriction) and the ICO Employment Practices Code govern. GDPR is the spine of the data side: lawful basis under Article 6, consent under Article 7, the Article 17 right to erasure, the Article 22 bar on fully automated decisions with legal effect, and Article 88 employment rules, with a DPIA where required. Penalties stack - GDPR up to 4 percent of group revenue, the EU AI Act up to 3 percent, and US class-action and back-pay exposure on top - which is why every talent-pool entry carries a traceable record of its lawful basis, consent, retention boundary, and erasure event.

Assessment

Agent Readiness 66-73%
Governance Complexity 46-53%
Economic Impact 48-55%
Lighthouse Effect 34-41%
Implementation Complexity 36-43%
Transaction Volume Weekly

Prerequisites

  • Talent Pool Management Platform or ATS-CRM with talent pool capability (Greenhouse + Lever + Workday Recruiting + SAP SuccessFactors Recruiting + Oracle Cloud HCM + Oracle Talent Acquisition Cloud Taleo + iCIMS Talent Cloud + SmartRecruiters + Recruitee + Workable + Eightfold AI + LinkedIn Talent Hub + LinkedIn Recruiter + Beamery + Phenom + Avature + Bullhorn + Gem + ADP Recruiting + Personio + BambooHR) capable of consent management + retention orchestration + skill-based matching + engagement workflow + audit log + chain-of-deletion verification + API integration
  • Lawful Basis and Consent Management capable of Article 6(1)(a) consent + Article 6(1)(b) contract + Article 6(1)(f) legitimate interest balancing test + Article 7 conditions for consent + Article 7(3) right to withdraw + Article 13 transparency at collection + Article 14 transparency from third parties + EDPB Guidelines on Data Processing in Employment + Working Party 29 Opinion 2/2017 + Member State implementation Germany BDSG Section 26 + France French Labour Code + UK GDPR + DPA 2018 Schedule 1 Part 1
  • Retention Orchestration with 6 months default candidate records + 12 months silver medallist + 24 months critical skill + EEOC 29 CFR 1602.14 1 year + OFCCP Internet Applicant Rule 41 CFR 60-1.3 2 years + UK ICO Employment Practices Code Section 1 6 months + Article 17 right to erasure 30 days response + Article 17(3)(e) legal claims exception + audit trail + chain of custody preservation
  • AI Compliance Check Engine with EEOC Uniform Guidelines on Employee Selection Procedures 29 CFR Part 1607 four-fifths rule adverse impact + EEOC Compliance Manual + Mobley v. Workday class action ongoing + EEOC Technical Assistance Document on Software Algorithms and AI May 2023 + UK EHRC Code of Practice on Employment + ACAS guidance + UK Employment Tribunal precedent + EDPB Guidelines + EU AI Act 2024/1689 Article 4+13+14+26+27 + Annex III Point 4(a) recruitment AI
  • Engagement Workflow Engine with multi-channel cadence + email per Beamery + Phenom + Greenhouse + LinkedIn InMail per Recruiter + SMS opt-in + recruitment event integration + UTM tracking + engagement scoring + unsubscribe link + ePrivacy Directive 2002/58/EC + UK PECR Privacy and Electronic Communications Regulations 2003 + CAN-SPAM Act + TCPA + state CTIA SMS guidelines
  • Skill-Based Matching with LinkedIn Talent Insights market intelligence + Eightfold AI Skill Cloud + Workday Skills Cloud + Beamery AI + Phenom AI + Gem AI + Greenhouse Sourcing Automation + bias mitigation + diverse slate analysis + EU AI Act Article 14 human oversight + Article 27 FRIA + Mobley v. Workday vendor liability + NYC Local Law 144 AEDT bias audit
  • 25+ State Pay Transparency Compliance with California SB 1162 + Colorado EPEWA + Washington EPOA + New York City Local Law 32 + New York State + Illinois HB 3129 + Massachusetts Pay Equity Act + Connecticut Public Act 21-30 + Maryland Wage Range Transparency + Rhode Island + Nevada + state salary history bans California + Illinois + 20+ states + Lilly Ledbetter Fair Pay Act 2009 + UK Equality Act 2010 Section 78 Gender Pay Gap + Equal Pay Act 1963
  • Audit Trail and Records of Processing Activities per EU GDPR Article 30 + Article 5(2) accountability + Article 32 security + ICO Employment Practices Code Section 1 recruitment + EU AI Act 2024/1689 Article 12 record-keeping AI system logs lifetime + 10 years post-decommissioning + EEOC 29 CFR 1602.14 + OFCCP Internet Applicant Rule + AICPA SOC 2 Type II Trust Services Criteria + ISO 27001:2022 Annex A.5 + ISO 30414:2018 Human Capital Reporting Recruitment metrics

What this assessment contains: 9 slides for your leadership team

Personalised with your numbers. Generated in 2 minutes directly in your browser. No upload, no login.

