Do Small Businesses Really Have to Comply?

Last updated: March 2026

Educational Resource: This guide is for informational purposes only and does not constitute legal advice. Requirements vary by jurisdiction, company size, and specific AI tool usage. Consult qualified legal counsel to determine your organization's specific obligations.

If you run a small business and use AI in hiring—even something as simple as an applicant tracking system with resume ranking—you're subject to the same compliance requirements as Fortune 500 companies. No exemptions. No "small business carve-outs." No grace periods based on company size.

That might sound overwhelming, especially if you're a 10-person startup or a 50-employee regional business without a dedicated HR team, let alone a compliance department. But here's the reality: compliance doesn't have to be expensive or complex. You just need to know what's actually required versus what's "nice to have."

This guide cuts through the noise and gives you a realistic, resource-conscious compliance roadmap for AI hiring compliance for small businesses.

Reality Check
Most small businesses aren't using sophisticated AI. If your "AI hiring tool" is just your ATS vendor's resume parser or keyword matching, your compliance burden is lighter than you think. The risk comes from video interview platforms, automated screening tools, and personality assessments—the genuinely algorithmic stuff.

Do Small Businesses Really Have to Comply?

Short answer: Yes.

Unlike many employment laws (e.g., FMLA, which only applies to employers with 50+ employees), AI hiring laws generally have no employer size threshold:

• NYC Local Law 144: Applies to all employers using AEDTs in NYC, regardless of size (NYC DCA guidance)
• Illinois AIVIA: No size exemption
• Colorado AI Act: Applies to all employers using high-risk AI systems
• California AB 2930: No employee count minimum (CPPA)

The reasoning: AI discrimination doesn't become acceptable just because a company is small. A 5-person startup can discriminate just as much as a 5,000-person corporation.

When You're NOT Covered

You may avoid AI hiring law obligations if:

• You don't use any AI or automated tools in hiring (purely manual resume review and interviews)
• You're only hiring in states/cities without AI hiring laws (check your jurisdictions)
• Your "AI tool" is so basic it doesn't meet the definition of an AEDT (e.g., simple keyword search without ranking or scoring)

But if you're reading this, you probably use something automated. Let's figure out what you need to do.

Step 1: Figure Out What AI You're Actually Using

Many small business owners are surprised to learn they're using AI. Here's where it often hides:

Common "Stealth AI" in Small Business Hiring

• ATS resume ranking: If your applicant tracking system (BambooHR, Lever, Greenhouse, Workable) ranks or scores resumes, that's AI
• Indeed's AI matching: Indeed Sponsored Jobs use AI to match candidates to your posting—if you're making decisions based on those recommendations, you're using AI
• LinkedIn Recruiter: If you use LinkedIn's "Best Matches" or AI-powered search, that's covered
• Video interview platforms: Tools like HireVue, Spark Hire (with AI add-ons), or myInterview that analyze speech, facial expressions, or language patterns
• Skills assessments: Platforms like Criteria, Pymetrics, or HackerRank that use algorithms to score candidates
• Background check automation: Some services use AI to flag "risky" candidates

Quick AI Audit

Take 30 minutes and list every tool you use from application to offer:

1. Where do candidates apply? (your website, Indeed, LinkedIn, etc.)
2. What software stores applications? (your ATS or email)
3. What tools help you screen/rank candidates?
4. Do you use video interviewing platforms?
5. Any assessment or testing tools?
6. Background check services?

For each tool, ask your vendor: "Does this use AI, algorithms, or automation to score, rank, or recommend candidates?" If yes, it's likely covered by AI hiring laws.

Step 2: Determine Your Jurisdictional Exposure

AI hiring laws are location-based. What matters is where your candidates are located, not where your business is based.

