AI Hiring Compliance for Small Businesses: What You Actually Need to Do

If you run a small business and use AI in hiring—even something as simple as an applicant tracking system with resume ranking—you're subject to the same compliance requirements as Fortune 500 companies. No exemptions. No "small business carve-outs." No grace periods based on company size.

That might sound overwhelming, especially if you're a 10-person startup or a 50-employee regional business without a dedicated HR team, let alone a compliance department. But here's the reality: compliance doesn't have to be expensive or complex. You just need to know what's actually required versus what's "nice to have."

This guide cuts through the noise and gives you a realistic, resource-conscious compliance roadmap.

Do Small Businesses Really Have to Comply?

Short answer: Yes.

Unlike many employment laws (e.g., FMLA, which only applies to employers with 50+ employees), AI hiring laws generally have no employer size threshold:

• NYC Local Law 144: Applies to all employers using AEDTs in NYC, regardless of size
• Illinois AIVIA: No size exemption
• Colorado AI Act: Applies to all employers using high-risk AI systems
• California AB 2930: No employee count minimum

The reasoning: AI discrimination doesn't become acceptable just because a company is small. A 5-person startup can discriminate just as much as a 5,000-person corporation.

When You're NOT Covered

You may avoid AI hiring law obligations if:

• You don't use any AI or automated tools in hiring (purely manual resume review and interviews)
• You're only hiring in states/cities without AI hiring laws (check your jurisdictions)
• Your "AI tool" is so basic it doesn't meet the definition of an AEDT (e.g., simple keyword search without ranking or scoring)

But if you're reading this, you probably use something automated. Let's figure out what you need to do.

Step 1: Figure Out What AI You're Actually Using

Many small business owners are surprised to learn they're using AI. Here's where it often hides:

Common "Stealth AI" in Small Business Hiring

• ATS resume ranking: If your applicant tracking system (BambooHR, Lever, Greenhouse, Workable) ranks or scores resumes, that's AI
• Indeed's AI matching: Indeed Sponsored Jobs use AI to match candidates to your posting—if you're making decisions based on those recommendations, you're using AI
• LinkedIn Recruiter: If you use LinkedIn's "Best Matches" or AI-powered search, that's covered
• Video interview platforms: Tools like HireVue, Spark Hire (with AI add-ons), or myInterview that analyze speech, facial expressions, or language patterns
• Skills assessments: Platforms like Criteria, Pymetrics, or HackerRank that use algorithms to score candidates
• Background check automation: Some services use AI to flag "risky" candidates

Quick AI Audit

Take 30 minutes and list every tool you use from application to offer:

1. Where do candidates apply? (your website, Indeed, LinkedIn, etc.)
2. What software stores applications? (your ATS or email)
3. What tools help you screen/rank candidates?
4. Do you use video interviewing platforms?
5. Any assessment or testing tools?
6. Background check services?

For each tool, ask your vendor: "Does this use AI, algorithms, or automation to score, rank, or recommend candidates?" If yes, it's likely covered by AI hiring laws.

Step 2: Determine Your Jurisdictional Exposure

AI hiring laws are location-based. What matters is where your candidates are located, not where your business is based.

Questions to Answer

• Are you hiring in New York City? → NYC LL144 applies
• Are you hiring in California? → AB 2930 applies
• Are you hiring in Colorado? → Colorado AI Act applies
• Are you hiring in Illinois? → AIVIA applies (especially for video interviews)

Remote-first companies: If your job is remote-eligible and open to candidates nationwide, you must comply with all states' laws where you accept applications. This is why many small businesses are choosing to either (a) limit hiring to specific states, or (b) build to the highest compliance standard and apply it everywhere.

Step 3: Prioritize Based on Risk and Cost

You probably can't (and don't need to) do everything at once. Here's how to triage:

Priority 1: High-Risk Tools (Address Immediately)

Video interview platforms with AI analysis

• Why high-risk: Heavy regulatory focus, multiple state laws, high discrimination potential
• What to do: Implement consent forms (Illinois), conduct bias audits (NYC, CA), provide opt-out (CO)
• Cost to comply: $5,000-$20,000/year (mostly bias audit costs)
• Alternative: Turn off AI features and use video platforms for recording only (manual review)

Automated rejection systems

• Why high-risk: Make binary pass/fail decisions, high disparate impact potential
• What to do: Require human review before any automated rejection
• Cost to comply: Low (process change, no cash outlay)

Priority 2: Medium-Risk Tools (Address Within 90 Days)

ATS resume ranking/scoring

• Why medium-risk: Widely used, can produce disparate impact, but typically used as decision-support (not final decision)
• What to do: Add disclosure to job postings, consider bias audit if in NYC/CA
• Cost to comply: Disclosure = free; bias audit = $10,000-$25,000

