Basic Concept: AI systems used in employment contexts such as job screening carry significant regulatory risk. For a multinational company operating in or serving markets covered by the EU AI Act, compliance with this binding regulation is mandatory to avoid substantial fines. CompTIA SecAI+ Exam Objectives cover AI regulatory compliance under Domain 4.
Why B is Correct: The EU AI Act explicitly classifies AI systems used for employment screening, candidate evaluation, and worker management as high-risk AI applications. These systems are subject to strict compliance requirements including mandatory conformity assessments, human oversight, transparency obligations, and registration. Non-compliance can result in fines up to 30 million euros or 6% of global annual turnover. A multinational company implementing AI job screening must reference the EU AI Act as the primary compliance obligation.
Why A is Wrong: ISO AI standards such as ISO 42001 are voluntary management system standards. While useful for best practices, they do not carry legal enforcement power and adherence does not prevent regulatory fines from binding legislation like the EU AI Act.
Why C is Wrong: Corporate policy is an internal governance document that sets organizational standards. It cannot supersede external legal obligations and following only corporate policy does not protect against fines from regulatory bodies enforcing the EU AI Act.
Why D is Wrong: NIST AI RMF is a voluntary American risk management framework. While excellent for AI risk governance, it is not a binding regulation and does not address the legal compliance requirements that generate fines from regulatory authorities in jurisdictions covered by the EU AI Act.