Questions to Answer

• Are you hiring in New York City? → NYC LL144 applies
• Are you hiring in California? → AB 2930 applies
• Are you hiring in Colorado? → Colorado AI Act applies
• Are you hiring in Illinois? → AIVIA applies (especially for video interviews)

Remote-first companies: If your job is remote-eligible and open to candidates nationwide, you must comply with all states' laws where you accept applications. This is why many small businesses are choosing to either (a) limit hiring to specific states, or (b) build to the highest compliance standard and apply it everywhere.

Step 3: Prioritize Based on Risk and Cost

You probably can't (and don't need to) do everything at once. Here's how to triage:

Priority 1: High-Risk Tools (Address Immediately)

Video interview platforms with AI analysis

• Why high-risk: Heavy regulatory focus, multiple state laws, high discrimination potential
• What to do: Implement consent forms (Illinois), conduct bias audits (NYC, CA), provide opt-out (CO)
• Estimated cost range: $5,000-$20,000/year (mostly bias audit costs)
• Alternative: Turn off AI features and use video platforms for recording only (manual review)

Automated rejection systems

• Why high-risk: Make binary pass/fail decisions, high disparate impact potential
• What to do: Require human review before any automated rejection
• Cost to comply: Low (process change, no cash outlay)

Priority 2: Medium-Risk Tools (Address Within 90 Days)

ATS resume ranking/scoring

• Why medium-risk: Widely used, can produce disparate impact, but typically used as decision-support (not final decision)
• What to do: Add disclosure to job postings, consider bias audit if in NYC/CA
• Cost to comply: Disclosure = free; bias audit = $10,000-$25,000

Skills assessment platforms

• Why medium-risk: Can be validated as job-related, but still need audits in some states
• What to do: Request vendor bias audit results, add disclosure, provide accommodation process
• Cost to comply: Minimal if vendor provides audit; $15,000-$30,000 if you must conduct your own

Priority 3: Lower-Risk Tools (Monitor, Address as Resources Allow)

Basic ATS keyword search

• Why lower-risk: Simple boolean logic, no scoring/ranking, human-controlled
• What to do: May not even qualify as an AEDT; err on side of disclosure but deprioritize audits

Step 4: Implement Bare-Minimum Compliance (The Essentials)

If you're resource-constrained, focus on these three things. They cover 80% of compliance requirements:

Essential #1: Disclosure to Candidates

This is free and covers you in almost every jurisdiction. Add language to your job postings and application pages:

AI Use in Hiring Notice
[Company Name] uses artificial intelligence tools to assist in our hiring process. Specifically, we use [Tool Name, e.g., "video interview analysis software" or "resume ranking technology"] to evaluate [what it assesses, e.g., "communication skills and relevant experience"].
If you have questions about our use of AI in hiring, or if you would like to request an alternative evaluation process, please contact [email/phone].

Where to put it:

• At the bottom of every job posting
• On your careers page
• In your online application workflow (before candidates submit)

Essential #2: Human-in-the-Loop Review

Never let AI make final hiring decisions without human review. This is required in Colorado and considered best practice everywhere.

Practical implementation:

• If your ATS auto-ranks resumes, a human reviews the top-ranked candidates before making interview decisions
• If video interview AI provides scores, a human watches the videos and makes independent judgments
• If an assessment tool recommends "do not advance," a human can override that recommendation

Cost: Zero dollars. Just process discipline.

Essential #3: Simple Opt-Out Process

Give candidates a way to say "I don't want AI used to evaluate me." This satisfies Colorado's requirements and reduces legal risk everywhere.

How to implement:

• Include an email address in your AI disclosure: "To request alternative evaluation, contact hiring@yourcompany.com"
• Have a standard process: If someone opts out of video AI, offer a phone interview instead
• Log all opt-out requests and how they were handled (in case of future audits/investigations)

Cost: Free (just email and process documentation)

Step 5: Decide Whether You Need Bias Audits

This is the expensive part. Bias audits can cost $10,000-$30,000+ and must be repeated annually. When are they actually required for small businesses?