Skills assessment platforms

• Why medium-risk: Can be validated as job-related, but still need audits in some states
• What to do: Request vendor bias audit results, add disclosure, provide accommodation process
• Cost to comply: Minimal if vendor provides audit; $15,000-$30,000 if you must conduct your own

Priority 3: Lower-Risk Tools (Monitor, Address as Resources Allow)

Basic ATS keyword search

• Why lower-risk: Simple boolean logic, no scoring/ranking, human-controlled
• What to do: May not even qualify as an AEDT; err on side of disclosure but deprioritize audits

Step 4: Implement Bare-Minimum Compliance (The Essentials)

If you're resource-constrained, focus on these three things. They cover 80% of compliance requirements:

Essential #1: Disclosure to Candidates

This is free and covers you in almost every jurisdiction. Add language to your job postings and application pages:

AI Use in Hiring Notice

[Company Name] uses artificial intelligence tools to assist in our hiring process. Specifically, we use [Tool Name, e.g., "video interview analysis software" or "resume ranking technology"] to evaluate [what it assesses, e.g., "communication skills and relevant experience"].

If you have questions about our use of AI in hiring, or if you would like to request an alternative evaluation process, please contact [email/phone].

Where to put it:

• At the bottom of every job posting
• On your careers page
• In your online application workflow (before candidates submit)

Essential #2: Human-in-the-Loop Review

Never let AI make final hiring decisions without human review. This is required in Colorado and considered best practice everywhere.

Practical implementation:

• If your ATS auto-ranks resumes, a human reviews the top-ranked candidates before making interview decisions
• If video interview AI provides scores, a human watches the videos and makes independent judgments
• If an assessment tool recommends "do not advance," a human can override that recommendation

Cost: Zero dollars. Just process discipline.

Essential #3: Simple Opt-Out Process

Give candidates a way to say "I don't want AI used to evaluate me." This satisfies Colorado's requirements and reduces legal risk everywhere.

How to implement:

• Include an email address in your AI disclosure: "To request alternative evaluation, contact hiring@yourcompany.com"
• Have a standard process: If someone opts out of video AI, offer a phone interview instead
• Log all opt-out requests and how they were handled (in case of future audits/investigations)

Cost: Free (just email and process documentation)

Step 5: Decide Whether You Need Bias Audits

This is the expensive part. Bias audits can cost $10,000-$30,000+ and must be repeated annually. When are they actually required for small businesses?

You MUST Conduct Bias Audits If:

• You use AI hiring tools for NYC-based candidates (LL144 requirement)
• You use AI hiring tools for California candidates (AB 2930 requirement)

You SHOULD Conduct Bias Audits If:

• You use high-risk tools (video interview AI, automated screening) in any jurisdiction(EEOC liability protection)
• Your hiring volume is significant (500+ candidates/year) and you want proactive discrimination protection

You Can DEFER Bias Audits If:

• You're not hiring in NYC or California
• You've implemented human-in-the-loop review and opt-out processes
• Your AI tools are low-risk (basic resume parsing, keyword search)
• Your hiring volume is very small (<100 candidates/year)

Budget-Friendly Bias Audit Strategies

Strategy 1: Vendor-Provided Audits

Some AI vendors (especially video interview platforms) conduct pooled bias audits across all their clients. Ask if these satisfy your state requirements. In some cases, they do; in others (especially NYC), you need your own.

Strategy 2: Multi-Client Audits

If you're in a business network or industry association, consider pooling with other small businesses to hire an auditor jointly. Auditors sometimes offer reduced rates for batched clients using the same tools.

Strategy 3: Start-Then-Defer

Conduct an initial bias audit to establish a baseline, then if results are clean, consider whether you can reduce frequency (some jurisdictions allow this if tools haven't changed).

Step 6: Leverage Free and Low-Cost Tools

Free Compliance Resources

• EEOC Technical Assistance: The EEOC offers free guidance documents on AI hiring and discrimination—available at eeoc.gov
• State AG guidance: Many states publish compliance checklists and templates (check your state's Attorney General website)
• Vendor compliance docs: If you use established AI vendors, they often provide disclosure templates and compliance guides (ask your account rep)

Low-Cost Alternatives to Expensive Tools

Instead of AI video interviews:

• Use video recording platforms without AI analysis (Zoom, Google Meet recordings reviewed by humans)
• Conduct live phone or video interviews (the old-fashioned way)

Instead of AI resume screening:

• Use simple ATS features (just storage and keyword search, no ranking)
• Hire a part-time recruiter or contractor to do manual initial screens

Instead of gamified assessments:

• Use traditional work sample tests (ask candidates to complete a task relevant to the actual job)
• Structured interviews with standardized questions (just as predictive, no AI required)

When It Makes Sense to Just NOT Use AI

Real talk: if you're a 10-person company hiring 5-10 people per year, AI hiring tools might not be worth the compliance burden.

