Resources · 11 June 2026

Is AI candidate screening legal in the UK? Bias, GDPR and what to check

Short answer: using AI to help screen and rank candidates is not banned in the UK, but it comes with conditions that matter. Get them wrong and you risk both discrimination claims and a data-protection problem. Get them right and AI is a legitimate tool on the desk.

Here is what to check.

The bias problem is the headline risk

AI screening tools learn from data, and data carries the patterns of the past. A tool trained on who got hired before can quietly favour or disfavour groups in ways that map onto protected characteristics such as age, sex, race and disability (for example, a tool trained on a historically male-dominated team can learn to down-rank CVs that mention a women’s college or a women’s sports club). If your screening process disproportionately disadvantages a protected group, that can amount to indirect discrimination under the Equality Act 2010, and the defence of “the algorithm did it” will not stand in an employment tribunal. The agency is still responsible.

Practical checks:

• Understand what any screening or ranking tool is actually doing, at least in outline. If the vendor cannot explain it, treat that as a warning sign.
• Do not let a tool auto-reject. Use it to support a human shortlisting decision, not to replace it.
• Watch outcomes. If a tool consistently filters out a particular group, stop and investigate.

Automated decisions under UK GDPR

UK GDPR restricts decisions based solely on automated processing where they have a legal or similarly significant effect on someone. Rejecting a candidate can be “similarly significant”. The safe pattern for recruitment is straightforward: keep a meaningful human in the loop. A person reviews and makes the actual call, with the AI as input. That keeps you out of the “solely automated” territory that triggers the strictest rules.

You should also be transparent. Candidates should be able to find out, in general terms, that AI tools are used in your process and what that means for them. A short line in your privacy information usually covers it.

Candidate data and the tools themselves

Screening means feeding candidate data into a tool. That raises the same question as the rest of your AI use: is this tool approved for personal data, does it train on your inputs, and is there a proper data processing agreement? Free consumer tools are not the place for candidate CVs. Use tools with business terms, and record the decision.

A sensible position to adopt

1. Use AI to assist screening, never to make the final decision alone.
2. Keep a documented human review step.
3. Check tools for bias and keep an eye on real outcomes.
4. Only put candidate data into approved tools with proper data terms.
5. Be transparent with candidates that AI is used.
6. Write it down, so you can show your reasoning if challenged.

That last point is where a policy earns its keep. A clear AI policy for your agency, backed by a risk register that names screening bias as a tracked risk, is the difference between a defensible process and a hopeful one.

Our AI Safe-Use Pack for recruitment agencies includes a risk register pre-loaded with a screening-bias scenario, plus the policy and staff guidance to support it.

This article is general information, not legal advice. Decisions about automated processing and discrimination risk should be taken with professional advice.