You MUST Conduct Bias Audits If:

• You use AI hiring tools for NYC-based candidates (LL144 requirement)
• You use AI hiring tools for California candidates (AB 2930 requirement)

You SHOULD Conduct Bias Audits If:

• You use high-risk tools (video interview AI, automated screening) in any jurisdiction (EEOC liability protection)
• Your hiring volume is significant (500+ candidates/year) and you want proactive discrimination protection

You Can DEFER Bias Audits If:

• You're not hiring in NYC or California
• You've implemented human-in-the-loop review and opt-out processes
• Your AI tools are low-risk (basic resume parsing, keyword search)
• Your hiring volume is very small (<100 candidates/year)

Budget-Friendly Bias Audit Strategies

Strategy 1: Vendor-Provided Audits
Some AI vendors (especially video interview platforms) conduct pooled bias audits across all their clients. Ask if these satisfy your state requirements. In some cases, they do; in others (especially NYC), you need your own.

Strategy 2: Multi-Client Audits
If you're in a business network or industry association, consider pooling with other small businesses to hire an auditor jointly. Auditors sometimes offer reduced rates for batched clients using the same tools.

Strategy 3: Start-Then-Defer
Conduct an initial bias audit to establish a baseline, then if results are clean, consider whether you can reduce frequency (some jurisdictions allow this if tools haven't changed).

Step 6: Leverage Free and Low-Cost Tools

Free Compliance Resources

• EEOC Technical Assistance: The EEOC offers free guidance documents on AI hiring and discrimination—available at eeoc.gov
• State AG guidance: Many states publish compliance checklists and templates (check your state's Attorney General website)
• Vendor compliance docs: If you use established AI vendors, they often provide disclosure templates and compliance guides (ask your account rep)

Low-Cost Alternatives to Expensive Tools

Instead of AI video interviews:

• Use video recording platforms without AI analysis (Zoom, Google Meet recordings reviewed by humans)
• Conduct live phone or video interviews (the old-fashioned way)

Instead of AI resume screening:

• Use simple ATS features (just storage and keyword search, no ranking)
• Hire a part-time recruiter or contractor to do manual initial screens

Instead of gamified assessments:

• Use traditional work sample tests (ask candidates to complete a task relevant to the actual job)
• Structured interviews with standardized questions (just as predictive, no AI required)

When It Makes Sense to Just NOT Use AI

Real talk: if you're a 10-person company hiring 5-10 people per year, AI hiring tools might not be worth the compliance burden.

Consider going AI-free if:

• Your hiring volume is low (<20 hires/year)
• You have capacity for human resume review
• Compliance costs would exceed efficiency gains
• You're in heavily regulated jurisdictions (NYC, CA) and lack compliance resources

The math: If bias audits cost $15,000/year and save you 10 hours of resume screening, you're paying $1,500/hour for that time savings. Probably not worth it for small-scale hiring.

Common Small Business Compliance Mistakes

Mistake #1: "We're too small to get caught"

Enforcement doesn't scale with size. A single candidate complaint triggers an investigation regardless of whether you have 5 employees or 5,000. Small businesses are not invisible.

Mistake #2: "Our vendor said they handle compliance"

Vendor compliance support is great, but legal liability stays with you. Read vendor contracts carefully. Do they actually indemnify you for compliance failures? (Most don't.)

Mistake #3: Ignoring the Illinois consent requirement

If you use video interview AI for candidates in Illinois, you are generally required to get written consent before analysis. This is a hard requirement with potential per-candidate penalties (typically $500-$1,000 under BIPA). Easy to comply with, but companies forget.

Mistake #4: Generic "we use technology" disclosures

Vague disclosures don't satisfy most laws. You need to be specific: what tool, what it evaluates, how it's used in decisions.