  1. 1

    Title slide - Process name, decision points, automation potential

  2. 2

    Executive summary - FTE freed, cost per transaction before/after, break-even date, cost of waiting

  3. 3

    Current state - Transaction volume, error costs, growth scenario with FTE comparison

  4. 4

    Solution architecture - Human - rules engine - AI agent with specific decision points

  5. 5

    Governance - EU AI Act, works council, audit trail - with traffic light status

  6. 6

    Risk analysis - 5 risks with likelihood, impact and mitigation

  7. 7

    Roadmap - 3-phase plan with concrete calendar dates and Go/No-Go

  8. 8

    Business case - 3-scenario comparison (do nothing/hire/automate) plus 3×3 sensitivity matrix

  9. 9

    Discussion proposal - Concrete next steps with timeline and responsibilities

Includes: 3-scenario comparison

Do nothing vs. new hire vs. automation - with your salary level, your error rate and your growth plan. The one slide your CFO wants to see first.

Show calculation methodology

Hourly rate: Annual salary (your input) × 1.3 employer burden ÷ 1,720 annual work hours

Savings: Transactions × 12 × automation rate × minutes/transaction × hourly rate × economic factor

Quality ROI: Error reduction × transactions × 12 × EUR 260/error (APQC Open Standards Benchmarking)

FTE: Saved hours ÷ 1,720 annual work hours

Break-Even: Benchmark investment ÷ monthly combined savings (efficiency + quality)

New hire: Annual salary × 1.3 + EUR 12,000 recruiting per FTE

All data stays in your browser. Nothing is transmitted to any server.

Talent Pool Management Agent

Initial assessment for your leadership team

A thorough initial assessment in 2 minutes - with your numbers, your risk profile and industry benchmarks. No vendor logo, no sales pitch.

All data stays in your browser. Nothing is transmitted.

Agent Blueprint Available

A full blueprint for Talent Pool Management Agent is available with micro-decision decomposition, industry variants, and implementation details.

View Blueprint

Related Agents

Candidate Screening Agent

One auditable candidate-screening pipeline - CV parsing, resume screening, shortlist generation and continuous bias monitoring - built to satisfy the EU AI Act's high-risk obligations, the EEOC four-fifths rule, NYC Local Law 144 and the UK Equality Act by construction, not retrofit.

W K
EU AI Act III(4)(a): High Risk
Readiness: 64-71%
Economic: 78-85%
Governance: 74-81%
Micro-Decisions: 13
Daily

Executive Recruiting Agent

Runs a confidential C-suite search across US, UK and EU governance - coordinating the Audit, Compensation and Nomination Committees, modelling executive pay, and meeting its EU AI Act high-risk obligations with a pay-equity check and a human decision at every gate.

W K
EU AI Act III(4)(a): High Risk
Readiness: 51-58%
Economic: 66-73%
Governance: 81-88%
Micro-Decisions: 14
Monthly

Interview Scheduling Agent

One auditable interview-scheduling pipeline that stays Title VII compliant - pay ranges disclosed where the law requires, a bias audit on every slot proposal under EU AI Act Annex III(4)(a), and ADA accommodation built in - across the UK, EU and US.

W
EU AI Act III(4)(a): High Risk
Readiness: 78-85%
Economic: 66-73%
Governance: 58-65%
Micro-Decisions: 14
Daily

Frequently Asked Questions

Which GDPR lawful basis applies to each candidate source, and how do consent, erasure, and the six-month retention default work?

