AI Performance Reviews: Are They Legal? What Every Employee Needs to Know

Your performance review has been generated or heavily influenced by AI — productivity scores, sentiment analysis, objective metrics. What the law says about AI performance assessment, your rights to challenge it, and what makes a fair AI performance process.

Key Takeaways

AI performance assessments are not inherently unlawful — but they create specific rights for employees and obligations for employers that most organisations have not properly implemented.
In the EU and UK, GDPR Article 22 gives you the right to human review of any automated decision that significantly affects you — an AI performance review that influences pay, promotion, or continued employment clearly qualifies.
You have the right to request an explanation of how your performance score was calculated — 'the system generated it' is not adequate. Your employer must be able to tell you what factors contributed to your score.
AI performance systems have documented bias problems — they can disadvantage women, older workers, and people with disabilities in ways that may be unlawful under anti-discrimination legislation.
If your AI performance review seems wrong, request access to all the data used to generate it, ask for a human review of the outcome, and document the process in case you need to escalate.

"Nur zu Informationszwecken. Dieser Artikel stellt keine rechtliche, regulatorische, finanzielle oder professionelle Beratung dar. Konsultieren Sie einen qualifizierten Spezialisten für spezifische Beratung."

AI in performance reviews — the legal risks employers and employees both need to understand

AI-assisted performance management has become widespread: tools that score productivity from system activity, assess communication quality from email and messaging data, rate customer service interactions from call recordings, and generate performance review drafts from output metrics are in routine use across sectors. The legal framework governing these tools is not new — it is existing employment law applied to new technology — but several features of AI create specific risks that traditional performance management did not.

The most significant risk is discrimination. Performance management AI trained on historical data can encode the biases of whoever assessed performance historically. A model trained on performance scores assigned by managers who systematically undervalued work done by women on parental leave, or by employees with disabilities who worked differently from the modal employee, will reproduce those biases at scale. The defence "the algorithm scored them lower, not me" is not available: discrimination law across all major jurisdictions places liability with the employer for discriminatory outcomes, regardless of whether the mechanism is human or automated.

EU — AI Act high-risk classification and GDPR

Under the EU AI Act, AI systems used for evaluating or classifying people in order to assess work performance and productivity, or to monitor performance and behaviour at work are classified as high-risk under Annex III. This covers: productivity monitoring AI; performance scoring tools; automated appraisal systems; and systems that aggregate data from multiple sources to produce performance ratings.

High-risk classification means that from December 2027 (under the Omnibus timeline), employers deploying these tools must: ensure the AI vendor has a conformity assessment and CE marking; maintain human oversight — a human must be capable of understanding the AI output, interpreting it critically, and overriding it; conduct a Fundamental Rights Impact Assessment; monitor the system's performance after deployment; and report serious incidents to market surveillance authorities.

GDPR applies immediately and throughout. Using an AI system to monitor employee performance involves processing personal data, requires a lawful basis (typically legitimate interests or contractual necessity, with a proportionality assessment), and triggers the transparency obligations under Articles 13-15 — employees must be informed that AI is used in performance assessment, what data is collected, and what automated decision-making occurs. GDPR Article 22 applies where a solely automated decision produces legal or similarly significant effects — a salary review or dismissal driven by an AI score without human review is a solely automated decision. Under GDPR, this requires explicit consent, contractual necessity, or a specific EU or member state law, and the employee must have the right to human review and the ability to contest the decision.

United Kingdom

The Equality Act 2010 applies to all performance management decisions, including those made using or informed by AI. Indirect discrimination — a practice that appears neutral but puts employees sharing a protected characteristic at a particular disadvantage — is unlawful unless the employer can show it is a proportionate means of achieving a legitimate aim. An AI performance tool that systematically gives lower scores to part-time workers (who are disproportionately women), or to employees who communicate less frequently (who may include neurodiverse employees or those with caring responsibilities), creates indirect discrimination risk that the employer must identify and address.

The Employment Rights Act 2025 (Royal Assent 18 December 2025) reduces the qualifying period for unfair dismissal from two years to six months from 6 April 2026. From January 2027, caps on unfair dismissal awards are removed. This significantly increases the exposure of performance management decisions — including AI-assisted ones — to tribunal scrutiny. Employers relying on AI-generated performance data to justify dismissal will face increased scrutiny of whether that data accurately reflected the employee's genuine contribution and whether human judgment was applied.

Under the Data (Use and Access) Act 2025, the UK's rules on solely automated decisions have been modified. Automated performance decisions are now permitted by default where implemented with specified safeguards: informing the employee that automated processing was used; giving them the right to make representations and request human review; and allowing them to contest the outcome. The strongest restrictions — human involvement before the decision is made — apply where the decision is based on special category data, including health data relevant to disability accommodation.

United States

Federal employment discrimination law — Title VII of the Civil Rights Act, the Americans with Disabilities Act, the Age Discrimination in Employment Act — applies to AI performance tools. The EEOC and federal agencies issued a joint statement in 2023 confirming explicitly: "There is no AI exemption to the laws on the books." Disparate impact — where an AI performance tool produces measurably worse scores for employees in a protected class — is unlawful even where no discriminatory intent exists. The employer is liable for discriminatory outcomes from AI tools purchased from third-party vendors.

Illinois's Artificial Intelligence Video Interview Act (in force since 2020) requires employer consent before using AI to analyse facial expressions or voice patterns in video interviews — the same principle extends to AI emotional or communication analysis in ongoing employment contexts. Illinois HB 3773 (effective 1 January 2026) prohibits AI that causes discriminatory effects on employees and requires notice of AI use in employment decisions. Colorado's AI Act (effective 30 June 2026) requires impact assessments for high-risk AI systems used in employment, including performance evaluation tools.

Australia

The Privacy Act 1988 applies to AI performance management tools that process employee personal information. The automated decision-making transparency obligation under the Privacy and Other Legislation Amendment Act 2024, effective 10 December 2026, will require employers to disclose in their Privacy Policies when personal information is used in substantially automated decisions with legal or similarly significant effects on individuals — explicitly including employment decisions. The Fair Work Act 2009 governs dismissal and adverse action claims; a dismissal driven substantially by AI-generated performance data without adequate human consideration of the employee's circumstances may constitute an unfair dismissal.

What employees can do

If you believe an AI performance assessment is inaccurate, biased, or has contributed to an adverse employment outcome: request access to the data used in your assessment (under GDPR, UK GDPR, or Privacy Act access rights); request human review of any automated assessment that contributed to a significant employment decision; raise a formal grievance documenting the specific concern — if AI produced a rating you dispute, request the methodology and data inputs; and in the EU, exercise your right to contest the automated decision and require human intervention. If you believe an AI performance tool produced discriminatory outcomes — lower scores correlated with your protected characteristic — document the pattern and seek advice from your union or an employment lawyer, as collective evidence of discriminatory impact is the most powerful basis for a discrimination claim.