Sample Compliance Timeline for a 25-Person Company

Week 1-2: Audit and Assessment

• List all tools used in hiring
• Identify which use AI/automation
• Determine applicable state laws
• Prioritize by risk (high/medium/low)

Week 3-4: Quick Wins

• Add AI disclosure language to job postings and career site
• Create opt-out email process
• Implement human-review checkpoints in hiring workflow

Month 2: Vendor Management

• Contact AI vendors to request bias audit results
• Review vendor contracts for compliance support terms
• Request disclosure templates from vendors

Month 3: Bias Audits (If Required)

• If hiring in NYC or CA: Get quotes from 2-3 bias auditors
• Prepare candidate data for audit
• Schedule audit completion

Month 4: Publication and Monitoring

• Publish bias audit results (if required)
• Set calendar reminders for annual re-audits
• Document all compliance efforts in case of future investigation

Total time investment: 20-40 hours spread over 4 months (most can be done by one HR/ops person)

How EmployArmor Helps Small Businesses

EmployArmor was built with small business reality in mind. We provide enterprise-grade compliance without enterprise costs:

• AI tool detection: Automated scan of your tech stack to help identify what may be covered by law
• Jurisdiction mapping: Tell us where you hire, we help identify which laws may apply
• Template library: Disclosure language, consent forms, opt-out processes—ready to customize and deploy
• Affordable bias audits: We've negotiated small-business rates with qualified auditors (estimated starting at $8,000 vs. $20,000+ typical market rate)
• Ongoing monitoring: Alerts when laws change or your audit may be due—helps you stay current

Small Business Compliance Made Simple
Free compliance assessment + small business pricing
Get Your Free Assessment →

Related Resources

• Complete AI Hiring Compliance Guide 2026
• How to Conduct an AI Bias Audit
• EmployArmor vs Manual Compliance
• 2026 AI Hiring Laws: What Changed

Frequently Asked Questions

Do AI hiring laws apply to small businesses with fewer than 50 employees?
Yes. Unlike many employment laws (such as FMLA), AI hiring laws generally have no employer size threshold. NYC Local Law 144, Illinois AIVIA, Colorado AI Act, and California AB 2930 all apply regardless of company size. A 5-person startup faces the same compliance requirements as a Fortune 500 company when using AI in hiring.

What if I can't afford a $20,000 bias audit as a small business?
You have several options: (1) Shop around—audits for simpler tools can cost $8,000-$12,000, (2) Ask if your AI vendor provides pooled bias audits that satisfy state requirements, (3) Turn off AI features and use manual screening processes instead, (4) Limit hiring to states that don't require audits, or (5) Use platforms like EmployArmor that offer access to reduced-rate auditors for small businesses.

Can we rely on Indeed or LinkedIn to handle compliance since we're using their platforms?
No. When you use Indeed's AI matching or LinkedIn's candidate recommendations to make hiring decisions, you are the employer using AI, and compliance is your responsibility. The platform may provide tools to help you comply, but legal liability doesn't transfer to them. You must still disclose AI use, ensure bias testing, and provide opt-out processes.

What's the bare minimum compliance for a small business using AI hiring tools?
The three essentials: (1) Disclosure—clearly notify candidates in job postings and applications that you use AI, what it evaluates, and how it affects decisions (cost: free), (2) Human review—never let AI make final decisions without human oversight (cost: free, just process discipline), and (3) Opt-out process—give candidates a way to request non-AI evaluation (cost: free, just an email address and alternative workflow).

Do these laws apply to contractors and freelancers, or just employees?
Most AI hiring laws define 'employment' broadly to include contractors, freelancers, temporary workers, and gig workers. If you're using AI to evaluate anyone for work—regardless of employment classification—assume the laws apply. This includes using AI to screen 1099 contractors or staffing agency placements.

Last updated: March 2026

Legal Disclaimer: This content is for informational purposes only and is not legal advice. Employment laws vary by jurisdiction and change frequently. Always consult with qualified legal counsel for advice specific to your situation. EmployArmor does not provide legal services or representation.