The lawful basis under GDPR Article 6 depends on how the candidate entered the pool. Consent (Article 6(1)(a)) covers proactive sourcing and speculative applications; contract performance (Article 6(1)(b)) covers candidates active in a current requisition; and a legitimate-interest balancing test (Article 6(1)(f)) covers silver medallists, alumni, and referrals, where the interest in retaining people for future roles is weighed against their reasonable expectations. Consent under Article 7 must be freely given, specific, informed, and unambiguous, with a right to withdraw that is as easy as giving it (Article 7(3)). Special categories such as health, ethnicity, or sexual orientation need an Article 9 employment-law derogation or explicit consent. The Article 17 right to erasure is triggered by consent withdrawal, retention expiry, a sustained objection, or unlawful processing. Default retention is six months for general candidate records under the ICO Employment Practices Code, extending to twelve months for silver medallists with documented justification and twenty-four for critical-skill pools with renewed consent; UK GDPR mirrors this, and Member State rules (for example the German BDSG) can tighten it. The agent assigns the source-specific basis, captures consent, applies the retention clock, and cascades erasure across the ATS, CRM, and sourcing tools, keeping only the minimum needed for anti-discrimination defence; it cross-references the Employee-Data-Management and HR-Document-Management agents.

How do Title VII, the EEOC four-fifths rule, Mobley v. Workday, NYC Local Law 144, and the EU AI Act apply to AI talent-matching tools?

AI talent-matching sits at the intersection of several accountability regimes. Title VII bars disparate treatment and disparate impact in employment decisions, and the EEOC Uniform Guidelines set the four-fifths rule: a selection rate below 80 percent of the highest group's rate is treated as evidence of adverse impact. The EEOC's 2023 technical guidance confirms algorithmic decisions fall under Title VII, the ADEA, and the ADA, and AI hiring tools are a named enforcement priority. The Mobley v. Workday case extends liability to the vendor by treating it as the employer's agent for Title VII purposes. NYC Local Law 144 requires an independent bias audit within the prior year, candidate notification at least ten business days before use, and publication of the audit summary. Under the EU AI Act, recruitment AI used for screening, ranking, or matching is high-risk (Annex III(4)(a)), which triggers provider obligations (Articles 8-15) and deployer obligations (Articles 26-27) including an Article 27 FRIA, Article 14 human oversight, and Article 12 record-keeping, with fines up to EUR 15M or 3 percent of turnover. The agent runs the four-fifths monitoring, flags deployments that cross into high-risk, orchestrates the FRIA and the AEDT bias audit and candidate notice, keeps a human in the matching loop, and maintains the audit trail; it cross-references the Candidate-Screening, Audit-Compliance, and Compliance-Monitoring agents.

How does the agent handle US state pay-transparency and salary-history-ban rules, plus the UK gender-pay-gap duty, when contacting candidates?

Pay-transparency duties now span more than 25 US states, the UK, and (from 2026) the EU. The US state laws vary in scope but share a pattern: California SB 1162 requires a pay scale in job postings and, via Labor Code Section 432.3, bans salary-history collection; Colorado's EPEWA and Washington's EPOA require a pay range plus general benefits; and New York, Illinois, Massachusetts, and Connecticut have their own disclosure rules, with salary-history bans in place across roughly twenty states. The Lilly Ledbetter Fair Pay Act restarts the clock on a pay-discrimination claim with each discriminatory paycheck, and the Equal Pay Act requires equal pay for equal work. In the UK, the Equality Act 2010 Section 78 gender-pay-gap reporting applies to employers with 250 or more staff. The agent maps talent-pool entries to the current vacancy's compensation band for the applicable state, flags missing pay-range disclosure in candidate communications, and flags salary-history collection where it is banned, drawing market data from the Compensation-Benchmarking-Agent; it cross-references the Compensation-Benchmarking and Job-Posting agents.

How does the agent integrate with the ATS, CRM, sourcing, and market-intelligence ecosystem, and what is the data-flow architecture?

A talent-pool architecture has five layers. The ATS layer (Greenhouse, Lever, Workday Recruiting, SAP SuccessFactors, Oracle, iCIMS, SmartRecruiters, ADP, Personio, BambooHR) holds the candidate-of-record per requisition with stage progression and offer history. The CRM layer (Beamery, Phenom, Avature, Bullhorn, Gem, and the native ATS CRMs) holds the candidate-of-engagement per nurture campaign with segmentation and engagement scoring. The AI-matching layer (Eightfold, Workday Skills Cloud, LinkedIn Recruiter, and the sourcing automations) provides skill-based matching, role-fit scoring, and diverse-slate analysis. The sourcing layer (LinkedIn Recruiter, Gem, Beamery, Phenom Career Site) provides discovery, outreach, and employer-brand engagement. The market-intelligence layer (LinkedIn Talent Insights, Eightfold) supplies company, role, skill, and location benchmarks. The agent sits above this stack as a compliance and orchestration layer rather than a replacement: it ingests candidate data via API, assigns the lawful basis per source, runs retention and disparate-impact checks, segments by persona, designs engagement, triggers re-activation, processes Article 17 erasure, cross-references open requisitions for matching, and keeps the audit trail. The flow runs from sourcing channels through lawful-basis capture, into the ATS and CRM, enriched by AI matching, then engagement, re-activation, retention monitoring, and erasure; it cross-references the Candidate-Screening, Pre-Hire-Due-Diligence, and Interview-Scheduling agents.

