Compliance

The Current State of AI Hiring Regulation

As of February 2026, 17 states and 23 municipalities have active AI hiring laws on the books. This guide covers federal and state compliance requirements, bias audits, disclosure obligations, and enforcement trends.

The Current State of AI Hiring Regulation

As of February 2026, 17 states and 23 municipalities have active AI hiring laws on the books. Another 12 states have pending legislation. The federal government has issued formal guidance through the EEOC, and international frameworks like the EU AI Act are beginning to impact U.S. employers with global operations.

The regulatory focus has shifted from "should we regulate AI hiring?" to "how do we enforce it?"

Why Now? The Perfect Storm of 2024-2026

Three factors converged to accelerate AI hiring regulation:

  • Widespread adoption: By 2024, over 65% of Fortune 500 companies were using AI in some part of their hiring process—resume screening, video interviews, skills assessments, or candidate matching.
  • Documented bias incidents: High-profile cases of AI tools discriminating against protected classes led to EEOC investigations and multi-million dollar settlements.
  • Legislative momentum: After NYC's Local Law 144 went into effect in 2023, other jurisdictions rushed to fill the regulatory gap. No one wanted to be the "Wild West" of AI hiring.

Federal Landscape: EEOC Guidance and Implications

While Congress has not passed comprehensive AI hiring legislation, the Equal Employment Opportunity Commission (EEOC) issued binding guidance in May 2024 that fundamentally changed the federal compliance calculus. See our complete EEOC AI guidance breakdown.

Key EEOC Positions

1. Algorithmic Discrimination is Discrimination

The EEOC has made clear that Title VII of the Civil Rights Act, the ADA, and ADEA all apply to AI hiring tools. If an AI system produces discriminatory outcomes—even unintentionally—employers can be held liable under existing civil rights law.

"The use of algorithmic decision-making tools does not insulate employers from liability. Whether discrimination occurs via human decision or automated system, the legal standard remains the same." — EEOC Technical Guidance, May 2024

2. Disparate Impact Analysis

AI hiring tools must be evaluated under the same disparate impact framework used for traditional employment tests. If a tool disproportionately screens out candidates from protected classes, employers must demonstrate:

  • The tool is job-related and consistent with business necessity
  • No equally effective alternative exists with less discriminatory impact
  • The tool has been validated according to professional standards (Uniform Guidelines on Employee Selection Procedures)

3. Vendor Reliance is Not a Defense

Using a third-party AI tool does not transfer liability. Employers remain responsible for ensuring their vendor's tools comply with anti-discrimination laws. "The vendor said it was compliant" is not a legal defense.

Practical Impact This means employers must conduct due diligence on AI vendors, including requesting bias audit results, validation studies, and ongoing monitoring data. Many vendors are not prepared to provide this documentation.

State-by-State Compliance Requirements

State AI hiring laws vary significantly in scope, requirements, and penalties. Here's what employers need to navigate in the major regulated jurisdictions:

Tier 1: Comprehensive Regulation States

Illinois (AIVIA / HB 3773)

  • Scope: Any AI tool used to analyze video interviews or evaluate job applicants (including tools like HireVue)
  • Requirements:
    • Written disclosure before AI evaluation
    • Explicit consent from candidates
    • Alternative evaluation process for those who decline
    • Data destruction within 30 days upon request
  • Penalties: $500 first violation, $1,000 per subsequent violation per candidate
  • Effective: January 1, 2020 (expanded via HB 3773 in 2024). See our complete Illinois guide.

