Resources · 11 June 2026

An AI policy for recruitment agencies: the practical version

AI has moved fast across the recruitment desk. Consultants use it to write adverts and outreach, summarise CVs, draft candidate and client communications, and increasingly to source and rank. Most of it is genuinely useful. The risk is that it all runs through tools nobody formally approved, handling a great deal of personal data, with no policy behind it.

A recruitment-specific AI policy is how you keep the upside without the exposure.

Why recruitment is higher-risk than most

Two reasons.

First, you live in candidate personal data. CVs, contact details, work history, sometimes far more. Under UK GDPR that is personal data with real obligations, and pasting it into a free consumer AI tool that may train on inputs is the kind of thing that turns into an incident.

Second, AI screening carries discrimination risk. A tool that ranks or filters candidates can quietly reproduce bias, and that is not just a reputational problem, it is a legal one. This deserves its own care, which we cover in Is AI candidate screening legal in the UK?.

What the policy should cover

For an agency, a good AI policy is short and specific:

• Candidate data handling. What may go into which tools. As a rule, candidate personal data only goes into approved tools with proper data terms, never free accounts.
• Approved tools. A named list of the AI tools consultants may use, each with the data sensitivity it is cleared for.
• Screening and ranking. Where AI may support a shortlisting decision, and the firm rule that it never makes the final call on a person without human review.
• Human review of communications. Adverts, candidate messages and client work get a human check before they go out.
• Client commitments. If a client contract restricts AI use or data sharing, that takes precedence.
• The other side of the desk. How consultants verify candidate profiles and identity when applicants use AI to write CVs and cover letters or to complete skills assessments.

Clients are starting to ask

This is the commercial angle. More clients, and almost every serious PSL or framework application, now ask suppliers what their AI policy is. Having a clear, professional answer is becoming part of winning and keeping work, not just managing risk. An agency that can say “here is our policy, here is how we control candidate data, here is how we handle screening” looks more credible than one that cannot.

Getting it in place

You can draft this yourself, or start from documents written for the sector. Our AI Safe-Use Pack for recruitment agencies includes a recruitment-shaped acceptable use policy, an approved-tools matrix, a risk register with screening-bias scenarios, a one-page consultant guide and a literacy tracker. There is also a general edition if you want the sector-neutral set.

Either way, the goal is the same: let your consultants use AI to move faster, with clear lines that protect candidates, the agency and your client relationships.

This article is general information, not legal advice. Take professional advice on your specific obligations, particularly around automated decision-making.