How do engagement, re-activation, and dormant-candidate scoring stay inside consent and the six-month retention boundary, and how does the Article 7(3) right to withdraw work?

Engagement runs inside strict consent and retention limits. The multi-channel cadence - newsletters every four to six weeks, role-specific alerts, thought-leadership, employer-brand campaigns, event invitations, webinars, alumni outreach, targeted InMail, email nurture, and consented SMS, all UTM-tracked and engagement-scored - respects the GDPR Article 7(3) right to withdraw and the relevant marketing rules (ePrivacy/PECR in Europe, CAN-SPAM and the TCPA for SMS in the US). Every message carries an unsubscribe link, clear sender identification, and a privacy-policy link. A re-activation sequence fires only when the engagement score drops below threshold, the last interaction is beyond 90 or 180 days, and a current vacancy refreshes relevance; consent is re-confirmed before the sequence starts, and anyone approaching the six-month retention boundary is flagged for a renewal-or-deletion decision. Retention follows fixed defaults - six months under the ICO recruitment code, twelve for silver medallists with justification, twenty-four for critical-skill pools with renewed consent, and the longer EEOC and OFCCP minimums for US records. On consent withdrawal or retention expiry, Article 17 erasure cascades across the ATS, CRM, and sourcing tools, keeping only the legal minimum under the Article 17(3)(e) exception, logged and confirmed within 30 days. The agent automates the retention monitoring, consent-renewal prompts, and erasure orchestration; it cross-references the Employee-Data-Management and Audit-Compliance agents.

How does the Talent Pool Management Agent differ from the Candidate Screening Agent and Pre-Hire Due Diligence Agent and Interview Scheduling Agent and Executive Recruiting Agent?

The five agents cover different stages of the recruiting funnel. This Talent Pool Management Agent owns the pre-funnel infrastructure: pool segmentation, engagement and re-activation, talent mapping, AI-augmented disparate-impact monitoring, GDPR lawful basis and erasure, six-month retention orchestration, and the EU AI Act and pay-transparency checks. The Candidate-Screening-Agent handles active-requisition screening - resume parsing, skill and qualification matching, the EEOC four-fifths analysis, ADA accommodation, the GDPR Article 22 bar on fully automated decisions, and the EU AI Act recruitment high-risk rules. The Pre-Hire-Due-Diligence-Agent runs background and reference checks under the FCRA, state Ban-the-Box and credit-history rules, the UK DBS, and GDPR Article 9. The Interview-Scheduling-Agent coordinates panels and scorecards with ADA and Equality Act accommodation. The Executive-Recruiting-Agent covers senior and C-suite search with deeper due diligence. In the flow, this agent feeds the Candidate-Screening-Agent (auto-suggesting silver medallists and critical-skill candidates), the Pre-Hire-Due-Diligence-Agent (consent verified at pool entry), the Interview-Scheduling-Agent (shortlist prep), and the Executive-Recruiting-Agent (the executive talent map). All five share the same anchors - Title VII, the UK Equality Act 2010, GDPR, the EU AI Act recruitment rules, Mobley v. Workday, NYC Local Law 144, and ISO 30414.

What Happens Next?

1

30 minutes

Initial call

We analyse your process and identify the optimal starting point.

2

1 week

Discover

Mapping your decision logic. Rule sets documented, Decision Layer designed.

3

3-4 weeks

Build

Production agent in your infrastructure. Governance, audit trail, cert-ready from day 1.

4

12-18 months

Self-sufficient

Full access to source code, prompts and rule versions. No vendor lock-in.

Implement This Agent?

We assess your process landscape and show how this agent fits into your infrastructure.