New York City (Local Law 144)

Colorado (AI Act - SB24-205)

  • Scope: High-risk AI systems in employment. See official bill text.
  • Requirements:
    • Impact assessments before deployment
    • Disclosure to candidates and employees
    • Opt-out rights with alternative process
    • Human review of automated decisions. See our Colorado employer guide.
    • Annual algorithmic accountability reports
  • Penalties: Up to $20,000 per violation
  • Effective: February 1, 2026

California (AB 2930)

  • Scope: AI-powered employment screening tools
  • Requirements:
    • Pre-use disclosure with specific language
    • Annual bias testing and reporting
    • Data minimization and privacy protections
    • Right to human review of decisions
  • Penalties: CCPA-style enforcement via Attorney General
  • Effective: January 1, 2026

Tier 2: Targeted Regulation States

Maryland (HB 1202)

  • Scope: Facial recognition technology in job interviews
  • Requirement: Written consent before use
  • Effective: October 1, 2020

Washington (SB 5116)

  • Scope: Automated employment decision systems
  • Requirements: Notice and disclosure; impact assessment for high-risk systems
  • Effective: March 31, 2024

Massachusetts (S.2016 - Pending)

  • Proposed scope: Any AI tool that "materially influences" hiring decisions
  • Proposed requirements: Bias audits, disclosure, data minimization, human oversight

The Multi-Jurisdiction Problem

If you hire across multiple states, you must comply with all applicable state laws simultaneously. This creates complex overlaps:

StateBias AuditDisclosureConsentImpact Assessment
Illinois
NYC✓ Annual
Colorado
California✓ Annual
Maryland✓ (facial only)

Compliance strategy: Build to the highest standard. If you're bias auditing for NYC and collecting consent for Illinois, you've covered most state requirements.

Understanding Bias Audits

Bias audits are the most technically complex—and expensive—compliance requirement. Here's what they actually involve:

What is a Bias Audit?

A bias audit is a statistical analysis that evaluates whether an AI hiring tool produces disparate impact across demographic groups. It typically examines:

  • Selection rates by race, ethnicity, and sex
  • Impact ratios (comparing selection rates across groups)
  • Statistical significance of any observed disparities
  • Intersectional analysis (e.g., Black women vs. white men)

Who Can Conduct a Bias Audit?

Most jurisdictions require an "independent" auditor—meaning someone not employed by the company using the AI tool or the vendor selling it. Qualified auditors typically have:

  • Background in industrial-organizational psychology
  • Expertise in employment testing validation
  • Understanding of adverse impact analysis
  • Knowledge of the Uniform Guidelines on Employee Selection Procedures

Cost and Frequency

Bias audits range from $15,000 to $100,000+ depending on:

  • Complexity of the AI tool
  • Number of job categories analyzed
  • Volume of candidate data
  • Depth of validation testing required

Most laws require annual audits, though some allow for less frequent audits if the tool hasn't materially changed.

The Audit Dilemma What happens if your bias audit reveals disparate impact? You're now required to publish evidence of discrimination—which can trigger EEOC investigations and private lawsuits. Many employers are discovering that compliance creates legal risk, not just compliance burden.

Disclosure Requirements: What to Tell Candidates

Nearly every AI hiring law includes disclosure requirements. But "disclosure" varies significantly across jurisdictions:

Minimum Disclosure Elements

A compliant disclosure typically includes:

  • Fact of AI use: "We use artificial intelligence in our hiring process"
  • What the AI evaluates: "The AI analyzes your video responses for communication skills"
  • How it impacts decisions: "AI scores are used to rank candidates for interviews"
  • Data collected: "We collect voice patterns, facial expressions, and word choice"
  • Opt-out process: "You may request human-only review by contacting [email]"
  • Contact information: Where to ask questions or raise concerns

Timing Matters

When disclosure must occur:

  • Illinois: Before the candidate interacts with the AI tool
  • NYC: At least 10 days before using the tool
  • Colorado: At or before the time of data collection
  • California: Before the candidate submits an application

Safe harbor approach: Disclose in your job posting and again at the application stage. This covers all timing requirements.

Sample Disclosure Language

AI Use in Hiring Notice [Company] uses artificial intelligence (AI) technology as part of our hiring process. Specifically, we use [Tool Name] to [describe what it does - e.g., "analyze video interview responses," "screen resumes for relevant experience," "assess skills through gamified assessments"].

The AI evaluates [specific factors - e.g., "communication skills, problem-solving ability, and relevant work experience"]. Results from this AI analysis are used to [describe role in decision - e.g., "rank candidates for hiring manager review," "determine who advances to the next interview round"].