Consider going AI-free if:

• Your hiring volume is low (<20 hires/year)
• You have capacity for human resume review
• Compliance costs would exceed efficiency gains
• You're in heavily regulated jurisdictions (NYC, CA) and lack compliance resources

The math: If bias audits cost $15,000/year and save you 10 hours of resume screening, you're paying $1,500/hour for that time savings. Probably not worth it for small-scale hiring.

Common Small Business Compliance Mistakes

Mistake #1: "We're too small to get caught"

Enforcement doesn't scale with size. A single candidate complaint triggers an investigation regardless of whether you have 5 employees or 5,000. Small businesses are not invisible.

Mistake #2: "Our vendor said they handle compliance"

Vendor compliance support is great, but legal liability stays with you. Read vendor contracts carefully. Do they actually indemnify you for compliance failures? (Most don't.)

Mistake #3: Ignoring the Illinois consent requirement

If you use video interview AI for candidates in Illinois, you must get written consent before analysis. This is a hard requirement with per-candidate penalties ($500-$1,000). Easy to comply with, but companies forget.

Mistake #4: Generic "we use technology" disclosures

Vague disclosures don't satisfy most laws. You need to be specific: what tool, what it evaluates, how it's used in decisions.

Sample Compliance Timeline for a 25-Person Company

Week 1-2: Audit and Assessment

• List all tools used in hiring
• Identify which use AI/automation
• Determine applicable state laws
• Prioritize by risk (high/medium/low)

Week 3-4: Quick Wins

• Add AI disclosure language to job postings and career site
• Create opt-out email process
• Implement human-review checkpoints in hiring workflow

Month 2: Vendor Management

• Contact AI vendors to request bias audit results
• Review vendor contracts for compliance support terms
• Request disclosure templates from vendors

Month 3: Bias Audits (If Required)

• If hiring in NYC or CA: Get quotes from 2-3 bias auditors
• Prepare candidate data for audit
• Schedule audit completion

Month 4: Publication and Monitoring

• Publish bias audit results (if required)
• Set calendar reminders for annual re-audits
• Document all compliance efforts in case of future investigation

Total time investment: 20-40 hours spread over 4 months (most can be done by one HR/ops person)

How EmployArmor Helps Small Businesses

EmployArmor was built with small business reality in mind. We provide enterprise-grade compliance without enterprise costs:

• AI tool detection: Automated scan of your tech stack to identify what's covered by law
• Jurisdiction mapping: Tell us where you hire, we tell you which laws apply
• Template library: Disclosure language, consent forms, opt-out processes—ready to deploy
• Affordable bias audits: We've negotiated small-business rates with qualified auditors (starting at $8,000 vs. $20,000+ market rate)
• Ongoing monitoring: Alerts when laws change or your audit is due—set it and forget it

Frequently Asked Questions

If we're based in Texas but hire one person in California, do California laws apply?

Yes. AI hiring laws are based on candidate location, not employer location. If you use AI to evaluate that California candidate, AB 2930 applies to that hire.

Can we just add "by applying, you consent to AI evaluation" to our application?

Not sufficient in most jurisdictions. You need informed consent—meaning candidates understand what they're consenting to. Generic blanket consent doesn't meet legal standards. You must explain what AI tool is used, what it evaluates, and how it affects decisions.

What if we can't afford a $20,000 bias audit?

Options: (1) shop around—audits for simple tools can be $8,000-$12,000, (2) ask if your vendor provides audits, (3) turn off AI features and use manual processes instead, (4) limit hiring to states that don't require audits, or (5) use EmployArmor to access reduced-rate auditors.

Do these laws apply to contractors and freelancers, or just employees?

Most laws define "employment" broadly to include contractors, freelancers, and gig workers. If you're using AI to evaluate anyone for work, assume the laws apply.

Can we rely on Indeed or LinkedIn to handle compliance since we're just using their platforms?

No. When you use Indeed's AI matching or LinkedIn's candidate recommendations to make hiring decisions,you are the employer using AI, and compliance is your responsibility. The platform may provide tools to help, but liability doesn't transfer to them.

What's the biggest compliance mistake small businesses make?

Not realizing they're using AI. Many small businesses use ATS platforms, job boards, or assessment tools without understanding these include AI features. "I thought it was just software" doesn't protect you from penalties. First step: audit your hiring tech stack to identify all AI use. See our guide on what counts as AI.

Can we grandfather in AI tools we started using before the laws existed?

No. The laws apply to current AI use regardless of when you started. If you implemented an AI screening tool in 2022 (before most laws), you still need to comply with 2026 requirements (disclosure, audits, etc.). Some employers mistakenly think "we were using this before the law" exempts them—it doesn't. You need to retrofit compliance onto legacy AI deployments.

Related Resources

• Complete AI Hiring Compliance Guide 2026
• How to Conduct an AI Bias Audit
• EmployArmor vs Manual Compliance
• 2026 AI Hiring Laws: What Changed