You have the right to request an alternative evaluation process that does not use AI. To opt out, contact [email] within [X] days of receiving this notice. Opting out will not negatively impact your candidacy.

For questions about our AI hiring tools or to request accommodations, contact [contact info].

Implementation Roadmap: Getting Compliant

Here's a practical, step-by-step approach to achieving AI hiring compliance:

Phase 1: Inventory (Weeks 1-2)

Audit your tech stack:

  • List every tool that touches candidates (ATS, video interview platforms, assessments, chatbots)
  • Identify which tools use AI or automation
  • Determine what each tool evaluates
  • Map tools to job categories (not all roles may use all tools)

Determine jurisdictional scope:

  • Where are you hiring? (states, cities)
  • Which laws apply to your organization?
  • What are the overlapping requirements?

Phase 2: Vendor Due Diligence (Weeks 3-4)

For each AI vendor, request:

  • Technical documentation on how the AI works
  • Bias audit results (if available)
  • Validation studies demonstrating job-relatedness
  • Compliance with specific state laws (e.g., "Is this tool LL144-compliant?")
  • Data privacy and security practices
  • SLA for compliance support

Red flags:

  • Vendor cannot explain how their AI makes decisions
  • No bias audit available (or audit is more than 2 years old)
  • Vendor refuses to indemnify you for compliance violations
  • Tool collects protected class data without clear business justification

Phase 3: Policy and Process Updates (Weeks 5-6)

Create or update:

  • AI hiring policy (document approved uses, governance, oversight)
  • Disclosure notices (job posting language, application page notices)
  • Consent forms (for jurisdictions requiring explicit consent)
  • Alternative evaluation process (for candidates who opt out)
  • Data retention and destruction policies
  • Vendor management procedures

Phase 4: Bias Audits (Weeks 7-12)

If required by your jurisdictions:

  • Hire qualified independent auditor
  • Provide auditor with candidate data (anonymized where possible)
  • Review audit findings
  • Address any identified disparate impact
  • Publish audit results (per local requirements)

Phase 5: Training and Rollout (Weeks 13-14)

Train your team:

  • HR and recruiting staff on new policies and processes
  • Hiring managers on limitations and risks of AI tools
  • Legal and compliance teams on monitoring and enforcement

Update candidate-facing materials:

  • Job postings
  • Career site pages
  • Application workflows
  • Email templates
  • FAQ documents

Phase 6: Monitoring and Iteration (Ongoing)

Establish ongoing processes:

  • Quarterly compliance reviews
  • Annual bias audits (if required)
  • Vendor performance monitoring
  • Regulatory change tracking
  • Incident response protocols (for complaints or investigations)

Enforcement Trends: What's Happening in 2026

As laws mature, enforcement is ramping up significantly. 2026 marks the transition from "education and guidance" to "investigation and penalties."

EEOC Investigations

The EEOC has opened over 200 AI-related discrimination investigations since 2024, with a sharp acceleration in late 2025 and early 2026. The agency's Strategic Enforcement Plan (2026-2028) lists "algorithmic discrimination in hiring" as one of six national priorities.

Common investigation triggers:

  • Direct candidate complaints: Candidates who believe AI screened them out unfairly file EEOC charges. Complaints increased 340% from 2024 to 2025.
  • Published bias audits showing high disparate impact: NYC Local Law 144 requires public posting; EEOC monitors these.
  • Media coverage of AI vendor controversies: Triggers reviews of employers using those tools.
  • Algorithmic testing: EEOC sends test applications to detect bias.
  • Data mining EEO-1 reports: Correlates demographics with AI usage.

Notable 2025-2026 EEOC cases (summarized for brevity):

  • Major retailer settlement (~$2.3M, Jan 2026): Age discrimination in resume screening.
  • Healthcare staffing firm (ongoing): ADA violation in video interviews.
  • Tech company consent decree ($1.8M, Aug 2025): Bias in coding assessments.

State Attorney General Actions

State AGs are active in key states. Notable actions:

  • NYC DCWP: $500K fines for audit failures (2025).
  • California AG: Investigating ATS vendors under AB 2930 (ongoing).
  • Colorado AG: $890K settlement for missing assessments (Feb 2026).
  • Illinois AG: Pattern investigations in staffing.
  • Maryland AG: Advisory letters to 50+ employers.

Private Litigation Explosion

Class actions are surging:

  • Martinez v. Major Restaurant Chain ($3.2M settlement, 2025).
  • Johnson v. Fortune 500 Manufacturer (ongoing).
  • Williams v. Financial Services Firm ($4.7M verdict, Jan 2026).

Emerging theories: Algorithmic redlining, disability proxies, proxy variables.

Regulatory Guidance Evolution

  • EEOC 100-page guide (Nov 2025).
  • DOL OFCCP Directive for contractors (Dec 2025).
  • FTC Section 5 expansion (Jan 2026).

International Considerations: The EU AI Act

U.S. employers with EU ties face:

  • High-risk classification for AI hiring tools
  • Conformity assessments, transparency, human oversight
  • Penalties up to €30M or 6% global revenue

Applies if hiring EU candidates or affecting EU persons.

Common Compliance Pitfalls (And How to Avoid Them)

❌ Pitfall 1: "Our vendor handles compliance"

Fix: Due diligence, contracts, audit rights.

❌ Pitfall 2: One-size-fits-all disclosures

Fix: Tool-specific language.

❌ Pitfall 3: No alternative process

Fix: Build and document workflows.

❌ Pitfall 4: Ignoring disability

Fix: ADA reviews, accommodations.

❌ Pitfall 5: "Set it and forget it" audits

Fix: Annual cycles, monitoring.

The Future: What's Coming Next

Expect federal laws, expanded scope to promotions/terminations, real-time monitoring, employee rights, explainability mandates.

How EmployArmor Simplifies This

EmployArmor automates:

  • Multi-jurisdictional mapping
  • Disclosure generation
  • Vendor assessments
  • Audit coordination
  • Change alerts
  • Consent management

Get Your Free Compliance Assessment →

Frequently Asked Questions

If we're a small company, do we really need to worry about this?

Yes. Most AI hiring laws apply regardless of company size. Colorado has some small business exemptions, but NYC Local Law 144 and Illinois HB 3773 apply to employers of all sizes. If you have even one employee in a regulated jurisdiction and use AI in hiring, you're covered.

What if we only use AI for initial resume screening?

Resume screening AI is explicitly covered by most laws. It's one of the highest-risk applications because it makes binary "in or out" decisions that can produce severe disparate impact.

Can we just turn off our AI tools to avoid compliance?

You can, but you'd be giving up significant efficiency gains. A better approach: invest in compliance so you can use AI responsibly and legally.

How do we know if our current AI vendor is compliant?

Ask them directly. Request bias audit results, validation studies, and a written compliance representation. Check our compliance pages for specific tools like HireVue, Workday, and Greenhouse. If they can't provide documentation, that's a red flag.

What happens if a bias audit reveals our tool is discriminatory?

Options: (1) Stop using it, (2) Modify to reduce impact, (3) Prove job-relatedness, (4) Accept risk with counsel.

Do internal promotions and transfers require the same AI compliance as external hiring?

Yes, in most jurisdictions. NYC Local Law 144 covers "promotion or selection for hire." Colorado applies to "consequential decisions." Best practice: Same standards for internal use.

How often should we re-audit our AI tools?

Minimum: NYC and California annual. Best practice: Annually + on updates/changes. Budget 10-15% of hiring tech spend ($20K-$50K for mid-size).

Can we use AI from multiple vendors without separate compliance for each?

No. Each tool needs separate analysis. Conduct "stack testing" for combined effects.

Conclusion: Compliance as Competitive Advantage

AI hiring compliance builds trust, protects your brand, and attracts talent. 2026 is the year to act.

Related Resources

Last updated: March 2026

Legal Disclaimer: This guide is for informational purposes only and not legal advice. Consult qualified employment counsel for your specific situation. Laws change rapidly; verify current requirements. EmployArmor does not provide legal services.

Quick Reference:

Ready to comply?

Get your personalized compliance assessment in 2 minutes — free.